From 8163ca7852bbb40588ec991ae016956ebc13fbdb Mon Sep 17 00:00:00 2001
From: Jumpei Matsuda <jmatsu.drm@gmail.com>
Date: Fri, 4 Oct 2019 19:26:58 +0900
Subject: [PATCH 1/3] Use openssl to convert data to public key

---
 lib/android_apk.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lib/android_apk.rb b/lib/android_apk.rb
index 606d699..bc78909 100644
--- a/lib/android_apk.rb
+++ b/lib/android_apk.rb
@@ -309,7 +309,13 @@ def self.read_signature(apk, filepath)
     apk.verified = exit_status.success?
 
     if !exit_status.success? || certs_hunk.nil?
-      # Use a previous method as a fallback because apksigner cannot get a signature from an non installable apk
+      # For RSA or DSA encryption
+      print_certs_command = "openssl pkcs7 -inform DER -in <(unzip -p #{filepath.shellescape} META-INF/*.RSA META-INF/*.DSA) -print_certs | keytool -printcert | grep SHA1:"
+      certs_hunk, _, exit_status = Open3.capture3(print_certs_command)
+    end
+
+    if !exit_status.success? || certs_hunk.nil?
+      # Use a previous method as a fallback just in case
       print_certs_command = "unzip -p #{filepath.shellescape} META-INF/*.RSA META-INF/*.DSA | keytool -printcert | grep SHA1:"
       certs_hunk, _, exit_status = Open3.capture3(print_certs_command)
     end

From 11e8e31408dbcf385e9e3de07225b82f10f05872 Mon Sep 17 00:00:00 2001
From: Jumpei Matsuda <jmatsu.drm@gmail.com>
Date: Mon, 7 Oct 2019 14:17:13 +0900
Subject: [PATCH 2/3] Stop using process substitution

---
 lib/android_apk.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/android_apk.rb b/lib/android_apk.rb
index bc78909..d53a0e5 100644
--- a/lib/android_apk.rb
+++ b/lib/android_apk.rb
@@ -310,7 +310,7 @@ def self.read_signature(apk, filepath)
 
     if !exit_status.success? || certs_hunk.nil?
       # For RSA or DSA encryption
-      print_certs_command = "openssl pkcs7 -inform DER -in <(unzip -p #{filepath.shellescape} META-INF/*.RSA META-INF/*.DSA) -print_certs | keytool -printcert | grep SHA1:"
+      print_certs_command = "unzip -p #{filepath.shellescape} META-INF/*.RSA META-INF/*.DSA | openssl pkcs7 -inform DER -text -print_certs | keytool -printcert | grep SHA1:"
       certs_hunk, _, exit_status = Open3.capture3(print_certs_command)
     end
 

From 25252de8a5c82f782e819a4d095c7ced6dcfdf4f Mon Sep 17 00:00:00 2001
From: Jumpei Matsuda <jmatsu.drm@gmail.com>
Date: Mon, 7 Oct 2019 14:24:05 +0900
Subject: [PATCH 3/3] Assign nil surely if no signature is found

---
 lib/android_apk.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/android_apk.rb b/lib/android_apk.rb
index d53a0e5..05baace 100644
--- a/lib/android_apk.rb
+++ b/lib/android_apk.rb
@@ -323,6 +323,8 @@ def self.read_signature(apk, filepath)
     if exit_status.success? && !certs_hunk.nil?
       signatures = certs_hunk.scan(/(?:[0-9a-zA-Z]{2}:?){20}/)
       apk.signature = signatures[0].delete(":").downcase if signatures.length == 1
+    else
+      apk.signature = nil # make sure being nil
     end
   end