app-info 2.8.2 → 3.0.0

data/lib/app_info/aab.rb

@@ -1,156 +1,85 @@
 # frozen_string_literal: true
 
 require 'app_info/protobuf/manifest'
-require 'image_size'
-require 'forwardable'
 
 module AppInfo
-  # Parse APK file
-  class AAB
-    include Helper::HumanFileSize
-    extend Forwardable
-
-    attr_reader :file
-
-    # APK Devices
-    module Device
-      PHONE       = 'Phone'
-      TABLET      = 'Tablet'
-      WATCH       = 'Watch'
-      TV          = 'Television'
-      AUTOMOTIVE  = 'Automotive'
-    end
-
+  # Parse APK file parser
+  class AAB < Android
     BASE_PATH = 'base'
     BASE_MANIFEST = "#{BASE_PATH}/manifest/AndroidManifest.xml"
     BASE_RESOURCES = "#{BASE_PATH}/resources.pb"
 
-    def initialize(file)
-      @file = file
-    end
-
-    def size(human_size: false)
-      file_to_human_size(@file, human_size: human_size)
-    end
-
-    def os
-      Platform::ANDROID
-    end
-    alias file_type os
-
+    # @!method version_name
+    #   @see Protobuf::Manifest#version_name
+    #   @return [String]
+    # @!method deep_links
+    #   @see Protobuf::Manifest#deep_links
+    #   @return [String]
+    # @!method schemes
+    #   @see Protobuf::Manifest#schemes
+    #   @return [String]
     def_delegators :manifest, :version_name, :deep_links, :schemes
 
     alias release_version version_name
 
+    # @return [String]
     def package_name
       manifest.package
     end
     alias identifier package_name
     alias bundle_id package_name
 
+    # @return [String]
     def version_code
       manifest.version_code.to_s
     end
     alias build_version version_code
 
+    # @return [String]
     def name
       manifest.label
     end
 
-    def device_type
-      if wear?
-        Device::WATCH
-      elsif tv?
-        Device::TV
-      elsif automotive?
-        Device::AUTOMOTIVE
-      else
-        Device::PHONE
-      end
-    end
-
-    # TODO: find a way to detect
-    # Found answer but not works: https://stackoverflow.com/questions/9279111/determine-if-the-device-is-a-smartphone-or-tablet
-    # def tablet?
-    #   resource.first_package
-    #           .entries('bool')
-    #           .select{|e| e.name == 'isTablet' }
-    #           .size >= 1
-    # end
-
-    def wear?
-      use_features.include?('android.hardware.type.watch')
-    end
-
-    def tv?
-      use_features.include?('android.software.leanback')
-    end
-
-    def automotive?
-      use_features.include?('android.hardware.type.automotive')
-    end
-
+    # @return [String]
     def min_sdk_version
       manifest.uses_sdk.min_sdk_version
     end
     alias min_os_version min_sdk_version
 
+    # @return [String]
     def target_sdk_version
       manifest.uses_sdk.target_sdk_version
     end
 
+    # @return [Array<String>]
     def use_features
+      return [] unless manifest.respond_to?(:uses_feature)
+
       @use_features ||= manifest&.uses_feature&.map(&:name)
     end
 
+    # @return [Array<String>]
     def use_permissions
+      return [] unless manifest.respond_to?(:uses_permission)
+
       @use_permissions ||= manifest&.uses_permission&.map(&:name)
     end
 
+    # @return [Protobuf::Node]
     def activities
       @activities ||= manifest.activities
     end
 
+    # @return [Protobuf::Node]
     def services
       @services ||= manifest.services
     end
 
+    # @return [Protobuf::Node]
     def components
       @components ||= manifest.components.transform_values
     end
 
