npm - @capgo/capacitor-updater - Versions diffs - 5.7.17 → 6.0.0-alpha.0 - Mend

@capgo/capacitor-updater 5.7.17 → 6.0.0-alpha.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +7 -4
package/android/src/main/java/ee/forgr/capacitor_updater/CapacitorUpdater.java +33 -6
package/android/src/main/java/ee/forgr/capacitor_updater/CapacitorUpdaterPlugin.java +16 -6
package/android/src/main/java/ee/forgr/capacitor_updater/CryptoCipher.java +119 -75
package/dist/docs.json +18 -2
package/dist/esm/definitions.d.ts +11 -2
package/dist/esm/definitions.js.map +1 -1
package/ios/Plugin/CapacitorUpdater.swift +32 -9
package/ios/Plugin/CapacitorUpdaterPlugin.swift +10 -4
package/ios/Plugin/CryptoCipher.swift +83 -113
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -165,7 +165,7 @@ CapacitorUpdater can be configured with these options:
 | **`resetWhenUpdate`**    | <code>boolean</code> | Automatically delete previous downloaded bundles when a newer native app bundle is installed to the device. Only available for Android and iOS.                                                 | <code>true</code>                              |         |
 | **`updateUrl`**          | <code>string</code>  | Configure the URL / endpoint to which update checks are sent. Only available for Android and iOS.                                                                                               | <code>https://api.capgo.app/auto_update</code> |         |
 | **`statsUrl`**           | <code>string</code>  | Configure the URL / endpoint to which update statistics are sent. Only available for Android and iOS. Set to "" to disable stats reporting.                                                     | <code>https://api.capgo.app/stats</code>       |         |
-| **`privateKey`**         | <code>string</code>  | Configure the private key for end to end live update encryption. Only available for Android and iOS.                                                                                            | <code>undefined</code>                         |         |
+| **`publicKey`**          | <code>string</code>  | Configure the public key for end to end live update encryption. Only available for Android and iOS.                                                                                             | <code>undefined</code>                         |         |
 | **`version`**            | <code>string</code>  | Configure the current version of the app. This will be used for the first update request. If not set, the plugin will get the version from the native code. Only available for Android and iOS. | <code>undefined</code>                         | 4.17.48 |
 | **`directUpdate`**       | <code>boolean</code> | Make the plugin direct install the update when the app what just updated/installed. Only for autoUpdate mode. Only available for Android and iOS.                                               | <code>undefined</code>                         | 5.1.0   |
 | **`periodCheckDelay`**   | <code>number</code>  | Configure the delay period for period update check. the unit is in seconds. Only available for Android and iOS. Cannot be less than 600 seconds (10 minutes).                                   | <code>600 // (10 minutes)</code>               |         |
@@ -176,6 +176,7 @@ CapacitorUpdater can be configured with these options:
 | **`localSupaAnon`**      | <code>string</code>  | Configure the CLI to use a local server for testing.                                                                                                                                            | <code>undefined</code>                         | 4.17.48 |
 | **`allowModifyUrl`**     | <code>boolean</code> | Allow the plugin to modify the updateUrl, statsUrl and channelUrl dynamically from the JavaScript side.                                                                                         | <code>false</code>                             | 5.4.0   |
 | **`defaultChannel`**     | <code>string</code>  | Set the default channel for the app in the config.                                                                                                                                              | <code>undefined</code>                         | 5.5.0   |
+| **`forceEncryption`**    | <code>boolean</code> | If set to true with encryption enabled, the plugin will only accept encrypted bundles.                                                                                                          | <code>true</code>                              | 6.0.0   |
 ### Examples
@@ -193,7 +194,7 @@ In `capacitor.config.json`:
       "resetWhenUpdate": false,
       "updateUrl": https://example.com/api/auto_update,
       "statsUrl": https://example.com/api/stats,
-      "privateKey": undefined,
+      "publicKey": undefined,
       "version": undefined,
       "directUpdate": undefined,
       "periodCheckDelay": undefined,
@@ -203,7 +204,8 @@ In `capacitor.config.json`:
       "localSupa": undefined,
       "localSupaAnon": undefined,
       "allowModifyUrl": undefined,
-      "defaultChannel": undefined
+      "defaultChannel": undefined,
+      "forceEncryption": undefined
     }
   }
 }
@@ -227,7 +229,7 @@ const config: CapacitorConfig = {
       resetWhenUpdate: false,
       updateUrl: https://example.com/api/auto_update,
       statsUrl: https://example.com/api/stats,
-      privateKey: undefined,
+      publicKey: undefined,
       version: undefined,
       directUpdate: undefined,
       periodCheckDelay: undefined,
@@ -238,6 +240,7 @@ const config: CapacitorConfig = {
       localSupaAnon: undefined,
       allowModifyUrl: undefined,
       defaultChannel: undefined,
+      forceEncryption: undefined,
     },
   },
 };

