Commit 7c1193a5 authored by narinder Rana's avatar narinder Rana
Browse files

Merge branch 'issue_1892' into 'master'

handle exception issue_1892

See merge request e/apps/apps!57
parents ed6b5066 47045398
Pipeline #107368 passed with stage
in 4 minutes and 34 seconds
......@@ -19,6 +19,10 @@ package foundation.e.apps.application.model
import android.content.Context
import android.os.AsyncTask
import android.os.Handler
import android.os.Looper
import android.widget.Toast
import foundation.e.apps.R
import foundation.e.apps.application.model.data.FullData
import foundation.e.apps.utils.Constants
import org.bouncycastle.jce.provider.BouncyCastleProvider
......@@ -53,6 +57,7 @@ class IntegrityVerificationTask(
} else {
Security.addProvider(BouncyCastleProvider())
verifyAPKSignature(
context[0],
BufferedInputStream(FileInputStream(
applicationInfo.getApkFile(context[0],
fullData.basicData).absolutePath)),
......@@ -88,44 +93,56 @@ class IntegrityVerificationTask(
}
private fun verifyAPKSignature(
context: Context,
apkInputStream: BufferedInputStream,
apkSignatureInputStream: InputStream,
publicKeyInputStream: InputStream): Boolean {
try {
var jcaPGPObjectFactory =
JcaPGPObjectFactory(PGPUtil.getDecoderStream(apkSignatureInputStream))
val pgpSignatureList: PGPSignatureList
var jcaPGPObjectFactory =
JcaPGPObjectFactory(PGPUtil.getDecoderStream(apkSignatureInputStream))
val pgpSignatureList: PGPSignatureList
val pgpObject = jcaPGPObjectFactory.nextObject()
if (pgpObject is PGPCompressedData) {
jcaPGPObjectFactory = JcaPGPObjectFactory(pgpObject.dataStream)
pgpSignatureList = jcaPGPObjectFactory.nextObject() as PGPSignatureList
} else {
pgpSignatureList = pgpObject as PGPSignatureList
}
val pgpObject = jcaPGPObjectFactory.nextObject()
if (pgpObject is PGPCompressedData) {
jcaPGPObjectFactory = JcaPGPObjectFactory(pgpObject.dataStream)
pgpSignatureList = jcaPGPObjectFactory.nextObject() as PGPSignatureList
} else {
pgpSignatureList = pgpObject as PGPSignatureList
}
val pgpPublicKeyRingCollection =
PGPPublicKeyRingCollection(
PGPUtil.getDecoderStream(publicKeyInputStream),
JcaKeyFingerprintCalculator())
val pgpPublicKeyRingCollection =
PGPPublicKeyRingCollection(
PGPUtil.getDecoderStream(publicKeyInputStream),
JcaKeyFingerprintCalculator())
val signature = pgpSignatureList.get(0)
val key = pgpPublicKeyRingCollection.getPublicKey(signature.keyID)
val signature = pgpSignatureList.get(0)
val key = pgpPublicKeyRingCollection.getPublicKey(signature.keyID)
signature.init(BcPGPContentVerifierBuilderProvider(), key)
signature.init(BcPGPContentVerifierBuilderProvider(), key)
val buff = ByteArray(1024)
var read = apkInputStream.read(buff)
while (read != -1) {
signature.update(buff, 0, read)
read = apkInputStream.read(buff)
}
val buff = ByteArray(1024)
var read = apkInputStream.read(buff)
while (read != -1) {
signature.update(buff, 0, read)
read = apkInputStream.read(buff)
}
apkInputStream.close()
apkSignatureInputStream.close()
publicKeyInputStream.close()
return signature.verify()
} catch (e: Exception) {
e.printStackTrace()
apkInputStream.close()
apkSignatureInputStream.close()
publicKeyInputStream.close()
Handler(Looper.getMainLooper()).post {
val toast = Toast.makeText(context, context.resources.getString(R.string.Signature_verification_failed), Toast.LENGTH_LONG)
toast.show()
}
}
return signature.verify()
return false;
}
}
......
......@@ -184,4 +184,9 @@
<string name="microg_not_installed">Not Installed</string>
<string name="microg_installed">Installed</string>
<string name="Signature_verification_failed">Signature verification failed, aborting install</string>
</resources>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment