Skip to content

Crash in Android Devices #344

New issue
New issue
Open
Open
Crash in Android Devices#344
@UelitonFreitas

Description

@UelitonFreitas
UelitonFreitas
opened on Jun 16, 2020 · edited by UelitonFreitas

Hi, first of all, thanks for developing this library. 🤘

I have some crashes on my android application and don't know what can be. So I opened this issue. Do you have any idea what can be? There is some recommendation for this problem?

Library Version: 2.2.13
Most affected Android Devices: Samsung J7
Most affected Android Version: Android 6 and 8

The problem:

Full Stack trace:

Caused by java.lang.SecurityException: Incorrect signature
       at org.apache.harmony.security.utils.JarUtils.verifySignature(JarUtils.java:225)
       at java.util.jar.JarVerifier.verifyCertificate(JarVerifier.java:294)
       at java.util.jar.JarVerifier.readCertificates(JarVerifier.java:268)
       at java.util.jar.JarFile.getInputStream(JarFile.java:380)
       at libcore.net.url.JarURLConnectionImpl.getInputStream(JarURLConnectionImpl.java:222)
       at java.net.URL.openStream(URL.java:470)
       at com.github.fge.jackson.JsonLoader.fromURL(JsonLoader.java:131)
       at com.github.fge.jsonschema.SchemaVersion.<init>(SchemaVersion.java:66)
       at com.github.fge.jsonschema.SchemaVersion.<clinit>(SchemaVersion.java:45)
       at com.github.fge.jsonschema.core.load.configuration.LoadingConfigurationBuilder.<init>(LoadingConfigurationBuilder.java:119)
       at com.github.fge.jsonschema.core.load.configuration.LoadingConfiguration.byDefault(LoadingConfiguration.java:151)
       at com.github.fge.jsonschema.main.JsonSchemaFactoryBuilder.<init>(JsonSchemaFactoryBuilder.java:67)
       at com.github.fge.jsonschema.main.JsonSchemaFactory.newBuilder(JsonSchemaFactory.java:123)
       at com.github.fge.jsonschema.main.JsonSchemaFactory.byDefault(JsonSchemaFactory.java:113)
       at com.app.client.schema.JSONSchemaValidator$Factory.get(JSONSchemaValidator.java:29)

Partial Stack trace:

Fatal Exception: java.lang.ExceptionInInitializerError
       at com.github.fge.jsonschema.core.load.configuration.LoadingConfigurationBuilder.<init>(LoadingConfigurationBuilder.java:119)
       at com.github.fge.jsonschema.core.load.configuration.LoadingConfiguration.byDefault(LoadingConfiguration.java:151)
       at com.github.fge.jsonschema.main.JsonSchemaFactoryBuilder.<init>(JsonSchemaFactoryBuilder.java:67)
       at com.github.fge.jsonschema.main.JsonSchemaFactory.newBuilder(JsonSchemaFactory.java:123)
       at com.github.fge.jsonschema.main.JsonSchemaFactory.byDefault(JsonSchemaFactory.java:113)
       at com.app.client.schema.JSONSchemaValidator$Factory.get(JSONSchemaValidator.java:29)

Seems like the library can not found draftv4 file specification in the devices with the problem, but the package is configured in build.gradle and the file is present on jar from resources:

packagingOptions {
        pickFirst 'META-INF/LICENSE.txt'
        pickFirst 'META-INF/NOTICE.txt'
        pickFirst 'META-INF/ASL-2.0.txt'
        pickFirst 'META-INF/LICENSE'
        pickFirst 'draftv4/schema'
        pickFirst 'draftv3/schema'
        pickFirst 'META-INF/LGPL-3.0.txt'
    }

Activity

Capstan

Capstan commented on Jun 17, 2020

@Capstan
Capstan
on Jun 17, 2020
Contributor

There doesn't appear to be the actual exception in this report; do you mind attaching that? We don't have Android experience among the maintainers, so it's entirely possible we have some loading bug that specific to that environment.

A quick internet search seems to yield and incorrect signature? That seems strange.

UelitonFreitas

UelitonFreitas commented on Jun 17, 2020

@UelitonFreitas
UelitonFreitas
on Jun 17, 2020
Author

Hi @Capstan, thank you for your answer.
I updated the issue with all information that I have. I am having this problem only on some devices.
I search for similar errors on the internet too without progress and sadly also I can't reproduce the problem on my devices.
Do you have any idea what does this incorrect signature means?

Capstan

Capstan commented on Jun 17, 2020

@Capstan
Capstan
on Jun 17, 2020
Contributor

My guess is that it is https://source.android.com/security/apksigning#v1

UelitonFreitas

UelitonFreitas commented on Jun 17, 2020

@UelitonFreitas
UelitonFreitas
on Jun 17, 2020 · edited by UelitonFreitas
Author

I'm not sure. Android signatures are independent of Jars at this point and just some devices got the error. Most of them work correctly. As the stack trace suggests, maybe we are missing some config in the library jar.

I have more information about SecurityException:

Caused by java.lang.SecurityException
cannot verify signature block file META-INF/BNDLTOOL

Does It makes sense?

To be honest, I think this can be something related to URL implementation. It can be different for each Android API version/ Fabricant.

Capstan

Capstan commented on Jun 18, 2020

@Capstan
Capstan
on Jun 18, 2020
Contributor

The .jars from maven central don't contain a META-INF/BNDLTOOL file in them and are not signed Jars, but rather just have .asc files per the central repository requirements.

I'm not sure how your jars have the extra file in the jar, or how they are signed such that the extra file invalidates the signature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @Capstan@UelitonFreitas

        Issue actions
          Crash in Android Devices · Issue #344 · java-json-tools/json-schema-validator