app-info 3.0.0.beta1 → 3.0.0.beta3

data/lib/app_info/android/signatures/info.rb

@@ -3,150 +3,156 @@
 require 'stringio'
 require 'openssl'
 
-module AppInfo::Android::Signature
-  # APK signature scheme signurate info
-  #
-  # FORMAT:
-  # OFFSET       DATA TYPE  DESCRIPTION
-  # * @+0  bytes uint64:    size in bytes (excluding this field)
-  # * @+8  bytes payload
-  # * @-24 bytes uint64:    size in bytes (same as the one above)
-  # * @-16 bytes uint128:   magic value
-  class Info
-    include AppInfo::Helper::IOBlock
-
-    # Signature block information
-    SIG_SIZE_OF_BLOCK_SIZE = 8
-    SIG_MAGIC_BLOCK_SIZE = 16
-    SIG_BLOCK_MIN_SIZE = 32
-
-    # Magic value: APK Sig Block 42
-    SIG_MAGIC = [
-      0x41, 0x50, 0x4b, 0x20, 0x53, 0x69,
-      0x67, 0x20, 0x42, 0x6c, 0x6f, 0x63,
-      0x6b, 0x20, 0x34, 0x32
-    ].freeze
-
-    attr_reader :total_size, :pairs, :magic, :logger
-
-    def initialize(version, parser, logger)
-      @version = version
-      @parser = parser
-      @logger = logger
-
-      pares_signatures_pairs
-    end
-
-    # Find singers
-    #
-    # FORMAT:
-    # OFFSET       DATA TYPE  DESCRIPTION
-    # * @+0  bytes uint64:    size in bytes
-    # * @+8  bytes payload    block
-    #   * @+0  bytes uint32:    id
-    #   * @+4  bytes payload:   value
-    def signers(block_id)
-      count = 0
-      until @pairs.eof?
-        left_bytes = left_bytes_check(
-          @pairs, UINT64_SIZE, NotFoundError,
-          "Insufficient data to read size of APK Signing Block ##{count}"
-        )
-
-        pair_buf = @pairs.read(UINT64_SIZE)
-        pair_size = pair_buf.unpack1('Q')
-        if pair_size < UINT32_SIZE || pair_size > UINT32_MAX_VALUE
-          raise NotFoundError,
-                "APK Signing Block ##{count} size out of range: #{pair_size} > #{UINT32_MAX_VALUE}"
+module AppInfo
+  class Android < File
+    module Signature
+      # APK signature scheme signurate info
+      #
+      # FORMAT:
+      # OFFSET       DATA TYPE  DESCRIPTION
+      # * @+0  bytes uint64:    size in bytes (excluding this field)
+      # * @+8  bytes payload
+      # * @-24 bytes uint64:    size in bytes (same as the one above)
+      # * @-16 bytes uint128:   magic value
+      class Info
+        include AppInfo::Helper::IOBlock
+
+        # Signature block information
+        SIG_SIZE_OF_BLOCK_SIZE = 8
+        SIG_MAGIC_BLOCK_SIZE = 16
+        SIG_BLOCK_MIN_SIZE = 32
+
+        # Magic value: APK Sig Block 42
+        SIG_MAGIC = [
+          0x41, 0x50, 0x4b, 0x20, 0x53, 0x69,
+          0x67, 0x20, 0x42, 0x6c, 0x6f, 0x63,
+          0x6b, 0x20, 0x34, 0x32
+        ].freeze
+
+        attr_reader :total_size, :pairs, :magic, :logger
+
+        def initialize(version, parser, logger)
+          @version = version
+          @parser = parser
+          @logger = logger
+
+          pares_signatures_pairs
         end
 
