Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
e
os
App Lounge
Commits
4c5fa201
Commit
4c5fa201
authored
Aug 23, 2021
by
narinder Rana
Browse files
update for testing
parent
82b82377
Pipeline
#131468
failed with stage
in 5 minutes and 7 seconds
Changes
1
Pipelines
2
Hide whitespace changes
Inline
Side-by-side
app/src/main/java/foundation/e/apps/application/model/IntegrityVerificationTask.kt
View file @
4c5fa201
...
...
@@ -23,6 +23,7 @@ import android.content.pm.PackageInfo
import
android.content.pm.PackageManager
import
android.content.pm.Signature
import
android.os.AsyncTask
import
android.os.Environment
import
android.os.Handler
import
android.os.Looper
import
android.util.Log
...
...
@@ -49,18 +50,24 @@ import java.security.MessageDigest
import
java.security.Security
class
IntegrityVerificationTask
(
private
val
applicationInfo
:
ApplicationInfo
,
private
val
fullData
:
FullData
,
private
val
integrityVerificationCallback
:
IntegrityVerificationCallback
private
val
applicationInfo
:
ApplicationInfo
,
private
val
fullData
:
FullData
,
private
val
integrityVerificationCallback
:
IntegrityVerificationCallback
)
:
AsyncTask
<
Context
,
Void
,
Context
>()
{
private
lateinit
var
systemJsonData
:
JSONObject
private
var
verificationSuccessful
:
Boolean
=
false
private
var
TAG
=
"IntegrityVerificationTask"
override
fun
doInBackground
(
vararg
context
:
Context
):
Context
{
try
{
verificationSuccessful
=
if
(
isSystemApplication
(
fullData
.
packageName
))
{
verifySystemSignature
(
context
[
0
])
//verifySystemSignature(context[0])
verifySystemValues
(
context
[
0
])
}
else
if
(
isfDroidApplication
(
fullData
.
packageName
))
{
verifyFdroidSignature
(
context
[
0
])
}
else
{
...
...
@@ -88,9 +95,30 @@ class IntegrityVerificationTask(
if
(!
fullData
.
getLastVersion
()
?.
signature
.
isNullOrEmpty
())
{
return
fullData
.
getLastVersion
()
?.
signature
==
getSystemSignature
(
context
.
packageManager
)
?.
toCharsString
()
}
else
{
}
return
false
}
private
fun
verifySystemValues
(
context
:
Context
):
Boolean
{
val
pm
:
PackageManager
=
context
.
packageManager
val
fullPath
:
String
=
applicationInfo
.
getApkFile
(
context
,
fullData
.
basicData
).
absolutePath
val
info
=
pm
.
getPackageArchiveInfo
(
fullPath
,
0
)
if
(
info
!=
null
)
{
Log
.
e
(
"TAG"
,
".................."
+
info
.
packageName
)
Log
.
e
(
"TAG"
,
".................."
+
info
.
signatures
)
};
return
false
;
//
// return (fullData.basicData.id==systemJsonData.getString("project_id")
// && fullData.basicData.name==systemJsonData.getString("app_name"))
}
private
fun
getFirstSignature
(
pkg
:
PackageInfo
?):
Signature
?
{
return
if
(
pkg
?.
signatures
!=
null
&&
pkg
.
signatures
.
isNotEmpty
())
{
...
...
@@ -111,17 +139,17 @@ class IntegrityVerificationTask(
private
fun
verifyFdroidSignature
(
context
:
Context
):
Boolean
{
Security
.
addProvider
(
BouncyCastleProvider
())
return
verifyAPKSignature
(
context
,
BufferedInputStream
(
FileInputStream
(
applicationInfo
.
getApkFile
(
context
,
fullData
.
basicData
).
absolutePath
)
),
fullData
.
getLastVersion
()
!!
.
signature
.
byteInputStream
(
Charsets
.
UTF_8
),
context
.
assets
.
open
(
"f-droid.org-signing-key.gpg"
)
context
,
BufferedInputStream
(
FileInputStream
(
applicationInfo
.
getApkFile
(
context
,
fullData
.
basicData
).
absolutePath
)
),
fullData
.
getLastVersion
()
!!
.
signature
.
byteInputStream
(
Charsets
.
UTF_8
),
context
.
assets
.
open
(
"f-droid.org-signing-key.gpg"
)
)
}
...
...
@@ -159,8 +187,14 @@ class IntegrityVerificationTask(
}
}
try
{
return
JSONObject
(
jsonResponse
).
has
(
packageName
);
if
(
JSONObject
(
jsonResponse
).
has
(
packageName
)){
systemJsonData
=
JSONObject
(
jsonResponse
).
getJSONObject
(
packageName
);
return
true
}
else
{
return
false
}
// return JSONObject(jsonResponse).has(packageName);
}
catch
(
e
:
Exception
)
{
if
(
e
is
JSONException
)
{
Log
.
d
(
TAG
,
"$packageName is not a system application"
)
...
...
@@ -199,10 +233,10 @@ class IntegrityVerificationTask(
}
private
fun
verifyAPKSignature
(
context
:
Context
,
apkInputStream
:
BufferedInputStream
,
apkSignatureInputStream
:
InputStream
,
publicKeyInputStream
:
InputStream
context
:
Context
,
apkInputStream
:
BufferedInputStream
,
apkSignatureInputStream
:
InputStream
,
publicKeyInputStream
:
InputStream
):
Boolean
{
try
{
...
...
@@ -220,8 +254,8 @@ class IntegrityVerificationTask(
val
pgpPublicKeyRingCollection
=
PGPPublicKeyRingCollection
(
PGPUtil
.
getDecoderStream
(
publicKeyInputStream
),
JcaKeyFingerprintCalculator
()
PGPUtil
.
getDecoderStream
(
publicKeyInputStream
),
JcaKeyFingerprintCalculator
()
)
val
signature
=
pgpSignatureList
.
get
(
0
)
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment