Karl/BobStore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

include signer fingerprint in Apk instance created from a file

Browse Source
This commit is contained in:
Hans-Christoph Steiner 2018-04-18 13:02:13 +02:00
parent ba2f1e1919
commit 16d15a358d
3 changed files with 23 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
app/src/main/java/org/fdroid/fdroid/Utils.java
View File

@ -21,6 +21,7 @@ package org.fdroid.fdroid;
import android.content.Context; import android.content.Context;
import android.content.pm.PackageInfo; import android.content.pm.PackageInfo;
import android.content.pm.PackageManager; import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.content.res.Resources; import android.content.res.Resources;
import android.database.Cursor; import android.database.Cursor;
import android.graphics.Bitmap; import android.graphics.Bitmap;
@ -377,6 +378,26 @@ public final class Utils {
return ret; return ret;
} }
/**
* Get the fingerprint used to represent an APK signing key in F-Droid.
* This is a custom fingerprint algorithm that was kind of accidentally
* created, but is still in use.
*/
public static String getPackageSig(PackageInfo info) {
if (info == null || info.signatures == null || info.signatures.length < 1) {
return "";
}
Signature sig = info.signatures[0];
String sigHash = "";
try {
Hasher hash = new Hasher("MD5", sig.toCharsString().getBytes());
sigHash = hash.getHash();
} catch (NoSuchAlgorithmException e) {
// ignore
}
return sigHash;
}
/** /**
* There is a method {@link java.util.Locale#forLanguageTag(String)} which would be useful * There is a method {@link java.util.Locale#forLanguageTag(String)} which would be useful
* for this, however it doesn't deal with android-specific language tags, which are a little * for this, however it doesn't deal with android-specific language tags, which are a little

2
app/src/main/java/org/fdroid/fdroid/data/App.java
View File

@ -712,10 +712,10 @@ public class App extends ValueObject implements Comparable<App>, Parcelable {
*/ */
private void initApkFromApkFile(Context context, Apk apk, PackageInfo packageInfo, SanitizedFile apkFile) private void initApkFromApkFile(Context context, Apk apk, PackageInfo packageInfo, SanitizedFile apkFile)
throws IOException, CertificateEncodingException { throws IOException, CertificateEncodingException {
// TODO include signature hash calculation here
if (apkFile.canRead()) { if (apkFile.canRead()) {
apk.hashType = "sha256"; apk.hashType = "sha256";
apk.hash = Utils.getBinaryHash(apkFile, apk.hashType); apk.hash = Utils.getBinaryHash(apkFile, apk.hashType);
apk.sig = Utils.getPackageSig(packageInfo);
} }
initInstalledApk(context, apk, packageInfo, apkFile); initInstalledApk(context, apk, packageInfo, apkFile);
} }

26
app/src/main/java/org/fdroid/fdroid/data/InstalledAppProviderService.java
View File

@ -6,14 +6,12 @@ import android.content.Context;
import android.content.Intent; import android.content.Intent;
import android.content.pm.PackageInfo; import android.content.pm.PackageInfo;
import android.content.pm.PackageManager; import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.net.Uri; import android.net.Uri;
import android.os.Process; import android.os.Process;
import android.support.annotation.Nullable; import android.support.annotation.Nullable;
import android.util.Log; import android.util.Log;
import org.acra.ACRA; import org.acra.ACRA;
import org.fdroid.fdroid.AppUpdateStatusManager; import org.fdroid.fdroid.AppUpdateStatusManager;
import org.fdroid.fdroid.Hasher;
import org.fdroid.fdroid.Utils; import org.fdroid.fdroid.Utils;
import org.fdroid.fdroid.data.Schema.InstalledAppTable; import org.fdroid.fdroid.data.Schema.InstalledAppTable;
import rx.functions.Action1; import rx.functions.Action1;
@ -22,7 +20,6 @@ import rx.subjects.PublishSubject;
import java.io.File; import java.io.File;
import java.io.FilenameFilter; import java.io.FilenameFilter;
import java.security.NoSuchAlgorithmException;
import java.util.Collections; import java.util.Collections;
import java.util.Comparator; import java.util.Comparator;
import java.util.List; import java.util.List;
@ -310,7 +307,7 @@ public class InstalledAppProviderService extends IntentService {
contentValues.put(InstalledAppTable.Cols.VERSION_NAME, packageInfo.versionName); contentValues.put(InstalledAppTable.Cols.VERSION_NAME, packageInfo.versionName);
contentValues.put(InstalledAppTable.Cols.APPLICATION_LABEL, contentValues.put(InstalledAppTable.Cols.APPLICATION_LABEL,
InstalledAppProvider.getApplicationLabel(context, packageInfo.packageName)); InstalledAppProvider.getApplicationLabel(context, packageInfo.packageName));
contentValues.put(InstalledAppTable.Cols.SIGNATURE, getPackageSig(packageInfo)); contentValues.put(InstalledAppTable.Cols.SIGNATURE, Utils.getPackageSig(packageInfo));
contentValues.put(InstalledAppTable.Cols.LAST_UPDATE_TIME, packageInfo.lastUpdateTime); contentValues.put(InstalledAppTable.Cols.LAST_UPDATE_TIME, packageInfo.lastUpdateTime);
contentValues.put(InstalledAppTable.Cols.HASH_TYPE, hashType); contentValues.put(InstalledAppTable.Cols.HASH_TYPE, hashType);
@ -324,25 +321,4 @@ public class InstalledAppProviderService extends IntentService {
Uri uri = InstalledAppProvider.getAppUri(packageName); Uri uri = InstalledAppProvider.getAppUri(packageName);
context.getContentResolver().delete(uri, null, null); context.getContentResolver().delete(uri, null, null);
} }
/**
* Get the fingerprint used to represent an APK signing key in F-Droid.
* This is a custom fingerprint algorithm that was kind of accidentally
* created, but is still in use.
*/
private static String getPackageSig(PackageInfo info) {
if (info == null || info.signatures == null || info.signatures.length < 1) {
return "";
}
Signature sig = info.signatures[0];
String sigHash = "";
try {
Hasher hash = new Hasher("MD5", sig.toCharsString().getBytes());
sigHash = hash.getHash();
} catch (NoSuchAlgorithmException e) {
// ignore
}
return sigHash;
}
} }