[WebApk] Update verification keys.

chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java

Index: chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java
diff --git a/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java b/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java
index f51087599cd4cb43741e472c9cd4db31023f7406..15ae6a459b6a7e26c2673c0f234083acc02a7b13 100644
--- a/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java
+++ b/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkValidator.java
@@ -100,12 +100,12 @@ public class WebApkValidator {
         }
 
         final Signature[] arrSignatures = packageInfo.signatures;
-        if (arrSignatures != null) {
-            for (Signature signature : arrSignatures) {
-                if (Arrays.equals(sExpectedSignature, signature.toByteArray())) {
-                    Log.d(TAG, "WebApk valid - signature match!");
-                    return true;
-                }
+        if (arrSignatures != null && arrSignatures.length == 2) {
+            // The first signature is the per-app key, and the second is the host key.
+            Signature signature = arrSignatures[1];
+            if (Arrays.equals(sExpectedSignature, signature.toByteArray())) {
+                Log.d(TAG, "WebApk valid - signature match!");
+                return true;
             }
         }
         Log.d(TAG, "WebApk invalid");