Added check for SHA1 key.

2025-10-31 07:13:00 +00:00 · 2018-10-14 19:16:28 +05:30
parent 7124d9bca5
commit e2341363d4
1 changed files with 82 additions and 9 deletions
--- a/app/src/main/java/org/schabi/newpipe/CheckForNewAppVersionTask.java
+++ b/app/src/main/java/org/schabi/newpipe/CheckForNewAppVersionTask.java
@@ -4,6 +4,9 @@ import android.app.Application;
 import android.app.PendingIntent;
 import android.content.Intent;
 import android.content.SharedPreferences;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.Signature;
 import android.net.Uri;
 import android.os.AsyncTask;
 import android.preference.PreferenceManager;
@@ -15,10 +18,18 @@ import org.json.JSONException;
 import org.json.JSONObject;

 import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;

 /**
 * AsyncTask to check if there is a newer version of the NewPipe github apk available or not.
@@ -29,6 +40,7 @@ public class CheckForNewAppVersionTask extends AsyncTask<Void, Void, String> {

    private Application app = App.getContext();

+    private String GITHUB_APK_SHA1 = "B0:2E:90:7C:1C:D6:FC:57:C3:35:F0:88:D0:8F:50:5F:94:E4:D2:15";
    private String newPipeApiUrl = "https://newpipe.schabi.org/api/data.json";
    private int timeoutPeriod = 10000;

@@ -39,23 +51,18 @@ public class CheckForNewAppVersionTask extends AsyncTask<Void, Void, String> {

        mPrefs = PreferenceManager.getDefaultSharedPreferences(app);

-        // Check if user has enabled/ disabled update checking.
-        if (mPrefs.getBoolean(app.getString(R.string.update_app_key), true)) {
-
-            // Go ahead with further checks.
-            Log.i("pref---", "true");
-        } else {
-            Log.i("pref---", "false");
+        // Check if user has enabled/ disabled update checking
+        // and if the current apk is a github one or not.
+        if (!mPrefs.getBoolean(app.getString(R.string.update_app_key), true)
+                || !getCertificateSHA1Fingerprint().equals(GITHUB_APK_SHA1)) {
            this.cancel(true);
        }
-
    }

    @Override
    protected String doInBackground(Void... voids) {

        // Make a network request to get latest NewPipe data.
-
        String response;
        HttpURLConnection connection = null;

@@ -167,4 +174,70 @@ public class CheckForNewAppVersionTask extends AsyncTask<Void, Void, String> {
            notificationManager.notify(NOTIFICATION_ID, notificationBuilder.build());
        }
    }
+
+    /**
+     * Method to get the apk's SHA1 key.
+     * https://stackoverflow.com/questions/9293019/get-certificate-fingerprint-from-android-app#22506133
+     */
+    private String getCertificateSHA1Fingerprint() {
+
+        PackageManager pm = app.getPackageManager();
+        String packageName = app.getPackageName();
+        int flags = PackageManager.GET_SIGNATURES;
+        PackageInfo packageInfo = null;
+
+        try {
+            packageInfo = pm.getPackageInfo(packageName, flags);
+        } catch (PackageManager.NameNotFoundException e) {
+            e.printStackTrace();
+        }
+
+        Signature[] signatures = packageInfo.signatures;
+        byte[] cert = signatures[0].toByteArray();
+        InputStream input = new ByteArrayInputStream(cert);
+        CertificateFactory cf = null;
+
+        try {
+            cf = CertificateFactory.getInstance("X509");
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        }
+
+        X509Certificate c = null;
+
+        try {
+            c = (X509Certificate) cf.generateCertificate(input);
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        }
+
+        String hexString = null;
+
+        try {
+            MessageDigest md = MessageDigest.getInstance("SHA1");
+            byte[] publicKey = md.digest(c.getEncoded());
+            hexString = byte2HexFormatted(publicKey);
+        } catch (NoSuchAlgorithmException e1) {
+            e1.printStackTrace();
+        } catch (CertificateEncodingException e) {
+            e.printStackTrace();
+        }
+
+        return hexString;
+    }
+
+    private static String byte2HexFormatted(byte[] arr) {
+
+        StringBuilder str = new StringBuilder(arr.length * 2);
+
+        for (int i = 0; i < arr.length; i++) {
+            String h = Integer.toHexString(arr[i]);
+            int l = h.length();
+            if (l == 1) h = "0" + h;
+            if (l > 2) h = h.substring(l - 2, l);
+            str.append(h.toUpperCase());
+            if (i < (arr.length - 1)) str.append(':');
+        }
+        return str.toString();
+    }
 }