package/android/src/main/java/ee/forgr/capacitor_updater/CapacitorUpdater.java CHANGED Viewed

@@ -42,6 +42,7 @@ import java.net.URL;
 import java.net.URLConnection;
 import java.security.GeneralSecurityException;
 import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Date;
@@ -86,9 +87,11 @@ public class CapacitorUpdater {
   public String channelUrl = "";
   public String defaultChannel = "";
   public String appId = "";
-  public String privateKey = "";
+  public String publicKey = "";
+  public Boolean hasOldPrivateKeyPropertyInConfig = false;
   public String deviceID = "";
   public int timeout = 20000;
+  public Boolean forceEncryption = false;
   private final FilenameFilter filter = (f, name) -> {
     // ignore directories generated by mac os x
@@ -338,6 +341,13 @@ public class CapacitorUpdater {
   ) {
     try {
       final File downloaded = new File(this.documentsDir, dest);
+      if (this.hasOldPrivateKeyPropertyInConfig) {
+        Log.i(
+          CapacitorUpdater.TAG,
+          "There is still an privateKey property in the config"
+        );
+      }
       this.decryptFile(downloaded, sessionKey, version);
       final String checksum;
       checksum = this.getChecksum(downloaded);
@@ -503,17 +513,32 @@ public class CapacitorUpdater {
     final String ivSessionKey,
     final String version
   ) throws IOException {
-    // (str != null && !str.isEmpty())
     if (
-      this.privateKey == null ||
-      this.privateKey.isEmpty() ||
       ivSessionKey == null ||
       ivSessionKey.isEmpty() ||
       ivSessionKey.split(":").length != 2
     ) {
-      Log.i(TAG, "Cannot found privateKey or sessionKey");
+      if (
+        this.forceEncryption &&
+        this.publicKey != null &&
+        !this.publicKey.isEmpty()
+      ) {
+        Log.i(TAG, "Cannot accept non-encrypted bundle");
+        this.sendStats("decrypt_fail", version);
+        throw new IOException("GeneralSecurityException");
+      }
+      Log.i(TAG, "Cannot find public key or sessionKey");
       return;
     }
+    if (!this.publicKey.startsWith("-----BEGIN RSA PUBLIC KEY-----")) {
+      Log.e(
+        CapacitorUpdater.TAG,
+        "The public key is not a valid RSA Public key"
+      );
+      return;
+    }
     try {
       String ivB64 = ivSessionKey.split(":")[0];
       String sessionKeyB64 = ivSessionKey.split(":")[1];
@@ -522,8 +547,10 @@ public class CapacitorUpdater {
         sessionKeyB64.getBytes(),
         Base64.DEFAULT
       );
-      PrivateKey pKey = CryptoCipher.stringToPrivateKey(this.privateKey);
+      PublicKey pKey = CryptoCipher.stringToPublicKey(this.publicKey);
       byte[] decryptedSessionKey = CryptoCipher.decryptRSA(sessionKey, pKey);
       SecretKey sKey = CryptoCipher.byteToSessionKey(decryptedSessionKey);
       byte[] content = new byte[(int) file.length()];

package/android/src/main/java/ee/forgr/capacitor_updater/CapacitorUpdaterPlugin.java CHANGED Viewed