-    def sign_version
-      return 'v1' unless signs.empty?
-
-      # when ?
-      # https://source.android.com/security/apksigning/v2?hl=zh-cn
-      #   'v2'
-      # when ?
-      # https://source.android.com/security/apksigning/v3?hl=zh-cn
-      #   'v3'
-      'unknown'
-    end
-
-    def signs
-      return @signs if @signs
-
-      @signs = []
-      each_file do |path, data|
-        # find META-INF/xxx.{RSA|DSA}
-        next unless path =~ %r{^META-INF/} && data.unpack('CC') == [0x30, 0x82]
-
-        @signs << APK::Sign.new(path, OpenSSL::PKCS7.new(data))
-      end
-
-      @signs
-    end
-
-    def certificates
-      @certificates ||= signs.each_with_object([]) do |sign, obj|
-        obj << APK::Certificate.new(sign.path, sign.sign.certificates[0])
-      end
-    end
-
     def each_file
       zip.each do |entry|
         next unless entry.file?
@@ -167,36 +96,70 @@ module AppInfo
     end
 
     def entry(name, base_path: BASE_PATH)
-      entry = @zip.find_entry(File.join(base_path, name))
+      entry = @zip.find_entry(::File.join(base_path, name))
       raise NotFoundError, "'#{name}'" if entry.nil?
 
       entry
     end
 
+    # @return [Protobuf::Manifest]
     def manifest
       io = zip.read(zip.find_entry(BASE_MANIFEST))
       @manifest ||= Protobuf::Manifest.parse(io, resource)
     end
 
+    # @return [Protobuf::Resources]
     def resource
       io = zip.read(zip.find_entry(BASE_RESOURCES))
       @resource ||= Protobuf::Resources.parse(io)
     end
 
-    def zip
-      @zip ||= Zip::File.open(@file)
-    end
-
-    def icons
+    # Full icons metadata
+    # @example full icons
+    #   aab.icons
+    #   # => [
+    #   #   {
+    #   #     name: 'ic_launcher.png',
+    #   #     file: '/path/to/ic_launcher.webp',
+    #   #     dimensions: [29, 29]
+    #   #   },
+    #   #   {
+    #   #     name: 'ic_launcher.png',
+    #   #     file: '/path/to/ic_launcher.png',
+    #   #     dimensions: [120, 120]
+    #   #   },
+    #   #   {
+    #   #     name: 'ic_launcher.xml',
+    #   #     file: '/path/to/ic_launcher.xml',
+    #   #     dimensions: [nil, nil]
+    #   #   },
+    #   # ]
+    # @example exclude xml icons
+    #   aab.icons(filter: :xml)
+    #   # => [
+    #   #   {
+    #   #     name: 'ic_launcher.png',
+    #   #     file: '/path/to/ic_launcher.webp',
+    #   #     dimensions: [29, 29]
+    #   #   },
+    #   #   {
+    #   #     name: 'ic_launcher.png',
+    #   #     file: '/path/to/ic_launcher.png',
+    #   #     dimensions: [120, 120]
+    #   #   }
+    #   # ]
+    # @param [String, Symbol, Array<Symbol, Array>] filter filter file extension name
+    # @return [Array<Hash{Symbol => String, Array<Integer>}>] icons paths of icons
+    def icons(exclude: nil)
       @icons ||= manifest.icons.each_with_object([]) do |res, obj|
         path = res.value
-        filename = File.basename(path)
-        filepath = File.join(contents, File.dirname(path))
-        file = File.join(filepath, filename)
-        FileUtils.mkdir_p filepath
+        filename = ::File.basename(path)
+        filepath = ::File.join(contents, ::File.dirname(path))
+        file = ::File.join(filepath, filename)
+        FileUtils.mkdir_p(filepath)
 
         binary_data = read_file(path)
-        File.write(file, binary_data, encoding: Encoding::BINARY)
+        ::File.write(file, binary_data, encoding: Encoding::BINARY)
 
         obj << {
           name: filename,
@@ -204,6 +167,8 @@ module AppInfo
           dimensions: ImageSize.path(file).size
         }
       end
+
+      extract_icon(@icons, exclude: exclude)
     end
 
     def clear!
@@ -218,14 +183,15 @@ module AppInfo
       @info = nil
     end
 
-    def contents
-      @contents ||= File.join(Dir.mktmpdir, "AppInfo-android-#{SecureRandom.hex}")
+    # @return [Zip::File]
+    def zip
+      @zip ||= Zip::File.open(@file)
     end
 
     private
 
     def xml_file?(file)
-      File.extname(file) == '.xml'
+      ::File.extname(file) == '.xml'
     end
 