-        if pair_size > left_bytes
-          raise NotFoundError,
-                "APK Signing Block ##{count} size out of range: #{pair_size} > #{left_bytes}"
+        # Find singers
+        #
+        # FORMAT:
+        # OFFSET       DATA TYPE  DESCRIPTION
+        # * @+0  bytes uint64:    size in bytes
+        # * @+8  bytes payload    block
+        #   * @+0  bytes uint32:    id
+        #   * @+4  bytes payload:   value
+        def signers(block_id)
+          count = 0
+          until @pairs.eof?
+            left_bytes = left_bytes_check(
+              @pairs, UINT64_SIZE, NotFoundError,
+              "Insufficient data to read size of APK Signing Block ##{count}"
+            )
+
+            pair_buf = @pairs.read(UINT64_SIZE)
+            pair_size = pair_buf.unpack1('Q')
+            if pair_size < UINT32_SIZE || pair_size > UINT32_MAX_VALUE
+              raise NotFoundError,
+                    "APK Signing Block ##{count} size out of range: #{pair_size} > #{UINT32_MAX_VALUE}"
+            end
+
+            if pair_size > left_bytes
+              raise NotFoundError,
+                    "APK Signing Block ##{count} size out of range: #{pair_size} > #{left_bytes}"
+            end
+
+            # fetch next signer block position
+            next_pos = @pairs.pos + pair_size.to_i
+
+            id_block = @pairs.read(UINT32_SIZE)
+            id_bytes = id_block.unpack('C*')
+            if id_bytes == block_id
+              logger.debug "Signature block id v#{@version} scheme (0x#{id_block.unpack1('H*')}) found"
+              value = @pairs.read(pair_size - UINT32_SIZE)
+              return StringIO.new(value)
+            end
+
+            @pairs.seek(next_pos)
+            count += 1
+          end
+
+          block_id_hex = block_id.reverse.pack('C*').unpack1('H*')
+          raise NotFoundError, "Not found block id 0x#{block_id_hex} in APK Signing Block."
         end
 
-        # fetch next signer block position
-        next_pos = @pairs.pos + pair_size.to_i
-
-        id_block = @pairs.read(UINT32_SIZE)
-        id_bytes = id_block.unpack('C*')
-        if id_bytes == block_id
-          logger.debug "Signature block id v#{@version} scheme (0x#{id_block.unpack1('H*')}) found"
-          value = @pairs.read(pair_size - UINT32_SIZE)
-          return StringIO.new(value)
+        def zip64?
+          zip_io.zip64_file?(start_buffer)
         end
 
-        @pairs.seek(next_pos)
-        count += 1
-      end
-
-      block_id_hex = block_id.reverse.pack('C*').unpack1('H*')
-      raise NotFoundError, "Not found block id 0x#{block_id_hex} in APK Signing Block."
-    end
-
-    def zip64?
-      zip_io.zip64_file?(start_buffer)
-    end
-
-    def pares_signatures_pairs
-      block = signature_block
-      block.rewind
-      # get pairs size
-      @total_size = block.size - (SIG_SIZE_OF_BLOCK_SIZE + SIG_MAGIC_BLOCK_SIZE)
-
-      # get pairs block
-      @pairs = StringIO.new(block.read(@total_size))
-
-      # get magic value
-      block.seek(block.pos + SIG_SIZE_OF_BLOCK_SIZE)
-      @magic = block.read(SIG_MAGIC_BLOCK_SIZE)
-    end
+        def pares_signatures_pairs
+          block = signature_block
+          block.rewind
+          # get pairs size
+          @total_size = block.size - (SIG_SIZE_OF_BLOCK_SIZE + SIG_MAGIC_BLOCK_SIZE)
 
-    def signature_block
-      @signature_block ||= lambda {
-        logger.debug "cdir_offset: #{cdir_offset}"
+          # get pairs block
+          @pairs = StringIO.new(block.read(@total_size))
 
-        file_io.seek(cdir_offset - (Info::SIG_MAGIC_BLOCK_SIZE + Info::SIG_SIZE_OF_BLOCK_SIZE))
-        footer_block = file_io.read(Info::SIG_SIZE_OF_BLOCK_SIZE)
-        if footer_block.size < Info::SIG_SIZE_OF_BLOCK_SIZE
-          raise NotFoundError, "APK Signing Block size out of range: #{footer_block.size}"
+          # get magic value
+          block.seek(block.pos + SIG_SIZE_OF_BLOCK_SIZE)
+          @magic = block.read(SIG_MAGIC_BLOCK_SIZE)
         end
 
