diff --git a/app/build.gradle b/app/build.gradle index 09b8a5f96..faedc7f74 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -49,9 +49,8 @@ dependencies { compile 'com.fasterxml.jackson.core:jackson-annotations:2.8.7' compile 'com.fasterxml.jackson.core:jackson-databind:2.8.7' - compile 'com.madgag.spongycastle:pkix:1.54.0.0' - compile 'com.madgag.spongycastle:prov:1.54.0.0' - compile 'com.madgag.spongycastle:core:1.54.0.0' + compile 'org.bouncycastle:bcpkix-jdk15on:1.59' + compile 'org.bouncycastle:bcprov-jdk15on:1.59' testCompile "org.robolectric:robolectric:3.3.2" testCompile 'junit:junit:4.12' @@ -85,6 +84,7 @@ dependencyVerification { 'com.android.support:design:7225973f7ee03765008a9c2f17a40b154c6885169fef022276e811c926a2202c', 'com.android.support:gridlayout-v7:2f5af33c4be1d3e4e3fa999323265718ac1a4c81df4c0373d6ce8901613b1671', 'com.android.support:palette-v7:6d24037fb375c7884f878edeb88c812b87a05c69221513507ecea21c257d6314', + 'com.android.support:preference-v7:a1798a826b4097d00e49280f412b21af08f9bf1179c2e3838dc339d9f843416d', 'com.android.support:recyclerview-v7:d735e4727878e99ef3980c10d15dc3468462fd509d4fb60cb8bd20b0f735085c', 'com.android.support:support-annotations:3365960206c3d2b09e845f555e7f88f8effc8d2f00b369e66c4be384029299cf', 'com.android.support:support-compat:880ce01ff5be42b233ff8ec0c61cefb7dc3dc9500fea9e24423214813ac27ea2', @@ -101,16 +101,16 @@ dependencyVerification { 'com.github.pserwylo:BottomNavigation:83d7941a7a8d21ba1a8a708cd683b1bb07c6cf898044dc92eadf18a7a7d54f90', 'com.google.zxing:core:52dd6211bbaf4e600de693834d597e49707f3e6606e1f5d3740fbb8274466abe', 'com.hannesdorfmann:adapterdelegates3:1b20d099d6e7afe57aceca13b713b386959d94a247c3c06a7aeb65b866ece02f', - 'com.madgag.spongycastle:core:1e7fa4b19ccccd1011364ab838d0b4702470c178bbbdd94c5c90b2d4d749ea1e', - 'com.madgag.spongycastle:pkix:721a302f5ce18bf6fff89d514ef224c37b5dd9ca67a16b56fafaea4b24a51482', - 'com.madgag.spongycastle:prov:cf89c550fda86c0f26858c3d851ac1d2ce49cd78dd144cd86f307b7ea3e6afd7', 'com.nostra13.universalimageloader:universal-image-loader:dbd5197ffec3a8317533190870a7c00ff3750dd6a31241448c6a5522d51b65b4', 'eu.chainfire:libsuperuser:018344ff19ee94d252c14b4a503ee8b519184db473a5af83513f5837c413b128', 'info.guardianproject.netcipher:netcipher:eeeb5d0d95ccfe176b4296cbd71a9a24c6efb0bab5c4025a8c6bc36abdddfc75', 'info.guardianproject.panic:panic:a7ed9439826db2e9901649892cf9afbe76f00991b768d8f4c26332d7c9406cb2', 'io.reactivex:rxandroid:35c1a90f8c1f499db3c1f3d608e1f191ac8afddb10c02dd91ef04c03a0a4bcda', 'io.reactivex:rxjava:2c162afd78eba217cdfee78b60e85d3bfb667db61e12bc95e3cf2ddc5beeadf6', + 'org.bouncycastle:bcpkix-jdk15on:601d85cfbcef76a1cb77cbf755a6234a4ba1d4c02a98d9a81028d471f388694f', + 'org.bouncycastle:bcprov-jdk15on:1c31e44e331d25e46d293b3e8ee2d07028a67db011e74cb2443285aed1d59c85', 'org.jmdns:jmdns:24e7e3a50a579136400e8c9b0750399eb3c7558918bdf52c0ffa5e0fa5aad503', + 'org.nanohttpd:nanohttpd:de864c47818157141a24c9acb36df0c47d7bf15b7ff48c90610f3eb4e5df0e58', 'org.slf4j:slf4j-api:e56288031f5e60652c06e7bb6e9fa410a61231ab54890f7b708fc6adc4107c5b', ] } diff --git a/app/proguard-rules.pro b/app/proguard-rules.pro index 06752191a..af1d1faec 100644 --- a/app/proguard-rules.pro +++ b/app/proguard-rules.pro @@ -22,7 +22,7 @@ # removed, proguard will strip classes which are required, which may result in # crashes. -keep class kellinwood.security.zipsigner.** {*;} --keep class org.spongycastle.** {*;} +-keep class org.bouncycastle.