use bouncycastle for dealing certificate

README.md

@@ -14,7 +14,7 @@ Apk-parser has been submitted to maven central repo. With maven, you can add apk
 <dependency>
     <groupId>net.dongliu</groupId>
     <artifactId>apk-parser</artifactId>
-    <version>2.2.1</version>
+    <version>2.3.0</version>
 </dependency>
 ```
 From version 2.0, apk-parser requires java7. The last version support java6 is 1.7.4.

pom.xml

@@ -14,7 +14,7 @@
     <artifactId>apk-parser</artifactId>
     <name>apk-parser</name>
     <packaging>jar</packaging>
-    <version>2.2.1</version>
+    <version>2.3.0</version>
     <url>https://github.com/xiaxiaocao/apk-parser</url>
     <developers>
         <developer>
@@ -57,6 +57,16 @@
             <version>3.0.0</version>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+            <version>1.58</version>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+            <version>1.58</version>
+        </dependency>
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>

src/main/java/net/dongliu/apk/parser/AbstractApkFile.java

@@ -5,12 +5,14 @@
 import net.dongliu.apk.parser.parser.*;
 import net.dongliu.apk.parser.struct.AndroidConstants;
 import net.dongliu.apk.parser.struct.resource.ResourceTable;
+import org.bouncycastle.cms.CMSException;
 
 import java.io.Closeable;
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.security.cert.CertificateException;
 import java.util.*;
+
 import static java.lang.System.arraycopy;
 
 /**
@@ -216,7 +218,7 @@ private void parseDexFiles() throws IOException {
             try {
                 DexClass[] classes = parseDexFile(path);
                 this.dexClasses = mergeDexClasses(this.dexClasses, classes);
-            } catch (ParserException e){
+            } catch (ParserException e) {
                 break;
             }
         }

src/main/java/net/dongliu/apk/parser/Main.java

@@ -2,7 +2,6 @@
 
 import java.io.IOException;
 import java.security.cert.CertificateException;
-import java.util.Locale;
 
 /**
  * Main method for parser apk
@@ -11,8 +10,8 @@
  */
 public class Main {
     public static void main(String[] args) throws IOException, CertificateException {
-        String apkFile = args[0];
-        String xml = ApkParsers.getManifestXml(apkFile, Locale.getDefault());
-        System.out.println(xml);
+        try (ApkFile apkFile = new ApkFile(args[0])) {
+            System.out.println(apkFile.verifyApk());
+        }
     }
 }

src/main/java/net/dongliu/apk/parser/bean/ApkMeta.java

@@ -5,6 +5,8 @@
 import java.util.List;
 
 /**
+ * Apk meta info
+ *
  * @author dongliu
  */
 public class ApkMeta {

src/main/java/net/dongliu/apk/parser/parser/CertificateParser.java

@@ -1,17 +1,26 @@
 package net.dongliu.apk.parser.parser;
 
 import net.dongliu.apk.parser.bean.CertificateMeta;
-import sun.security.pkcs.PKCS7;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.cms.CMSException;
+import org.bouncycastle.cms.CMSSignedData;
+import org.bouncycastle.cms.SignerInformation;
+import org.bouncycastle.cms.SignerInformationStore;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.util.Store;
 
 import java.io.IOException;
 import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.security.Security;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.List;
 
 /**
@@ -26,8 +35,12 @@ public class CertificateParser {
 
     private List<CertificateMeta> certificateMetas;
 
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+    }
+
     public CertificateParser(byte[] data) {
-        this.data =data;
+        this.data = data;
     }
 
     /**
@@ -38,8 +51,23 @@ public CertificateParser(byte[] data) {
      */
     public void parse() throws IOException, CertificateException {
 
-        PKCS7 pkcs7 = new PKCS7(data);
-        X509Certificate[] certificates = pkcs7.getCertificates();
+
+        CMSSignedData cmsSignedData;
+        try {
+            cmsSignedData = new CMSSignedData(data);
+        } catch (CMSException e) {
+            throw new CertificateException(e);
+        }
+        Store<X509CertificateHolder> certStore = cmsSignedData.getCertificates();
+        SignerInformationStore signerInfos = cmsSignedData.getSignerInfos();
+        Collection<SignerInformation> signers = signerInfos.getSigners();
+        List<X509Certificate> certificates = new ArrayList<>();
+        for (SignerInformation signer : signers) {
+            Collection<X509CertificateHolder> matches = certStore.getMatches(signer.getSID());
+            for (X509CertificateHolder holder : matches) {
+                certificates.add(new JcaX509CertificateConverter().setProvider("BC").getCertificate(holder));
+            }
+        }
         certificateMetas = new ArrayList<>();
         for (X509Certificate certificate : certificates) {
             CertificateMeta certificateMeta = new CertificateMeta();