app-info 2.8.2 → 3.0.0

data/lib/app_info/android/signatures/v2.rb

@@ -0,0 +1,121 @@
+# frozen_string_literal: true
+
+module AppInfo
+  class Android < File
+    module Signature
+      # Android v2 Signature
+      #
+      # FULL FORMAT:
+      # OFFSET       DATA TYPE  DESCRIPTION
+      # * @+0  bytes uint32:    signer size in bytes
+      # * @+4  bytes payload    signer block
+      #   * @+0  bytes unit32:    signed data size in bytes
+      #   * @+4  bytes payload    signed data block
+      #     * @+0  bytes unit32:    digests with size in bytes
+      #     * @+0  bytes unit32:    digests with size in bytes
+      #   * @+X  bytes unit32:    signatures with size in bytes
+      #     * @+X+4  bytes payload    signed data block
+      #   * @+Y  bytes unit32:    public key with size in bytes
+      #     * @+Y+4  bytes payload    signed data block
+      class V2 < Base
+        include AppInfo::Helper::IOBlock
+        include AppInfo::Helper::Signatures
+        include AppInfo::Helper::Algorithm
+
+        # V2 Signature ID 0x7109871a
+        BLOCK_ID = [0x1a, 0x87, 0x09, 0x71].freeze
+
+        attr_reader :certificates, :digests
+
+        def version
+          Version::V2
+        end
+
+        # Verify
+        # @todo verified signatures
+        def verify
+          signers_block = singers_block(BLOCK_ID)
+          @certificates, @digests = verified_certs(signers_block, verify: true)
+          # @verified = true
+        end
+
+        private
+
+        def verified_certs(signers_block, verify:)
+          unless (signers = length_prefix_block(signers_block))
+            raise SecurityError, 'Not found signers'
+          end
+
+          certificates = []
+          content_digests = {}
+          loop_length_prefix_io(signers, name: 'Singer', logger: logger) do |signer|
+            signer_certs, signer_digests = extract_signer_data(signer, verify: verify)
+            certificates.concat(signer_certs)
+            content_digests.merge!(signer_digests)
+          end
+          raise SecurityError, 'No signers found' if certificates.empty?
+
+          [certificates, content_digests]
+        end
+
+        def extract_signer_data(signer, verify:)
+          # raw data
+          signed_data = length_prefix_block(signer)
+          signatures = length_prefix_block(signer)
+          public_key = length_prefix_block(signer, raw: true)
+
+          # FIXME: extract code below and re-organize
+
+          algorithems = signature_algorithms(signatures)
+          raise SecurityError, 'No signatures found' if verify && algorithems.empty?
+
+          # find best algorithem to verify signed data with public key and signature
+          unless best_algorithem = best_algorithem(algorithems)
+            raise SecurityError, 'No supported signatures found'
+          end
+
+          algorithems_digest = best_algorithem[:digest]
+          signature = best_algorithem[:signature]
+
+          pkey = OpenSSL::PKey.read(public_key)
+          digest = OpenSSL::Digest.new(algorithems_digest)
+          verified = pkey.verify(digest, signature, signed_data.string)
+          raise SecurityError, "#{algorithems_digest} signature did not verify" unless verified
+
+          # verify algorithm ID full equal (and sort) between digests and signature
+          digests = length_prefix_block(signed_data)
+          content_digests = signed_data_digests(digests)
+          content_digest = content_digests[algorithems_digest]&.fetch(:content)
+
+          unless content_digest
+            raise SecurityError,
+                  'Signature algorithms don\'t match between digests and signatures records'
+          end
+
+          previous_digest = content_digests.fetch(algorithems_digest)
+          content_digests[algorithems_digest] = content_digest
+          if previous_digest && previous_digest[:content] != content_digest
+            raise SecurityError,
+                  'Signature algorithms don\'t match between digests and signatures records'
+          end
+
+          certificates = length_prefix_block(signed_data)
+          certs = signed_data_certs(certificates)
+          raise SecurityError, 'No certificates listed' if certs.empty?
+
+          main_cert = certs[0]
+          if main_cert.public_key.to_der != pkey.to_der
+            raise SecurityError, 'Public key mismatch between certificate and signature record'
+          end
+
+          additional_attrs = length_prefix_block(signed_data)
+          verify_additional_attrs(additional_attrs, certs)
+
+          [certs, content_digests]
+        end
+      end
+
+      register(Version::V2, V2)
+    end
+  end
+end

