@bravemobile/react-native-code-push 12.3.1 → 12.4.0

package/expo/plugin/withCodePushAndroid.js

@@ -28,11 +28,9 @@ function androidMainApplicationApplyImplementation(mainApplication, find, add, r
 }
 
 function addJsBundleFilePathArgument(mainApplication) {
-  if (mainApplication.includes(JS_BUNDLE_FILE_PATH_ARGUMENT)) {
-    return mainApplication;
-  }
-
-  const packageListArgumentPattern = /(packageList\s*=\s*\n\s*PackageList\(this\)[\s\S]+?\},?\s*\n)/;
+  // Capture packageList block plus optional existing jsBundleFilePath line.
+  // This allows us to normalize comma placement before injecting the new argument.
+  const packageListArgumentPattern = /(packageList\s*=\s*\n\s*PackageList\(this\)[\s\S]+?\},?\s*\n)(\s*jsBundleFilePath\s*=\s*CodePush\.getJSBundleFile\(\),\s*\n)?/;
 
   if (!packageListArgumentPattern.test(mainApplication)) {
     WarningAggregator.addWarningAndroid(
@@ -47,12 +45,15 @@ function addJsBundleFilePathArgument(mainApplication) {
     return mainApplication;
   }
 
-  return mainApplication.replace(packageListArgumentPattern, (match) => {
-    if (match.includes('jsBundleFilePath')) {
-      return match;
-    }
-
-    return `${match}      ${JS_BUNDLE_FILE_PATH_ARGUMENT},\n`;
+  return mainApplication.replace(packageListArgumentPattern, (match, packageListArgument, existingJsBundleArgument) => {
+    const trimmedMatch = packageListArgument.replace(/\s+$/, '');
+    // Kotlin call args need a trailing comma before the next named argument.
+    const hasTrailingComma = /,\s*$/.test(trimmedMatch);
+    const packageListArgumentWithComma = hasTrailingComma ? trimmedMatch : `${trimmedMatch},`;
+    const jsBundleArgument = existingJsBundleArgument
+      ? existingJsBundleArgument.replace(/\s+$/, '')
+      : `      ${JS_BUNDLE_FILE_PATH_ARGUMENT},`;
+    return `${packageListArgumentWithComma}\n${jsBundleArgument}\n`;
   });
 }
 
@@ -64,10 +65,9 @@ const withAndroidMainApplicationDependency = (config) => {
       IMPORT_CODE_PUSH,
     );
 
-    if (!action.modResults.contents.includes('CodePush.getJSBundleFile()')) {
-      if (action.modResults.contents.includes(RN_082_MARKER)) {
-        action.modResults.contents = addJsBundleFilePathArgument(action.modResults.contents);
-      } else {
+    if (action.modResults.contents.includes(RN_082_MARKER)) {
+      action.modResults.contents = addJsBundleFilePathArgument(action.modResults.contents);
+    } else if (!action.modResults.contents.includes('CodePush.getJSBundleFile()')) {
         // https://github.com/Soomgo-Mobile/react-native-code-push/issues/97
         const isExpoSDK54 = config.sdkVersion?.startsWith('54.') ?? false;
         const addingCode = isExpoSDK54
@@ -81,7 +81,6 @@ const withAndroidMainApplicationDependency = (config) => {
           'object : DefaultReactNativeHost(this) {',
           addingCode,
         );
-      }
     }
 
     return action;

package/ios/CodePush/CodePush.h

@@ -102,7 +102,6 @@
 @property (readonly) NSDictionary *configuration;
 @property (copy) NSString *deploymentKey;
 @property (copy) NSString *serverURL;
-@property (copy) NSString *publicKey;
 
 + (instancetype)current;
 
@@ -140,7 +139,6 @@ failCallback:(void (^)(NSError *err))failCallback;
 
 + (void)downloadPackage:(NSDictionary *)updatePackage
  expectedBundleFileName:(NSString *)expectedBundleFileName
-              publicKey:(NSString *)publicKey
          operationQueue:(dispatch_queue_t)operationQueue
        progressCallback:(void (^)(long long, long long))progressCallback
            doneCallback:(void (^)())doneCallback
@@ -203,20 +201,6 @@ failCallback:(void (^)(NSError *err))failCallback;
                    expectedHash:(NSString *)expectedHash
                           error:(NSError **)error;
 
-// remove BEGIN / END tags and line breaks from public key string
-+ (NSString *)getKeyValueFromPublicKeyString:(NSString *)publicKeyString;
-
-+ (NSString *)getSignatureFilePath:(NSString *)updateFolderPath;
-
-+ (NSDictionary *) verifyAndDecodeJWT:(NSString *) jwt
-               withPublicKey:(NSString *)publicKey
-                       error:(NSError **)error;
-
-+ (BOOL)verifyUpdateSignatureFor:(NSString *)updateFolderPath
-                    expectedHash:(NSString *)newUpdateHash
-                   withPublicKey:(NSString *)publicKeyString
-                           error:(NSError **)error;
-
 @end
 
 void CPLog(NSString *formatString, ...);

package/ios/CodePush/CodePush.m

@@ -1,4 +1,3 @@
-#if __has_include(<React/RCTAssert.h>)
 #import <React/RCTAssert.h>
 #import <React/RCTBridgeModule.h>
 #import <React/RCTConvert.h>
@@ -6,14 +5,6 @@
 #import <React/RCTRootView.h>
 #import <React/RCTUtils.h>
 #import <React/RCTReloadCommand.h>
-#else // back compatibility for RN version < 0.40
-#import "RCTAssert.h"
-#import "RCTBridgeModule.h"
-#import "RCTConvert.h"
-#import "RCTEventDispatcher.h"
-#import "RCTRootView.h"
-#import "RCTUtils.h"
-#endif
 
 #import "CodePush.h"
 
@@ -740,12 +731,9 @@ RCT_EXPORT_METHOD(downloadUpdate:(NSDictionary*)updatePackage
         _lastProgressEventTime = 0;
     }
 
-    NSString * publicKey = [[CodePushConfig current] publicKey];
-
     [CodePushPackage
         downloadPackage:mutableUpdatePackage
         expectedBundleFileName:[bundleResourceName stringByAppendingPathExtension:bundleResourceExtension]
-        publicKey:publicKey
         operationQueue:_methodQueue
         // The download is progressing forward
         progressCallback:^(long long expectedContentLength, long long receivedContentLength) {

package/ios/CodePush/CodePushConfig.m

@@ -12,7 +12,6 @@ static NSString * const BuildVersionConfigKey = @"buildVersion";
 static NSString * const ClientUniqueIDConfigKey = @"clientUniqueId";
 static NSString * const DeploymentKeyConfigKey = @"deploymentKey";
 static NSString * const ServerURLConfigKey = @"serverUrl";
-static NSString * const PublicKeyKey = @"publicKey";
 
 + (instancetype)current
 {
@@ -35,7 +34,6 @@ static NSString * const PublicKeyKey = @"publicKey";
     NSString *buildVersion = [infoDictionary objectForKey:(NSString *)kCFBundleVersionKey];
     NSString *deploymentKey = [infoDictionary objectForKey:@"CodePushDeploymentKey"];
     NSString *serverURL = [infoDictionary objectForKey:@"CodePushServerURL"];
-    NSString *publicKey = [infoDictionary objectForKey:@"CodePushPublicKey"];
 
     NSUserDefaults *userDefaults = [NSUserDefaults standardUserDefaults];
     NSString *clientUniqueId = [userDefaults stringForKey:ClientUniqueIDConfigKey];
@@ -56,7 +54,6 @@ static NSString * const PublicKeyKey = @"publicKey";
     if (serverURL) [_configDictionary setObject:serverURL forKey:ServerURLConfigKey];
     if (clientUniqueId) [_configDictionary setObject:clientUniqueId forKey:ClientUniqueIDConfigKey];
     if (deploymentKey) [_configDictionary setObject:deploymentKey forKey:DeploymentKeyConfigKey];
-    if (publicKey) [_configDictionary setObject:publicKey forKey:PublicKeyKey];
 
     return self;
 }
@@ -91,11 +88,6 @@ static NSString * const PublicKeyKey = @"publicKey";
     return [_configDictionary objectForKey:ClientUniqueIDConfigKey];
 }
 
-- (NSString *)publicKey
-{
-    return [_configDictionary objectForKey:PublicKeyKey];
-}
-
 - (void)setAppVersion:(NSString *)appVersion
 {
     [_configDictionary setValue:appVersion forKey:AppVersionConfigKey];
@@ -111,6 +103,4 @@ static NSString * const PublicKeyKey = @"publicKey";
     [_configDictionary setValue:serverURL forKey:ServerURLConfigKey];
 }
 
-//no setter for PublicKey, because it's need to be hard coded within Info.plist for safety
-
 @end

package/ios/CodePush/CodePushPackage.m

@@ -45,7 +45,6 @@ static NSString *const UnzippedFolderName = @"unzipped";
 
 + (void)downloadPackage:(NSDictionary *)updatePackage
  expectedBundleFileName:(NSString *)expectedBundleFileName
-              publicKey:(NSString *)publicKey
          operationQueue:(dispatch_queue_t)operationQueue
        progressCallback:(void (^)(long long, long long))progressCallback
            doneCallback:(void (^)())doneCallback
@@ -252,44 +251,6 @@ static NSString *const UnzippedFolderName = @"unzipped";
                                                             CPLog(@"The update contents succeeded the data integrity check.");
                                                         }
 
-                                                        BOOL isSignatureVerificationEnabled = (publicKey != nil);
-
-                                                        NSString *signatureFilePath = [CodePushUpdateUtils getSignatureFilePath:newUpdateFolderPath];
-                                                        BOOL isSignatureAppearedInBundle = [[NSFileManager defaultManager] fileExistsAtPath:signatureFilePath];
-
-                                                        if (isSignatureVerificationEnabled) {
-                                                            if (isSignatureAppearedInBundle) {
-                                                                BOOL isSignatureValid = [CodePushUpdateUtils verifyUpdateSignatureFor:newUpdateFolderPath
-                                                                                                                         expectedHash:newUpdateHash
-                                                                                                                        withPublicKey:publicKey
-                                                                                                                                error:&error];
-                                                                if (!isSignatureValid) {
-                                                                    CPLog(@"The update contents failed code signing check.");
-                                                                    if (!error) {
-                                                                        error = [CodePushErrorUtils errorWithMessage:@"The update contents failed code signing check."];
-                                                                    }
-                                                                    failCallback(error);
-                                                                    return;
-                                                                } else {
-                                                                    CPLog(@"The update contents succeeded the code signing check.");
-                                                                }
-                                                            } else {
-                                                                error = [CodePushErrorUtils errorWithMessage:
-                                                                         @"Error! Public key was provided but there is no JWT signature within app bundle to verify " \
-                                                                         "Possible reasons, why that might happen: \n" \
-                                                                         "1. You've been released CodePush bundle update using version of CodePush CLI that is not support code signing.\n" \
-                                                                         "2. You've been released CodePush bundle update without providing --privateKeyPath option."];
-                                                                failCallback(error);
-                                                                return;
-                                                            }
-                                                            
-                                                        } else {
-                                                            if (isSignatureAppearedInBundle) {
-                                                                CPLog(@"Warning! JWT signature exists in codepush update but code integrity check couldn't be performed" \
-                                                                      " because there is no public key configured. " \
-                                                                      "Please ensure that public key is properly configured within your application.");
-                                                            }
-                                                        }
                                                     } else {
                                                         [[NSFileManager defaultManager] createDirectoryAtPath:newUpdateFolderPath
                                                                                   withIntermediateDirectories:YES

package/ios/CodePush/CodePushUpdateUtils.m

@@ -1,28 +1,23 @@
 #import "CodePush.h"
 #include <CommonCrypto/CommonDigest.h>
-#import "JWT.h"
 
 @implementation CodePushUpdateUtils
 
 NSString * const AssetsFolderName = @"assets";
 NSString * const BinaryHashKey = @"CodePushBinaryHash";
 NSString * const ManifestFolderPrefix = @"CodePush";
-NSString * const BundleJWTFile = @".codepushrelease";
 
 /*
  Ignore list for hashing
  */
 NSString * const IgnoreMacOSX= @"__MACOSX/";
 NSString * const IgnoreDSStore = @".DS_Store";
-NSString * const IgnoreCodePushMetadata = @".codepushrelease";
 
 + (BOOL)isHashIgnoredFor:(NSString *) relativePath
 {
     return [relativePath hasPrefix:IgnoreMacOSX]
     || [relativePath isEqualToString:IgnoreDSStore]
-    || [relativePath hasSuffix:[NSString stringWithFormat:@"/%@", IgnoreDSStore]]
-    || [relativePath isEqualToString:IgnoreCodePushMetadata]
-    || [relativePath hasSuffix:[NSString stringWithFormat:@"/%@", IgnoreCodePushMetadata]];
+    || [relativePath hasSuffix:[NSString stringWithFormat:@"/%@", IgnoreDSStore]];
 }
 