     # TODO: how to convert xml content after decode protoubufed content

data/lib/app_info/android/signature.rb

@@ -0,0 +1,114 @@
+# frozen_string_literal: true
+
+module AppInfo
+  class Android < File
+    # Android Signature
+    #
+    # Support digest and length:
+    #
+    # RSA：1024、2048、4096、8192、16384
+    # EC：NIST P-256、P-384、P-521
+    # DSA：1024、2048、3072
+    module Signature
+      class VersionError < Error; end
+      class SecurityError < Error; end
+      class NotFoundError < NotFoundError; end
+
+      module Version
+        V1 = 1
+        V2 = 2
+        V3 = 3
+        V4 = 4
+      end
+
+      # All registerd verions to verify
+      #
+      # key is the version
+      # value is the class
+      @versions = {}
+
+      class << self
+        # Verify Android Signature
+        #
+        # @example Get unverified v1 certificates, verified v2 certificates,
+        #  and not found v3 certificate
+        #
+        #   signature.versions(parser)
+        #   # => [
+        #   #   {
+        #   #     version: 1,
+        #   #     verified: false,
+        #   #     certificates: [<AppInfo::Certificate>, ...],
+        #   #     verifier: AppInfo::Androig::Signature
+        #   #   },
+        #   #   {
+        #   #     version: 2,
+        #   #     verified: false,
+        #   #     certificates: [<AppInfo::Certificate>, ...],
+        #   #     verifier: AppInfo::Androig::Signature
+        #   #   },
+        #   #   {
+        #   #     version: 3
+        #   #   }
+        #   # ]
+        # @todo version 4 no implantation yet
+        # @param [AppInfo::File] parser
+        # @param [Version, Integer] min_version
+        # @return [Array<Hash>] versions
+        def verify(parser, min_version: Version::V4)
+          min_version = min_version.to_i if min_version.is_a?(String)
+          if min_version && min_version > Version::V4
+            raise VersionError,
+                  "No signature found in #{min_version} scheme or newer for android file"
+          end
+
+          if min_version.zero?
+            raise VersionError,
+                  "Unkonwn version: #{min_version}, avaiables in 1/2/3 and 4 (no implantation yet)"
+          end
+
+          # try full version signatures if min_version is nil
+          versions = min_version.downto(Version::V1).each_with_object([]) do |version, signatures|
+            next unless kclass = fetch(version)
+
+            data = { version: version }
+            begin
+              verifier = kclass.verify(parser)
+              data[:verified] = verifier.verified
+              data[:certificates] = verifier.certificates
+              data[:verifier] = verifier
+            rescue SecurityError, NotFoundError
+              # not this version, try the low version
+            ensure
+              signatures << data
+            end
+          end
+
+          versions.sort_by { |entry| entry[:version] }
+        end
+
+        def registered
+          @versions.keys
+        end
+
+        def register(version, verifier)
+          @versions[version] = verifier
+        end
+
+        def fetch(version)
+          @versions[version]
+        end
+
+        def exist?(version)
+          @versions.key?(version)
+        end
+      end
+
+      UINT32_MAX_VALUE = 2_147_483_647
+      UINT32_SIZE = 4
+      UINT64_SIZE = 8
+    end
+  end
+end
+
+require 'app_info/android/signatures/base'