data/lib/app_info/android/signatures/v3.rb

@@ -0,0 +1,131 @@
+# frozen_string_literal: true
+
+module AppInfo
+  class Android < File
+    module Signature
+      # Android v3 Signature
+      #
+      # FULL FORMAT:
+      # OFFSET       DATA TYPE  DESCRIPTION
+      # * @+0  bytes uint32:    signer size in bytes
+      # * @+4  bytes payload    signer block
+      #   * @+0    bytes unit32:    signed data size in bytes
+      #   * @+4    bytes payload    signed data block
+      #     * @+0    bytes unit32:    digests with size in bytes
+      #     * @+0    bytes unit32:    digests with size in bytes
+      #   * @+W    bytes unit32:    minSDK
+      #   * @+X+4  bytes unit32:    maxSDK
+      #   * @+Y+4  bytes unit32:    signatures with size in bytes
+      #     * @+Y+4    bytes payload    signed data block
+      #   * @+Z    bytes unit32:    public key with size in bytes
+      #     * @+Z+4    bytes payload    signed data block
+      class V3 < Base
+        include AppInfo::Helper::IOBlock
+        include AppInfo::Helper::Signatures
+        include AppInfo::Helper::Algorithm
+
+        # V3 Signature ID 0xf05368c0
+        V3_BLOCK_ID   = [0xc0, 0x68, 0x53, 0xf0].freeze
+
+        # V3.1 Signature ID 0x1b93ad61
+        V3_1_BLOCK_ID = [0x61, 0xad, 0x93, 0x1b].freeze
+
+        attr_reader :certificates, :digests
+
+        def version
+          Version::V3
+        end
+
+        def verify
+          begin
+            signers_block = singers_block(V3_1_BLOCK_ID)
+          rescue NotFoundError
+            signers_block = singers_block(V3_BLOCK_ID)
+          end
+
+          @certificates, @digests = verified_certs(signers_block)
+        end
+
+        private
+
+        def verified_certs(signers_block)
+          unless (signers = length_prefix_block(signers_block))
+            raise SecurityError, 'Not found signers'
+          end
+
+          certificates = []
+          content_digests = {}
+          loop_length_prefix_io(signers, name: 'Singer', logger: logger) do |signer|
+            signer_certs, signer_digests = extract_signer_data(signer)
+            certificates.concat(signer_certs)
+            content_digests.merge!(signer_digests)
+          end
+          raise SecurityError, 'No signers found' if certificates.empty?
+
+          [certificates, content_digests]
+        end
+
+        def extract_signer_data(signer)
+          # raw data
+          signed_data = length_prefix_block(signer)
+
+          # TODO: verify min_sdk and max_sdk
+          min_sdk = signer.read(UINT32_SIZE)
+          max_sdk = signer.read(UINT32_SIZE)
+
+          signatures = length_prefix_block(signer)
+          public_key = length_prefix_block(signer, raw: true)
+
+          algorithems = signature_algorithms(signatures)
+          raise SecurityError, 'No signatures found' if algorithems.empty?
+
+          # find best algorithem to verify signed data with public key and signature
+          unless best_algorithem = best_algorithem(algorithems)
+            raise SecurityError, 'No supported signatures found'
+          end
+
+          algorithems_digest = best_algorithem[:digest]
+          signature = best_algorithem[:signature]
+
+          pkey = OpenSSL::PKey.read(public_key)
+          digest = OpenSSL::Digest.new(algorithems_digest)
+          verified = pkey.verify(digest, signature, signed_data.string)
+          raise SecurityError, "#{algorithems_digest} signature did not verify" unless verified
+
+          # verify algorithm ID full equal (and sort) between digests and signature
+          digests = length_prefix_block(signed_data)
+          content_digests = signed_data_digests(digests)
+          content_digest = content_digests[algorithems_digest]&.fetch(:content)
+
+          unless content_digest
+            raise SecurityError,
+                  'Signature algorithms don\'t match between digests and signatures records'
+          end
+
+          previous_digest = content_digests.fetch(algorithems_digest)
+          content_digests[algorithems_digest] = content_digest
+          if previous_digest && previous_digest[:content] != content_digest
+            raise SecurityError,
+                  'Signature algorithms don\'t match between digests and signatures records'
+          end
+
+          certificates = length_prefix_block(signed_data)
+          certs = signed_data_certs(certificates)
+          raise SecurityError, 'No certificates listed' if certs.empty?
+
+          main_cert = certs[0]
+          if main_cert.public_key.to_der != pkey.to_der
+            raise SecurityError, 'Public key mismatch between certificate and signature record'
+          end
+
+          additional_attrs = length_prefix_block(signed_data)
+          verify_additional_attrs(additional_attrs, certs)
+
+          [certs, content_digests]
+        end
+      end
+
+      register(Version::V3, V3)
+    end
+  end
+end

