Fix bug in one conditional. Add more apk test files.

chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkVerifySignature.java

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.webapk.lib.client;
 
 import static java.nio.ByteOrder.LITTLE_ENDIAN;
 
 import android.support.annotation.IntDef;
 import android.util.Log;
 
 import java.nio.ByteBuffer;
 import java.security.PublicKey;
 import java.security.Signature;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.Comparator;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 /**
  * WebApkVerifySignature reads in the APK file and verifies the WebApk signature. It reads the
  * signature from the zip comment and verifies that it was signed by the public key passed.
  */
 public class WebApkVerifySignature {
     /** Errors codes. */
     @IntDef({
@@ skipping 92 matching lines @@
             mHeaderSize = 0;
             mCompressedSize = compressedSize;
         }
 
         /** Added for Comparable, sort lexicographically. */
         @Override
         public int compareTo(Block o) {
             return mFilename.compareTo(o.mFilename);
         }
 
+        /** Comparator for sorting the list by position ascending. */
+        public static Comparator<Block> positionComparator = new Comparator<Block>() {
+            @Override
+            public int compare(Block b1, Block b2) {
+                return b1.mPosition - b2.mPosition;
+            }
+        };
+
         @Override
         public boolean equals(Object o) {
             if (!(o instanceof Block)) return false;
             return mFilename.equals(((Block) o).mFilename);
         }
 
         @Override
         public int hashCode() {
             return mFilename.hashCode();
         }
@@ skipping 178 matching lines @@
                 return ERROR_COMMENT_TOO_LARGE;
             }
             mBlocks.add(new Block(filename, offset, compressedSize));
         }
 
         if (mBuffer.position() != mEndOfCentralDirOffset) {
             // At this point we should be exactly at the EOCD start.
             return ERROR_BAD_BLANK_SPACE;
         }
 
-        boolean hasBlockAtStart = false;
-        long positionOfLastByteOfLastBlock = 0;
+        // We need blocks to be sorted by position at this point.
+        Collections.sort(mBlocks, Block.positionComparator);
+        int lastByte = 0;
 
         // Read the 'local file header' block to the size of the header in bytes.
         for (Block block : mBlocks) {
+            if (block.mPosition != lastByte) {
+                return ERROR_BAD_BLANK_SPACE;
+            }
+
             seek(block.mPosition);
-            if (block.mPosition == 0) {
-                hasBlockAtStart = true;
-            }
             int signature = read4();
             if (signature != LFH_SIG) {
                 Log.d(TAG, "LFH Signature missing");
                 return ERROR_BAD_APK;
             }
             // ReaderVersion(2)
             seekDelta(2);
             int flags = read2();
             // CompressionMethod(2), ModifiedTime (2), ModifiedDate(2), CRC32(4), CompressedSize(4),
             // UncompressedSize(4) = 18 bytes
             seekDelta(18);
             int fileNameLength = read2();
             int extraFieldLength = read2();
             if (extraFieldLength > MAX_EXTRA_LENGTH) {
                 return ERROR_EXTRA_FIELD_TOO_LARGE;
             }
 
             block.mHeaderSize =
                     (mBuffer.position() - block.mPosition) + fileNameLength + extraFieldLength;
 
-            int lastByte = block.mPosition + block.mHeaderSize + block.mCompressedSize;
+            lastByte = block.mPosition + block.mHeaderSize + block.mCompressedSize;
             if ((flags & 0x8) != 0) {
                 seek(lastByte);
                 if (read4() == DATA_DESCRIPTOR_SIG) {
                     // Data descriptor, style 1: sig(4), crc-32(4), compressed size(4),
                     // uncompressed size(4) = 16 bytes
                     lastByte += 16;
                 } else {
                     // Data descriptor, style 2: crc-32(4), compressed size(4),
                     // uncompressed size(4) = 12 bytes
                     lastByte += 12;
                 }
             }
-            if (lastByte > positionOfLastByteOfLastBlock) {
-                positionOfLastByteOfLastBlock = lastByte;
-            }
         }
-        if (!hasBlockAtStart) {
-            return ERROR_BAD_BLANK_SPACE;
-        }
-        if (positionOfLastByteOfLastBlock != mCentralDirOffset) {
+        if (lastByte != mCentralDirOffset) {
             seek(mCentralDirOffset - V2_SIGNING_MAGIC.length());
             String magic = readString(V2_SIGNING_MAGIC.length());
             if (V2_SIGNING_MAGIC.equals(magic)) {
                 // Only if we have a v2 signature do we allow medium sized gap between the last
                 // block and the start of the central directory.
-                if (mCentralDirOffset - positionOfLastByteOfLastBlock > MAX_V2_SIGNING_BLOCK_SIZE) {
+                if (mCentralDirOffset - lastByte > MAX_V2_SIGNING_BLOCK_SIZE) {
                     return ERROR_BAD_V2_SIGNING_BLOCK;
                 }
             } else {
                 return ERROR_BAD_BLANK_SPACE;
             }
         }
         return ERROR_OK;
     }
 
     /**
@@ skipping 68 matching lines @@
             return null;
         }
         byte[] data = new byte[len / 2];
         for (int i = 0; i < len; i += 2) {
             data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
                     + Character.digit(s.charAt(i + 1), 16));
         }
         return data;
     }
 }