data/lib/app_info/android/signatures/base.rb

@@ -0,0 +1,53 @@
+# frozen_string_literal: true
+
+require 'app_info/android/signatures/info'
+
+module AppInfo
+  class Android < File
+    module Signature
+      class Base
+        def self.verify(parser)
+          instance = new(parser)
+          instance.verify
+          instance
+        end
+
+        DESCRIPTION = 'APK Signature Scheme'
+
+        attr_reader :verified
+
+        def initialize(parser)
+          @parser = parser
+          @verified = false
+        end
+
+        # @abstract Subclass and override {#verify} to implement
+        def verify
+          raise NotImplementedError, ".#{__method__} method implantation required in #{self.class}"
+        end
+
+        # @abstract Subclass and override {#certificates} to implement
+        def certificates
+          raise NotImplementedError, ".#{__method__} method implantation required in #{self.class}"
+        end
+
+        def scheme
+          "v#{version}"
+        end
+
+        def description
+          "#{DESCRIPTION} #{scheme}"
+        end
+
+        def logger
+          @parser.logger
+        end
+      end
+    end
+  end
+end
+
+require 'app_info/android/signatures/v1'
+require 'app_info/android/signatures/v2'
+require 'app_info/android/signatures/v3'
+require 'app_info/android/signatures/v4'

data/lib/app_info/android/signatures/info.rb

@@ -0,0 +1,158 @@
+# frozen_string_literal: true
+
+require 'stringio'
+require 'openssl'
+
+module AppInfo
+  class Android < File
+    module Signature
+      # APK signature scheme signurate info
+      #
+      # FORMAT:
+      # OFFSET       DATA TYPE  DESCRIPTION
+      # * @+0  bytes uint64:    size in bytes (excluding this field)
+      # * @+8  bytes payload
+      # * @-24 bytes uint64:    size in bytes (same as the one above)
+      # * @-16 bytes uint128:   magic value
+      class Info
+        include AppInfo::Helper::IOBlock
+
+        # Signature block information
+        SIG_SIZE_OF_BLOCK_SIZE = 8
+        SIG_MAGIC_BLOCK_SIZE = 16
+        SIG_BLOCK_MIN_SIZE = 32
+
+        # Magic value: APK Sig Block 42
+        SIG_MAGIC = [
+          0x41, 0x50, 0x4b, 0x20, 0x53, 0x69,
+          0x67, 0x20, 0x42, 0x6c, 0x6f, 0x63,
+          0x6b, 0x20, 0x34, 0x32
+        ].freeze
+
+        attr_reader :total_size, :pairs, :magic, :logger
+
+        def initialize(version, parser, logger)
+          @version = version
+          @parser = parser
+          @logger = logger
+
+          pares_signatures_pairs
+        end
+
+        # Find singers
+        #
+        # FORMAT:
+        # OFFSET       DATA TYPE  DESCRIPTION
+        # * @+0  bytes uint64:    size in bytes
+        # * @+8  bytes payload    block
+        #   * @+0  bytes uint32:    id
+        #   * @+4  bytes payload:   value
+        def signers(block_id)
+          count = 0
+          until @pairs.eof?
+            left_bytes = left_bytes_check(
+              @pairs, UINT64_SIZE, NotFoundError,
+              "Insufficient data to read size of APK Signing Block ##{count}"
+            )
+
+            pair_buf = @pairs.read(UINT64_SIZE)
+            pair_size = pair_buf.unpack1('Q')
+            if pair_size < UINT32_SIZE || pair_size > UINT32_MAX_VALUE
+              raise NotFoundError,
+                    "APK Signing Block ##{count} size out of range: #{pair_size} > #{UINT32_MAX_VALUE}"
+            end
+
+            if pair_size > left_bytes
+              raise NotFoundError,
+                    "APK Signing Block ##{count} size out of range: #{pair_size} > #{left_bytes}"
+            end
+
+            # fetch next signer block position
+            next_pos = @pairs.pos + pair_size.to_i
+
+            id_block = @pairs.read(UINT32_SIZE)
+            id_bytes = id_block.unpack('C*')
+            if id_bytes == block_id
+              logger.debug "Signature block id v#{@version} scheme (0x#{id_block.unpack1('H*')}) found"
+              value = @pairs.read(pair_size - UINT32_SIZE)
+              return StringIO.new(value)
+            end
+
+            @pairs.seek(next_pos)
+            count += 1
+          end
+
+          block_id_hex = block_id.reverse.pack('C*').unpack1('H*')
+          raise NotFoundError, "Not found block id 0x#{block_id_hex} in APK Signing Block."
+        end
+
+        def zip64?
+          zip_io.zip64_file?(start_buffer)
+        end
+
+        def pares_signatures_pairs
+          block = signature_block
+          block.rewind
+          # get pairs size
+          @total_size = block.size - (SIG_SIZE_OF_BLOCK_SIZE + SIG_MAGIC_BLOCK_SIZE)
+
+          # get pairs block
+          @pairs = StringIO.new(block.read(@total_size))
+
+          # get magic value
+          block.seek(block.pos + SIG_SIZE_OF_BLOCK_SIZE)
+          @magic = block.read(SIG_MAGIC_BLOCK_SIZE)
+        end
+
+        def signature_block
+          @signature_block ||= lambda {
+            logger.debug "cdir_offset: #{cdir_offset}"
+
+            file_io.seek(cdir_offset - (Info::SIG_MAGIC_BLOCK_SIZE + Info::SIG_SIZE_OF_BLOCK_SIZE))
+            footer_block = file_io.read(Info::SIG_SIZE_OF_BLOCK_SIZE)
+            if footer_block.size < Info::SIG_SIZE_OF_BLOCK_SIZE
+              raise NotFoundError, "APK Signing Block size out of range: #{footer_block.size}"
+            end
+
+            footer = footer_block.unpack1('Q')
+            total_size = footer
+            offset = cdir_offset - total_size - Info::SIG_SIZE_OF_BLOCK_SIZE
+            if offset.negative?
+              raise NotFoundError, "APK Signing Block offset out of range: #{offset}"
+            end
+
+            file_io.seek(offset)
+            header = file_io.read(Info::SIG_SIZE_OF_BLOCK_SIZE).unpack1('Q')
+
+            if header != footer
+              raise NotFoundError,
+                    "APK Signing Block header and footer mismatch: #{header} != #{footer}"
+            end
+
+            io = file_io.read(total_size)
+            StringIO.new(io)
+          }.call
+        end
+
+        def cdir_offset
+          @cdir_offset ||= lambda {
+            eocd_buffer = zip_io.get_e_o_c_d(start_buffer)
+            eocd_buffer[12..16].unpack1('V')
+          }.call
+        end
+
+        def start_buffer
+          @start_buffer ||= zip_io.start_buf(file_io)
+        end
+
+        def zip_io
+          @zip_io ||= @parser.zip
+        end
+
+        def file_io
+          @file_io ||= ::File.open(@parser.file, 'rb')
+        end
+      end
+    end
+  end
+end