** {*;} # This keeps class members used for SystemInstaller IPC. # Reference: https://gitlab.com/fdroid/fdroidclient/issues/79 diff --git a/app/src/main/java/kellinwood/security/zipsigner/optional/CertCreator.java b/app/src/main/java/kellinwood/security/zipsigner/optional/CertCreator.java index 3a15ceae4..1ee75051c 100644 --- a/app/src/main/java/kellinwood/security/zipsigner/optional/CertCreator.java +++ b/app/src/main/java/kellinwood/security/zipsigner/optional/CertCreator.java @@ -1,8 +1,8 @@ package kellinwood.security.zipsigner.optional; import kellinwood.security.zipsigner.KeySet; -import org.spongycastle.jce.X509Principal; -import org.spongycastle.x509.X509V3CertificateGenerator; +import org.bouncycastle.jce.X509Principal; +import org.bouncycastle.x509.X509V3CertificateGenerator; import java.io.File; import java.io.IOException; diff --git a/app/src/main/java/kellinwood/security/zipsigner/optional/DistinguishedNameValues.java b/app/src/main/java/kellinwood/security/zipsigner/optional/DistinguishedNameValues.java index 3febea007..841629388 100644 --- a/app/src/main/java/kellinwood/security/zipsigner/optional/DistinguishedNameValues.java +++ b/app/src/main/java/kellinwood/security/zipsigner/optional/DistinguishedNameValues.java @@ -1,8 +1,8 @@ package kellinwood.security.zipsigner.optional; -import org.spongycastle.asn1.ASN1ObjectIdentifier; -import org.spongycastle.asn1.x500.style.BCStyle; -import org.spongycastle.jce.X509Principal; +import org.bouncycastle.asn1.ASN1ObjectIdentifier; +import org.bouncycastle.asn1.x500.style.BCStyle; +import org.bouncycastle.jce.X509Principal; import java.util.Iterator; import java.util.LinkedHashMap; diff --git a/app/src/main/java/kellinwood/security/zipsigner/optional/Fingerprint.java b/app/src/main/java/kellinwood/security/zipsigner/optional/Fingerprint.java index 5f075f49e..03beb14d4 100644 --- a/app/src/main/java/kellinwood/security/zipsigner/optional/Fingerprint.java +++ b/app/src/main/java/kellinwood/security/zipsigner/optional/Fingerprint.java @@ -3,7 +3,7 @@ package kellinwood.security.zipsigner.optional; import kellinwood.logging.LoggerInterface; import kellinwood.logging.LoggerManager; import kellinwood.security.zipsigner.Base64; -import org.spongycastle.util.encoders.HexTranslator; +import org.bouncycastle.util.encoders.HexTranslator; import java.security.MessageDigest; diff --git a/app/src/main/java/kellinwood/security/zipsigner/optional/KeyStoreFileManager.java b/app/src/main/java/kellinwood/security/zipsigner/optional/KeyStoreFileManager.java index 198d6df2e..7ed9a512f 100644 --- a/app/src/main/java/kellinwood/security/zipsigner/optional/KeyStoreFileManager.java +++ b/app/src/main/java/kellinwood/security/zipsigner/optional/KeyStoreFileManager.java @@ -3,7 +3,7 @@ package kellinwood.security.zipsigner.optional; import kellinwood.logging.LoggerInterface; import kellinwood.logging.LoggerManager; -import org.spongycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.jce.provider.BouncyCastleProvider; import java.io.*; import java.security.*; @@ -28,8 +28,8 @@ public class KeyStoreFileManager { static LoggerInterface logger = LoggerManager.getLogger( KeyStoreFileManager.class.getName()); static { - // Add the spongycastle version of the BC provider so that the implementation classes returned - // from the keystore are all from the spongycastle libs. + // Add the bouncycastle version of the BC provider so that the implementation classes returned + // from the keystore are all from the bouncycastle libs. Security.addProvider(getProvider()); } diff --git a/app/src/main/java/kellinwood/security/zipsigner/optional/SignatureBlockGenerator.java b/app/src/main/java/kellinwood/security/zipsigner/optional/SignatureBlockGenerator.java index e16a12d41..ee01cc765 100644 --- a/app/src/main/java/kellinwood/security/zipsigner/optional/SignatureBlockGenerator.java +++ b/app/src/main/java/kellinwood/security/zipsigner/optional/SignatureBlockGenerator.java @@ -1,14 +1,14 @@ package kellinwood.security.zipsigner.optional; import kellinwood.security.zipsigner.KeySet; -import org.spongycastle.cert.jcajce.JcaCertStore; -import org.spongycastle.cms.*; -import org.spongycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; -import org.spongycastle.operator.ContentSigner; -import org.spongycastle.operator.DigestCalculatorProvider; -import org.spongycastle.operator.jcajce.JcaContentSignerBuilder; -import org.spongycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; -import org.spongycastle.util.Store; +import org.bouncycastle.cert.jcajce.JcaCertStore; +import org.bouncycastle.cms.