data/lib/app_info/android/signatures/v4.rb

@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+module AppInfo
+  class Android < File
+    module Signature
+      # Android v4 Signature
+      #
+      # TODO: ApkSignatureSchemeV4Verifier.java
+      class V4 < Base
+        def version
+          Version::V4
+        end
+      end
+
+      # register(Version::V4, V4)
+    end
+  end
+end

data/lib/app_info/android.rb

@@ -0,0 +1,181 @@
+# frozen_string_literal: true
+
+require 'app_info/android/signature'
+require 'image_size'
+require 'forwardable'
+
+module AppInfo
+  # Android base parser for apk and aab file
+  class Android < File
+    extend Forwardable
+    include Helper::HumanFileSize
+
+    # return file size
+    # @example Read file size in integer
+    #   aab.size                    # => 3618865
+    #
+    # @example Read file size in human readabale
+    #   aab.size(human_size: true)  # => '3.45 MB'
+    #
+    # @param [Boolean] human_size Convert integer value to human readable.
+    # @return [Integer, String]
+    def size(human_size: false)
+      file_to_human_size(@file, human_size: human_size)
+    end
+
+    # @return [Symbol] {Manufacturer}
+    def manufacturer
+      Manufacturer::GOOGLE
+    end
+
+    # @return [Symbol] {Platform}
+    def platform
+      Platform::ANDROID
+    end
+
+    # @return [Symbol] {Device}
+    def device
+      if watch?
+        Device::WATCH
+      elsif television?
+        Device::TELEVISION
+      elsif automotive?
+        Device::AUTOMOTIVE
+      elsif tablet?
+        Device::TABLET
+      else
+        Device::PHONE
+      end
+    end
+
+    # @abstract Subclass and override {#name} to implement.
+    def name
+      not_implemented_error!(__method__)
+    end
+
+    # @todo find a way to detect, no way!
+    # @see https://stackoverflow.com/questions/9279111/determine-if-the-device-is-a-smartphone-or-tablet
+    # @return [Boolean] false always false
+    def tablet?
+      # Not works!
+      # resource.first_package
+      #         .entries('bool')
+      #         .select{|e| e.name == 'isTablet' }
+      #         .size >= 1
+      false
+    end
+
+    # @return [Boolean]
+    def watch?
+      !!use_features&.include?('android.hardware.type.watch')
+    end
+
+    # @return [Boolean]
+    def television?
+      !!use_features&.include?('android.software.leanback')
+    end
+
+    # @return [Boolean]
+    def automotive?
+      !!use_features&.include?('android.hardware.type.automotive')
+    end
+
+    # @abstract Subclass and override {#use_features} to implement.
+    def use_features
+      not_implemented_error!(__method__)
+    end
+
+    # @abstract Subclass and override {#use_permissions} to implement.
+    def use_permissions
+      not_implemented_error!(__method__)
+    end
+
+    # @abstract Subclass and override {#use_permissions} to implement.
+    def activities
+      not_implemented_error!(__method__)
+    end
+
+    # @abstract Subclass and override {#use_permissions} to implement.
+    def services
+      not_implemented_error!(__method__)
+    end
+
+    # @abstract Subclass and override {#use_permissions} to implement.
+    def components
+      not_implemented_error!(__method__)
+    end
+
+    # Return multi version certifiates of signatures
+    # @return [Array<Hash>] signatures
+    # @see AppInfo::Android::Signature.verify
+    def signatures
+      @signatures ||= Android::Signature.verify(self)
+    end
+
+    # Legacy v1 scheme signatures, it will remove soon.
+    # @deprecated Use {#signatures}
+    # @return [Array<OpenSSL::PKCS7, nil>] signatures
+    def signs
+      @signs ||= v1sign&.signatures || []
+    end
+
+    # Legacy v1 scheme certificates, it will remove soon.
+    # @deprecated Use {#signatures}
+    # @return [Array<OpenSSL::PKCS7, nil>] certificates
+    def certificates
+      @certificates ||= v1sign&.certificates || []
+    end
+
+    # @abstract Subclass and override {#manifest} to implement.
+    def manifest
+      not_implemented_error!(__method__)
+    end
+
+    # @abstract Subclass and override {#resource} to implement.
+    def resource
+      not_implemented_error!(__method__)
+    end
+
+    # @abstract Subclass and override {#zip} to implement.
+    def zip
+      not_implemented_error!(__method__)
+    end
+
+    # @abstract Subclass and override {#clear!} to implement.
+    def clear!
+      not_implemented_error!(__method__)
+    end
+
+    # @return [String] contents path of contents
+    def contents
+      @contents ||= ::File.join(Dir.mktmpdir, "AppInfo-android-#{SecureRandom.hex}")
+    end
+
+    protected
+
+    def extract_icon(icons, exclude: nil)
+      excludes = exclude_icon_exts(exclude: exclude)
+      icons.reject { |icon| icon_ext_match?(icon[:name], excludes) }
+    end
+
+    def exclude_icon_exts(exclude:)
+      case exclude
+      when String then [exclude]
+      when Array then exclude.map(&:to_s)
+      when Symbol then [exclude.to_s]
+      end
+    end
+
+    def icon_ext_match?(file, excludes)
+      return false if file.nil? || excludes.nil?
+
+      excludes.include?(::File.extname(file)[1..-1])
+    end
+
+    def v1sign
+      @v1sign ||= Android::Signature::V1.verify(self)
+    rescue Android::Signature::NotFoundError
+      nil
+    end
+  end
+end