 + (BOOL)addContentsOfFolderToManifest:(NSString *)folderPath
@@ -288,89 +283,4 @@ NSString * const IgnoreCodePushMetadata = @".codepushrelease";
     return [updateContentsManifestHash isEqualToString:expectedHash];
 }
 
-// remove BEGIN / END tags and line breaks from public key string
-+ (NSString *)getKeyValueFromPublicKeyString:(NSString *)publicKeyString
-{
-    publicKeyString = [publicKeyString stringByReplacingOccurrencesOfString:@"-----BEGIN PUBLIC KEY-----\n"
-                                                                 withString:@""];
-    publicKeyString = [publicKeyString stringByReplacingOccurrencesOfString:@"-----END PUBLIC KEY-----"
-                                                                 withString:@""];
-    publicKeyString = [publicKeyString stringByReplacingOccurrencesOfString:@"\n"
-                                                                 withString:@""];
-
-    return publicKeyString;
-}
-
-+ (NSString *)getSignatureFilePath:(NSString *)updateFolderPath
-{
-    return [NSString stringWithFormat:@"%@/%@/%@", updateFolderPath, ManifestFolderPrefix, BundleJWTFile];
-}
-
-+ (NSString *)getSignatureFor:(NSString *)folderPath
-                        error:(NSError **)error
-{
-    NSString *signatureFilePath = [self getSignatureFilePath:folderPath];
-    if ([[NSFileManager defaultManager] fileExistsAtPath:signatureFilePath]) {
-        return [NSString stringWithContentsOfFile:signatureFilePath encoding:NSUTF8StringEncoding error:error];
-    } else {
-        *error = [CodePushErrorUtils errorWithMessage:[NSString stringWithFormat: @"Cannot find signature at %@", signatureFilePath]];
-        return nil;
-    }
-}
-
-+ (NSDictionary *) verifyAndDecodeJWT:(NSString *)jwt
-     withPublicKey:(NSString *)publicKey
-             error:(NSError **)error
-{
-    id <JWTAlgorithmDataHolderProtocol> verifyDataHolder = [JWTAlgorithmRSFamilyDataHolder new].keyExtractorType([JWTCryptoKeyExtractor publicKeyWithPEMBase64].type).algorithmName(@"RS256").secret(publicKey);
-    
-    JWTCodingBuilder *verifyBuilder = [JWTDecodingBuilder decodeMessage:jwt].addHolder(verifyDataHolder);
-    JWTCodingResultType *verifyResult = verifyBuilder.result;
-    if (verifyResult.successResult) {
-        return verifyResult.successResult.payload;
-    }
-    else {
-        *error = verifyResult.errorResult.error;
-        return nil;
-    }
-}
-
-+ (BOOL)verifyUpdateSignatureFor:(NSString *)folderPath
-                    expectedHash:(NSString *)newUpdateHash
-                   withPublicKey:(NSString *)publicKeyString
-                           error:(NSError **)error
-{
-    NSLog(@"Verifying signature for folder path: %@", folderPath);
-    
-    NSString *publicKey = [self getKeyValueFromPublicKeyString: publicKeyString];
-    
-    NSError *signatureVerificationError;
-    NSString *signature = [self getSignatureFor: folderPath
-                                          error: &signatureVerificationError];
-    if (signatureVerificationError) {
-        CPLog(@"The update could not be verified because no signature was found. %@", signatureVerificationError);
-        *error = signatureVerificationError;
-        return false;
-    }
-    
-    NSError *payloadDecodingError;
-    NSDictionary *envelopedPayload = [self verifyAndDecodeJWT:signature withPublicKey:publicKey error:&payloadDecodingError];
-    if(payloadDecodingError){
-        CPLog(@"The update could not be verified because it was not signed by a trusted party. %@", payloadDecodingError);
-        *error = payloadDecodingError;
-        return false;
-    }
-    
-    CPLog(@"JWT signature verification succeeded, payload content:  %@", envelopedPayload);
-    
-    if(![envelopedPayload objectForKey:@"contentHash"]){
-        CPLog(@"The update could not be verified because the signature did not specify a content hash.");
-        return false;
-    }
-    
-    NSString *contentHash = envelopedPayload[@"contentHash"];
-    
-    return [contentHash isEqualToString:newUpdateHash];
-}
-
 @end