*; +import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.DigestCalculatorProvider; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; +import org.bouncycastle.util.Store; import java.util.ArrayList; import java.util.List; diff --git a/app/src/main/java/org/fdroid/fdroid/FDroidApp.java b/app/src/main/java/org/fdroid/fdroid/FDroidApp.java index c68f6737c..2163cd363 100644 --- a/app/src/main/java/org/fdroid/fdroid/FDroidApp.java +++ b/app/src/main/java/org/fdroid/fdroid/FDroidApp.java @@ -121,7 +121,7 @@ public class FDroidApp extends Application { private static volatile int timeout = 10000; // Leaving the fully qualified class name here to help clarify the difference between spongy/bouncy castle. - private static final org.spongycastle.jce.provider.BouncyCastleProvider SPONGYCASTLE_PROVIDER; + private static final org.bouncycastle.jce.provider.BouncyCastleProvider BOUNCYCASTLE_PROVIDER; @SuppressWarnings("unused") BluetoothAdapter bluetoothAdapter; @@ -135,8 +135,8 @@ public class FDroidApp extends Application { NotificationHelper notificationHelper; static { - SPONGYCASTLE_PROVIDER = new org.spongycastle.jce.provider.BouncyCastleProvider(); - enableSpongyCastle(); + BOUNCYCASTLE_PROVIDER = new org.bouncycastle.jce.provider.BouncyCastleProvider(); + enableBouncyCastle(); } private static Theme curTheme = Theme.light; @@ -209,19 +209,19 @@ public class FDroidApp extends Application { activity.overridePendingTransition(0, 0); } - public static void enableSpongyCastle() { - Security.addProvider(SPONGYCASTLE_PROVIDER); + public static void enableBouncyCastle() { + Security.addProvider(BOUNCYCASTLE_PROVIDER); } - public static void enableSpongyCastleOnLollipop() { + public static void enableBouncyCastleOnLollipop() { if (Build.VERSION.SDK_INT == 21) { - Security.addProvider(SPONGYCASTLE_PROVIDER); + Security.addProvider(BOUNCYCASTLE_PROVIDER); } } - public static void disableSpongyCastleOnLollipop() { + public static void disableBouncyCastleOnLollipop() { if (Build.VERSION.SDK_INT == 21) { - Security.removeProvider(SPONGYCASTLE_PROVIDER.getName()); + Security.removeProvider(BOUNCYCASTLE_PROVIDER.getName()); } } diff --git a/app/src/main/java/org/fdroid/fdroid/RepoUpdater.java b/app/src/main/java/org/fdroid/fdroid/RepoUpdater.java index 0e82b16d2..95fedf9c5 100644 --- a/app/src/main/java/org/fdroid/fdroid/RepoUpdater.java +++ b/app/src/main/java/org/fdroid/fdroid/RepoUpdater.java @@ -203,10 +203,10 @@ public class RepoUpdater { throw new UpdateException(downloadedFile + " does not exist!"); } - // Due to a bug in Android 5.0 Lollipop, the inclusion of spongycastle causes + // Due to a bug in Android 5.0 Lollipop, the inclusion of bouncycastle causes // breakage when verifying the signature of the downloaded .jar. For more // details, check out https://gitlab.com/fdroid/fdroidclient/issues/111. - FDroidApp.disableSpongyCastleOnLollipop(); + FDroidApp.disableBouncyCastleOnLollipop(); JarFile jarFile = new JarFile(downloadedFile, true); JarEntry indexEntry = (JarEntry) jarFile.getEntry("index.xml"); @@ -237,7 +237,7 @@ public class RepoUpdater { } catch (SAXException | ParserConfigurationException | IOException e) { throw new UpdateException("Error parsing index", e); } finally { - FDroidApp.enableSpongyCastleOnLollipop(); + FDroidApp.enableBouncyCastleOnLollipop(); Utils.closeQuietly(indexInputStream); if (downloadedFile != null) { if (!downloadedFile.delete()) { diff --git a/app/src/main/java/org/fdroid/fdroid/data/App.java b/app/src/main/java/org/fdroid/fdroid/data/App.java index aff0a6e78..4e751bd2d 100644 --- a/app/src/main/java/org/fdroid/fdroid/data/App.java +++ b/app/src/main/java/org/fdroid/fdroid/data/App.java @@ -797,7 +797,7 @@ public class App extends ValueObject implements