data/lib/app_info/android/signatures/v1.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module AppInfo
+  class Android < File
+    module Signature
+      # Android v1 Signature
+      class V1 < Base
+        DESCRIPTION = 'JAR signing'
+
+        PKCS7_HEADER = [0x30, 0x82].freeze
+
+        attr_reader :certificates, :signatures
+
+        def version
+          Version::V1
+        end
+
+        def description
+          DESCRIPTION
+        end
+
+        def verify
+          @signatures = fetch_signatures
+          @certificates = fetch_certificates
+
+          raise NotFoundError, 'Not found certificates' if @certificates.empty?
+        end
+
+        private
+
+        def fetch_signatures
+          case @parser
+          when AppInfo::APK
+            signatures_from(@parser.apk)
+          when AppInfo::AAB
+            signatures_from(@parser)
+          end
+        end
+
+        def fetch_certificates
+          @signatures.each_with_object([]) do |(_, sign), obj|
+            next if sign.certificates.empty?
+
+            obj << AppInfo::Certificate.new(sign.certificates[0])
+          end
+        end
+
+        def signatures_from(parser)
+          signs = {}
+          parser.each_file do |path, data|
+            # find META-INF/xxx.{RSA|DSA|EC}
+            next unless path =~ %r{^META-INF/} && data.unpack('CC') == PKCS7_HEADER
+
+            signs[path] = OpenSSL::PKCS7.new(data)
+          end
+          signs
+        end
+      end
+
+      register(Version::V1, V1)
+    end
+  end
+end