Merge branch 'check-privileged-certificate' into 'master'

Verify apk signature of privileged extension before installation This implements a check that the signature of the extension apk is the same as the signature of F-Droid before installing the extension apk. Related issue: https://gitlab.com/fdroid/fdroidclient/issues/437 See merge request !256
2016-04-13 11:50:54 +00:00 · 2016-04-13 11:50:54 +00:00 · d98d59a8d3
commit d98d59a8d3
parent f8ef7cda39 15ec420db4
2 changed files with 107 additions and 0 deletions
--- a/app/src/main/java/org/fdroid/fdroid/installer/ApkSignatureVerifier.java
+++ b/app/src/main/java/org/fdroid/fdroid/installer/ApkSignatureVerifier.java
@ -0,0 +1,98 @@
 /*
 * Copyright (C) 2016 Dominik Schürmann <dominik@dominikschuermann.de>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 3
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02110-1301, USA.
 */
 package org.fdroid.fdroid.installer;
 import android.annotation.SuppressLint;
 import android.content.Context;
 import android.content.pm.PackageInfo;
 import android.content.pm.PackageManager;
 import android.content.pm.Signature;
 import android.util.Log;
 import org.spongycastle.util.encoders.Hex;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.IOException;
 import java.util.Arrays;
 /**
 * NOTE: Silly Android API naming: APK signatures are actually certificates!
 * Thus, we are comparing certificates (including the public key) used to sign an APK,
 * not the actual APK signature.
 */
 public class ApkSignatureVerifier {
    private static final String TAG = "ApkSignatureVerifier";
    private final Context mContext;
    private final PackageManager mPm;
    ApkSignatureVerifier(Context context) {
        mContext = context;
        mPm = context.getPackageManager();
    }
    public boolean hasFDroidSignature(File apkFile) {
        byte[] apkSig = getApkSignature(apkFile);
        byte[] fdroidSig = getFDroidSignature();
        if (Arrays.equals(apkSig, fdroidSig)) {
            return true;
        }
        Log.d(TAG, "Signature mismatch!");
        Log.d(TAG, "APK sig: " + Hex.toHexString(getApkSignature(apkFile)));
        Log.d(TAG, "F-Droid sig: " + Hex.toHexString(getFDroidSignature()));
        return false;
    }
    private byte[] getApkSignature(File apkFile) {
        final String pkgPath = apkFile.getAbsolutePath();
        PackageInfo pkgInfo = mPm.getPackageArchiveInfo(pkgPath, PackageManager.GET_SIGNATURES);
        return signatureToBytes(pkgInfo.signatures);
    }
    private byte[] getFDroidSignature() {
        try {
            // we do check the byte array of *all* signatures
            @SuppressLint("PackageManagerGetSignatures")
            PackageInfo pkgInfo = mPm.getPackageInfo(mContext.getPackageName(),
                    PackageManager.GET_SIGNATURES);
            return signatureToBytes(pkgInfo.signatures);
        } catch (PackageManager.NameNotFoundException e) {
            throw new RuntimeException("Should not happen! F-Droid package not found!");
        }
    }
    private byte[] signatureToBytes(Signature[] signatures) {
        ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
        for (Signature sig : signatures) {
            try {
                outputStream.write(sig.toByteArray());
            } catch (IOException e) {
                throw new RuntimeException("Should not happen! Concatenating signatures failed");
            }
        }
        return outputStream.toByteArray();
    }
 }
--- a/app/src/main/java/org/fdroid/fdroid/installer/Installer.java
+++ b/app/src/main/java/org/fdroid/fdroid/installer/Installer.java
@ -25,6 +25,7 @@ import android.content.Intent;
 import android.content.pm.PackageManager;
 import android.util.Log;
 import org.fdroid.fdroid.BuildConfig;
 import org.fdroid.fdroid.Preferences;
 import org.fdroid.fdroid.Utils;
 import org.fdroid.fdroid.privileged.install.InstallExtensionDialogActivity;
@ -145,6 +146,14 @@ public abstract class Installer {
        // special case: F-Droid Privileged Extension
        if (packageName != null && packageName.equals(PrivilegedInstaller.PRIVILEGED_EXTENSION_PACKAGE_NAME)) {
            // extension must be signed with the same public key as main F-Droid
            // NOTE: Disabled for debug builds to be able to use official extension from repo
            ApkSignatureVerifier signatureVerifier = new ApkSignatureVerifier(mContext);
            if (!BuildConfig.DEBUG && !signatureVerifier.hasFDroidSignature(apkFile)) {
                throw new SecurityException("APK signature of extension not correct!");
            }
            Activity activity;
            try {
                activity = (Activity) mContext;