Hi, been seeing some ACRA reports from users on Jelly Bean when my app runs the LVL code.
In the LicenseValidator.verify() method, I perform this twice: sig.verify(Base64.decode(signature)) I do it once to check it returns true, and then I call it again to confirm it is still true (this gets around an anti-lvl check which forces the first check to be a hard coded "true" but isn't aware of the second check). But it appears the second check is now failing on Jelly Bean: Caused by: java.security.SignatureException: java.lang.NullPointerException at org.apache.harmony.xnet.provider.jsse.OpenSSLSignature.engineVerify(OpenSSLSignature.java:244) at java.security.Signature.verify(Signature.java:375) at com.android.vending.licensing.c.a(SourceFile:135) <-----SECOND sig.verify(..) call. ... 5 more Caused by: java.lang.NullPointerException at org.apache.harmony.xnet.provider.jsse.NativeCrypto.EVP_VerifyFinal(Native Method) at org.apache.harmony.xnet.provider.jsse.OpenSSLSignature.engineVerify(OpenSSLSignature.java:240) ... 7 more Does anyone know if the implementation of Signature or the underlying classes has changed..? I'm guessing that since the first check works and the second fails, can you now only perform one verify() on a signature and after that, the object is no longer valid to be verified again()..? -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
