Karl/BobStore
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add extra checks when running Utils.calcFingerprint()

Browse Source 
These provide a sanity check when calculating a fingerprint from a X.509
certificate stored as `repo.pubkey`.
This commit is contained in:
Hans-Christoph Steiner 2014-05-01 12:36:26 -04:00
parent c288fd5534
commit b8cffa6744
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/org/fdroid/fdroid/Utils.java
View File

@ -218,9 +218,11 @@ public final class Utils {
} }
public static String calcFingerprint(String keyHexString) { public static String calcFingerprint(String keyHexString) {
if (TextUtils.isEmpty(keyHexString)) if (TextUtils.isEmpty(keyHexString)
|| keyHexString.matches(".*[^a-fA-F0-9].*")) {
Log.e("FDroid", "Signing key certificate was blank or contained a non-hex-digit!");
return null; return null;
else } else
return calcFingerprint(Hasher.unhex(keyHexString)); return calcFingerprint(Hasher.unhex(keyHexString));
} }
@ -234,6 +236,10 @@ public final class Utils {
public static String calcFingerprint(byte[] key) { public static String calcFingerprint(byte[] key) {
String ret = null; String ret = null;
if (key.length < 256) {
Log.e("FDroid", "key was shorter than 256 bytes (" + key.length + "), cannot be valid!");
return null;
}
try { try {
// keytool -list -v gives you the SHA-256 fingerprint // keytool -list -v gives you the SHA-256 fingerprint
MessageDigest digest = MessageDigest.getInstance("SHA-256"); MessageDigest digest = MessageDigest.getInstance("SHA-256");