include signer fingerprint in Apk instance created from a file

2018-04-18 13:02:13 +02:00 · 2018-04-18 13:02:13 +02:00 · 16d15a358d
commit 16d15a358d
parent ba2f1e1919
3 changed files with 23 additions and 26 deletions
--- a/app/src/main/java/org/fdroid/fdroid/Utils.java
+++ b/app/src/main/java/org/fdroid/fdroid/Utils.java
@ -21,6 +21,7 @@ package org.fdroid.fdroid;
 import android.content.Context;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
+import android.content.pm.Signature;
 import android.content.res.Resources;
 import android.database.Cursor;
 import android.graphics.Bitmap;
@ -377,6 +378,26 @@ public final class Utils {
        return ret;
    }

+    /**
+     * Get the fingerprint used to represent an APK signing key in F-Droid.
+     * This is a custom fingerprint algorithm that was kind of accidentally
+     * created, but is still in use.
+     */
+    public static String getPackageSig(PackageInfo info) {
+        if (info == null || info.signatures == null || info.signatures.length < 1) {
+            return "";
+        }
+        Signature sig = info.signatures[0];
+        String sigHash = "";
+        try {
+            Hasher hash = new Hasher("MD5", sig.toCharsString().getBytes());
+            sigHash = hash.getHash();
+        } catch (NoSuchAlgorithmException e) {
+            // ignore
+        }
+        return sigHash;
+    }
+
    /**
     * There is a method {@link java.util.Locale#forLanguageTag(String)} which would be useful
     * for this, however it doesn't deal with android-specific language tags, which are a little
--- a/app/src/main/java/org/fdroid/fdroid/data/App.java
+++ b/app/src/main/java/org/fdroid/fdroid/data/App.java
@ -712,10 +712,10 @@ public class App extends ValueObject implements Comparable<App>, Parcelable {
     */
    private void initApkFromApkFile(Context context, Apk apk, PackageInfo packageInfo, SanitizedFile apkFile)
            throws IOException, CertificateEncodingException {
-        // TODO include signature hash calculation here
        if (apkFile.canRead()) {
            apk.hashType = "sha256";
            apk.hash = Utils.getBinaryHash(apkFile, apk.hashType);
+            apk.sig = Utils.getPackageSig(packageInfo);
        }
        initInstalledApk(context, apk, packageInfo, apkFile);
    }
--- a/app/src/main/java/org/fdroid/fdroid/data/InstalledAppProviderService.java
+++ b/app/src/main/java/org/fdroid/fdroid/data/InstalledAppProviderService.java
@ -6,14 +6,12 @@ import android.content.Context;
 import android.content.Intent;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
-import android.content.pm.Signature;
 import android.net.Uri;
 import android.os.Process;
 import android.support.annotation.Nullable;
 import android.util.Log;
 import org.acra.ACRA;
 import org.fdroid.fdroid.AppUpdateStatusManager;
-import org.fdroid.fdroid.Hasher;
 import org.fdroid.fdroid.Utils;
 import org.fdroid.fdroid.data.Schema.InstalledAppTable;
 import rx.functions.Action1;
@ -22,7 +20,6 @@ import rx.subjects.PublishSubject;

 import java.io.File;
 import java.io.FilenameFilter;
-import java.security.NoSuchAlgorithmException;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
@ -310,7 +307,7 @@ public class InstalledAppProviderService extends IntentService {
        contentValues.put(InstalledAppTable.Cols.VERSION_NAME, packageInfo.versionName);
        contentValues.put(InstalledAppTable.Cols.APPLICATION_LABEL,
                InstalledAppProvider.getApplicationLabel(context, packageInfo.packageName));
-        contentValues.put(InstalledAppTable.Cols.SIGNATURE, getPackageSig(packageInfo));
+        contentValues.put(InstalledAppTable.Cols.SIGNATURE, Utils.getPackageSig(packageInfo));
        contentValues.put(InstalledAppTable.Cols.LAST_UPDATE_TIME, packageInfo.lastUpdateTime);

        contentValues.put(InstalledAppTable.Cols.HASH_TYPE, hashType);
@ -324,25 +321,4 @@ public class InstalledAppProviderService extends IntentService {
        Uri uri = InstalledAppProvider.getAppUri(packageName);
        context.getContentResolver().delete(uri, null, null);
    }
-
-    /**
-     * Get the fingerprint used to represent an APK signing key in F-Droid.
-     * This is a custom fingerprint algorithm that was kind of accidentally
-     * created, but is still in use.
-     */
-    private static String getPackageSig(PackageInfo info) {
-        if (info == null || info.signatures == null || info.signatures.length < 1) {
-            return "";
-        }
-        Signature sig = info.signatures[0];
-        String sigHash = "";
-        try {
-            Hasher hash = new Hasher("MD5", sig.toCharsString().getBytes());
-            sigHash = hash.getHash();
-        } catch (NoSuchAlgorithmException e) {
-            // ignore
-        }
-        return sigHash;
-    }
-
 }