data/lib/app_info/apk.rb

@@ -1,41 +1,36 @@
 # frozen_string_literal: true
 
 require 'ruby_apk'
-require 'image_size'
-require 'forwardable'
 
 module AppInfo
-  # Parse APK file
-  class APK
-    include Helper::HumanFileSize
-    extend Forwardable
-
-    attr_reader :file
-
-    # APK Devices
-    module Device
-      PHONE       = 'Phone'
-      TABLET      = 'Tablet'
-      WATCH       = 'Watch'
-      TV          = 'Television'
-      AUTOMOTIVE  = 'Automotive'
-    end
-
-    def initialize(file)
-      @file = file
-    end
-
-    def size(human_size: false)
-      file_to_human_size(@file, human_size: human_size)
-    end
-
-    def os
-      Platform::ANDROID
-    end
-    alias file_type os
-
+  # Parse APK file parser, wrapper for {https://github.com/icyleaf/android_parser android_parser}.
+  class APK < Android
+    # @!method manifest
+    #   @see https://rubydoc.info/gems/android_parser/Android/Apk#manifest-instance_method ::Android::Apk#manifest
+    # @!method resource
+    #   @see https://rubydoc.info/gems/android_parser/Android/Apk#resource-instance_method ::Android::Apk#resource
+    # @!method dex
+    #   @see https://rubydoc.info/gems/android_parser/Android/Apk#dex-instance_method ::Android::Apk#dex
     def_delegators :apk, :manifest, :resource, :dex
 
+    # @!method version_name
+    #   @see https://rubydoc.info/gems/android_parser/Android/Manifest#version_name-instance_method  ::Android::Manifest#version_name
+    # @!method package_name
+    #   @see https://rubydoc.info/gems/android_parser/Android/Manifest#package_name-instance_method  ::Android::Manifest#package_name
+    # @!method target_sdk_versionx
+    #   @see https://rubydoc.info/gems/android_parser/Android/Manifest#target_sdk_versionx-instance_method  ::Android::Manifest#target_sdk_version
+    # @!method components
+    #   @see https://rubydoc.info/gems/android_parser/Android/Manifest#components-instance_method  ::Android::Manifest#components
+    # @!method services
+    #   @see https://rubydoc.info/gems/android_parser/Android/Manifest#services-instance_method  ::Android::Manifest#services
+    # @!method use_permissions
+    #   @see https://rubydoc.info/gems/android_parser/Android/Manifest#use_permissions-instance_method  ::Android::Manifest#use_permissions
+    # @!method use_features
+    #   @see https://rubydoc.info/gems/android_parser/Android/Manifest#use_features-instance_method  ::Android::Manifest#use_features
+    # @!method deep_links
+    #   @see https://rubydoc.info/gems/android_parser/Android/Manifest#deep_links-instance_method ::Android::Manifest#deep_links
+    # @!method schemes
+    #   @see https://rubydoc.info/gems/android_parser/Android/Manifest#schemes-instance_method ::Android::Manifest#schemes
     def_delegators :manifest, :version_name, :package_name, :target_sdk_version,
                    :components, :services, :use_permissions, :use_features,
                    :deep_links, :schemes
@@ -53,78 +48,70 @@ module AppInfo
       manifest.label || resource.find('@string/app_name')
     end
 
