Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash in Android Devices #344

Open
UelitonFreitas opened this issue Jun 16, 2020 · 5 comments
Open

Crash in Android Devices #344

UelitonFreitas opened this issue Jun 16, 2020 · 5 comments

Comments

@UelitonFreitas
Copy link

UelitonFreitas commented Jun 16, 2020
edited
Loading

Hi, first of all, thanks for developing this library. 🤘

I have some crashes on my android application and don't know what can be. So I opened this issue. Do you have any idea what can be? There is some recommendation for this problem?

Library Version: 2.2.13
Most affected Android Devices: Samsung J7
Most affected Android Version: Android 6 and 8

The problem:

Full Stack trace:

Caused by java.lang.SecurityException: Incorrect signature
       at org.apache.harmony.security.utils.JarUtils.verifySignature(JarUtils.java:225)
       at java.util.jar.JarVerifier.verifyCertificate(JarVerifier.java:294)
       at java.util.jar.JarVerifier.readCertificates(JarVerifier.java:268)
       at java.util.jar.JarFile.getInputStream(JarFile.java:380)
       at libcore.net.url.JarURLConnectionImpl.getInputStream(JarURLConnectionImpl.java:222)
       at java.net.URL.openStream(URL.java:470)
       at com.github.fge.jackson.JsonLoader.fromURL(JsonLoader.java:131)
       at com.github.fge.jsonschema.SchemaVersion.<init>(SchemaVersion.java:66)
       at com.github.fge.jsonschema.SchemaVersion.<clinit>(SchemaVersion.java:45)
       at com.github.fge.jsonschema.core.load.configuration.LoadingConfigurationBuilder.<init>(LoadingConfigurationBuilder.java:119)
       at com.github.fge.jsonschema.core.load.configuration.LoadingConfiguration.byDefault(LoadingConfiguration.java:151)
       at com.github.fge.jsonschema.main.JsonSchemaFactoryBuilder.<init>(JsonSchemaFactoryBuilder.java:67)
       at com.github.fge.jsonschema.main.JsonSchemaFactory.newBuilder(JsonSchemaFactory.java:123)
       at com.github.fge.jsonschema.main.JsonSchemaFactory.byDefault(JsonSchemaFactory.java:113)
       at com.app.client.schema.JSONSchemaValidator$Factory.get(JSONSchemaValidator.java:29)

Partial Stack trace:

Fatal Exception: java.lang.ExceptionInInitializerError
       at com.github.fge.jsonschema.core.load.configuration.LoadingConfigurationBuilder.<init>(LoadingConfigurationBuilder.java:119)
       at com.github.fge.jsonschema.core.load.configuration.LoadingConfiguration.byDefault(LoadingConfiguration.java:151)
       at com.github.fge.jsonschema.main.JsonSchemaFactoryBuilder.<init>(JsonSchemaFactoryBuilder.java:67)
       at com.github.fge.jsonschema.main.JsonSchemaFactory.newBuilder(JsonSchemaFactory.java:123)
       at com.github.fge.jsonschema.main.JsonSchemaFactory.byDefault(JsonSchemaFactory.java:113)
       at com.app.client.schema.JSONSchemaValidator$Factory.get(JSONSchemaValidator.java:29)

Seems like the library can not found draftv4 file specification in the devices with the problem, but the package is configured in build.gradle and the file is present on jar from resources:

packagingOptions {
        pickFirst 'META-INF/LICENSE.txt'
        pickFirst 'META-INF/NOTICE.txt'
        pickFirst 'META-INF/ASL-2.0.txt'
        pickFirst 'META-INF/LICENSE'
        pickFirst 'draftv4/schema'
        pickFirst 'draftv3/schema'
        pickFirst 'META-INF/LGPL-3.0.txt'
    }
@Capstan
Copy link
Contributor

Capstan commented Jun 17, 2020

There doesn't appear to be the actual exception in this report; do you mind attaching that? We don't have Android experience among the maintainers, so it's entirely possible we have some loading bug that specific to that environment.

A quick internet search seems to yield and incorrect signature? That seems strange.

@UelitonFreitas
Copy link
Author

Hi @Capstan, thank you for your answer.
I updated the issue with all information that I have. I am having this problem only on some devices.
I search for similar errors on the internet too without progress and sadly also I can't reproduce the problem on my devices.
Do you have any idea what does this incorrect signature means?

@Capstan
Copy link
Contributor

Capstan commented Jun 17, 2020

My guess is that it is https://source.android.com/security/apksigning#v1

@UelitonFreitas
Copy link
Author

UelitonFreitas commented Jun 17, 2020
edited
Loading

I'm not sure. Android signatures are independent of Jars at this point and just some devices got the error. Most of them work correctly. As the stack trace suggests, maybe we are missing some config in the library jar.

I have more information about SecurityException:

Caused by java.lang.SecurityException
cannot verify signature block file META-INF/BNDLTOOL

Does It makes sense?

To be honest, I think this can be something related to URL implementation. It can be different for each Android API version/ Fabricant.

@Capstan
Copy link
Contributor

Capstan commented Jun 18, 2020

The .jars from maven central don't contain a META-INF/BNDLTOOL file in them and are not signed Jars, but rather just have .asc files per the central repository requirements.

I'm not sure how your jars have the extra file in the jar, or how they are signed such that the extra file invalidates the signature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Capstan @UelitonFreitas