diff --git a/app/src/main/java/foundation/e/apps/MainActivity.kt b/app/src/main/java/foundation/e/apps/MainActivity.kt index c4d95fceabed9f5e7ae9f5c3ad18de7e0f191b82..98838bd35df83b31b705d1a9bf4207d8921a3fd9 100644 --- a/app/src/main/java/foundation/e/apps/MainActivity.kt +++ b/app/src/main/java/foundation/e/apps/MainActivity.kt @@ -54,12 +54,12 @@ import foundation.e.apps.ui.setup.signin.SignInViewModel import foundation.e.apps.utils.SystemInfoProvider import foundation.e.apps.utils.eventBus.AppEvent import foundation.e.apps.utils.eventBus.EventBus -import javax.inject.Inject import kotlinx.coroutines.flow.collectLatest import kotlinx.coroutines.flow.distinctUntilChanged import kotlinx.coroutines.flow.filter import kotlinx.coroutines.launch import timber.log.Timber +import javax.inject.Inject @AndroidEntryPoint class MainActivity : AppCompatActivity() { diff --git a/app/src/main/java/foundation/e/apps/data/cleanapk/ApkSignatureManager.kt b/app/src/main/java/foundation/e/apps/data/cleanapk/ApkSignatureManager.kt index 9693d52299713b13762fc29673dcfc1475863103..3e0f4d20dfd2d1f1740ae19021db2cf21361da21 100644 --- a/app/src/main/java/foundation/e/apps/data/cleanapk/ApkSignatureManager.kt +++ b/app/src/main/java/foundation/e/apps/data/cleanapk/ApkSignatureManager.kt @@ -34,13 +34,14 @@ import java.io.InputStream import java.security.Security object ApkSignatureManager { - fun verifyFdroidSignature(context: Context, apkFilePath: String, signature: String): Boolean { + fun verifyFdroidSignature(context: Context, apkFilePath: String, signature: String, packageName: String): Boolean { Security.addProvider(BouncyCastleProvider()) try { return verifyAPKSignature( BufferedInputStream(FileInputStream(apkFilePath)), signature.byteInputStream(Charsets.UTF_8), - context.assets.open("f-droid.org-signing-key.gpg") + context.assets.open("f-droid.org-signing-key.gpg"), + packageName ) } catch (e: Exception) { Timber.e(e) @@ -51,10 +52,11 @@ object ApkSignatureManager { private fun verifyAPKSignature( apkInputStream: BufferedInputStream, apkSignatureInputStream: InputStream, - publicKeyInputStream: InputStream + publicKeyInputStream: InputStream, + packageName: String ): Boolean { try { - val signature = extractSignature(apkSignatureInputStream) + val signature = extractSignature(apkSignatureInputStream) ?: return false val pgpPublicKeyRingCollection = PGPPublicKeyRingCollection( PGPUtil.getDecoderStream(publicKeyInputStream), @@ -66,7 +68,7 @@ object ApkSignatureManager { updateSignature(apkInputStream, signature) return signature.verify() } catch (e: Exception) { - e.printStackTrace() + Timber.e(e, "Signature verification failed for: $packageName") } finally { apkInputStream.close() apkSignatureInputStream.close() @@ -76,20 +78,21 @@ object ApkSignatureManager { return false } - private fun extractSignature(apkSignatureInputStream: InputStream): PGPSignature { + private fun extractSignature(apkSignatureInputStream: InputStream): PGPSignature? { var jcaPGPObjectFactory = JcaPGPObjectFactory(PGPUtil.getDecoderStream(apkSignatureInputStream)) val pgpSignatureList: PGPSignatureList - val pgpObject = jcaPGPObjectFactory.nextObject() + val pgpObject = jcaPGPObjectFactory.nextObject() ?: return null + if (pgpObject is PGPCompressedData) { jcaPGPObjectFactory = JcaPGPObjectFactory(pgpObject.dataStream) pgpSignatureList = jcaPGPObjectFactory.nextObject() as PGPSignatureList } else { pgpSignatureList = pgpObject as PGPSignatureList } - val signature = pgpSignatureList.get(0) - return signature + + return pgpSignatureList.get(0) } private fun updateSignature( diff --git a/app/src/main/java/foundation/e/apps/data/fdroid/FdroidRepository.kt b/app/src/main/java/foundation/e/apps/data/fdroid/FdroidRepository.kt index fe2b08f0eed68d74586f76e064ac83ca9295db23..237592fae83ce89c21b0adeb5f0c60db00459dc7 100644 --- a/app/src/main/java/foundation/e/apps/data/fdroid/FdroidRepository.kt +++ b/app/src/main/java/foundation/e/apps/data/fdroid/FdroidRepository.kt @@ -56,7 +56,7 @@ class FdroidRepository @Inject constructor( override suspend fun