Comparable, Parcelable { // breakage when verifying the signature of most .jars. For more // details, check out https://gitlab.com/fdroid/fdroidclient/issues/111. try { - FDroidApp.disableSpongyCastleOnLollipop(); + FDroidApp.disableBouncyCastleOnLollipop(); final InputStream tmpIn = apkJar.getInputStream(aSignedEntry); byte[] buff = new byte[2048]; //noinspection StatementWithEmptyBody @@ -818,7 +818,7 @@ public class App extends ValueObject implements Comparable, Parcelable { final Certificate signer = aSignedEntry.getCertificates()[0]; rawCertBytes = signer.getEncoded(); } finally { - FDroidApp.enableSpongyCastleOnLollipop(); + FDroidApp.enableBouncyCastleOnLollipop(); } apkJar.close(); diff --git a/app/src/main/java/org/fdroid/fdroid/installer/ApkSignatureVerifier.java b/app/src/main/java/org/fdroid/fdroid/installer/ApkSignatureVerifier.java index 84d3350d8..c200efba9 100644 --- a/app/src/main/java/org/fdroid/fdroid/installer/ApkSignatureVerifier.java +++ b/app/src/main/java/org/fdroid/fdroid/installer/ApkSignatureVerifier.java @@ -26,7 +26,7 @@ import android.content.pm.PackageManager; import android.content.pm.Signature; import org.acra.ACRA; import org.fdroid.fdroid.Utils; -import org.spongycastle.util.encoders.Hex; +import org.bouncycastle.util.encoders.Hex; import java.io.ByteArrayOutputStream; import java.io.File; diff --git a/app/src/main/java/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java b/app/src/main/java/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java index 8706a5aea..d41bab19d 100644 --- a/app/src/main/java/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java +++ b/app/src/main/java/org/fdroid/fdroid/localrepo/LocalRepoKeyStore.java @@ -5,19 +5,19 @@ import android.util.Log; import kellinwood.security.zipsigner.ZipSigner; import org.fdroid.fdroid.FDroidApp; import org.fdroid.fdroid.Utils; -import org.spongycastle.asn1.ASN1Sequence; -import org.spongycastle.asn1.x500.X500Name; -import org.spongycastle.asn1.x509.GeneralName; -import org.spongycastle.asn1.x509.GeneralNames; -import org.spongycastle.asn1.x509.SubjectPublicKeyInfo; -import org.spongycastle.asn1.x509.Time; -import org.spongycastle.asn1.x509.X509Extension; -import org.spongycastle.cert.X509CertificateHolder; -import org.spongycastle.cert.X509v3CertificateBuilder; -import org.spongycastle.cert.jcajce.JcaX509CertificateConverter; -import org.spongycastle.operator.ContentSigner; -import org.spongycastle.operator.OperatorCreationException; -import org.spongycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.asn1.ASN1Sequence; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.GeneralName; +import org.bouncycastle.asn1.x509.GeneralNames; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.asn1.x509.Time; +import org.bouncycastle.asn1.x509.X509Extension; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; diff --git a/app/src/main/java/org/fdroid/fdroid/net/HttpDownloader.java b/app/src/main/java/org/fdroid/fdroid/net/HttpDownloader.java index 619f48c00..b8d9e66e6 100644 --- a/app/src/main/java/org/fdroid/fdroid/net/HttpDownloader.java +++ b/app/src/main/java/org/fdroid/fdroid/net/HttpDownloader.java @@ -9,7 +9,7 @@ import org.apache.commons.io.FileUtils; import org.fdroid.fdroid.BuildConfig; import org.fdroid.fdroid.FDroidApp; import org.fdroid.fdroid.Utils; -import org.spongycastle.util.encoders.Base64; +import org.bouncycastle.util.encoders.Base64; import java.io.BufferedInputStream; import java.io.File; diff --git a/extern/zipsigner/build.gradle b/extern/zipsigner/build.gradle deleted file mode 100644 index 39051b869..000000000 --- a/extern/zipsigner/build.gradle +++ /dev/null @@ -1,14 +0,0 @@ -apply plugin: 'java' - -repositories { - jcenter() -} - -sourceCompatibility = 1.7 -targetCompatibility = 1.7 - -dependencies { - compile 'com.madgag.spongycastle:pkix:1.53.0.0' - compile 'com.madgag.spongycastle:prov:1.53.0.0' - compile 'com.madgag.spongycastle:core:1.53.0.0' -}