-        footer = footer_block.unpack1('Q')
-        total_size = footer
-        offset = cdir_offset - total_size - Info::SIG_SIZE_OF_BLOCK_SIZE
-        raise NotFoundError, "APK Signing Block offset out of range: #{offset}" if offset.negative?
-
-        file_io.seek(offset)
-        header = file_io.read(Info::SIG_SIZE_OF_BLOCK_SIZE).unpack1('Q')
-
-        if header != footer
-          raise NotFoundError,
-                "APK Signing Block header and footer mismatch: #{header} != #{footer}"
+        def signature_block
+          @signature_block ||= lambda {
+            logger.debug "cdir_offset: #{cdir_offset}"
+
+            file_io.seek(cdir_offset - (Info::SIG_MAGIC_BLOCK_SIZE + Info::SIG_SIZE_OF_BLOCK_SIZE))
+            footer_block = file_io.read(Info::SIG_SIZE_OF_BLOCK_SIZE)
+            if footer_block.size < Info::SIG_SIZE_OF_BLOCK_SIZE
+              raise NotFoundError, "APK Signing Block size out of range: #{footer_block.size}"
+            end
+
+            footer = footer_block.unpack1('Q')
+            total_size = footer
+            offset = cdir_offset - total_size - Info::SIG_SIZE_OF_BLOCK_SIZE
+            if offset.negative?
+              raise NotFoundError, "APK Signing Block offset out of range: #{offset}"
+            end
+
+            file_io.seek(offset)
+            header = file_io.read(Info::SIG_SIZE_OF_BLOCK_SIZE).unpack1('Q')
+
+            if header != footer
+              raise NotFoundError,
+                    "APK Signing Block header and footer mismatch: #{header} != #{footer}"
+            end
+
+            io = file_io.read(total_size)
+            StringIO.new(io)
+          }.call
         end
 
-        io = file_io.read(total_size)
-        StringIO.new(io)
-      }.call
-    end
-
-    def cdir_offset
-      @cdir_offset ||= lambda {
-        eocd_buffer = zip_io.get_e_o_c_d(start_buffer)
-        eocd_buffer[12..16].unpack1('V')
-      }.call
-    end
+        def cdir_offset
+          @cdir_offset ||= lambda {
+            eocd_buffer = zip_io.get_e_o_c_d(start_buffer)
+            eocd_buffer[12..16].unpack1('V')
+          }.call
+        end
 
-    def start_buffer
-      @start_buffer ||= zip_io.start_buf(file_io)
-    end
+        def start_buffer
+          @start_buffer ||= zip_io.start_buf(file_io)
+        end
 
-    def zip_io
-      @zip_io ||= @parser.zip
-    end
+        def zip_io
+          @zip_io ||= @parser.zip
+        end
 
-    def file_io
-      @file_io ||= File.open(@parser.file, 'rb')
+        def file_io
+          @file_io ||= ::File.open(@parser.file, 'rb')
+        end
+      end
     end
   end
 end

data/lib/app_info/android/signatures/v1.rb

@@ -1,59 +1,63 @@
 # frozen_string_literal: true
 
-module AppInfo::Android::Signature
-  # Android v1 Signature
-  class V1 < Base
-    DESCRIPTION = 'JAR signing'
-
-    PKCS7_HEADER = [0x30, 0x82].freeze
-
-    attr_reader :certificates, :signatures
-
-    def version
-      Version::V1
-    end
-
-    def description
-      DESCRIPTION
-    end
-
-    def verify
-      @signatures = fetch_signatures
-      @certificates = fetch_certificates
-
-      raise NotFoundError, 'Not found certificates' if @certificates.empty?
-    end
-
-    private
-
-    def fetch_signatures
-      case @parser
-      when AppInfo::APK
-        signatures_from(@parser.apk)
-      when AppInfo::AAB
-        signatures_from(@parser)
+module AppInfo
+  class Android < File
+    module Signature
+      # Android v1 Signature
+      class V1 < Base
+        DESCRIPTION = 'JAR signing'
+
+        PKCS7_HEADER = [0x30, 0x82].freeze
+
+        attr_reader :certificates, :signatures
+
+        def version
+          Version::V1
+        end
+
+        def description
+          DESCRIPTION
+        end
+
+        def verify
+          @signatures = fetch_signatures
+          @certificates = fetch_certificates
+
+          raise NotFoundError, 'Not found certificates' if @certificates.empty?
+        end
+
+        private
+
+        def fetch_signatures
+          case @parser
+          when AppInfo::APK
+            signatures_from(@parser.apk)
+          when AppInfo::AAB
+            signatures_from(@parser)
+          end
+        end
+
+        def fetch_certificates
+          @signatures.each_with_object([]) do |(_, sign), obj|
+            next if sign.certificates.empty?
+
+            obj << AppInfo::Certificate.new(sign.certificates[0])
+          end
+        end
+
+        def signatures_from(parser)
+          signs = {}
+          parser.each_file do |path, data|
+            # find META-INF/xxx.{RSA|DSA|EC}
+            next unless path =~ %r{^META-INF/} && data.unpack('CC') == PKCS7_HEADER
+
+            signs[path] = OpenSSL::PKCS7.new(data)
+          end
+          signs
+        end
       end
-    end
-
-    def fetch_certificates
-      @signatures.each_with_object([]) do |(_, sign), obj|
-        next if sign.certificates.empty?
 