-    def device_type
-      if wear?
-        Device::WATCH
-      elsif tv?
-        Device::TV
-      elsif automotive?
-        Device::AUTOMOTIVE
-      else
-        Device::PHONE
-      end
-    end
-
-    # TODO: find a way to detect, no way!
-    # def tablet?
-    # end
-
-    def wear?
-      use_features.include?('android.hardware.type.watch')
-    end
-
-    def tv?
-      use_features.include?('android.software.leanback')
-    end
-
-    def automotive?
-      use_features.include?('android.hardware.type.automotive')
-    end
-
+    # @return [String]
     def min_sdk_version
       manifest.min_sdk_ver
     end
     alias min_os_version min_sdk_version
 
-    def sign_version
-      return 'v1' unless signs.empty?
-
-      # when ?
-      # https://source.android.com/security/apksigning/v2?hl=zh-cn
-      #   'v2'
-      # when ?
-      # https://source.android.com/security/apksigning/v3?hl=zh-cn
-      #   'v3'
-      'unknown'
-    end
-
-    def signs
-      apk.signs.each_with_object([]) do |(path, sign), obj|
-        obj << Sign.new(path, sign)
-      end
-    end
-
-    def certificates
-      apk.certificates.each_with_object([]) do |(path, certificate), obj|
-        obj << Certificate.new(path, certificate)
-      end
-    end
-
+    # @return [String]
     def activities
       components.select { |c| c.type == 'activity' }
     end
 
+    # @return [::Android::Apk]
     def apk
       @apk ||= ::Android::Apk.new(@file)
     end
 
-    def icons
+    # @return [Zip::File]
+    def zip
+      @zip ||= apk.instance_variable_get(:@zip)
+    end
+
+    # Full icons metadata
+    # @example full icons
+    #   apk.icons
+    #   # => [
+    #   #   {
+    #   #     name: 'ic_launcher.png',
+    #   #     file: '/path/to/ic_launcher.png',
+    #   #     dimensions: [29, 29]
+    #   #   },
+    #   #   {
+    #   #     name: 'ic_launcher.png',
+    #   #     file: '/path/to/ic_launcher.png',
+    #   #     dimensions: [120, 120]
+    #   #   },
+    #   #   {
+    #   #     name: 'ic_launcher.xml',
+    #   #     file: '/path/to/ic_launcher.xml',
+    #   #     dimensions: [nil, nil]
+    #   #   },
+    #   # ]
+    # @example exclude xml icons
+    #   apk.icons(exclude: :xml)
+    #   # => [
+    #   #   {
+    #   #     name: 'ic_launcher.png',
+    #   #     file: '/path/to/ic_launcher.png',
+    #   #     dimensions: [29, 29]
+    #   #   },
+    #   #   {
+    #   #     name: 'ic_launcher.png',
+    #   #     file: '/path/to/ic_launcher.png',
+    #   #     dimensions: [120, 120]
+    #   #   }
+    #   # ]
+    # @param [Boolean] xml return xml icons
+    # @return [Array<Hash{Symbol => String, Array<Integer>}>] icons paths of icons
+    def icons(exclude: nil)
       @icons ||= apk.icon.each_with_object([]) do |(path, data), obj|
-        icon_name = File.basename(path)
-        icon_path = File.join(contents, File.dirname(path))
-        icon_file = File.join(icon_path, icon_name)
+        icon_name = ::File.basename(path)
+        icon_path = ::File.join(contents, ::File.dirname(path))
+        icon_file = ::File.join(icon_path, icon_name)
         FileUtils.mkdir_p icon_path
-        File.write(icon_file, data, encoding: Encoding::BINARY)
+        ::File.write(icon_file, data, encoding: Encoding::BINARY)
 
         obj << {
           name: icon_name,
@@ -132,6 +119,8 @@ module AppInfo
           dimensions: ImageSize.path(icon_file).size
         }
       end
+
+      extract_icon(@icons, exclude: exclude)
     end
 
     def clear!
@@ -145,29 +134,5 @@ module AppInfo
       @app_path = nil
       @info = nil
     end
-
-    def contents
-      @contents ||= File.join(Dir.mktmpdir, "AppInfo-android-#{SecureRandom.hex}")
-    end
-
-    # Android Certificate
-    class Certificate
-      attr_reader :path, :certificate
-
-      def initialize(path, certificate)
-        @path = path
-        @certificate = certificate
-      end
-    end
-
-    # Android Sign
-    class Sign
-      attr_reader :path, :sign
-
-      def initialize(path, sign)
-        @path = path
-        @sign = sign
-      end
-    end
   end
 end