@@ -50,12 +50,12 @@ public class CapacitorUpdaterPlugin extends Plugin {
   private static final String updateUrlDefault =
     "https://api.capgo.app/updates";
   private static final String statsUrlDefault = "https://api.capgo.app/stats";
-  private static final String defaultPrivateKey =
-    "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA4pW9olT0FBXXivRCzd3xcImlWZrqkwcF2xTkX/FwXmj9eh9H\nkBLrsQmfsC+PJisRXIOGq6a0z3bsGq6jBpp3/Jr9jiaW5VuPGaKeMaZZBRvi/N5f\nIMG3hZXSOcy0IYg+E1Q7RkYO1xq5GLHseqG+PXvJsNe4R8R/Bmd/ngq0xh/cvcrH\nHpXwO0Aj9tfprlb+rHaVV79EkVRWYPidOLnK1n0EFHFJ1d/MyDIp10TEGm2xHpf/\nBrlb1an8wXEuzoC0DgYaczgTjovwR+ewSGhSHJliQdM0Qa3o1iN87DldWtydImMs\nPjJ3DUwpsjAMRe5X8Et4+udFW2ciYnQo9H0CkwIDAQABAoIBAQCtjlMV/4qBxAU4\nu0ZcWA9yywwraX0aJ3v1xrfzQYV322Wk4Ea5dbSxA5UcqCE29DA1M824t1Wxv/6z\npWbcTP9xLuresnJMtmgTE7umfiubvTONy2sENT20hgDkIwcq1CfwOEm61zjQzPhQ\nkSB5AmEsyR/BZEsUNc+ygR6AWOUFB7tj4yMc32LOTWSbE/znnF2BkmlmnQykomG1\n2oVqM3lUFP7+m8ux1O7scO6IMts+Z/eFXjWfxpbebUSvSIR83GXPQZ34S/c0ehOg\nyHdmCSOel1r3VvInMe+30j54Jr+Ml/7Ee6axiwyE2e/bd85MsK9sVdp0OtelXaqA\nOZZqWvN5AoGBAP2Hn3lSq+a8GsDH726mHJw60xM0LPbVJTYbXsmQkg1tl3NKJTMM\nQqz41+5uys+phEgLHI9gVJ0r+HaGHXnJ4zewlFjsudstb/0nfctUvTqnhEhfNo9I\ny4kufVKPRF3sMEeo7CDVJs4GNBLycEyIBy6Mbv0VcO7VaZqggRwu4no9AoGBAOTK\n6NWYs1BWlkua2wmxexGOzehNGedInp0wGr2l4FDayWjkZLqvB+nNXUQ63NdHlSs4\nWB2Z1kQXZxVaI2tPYexGUKXEo2uFob63uflbuE029ovDXIIPFTPtGNdNXwhHT5a+\nPhmy3sMc+s2BSNM5qaNmfxQxhdd6gRU6oikE+c0PAoGAMn3cKNFqIt27hkFLUgIL\nGKIuf1iYy9/PNWNmEUaVj88PpopRtkTu0nwMpROzmH/uNFriKTvKHjMvnItBO4wV\nkHW+VadvrFL0Rrqituf9d7z8/1zXBNo+juePVe3qc7oiM2NVA4Tv4YAixtM5wkQl\nCgQ15nlqsGYYTg9BJ1e/CxECgYEAjEYPzO2reuUrjr0p8F59ev1YJ0YmTJRMk0ks\nC/yIdGo/tGzbiU3JB0LfHPcN8Xu07GPGOpfYM7U5gXDbaG6qNgfCaHAQVdr/mQPi\nJQ1kCQtay8QCkscWk9iZM1//lP7LwDtxraXqSCwbZSYP9VlUNZeg8EuQqNU2EUL6\nqzWexmcCgYEA0prUGNBacraTYEknB1CsbP36UPWsqFWOvevlz+uEC5JPxPuW5ZHh\nSQN7xl6+PHyjPBM7ttwPKyhgLOVTb3K7ex/PXnudojMUK5fh7vYfChVTSlx2p6r0\nDi58PdD+node08cJH+ie0Yphp7m+D4+R9XD0v0nEvnu4BtAW6DrJasw=\n-----END RSA PRIVATE KEY-----\n";
+  private static final String defaultPublicKey =
+    "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEA4pW9olT0FBXXivRCzd3xcImlWZrqkwcF2xTkX/FwXmj9eh9HkBLr\nsQmfsC+PJisRXIOGq6a0z3bsGq6jBpp3/Jr9jiaW5VuPGaKeMaZZBRvi/N5fIMG3\nhZXSOcy0IYg+E1Q7RkYO1xq5GLHseqG+PXvJsNe4R8R/Bmd/ngq0xh/cvcrHHpXw\nO0Aj9tfprlb+rHaVV79EkVRWYPidOLnK1n0EFHFJ1d/MyDIp10TEGm2xHpf/Brlb\n1an8wXEuzoC0DgYaczgTjovwR+ewSGhSHJliQdM0Qa3o1iN87DldWtydImMsPjJ3\nDUwpsjAMRe5X8Et4+udFW2ciYnQo9H0CkwIDAQAB\n-----END RSA PUBLIC KEY-----\n";
   private static final String channelUrlDefault =
     "https://api.capgo.app/channel_self";
-  private final String PLUGIN_VERSION = "5.7.17";
+  private final String PLUGIN_VERSION = "6.0.0-alpha.0";
   private static final String DELAY_CONDITION_PREFERENCES = "";
   private SharedPreferences.Editor editor;