-        obj << AppInfo::Certificate.new(sign.certificates[0])
-      end
-    end
-
-    def signatures_from(parser)
-      signs = {}
-      parser.each_file do |path, data|
-        # find META-INF/xxx.{RSA|DSA|EC}
-        next unless path =~ %r{^META-INF/} && data.unpack('CC') == PKCS7_HEADER
-
-        signs[path] = OpenSSL::PKCS7.new(data)
-      end
-      signs
+      register(Version::V1, V1)
     end
   end
-
-  register(Version::V1, V1)
 end

data/lib/app_info/android/signatures/v2.rb

@@ -1,117 +1,121 @@
 # frozen_string_literal: true
 
-module AppInfo::Android::Signature
-  # Android v2 Signature
-  #
-  # FULL FORMAT:
-  # OFFSET       DATA TYPE  DESCRIPTION
-  # * @+0  bytes uint32:    signer size in bytes
-  # * @+4  bytes payload    signer block
-  #   * @+0  bytes unit32:    signed data size in bytes
-  #   * @+4  bytes payload    signed data block
-  #     * @+0  bytes unit32:    digests with size in bytes
-  #     * @+0  bytes unit32:    digests with size in bytes
-  #   * @+X  bytes unit32:    signatures with size in bytes
-  #     * @+X+4  bytes payload    signed data block
-  #   * @+Y  bytes unit32:    public key with size in bytes
-  #     * @+Y+4  bytes payload    signed data block
-  class V2 < Base
-    include AppInfo::Helper::IOBlock
-    include AppInfo::Helper::Signatures
-    include AppInfo::Helper::Algorithm
-
-    # V2 Signature ID 0x7109871a
-    BLOCK_ID = [0x1a, 0x87, 0x09, 0x71].freeze
-
-    attr_reader :certificates, :digests
-
-    def version
-      Version::V2
-    end
-
-    # Verify
-    # @todo verified signatures
-    def verify
-      signers_block = singers_block(BLOCK_ID)
-      @certificates, @digests = verified_certs(signers_block, verify: true)
-      # @verified = true
-    end
-
-    private
-
-    def verified_certs(signers_block, verify:)
-      unless (signers = length_prefix_block(signers_block))
-        raise SecurityError, 'Not found signers'
-      end
-
-      certificates = []
-      content_digests = {}
-      loop_length_prefix_io(signers, name: 'Singer', logger: logger) do |signer|
-        signer_certs, signer_digests = extract_signer_data(signer, verify: verify)
-        certificates.concat(signer_certs)
-        content_digests.merge!(signer_digests)
-      end
-      raise SecurityError, 'No signers found' if certificates.empty?
-
-      [certificates, content_digests]
-    end
-
-    def extract_signer_data(signer, verify:)
-      # raw data
-      signed_data = length_prefix_block(signer)
-      signatures = length_prefix_block(signer)
-      public_key = length_prefix_block(signer, raw: true)
-
-      # FIXME: extract code below and re-organizate
-
-      algorithems = signature_algorithms(signatures)
-      raise SecurityError, 'No signatures found' if verify && algorithems.empty?
-
-      # find best algorithem to verify signed data with public key and signature
-      unless best_algorithem = best_algorithem(algorithems)
-        raise SecurityError, 'No supported signatures found'
+module AppInfo
+  class Android < File
+    module Signature
+      # Android v2 Signature
+      #
+      # FULL FORMAT:
+      # OFFSET       DATA TYPE  DESCRIPTION
+      # * @+0  bytes uint32:    signer size in bytes
+      # * @+4  bytes payload    signer block
+      #   * @+0  bytes unit32:    signed data size in bytes
+      #   * @+4  bytes payload    signed data block
+      #     * @+0  bytes unit32:    digests with size in bytes
+      #     * @+0  bytes unit32:    digests with size in bytes
+      #   * @+X  bytes unit32:    signatures with size in bytes
+      #     * @+X+4  bytes payload    signed data block
+      #   * @+Y  bytes unit32:    public key with size in bytes
+      #     * @+Y+4  bytes payload    signed data block
+      class V2 < Base
+        include AppInfo::Helper::IOBlock
+        include AppInfo::Helper::Signatures
+        include AppInfo::Helper::Algorithm
+
+        # V2 Signature ID 0x7109871a
+        BLOCK_ID = [0x1a, 0x87, 0x09, 0x71].freeze
+
+        attr_reader :certificates, :digests
+
+        def version
+          Version::V2
+        end
+
+        # Verify
+        # @todo verified signatures
+        def verify
+          signers_block = singers_block(BLOCK_ID)
+          @certificates, @digests = verified_certs(signers_block, verify: true)
+          # @verified = true
+        end
+
+        private
+
+        def verified_certs(signers_block, verify:)
+          unless (signers = length_prefix_block(signers_block))
+            raise SecurityError, 'Not found signers'
+          end
+
+          certificates = []
+          content_digests = {}
+          loop_length_prefix_io(signers, name: 'Singer', logger: logger) do |signer|
+            signer_certs, signer_digests = extract_signer_data(signer, verify: verify)
+            certificates.concat(signer_certs)
+            content_digests.merge!(signer_digests)
+          end
+          raise SecurityError, 'No signers found' if certificates.empty?
+
+          [certificates, content_digests]
+        end
+
+        def extract_signer_data(signer, verify:)
+          # raw data
+          signed_data = length_prefix_block(signer)
+          signatures = length_prefix_block(signer)
+          public_key = length_prefix_block(signer, raw: true)
+
+          # FIXME: extract code below and re-organize
+
+          algorithems = signature_algorithms(signatures)
+          raise SecurityError, 'No signatures found' if verify && algorithems.empty?
+
+          # find best algorithem to verify signed data with public key and signature
+          unless best_algorithem = best_algorithem(algorithems)
+            raise SecurityError, 'No supported signatures found'
+          end
+
+          algorithems_digest = best_algorithem[:digest]
+          signature = best_algorithem[:signature]
+
+          pkey = OpenSSL::PKey.read(public_key)
+          digest = OpenSSL::Digest.new(algorithems_digest)
+          verified = pkey.verify(digest, signature, signed_data.string)
+          raise SecurityError, "#{algorithems_digest} signature did not verify" unless verified
+
+          # verify algorithm ID full equal (and sort) between digests and signature
+          digests = length_prefix_block(signed_data)
+          content_digests = signed_data_digests(digests)
+          content_digest = content_digests[algorithems_digest]&.fetch(:content)
+
+          unless content_digest
+            raise SecurityError,
+                  'Signature algorithms don\'t match between digests and signatures records'
+          end
+
+          previous_digest = content_digests.fetch(algorithems_digest)
+          content_digests[algorithems_digest] = content_digest
+          if previous_digest && previous_digest[:content] != content_digest
+            raise SecurityError,
+                  'Signature algorithms don\'t match between digests and signatures records'
+          end
+
+          certificates = length_prefix_block(signed_data)
+          certs = signed_data_certs(certificates)
+          raise SecurityError, 'No certificates listed' if certs.empty?
+
+          main_cert = certs[0]
+          if main_cert.public_key.to_der != pkey.to_der
+            raise SecurityError, 'Public key mismatch between certificate and signature record'
+          end
+
+          additional_attrs = length_prefix_block(signed_data)
+          verify_additional_attrs(additional_attrs, certs)
+
+          [certs, content_digests]
+        end
       end
 