isFdroidApplicationSigned(context: Context, packageName: String, apkFilePath: String, signature: String): Boolean { if (isFdroidApplication(packageName)) { - return ApkSignatureManager.verifyFdroidSignature(context, apkFilePath, signature) + return ApkSignatureManager.verifyFdroidSignature(context, apkFilePath, signature, packageName) } return false } diff --git a/app/src/main/java/foundation/e/apps/data/gplay/utils/GPlayHttpClient.kt b/app/src/main/java/foundation/e/apps/data/gplay/utils/GPlayHttpClient.kt index b502cd75672054783c1c4d63c6a76f4889ba570a..839d7c168229231301718c71f0d6289a27dd0abf 100644 --- a/app/src/main/java/foundation/e/apps/data/gplay/utils/GPlayHttpClient.kt +++ b/app/src/main/java/foundation/e/apps/data/gplay/utils/GPlayHttpClient.kt @@ -45,7 +45,7 @@ import java.util.concurrent.TimeUnit import javax.inject.Inject class GPlayHttpClient @Inject constructor( - private val cache: Cache, + private val cache: Cache, ) : IHttpClient { private val POST = "POST" @@ -174,6 +174,7 @@ class GPlayHttpClient @Inject constructor( when (e) { is UnknownHostException, is SocketTimeoutException -> handleExceptionOnGooglePlayRequest(e) + else -> handleExceptionOnGooglePlayRequest(e) } } finally { diff --git a/app/src/main/java/foundation/e/apps/data/login/LoginViewModel.kt b/app/src/main/java/foundation/e/apps/data/login/LoginViewModel.kt index 3fbf6c10e96266a7cd879cc7d072565b8479476a..659ed83187d1230832e038f1e9cceca5a41bf1ed 100644 --- a/app/src/main/java/foundation/e/apps/data/login/LoginViewModel.kt +++ b/app/src/main/java/foundation/e/apps/data/login/LoginViewModel.kt @@ -24,8 +24,8 @@ import dagger.hilt.android.lifecycle.HiltViewModel import foundation.e.apps.data.enums.User import foundation.e.apps.ui.parentFragment.LoadingViewModel import kotlinx.coroutines.launch -import javax.inject.Inject import okhttp3.Cache +import javax.inject.Inject /** * ViewModel to handle all login related operations. diff --git a/app/src/main/java/foundation/e/apps/data/updates/UpdatesManagerImpl.kt b/app/src/main/java/foundation/e/apps/data/updates/UpdatesManagerImpl.kt index 764cab30a2d8cd637ce93375e3ea0b8239c4b40c..0b16b840dfc0ce4279021f35c8fc75492063edc5 100644 --- a/app/src/main/java/foundation/e/apps/data/updates/UpdatesManagerImpl.kt +++ b/app/src/main/java/foundation/e/apps/data/updates/UpdatesManagerImpl.kt @@ -269,7 +269,7 @@ class UpdatesManagerImpl @Inject constructor( val fDroidUpdatablePackageNames = fDroidAppsAndSignatures.filter { // For each installed app also present on F-droid, check signature of base APK. val baseApkPath = pkgManagerModule.getBaseApkPath(it.key) - ApkSignatureManager.verifyFdroidSignature(context, baseApkPath, it.value) + ApkSignatureManager.verifyFdroidSignature(context, baseApkPath, it.value, it.key) }.map { it.key } return fDroidUpdatablePackageNames diff --git a/app/src/main/java/foundation/e/apps/ui/search/SearchViewModel.kt b/app/src/main/java/foundation/e/apps/ui/search/SearchViewModel.kt index 90e07f32bf5620d06ce6f2f7a8406ff1b8fb276d..6a2e807747c86fcebf1f983a67549c602ace0207 100644 --- a/app/src/main/java/foundation/e/apps/ui/search/SearchViewModel.kt +++ b/app/src/main/java/foundation/e/apps/ui/search/SearchViewModel.kt @@ -19,7 +19,6 @@ package foundation.e.apps.ui.search import androidx.lifecycle.LifecycleOwner -import androidx.lifecycle.LiveData import androidx.lifecycle.MutableLiveData import androidx.lifecycle.viewModelScope import com.aurora.gplayapi.SearchSuggestEntry @@ -42,7 +41,6 @@ import timber.log.Timber import javax.inject.Inject import kotlin.coroutines.coroutineContext - @HiltViewModel class SearchViewModel @Inject constructor( private val fusedAPIRepository: FusedAPIRepository, @@ -159,7 +157,7 @@ class SearchViewModel @Inject constructor( val isFirstFetch = nextSubBundle == null nextSubBundle = gplaySearchResult.data?.second - //first page has less data, then fetch next page data without waiting for users' scroll + // first page has less data, then fetch next page data without waiting for users' scroll if (isFirstFetch) { CoroutineScope(coroutineContext).launch { fetchGplayData(query)