Added check for SHA1 key.

This commit is contained in:
krtkush 2018-10-14 19:16:28 +05:30
parent 7124d9bca5
commit e2341363d4

View file

@ -4,6 +4,9 @@ import android.app.Application;
import android.app.PendingIntent; import android.app.PendingIntent;
import android.content.Intent; import android.content.Intent;
import android.content.SharedPreferences; import android.content.SharedPreferences;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.net.Uri; import android.net.Uri;
import android.os.AsyncTask; import android.os.AsyncTask;
import android.preference.PreferenceManager; import android.preference.PreferenceManager;
@ -15,10 +18,18 @@ import org.json.JSONException;
import org.json.JSONObject; import org.json.JSONObject;
import java.io.BufferedReader; import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader; import java.io.InputStreamReader;
import java.net.HttpURLConnection; import java.net.HttpURLConnection;
import java.net.URL; import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
/** /**
* AsyncTask to check if there is a newer version of the NewPipe github apk available or not. * AsyncTask to check if there is a newer version of the NewPipe github apk available or not.
@ -29,6 +40,7 @@ public class CheckForNewAppVersionTask extends AsyncTask<Void, Void, String> {
private Application app = App.getContext(); private Application app = App.getContext();
private String GITHUB_APK_SHA1 = "B0:2E:90:7C:1C:D6:FC:57:C3:35:F0:88:D0:8F:50:5F:94:E4:D2:15";
private String newPipeApiUrl = "https://newpipe.schabi.org/api/data.json"; private String newPipeApiUrl = "https://newpipe.schabi.org/api/data.json";
private int timeoutPeriod = 10000; private int timeoutPeriod = 10000;
@ -39,23 +51,18 @@ public class CheckForNewAppVersionTask extends AsyncTask<Void, Void, String> {
mPrefs = PreferenceManager.getDefaultSharedPreferences(app); mPrefs = PreferenceManager.getDefaultSharedPreferences(app);
// Check if user has enabled/ disabled update checking. // Check if user has enabled/ disabled update checking
if (mPrefs.getBoolean(app.getString(R.string.update_app_key), true)) { // and if the current apk is a github one or not.
if (!mPrefs.getBoolean(app.getString(R.string.update_app_key), true)
// Go ahead with further checks. || !getCertificateSHA1Fingerprint().equals(GITHUB_APK_SHA1)) {
Log.i("pref---", "true");
} else {
Log.i("pref---", "false");
this.cancel(true); this.cancel(true);
} }
} }
@Override @Override
protected String doInBackground(Void... voids) { protected String doInBackground(Void... voids) {
// Make a network request to get latest NewPipe data. // Make a network request to get latest NewPipe data.
String response; String response;
HttpURLConnection connection = null; HttpURLConnection connection = null;
@ -167,4 +174,70 @@ public class CheckForNewAppVersionTask extends AsyncTask<Void, Void, String> {
notificationManager.notify(NOTIFICATION_ID, notificationBuilder.build()); notificationManager.notify(NOTIFICATION_ID, notificationBuilder.build());
} }
} }
/**
* Method to get the apk's SHA1 key.
* https://stackoverflow.com/questions/9293019/get-certificate-fingerprint-from-android-app#22506133
*/
private String getCertificateSHA1Fingerprint() {
PackageManager pm = app.getPackageManager();
String packageName = app.getPackageName();
int flags = PackageManager.GET_SIGNATURES;
PackageInfo packageInfo = null;
try {
packageInfo = pm.getPackageInfo(packageName, flags);
} catch (PackageManager.NameNotFoundException e) {
e.printStackTrace();
}
Signature[] signatures = packageInfo.signatures;
byte[] cert = signatures[0].toByteArray();
InputStream input = new ByteArrayInputStream(cert);
CertificateFactory cf = null;
try {
cf = CertificateFactory.getInstance("X509");
} catch (CertificateException e) {
e.printStackTrace();
}
X509Certificate c = null;
try {
c = (X509Certificate) cf.generateCertificate(input);
} catch (CertificateException e) {
e.printStackTrace();
}
String hexString = null;
try {
MessageDigest md = MessageDigest.getInstance("SHA1");
byte[] publicKey = md.digest(c.getEncoded());
hexString = byte2HexFormatted(publicKey);
} catch (NoSuchAlgorithmException e1) {
e1.printStackTrace();
} catch (CertificateEncodingException e) {
e.printStackTrace();
}
return hexString;
}
private static String byte2HexFormatted(byte[] arr) {
StringBuilder str = new StringBuilder(arr.length * 2);
for (int i = 0; i < arr.length; i++) {
String h = Integer.toHexString(arr[i]);
int l = h.length();
if (l == 1) h = "0" + h;
if (l > 2) h = h.substring(l - 2, l);
str.append(h.toUpperCase());
if (i < (arr.length - 1)) str.append(':');
}
return str.toString();
}
} }