-      algorithems_digest = best_algorithem[:digest]
-      signature = best_algorithem[:signature]
-
-      pkey = OpenSSL::PKey.read(public_key)
-      digest = OpenSSL::Digest.new(algorithems_digest)
-      verified = pkey.verify(digest, signature, signed_data.string)
-      raise SecurityError, "#{algorithems_digest} signature did not verify" unless verified
-
-      # verify algorithm ID full equal (and sort) between digests and signature
-      digests = length_prefix_block(signed_data)
-      content_digests = signed_data_digests(digests)
-      content_digest = content_digests[algorithems_digest]&.fetch(:content)
-
-      unless content_digest
-        raise SecurityError,
-              'Signature algorithms don\'t match between digests and signatures records'
-      end
-
-      previous_digest = content_digests.fetch(algorithems_digest)
-      content_digests[algorithems_digest] = content_digest
-      if previous_digest && previous_digest[:content] != content_digest
-        raise SecurityError,
-              'Signature algorithms don\'t match between digests and signatures records'
-      end
-
-      certificates = length_prefix_block(signed_data)
-      certs = signed_data_certs(certificates)
-      raise SecurityError, 'No certificates listed' if certs.empty?
-
-      main_cert = certs[0]
-      if main_cert.public_key.to_der != pkey.to_der
-        raise SecurityError, 'Public key mismatch between certificate and signature record'
-      end
-
-      additional_attrs = length_prefix_block(signed_data)
-      verify_additional_attrs(additional_attrs, certs)
-
-      [certs, content_digests]
+      register(Version::V2, V2)
     end
   end
-
-  register(Version::V2, V2)
 end