弱密码签名：缺少必要加密步骤

[QiAnXinCodeSafe]

atlas/atlas-gradle-plugin/dexpatch/src/main/java/com/taobao/android/apatch/builder/SignedJarBuilder.java

Lines 422 to 429 in 9c84e88

	Signature signature = Signature.getInstance("SHA1with" + mKey.getAlgorithm());
	signature.initSign(mKey);
	mOutputJar.putNextEntry(new JarEntry("META-INF/CERT.SF"));
	SignatureOutputStream out = new SignatureOutputStream(mOutputJar, signature);
	writeSignatureFile(out);
	// CERT.*
	mOutputJar.putNextEntry(new JarEntry("META-INF/CERT." + mKey.getAlgorithm()));
	writeSignatureBlock(signature, mCertificate, mKey);

在生成加密签名过程中，执行所有必需的步骤，确保不会削弱签名的强度。