@@ -136,6 +136,8 @@ public class CapacitorUpdaterPlugin extends Plugin {
       this.implementation.activity = this.getActivity();
       this.implementation.versionBuild =
         this.getConfig().getString("version", pInfo.versionName);
+      this.implementation.forceEncryption =
+        this.getConfig().getBoolean("forceEncryption", true);
       this.implementation.PLUGIN_VERSION = this.PLUGIN_VERSION;
       this.implementation.versionCode = Integer.toString(pInfo.versionCode);
       this.implementation.requestQueue =
@@ -174,8 +176,15 @@ public class CapacitorUpdaterPlugin extends Plugin {
       );
     }
     Log.i(CapacitorUpdater.TAG, "appId: " + implementation.appId);
-    this.implementation.privateKey =
-      this.getConfig().getString("privateKey", defaultPrivateKey);
+    this.implementation.publicKey =
+      getConfig().getString("publicKey", defaultPublicKey);
+    this.implementation.hasOldPrivateKeyPropertyInConfig = false;
+    if (
+      this.getConfig().getString("privateKey") != null &&
+      !this.getConfig().getString("privateKey").isEmpty()
+    ) {
+      this.implementation.hasOldPrivateKeyPropertyInConfig = true;
+    }
     this.implementation.statsUrl =
       this.getConfig().getString("statsUrl", statsUrlDefault);
     this.implementation.channelUrl =
@@ -835,6 +844,7 @@ public class CapacitorUpdaterPlugin extends Plugin {
         @Override
         public void run() {
           try {
+            Log.i(CapacitorUpdater.TAG, "Period Check");
             CapacitorUpdaterPlugin.this.implementation.getLatest(
                 CapacitorUpdaterPlugin.this.updateUrl,
                 res -> {
@@ -1115,7 +1125,7 @@ public class CapacitorUpdaterPlugin extends Plugin {
               if (res.has("message")) {
                 Log.i(
                   CapacitorUpdater.TAG,
-                  "API message: " + res.get("message")
+                  "API message " + res.get("message")
                 );
                 if (
                   res.has("major") &&

package/android/src/main/java/ee/forgr/capacitor_updater/CryptoCipher.java CHANGED Viewed

@@ -17,33 +17,26 @@ import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.KeyFactory;
 import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.security.spec.InvalidKeySpecException;
-import java.security.spec.MGF1ParameterSpec;
-import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.OAEPParameterSpec;
 import javax.crypto.spec.PSource;
 import javax.crypto.spec.SecretKeySpec;
 public class CryptoCipher {
-  public static byte[] decryptRSA(byte[] source, PrivateKey privateKey)
+  public static byte[] decryptRSA(byte[] source, PublicKey publicKey)
     throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
-    Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
-    OAEPParameterSpec oaepParams = new OAEPParameterSpec(
-      "SHA-256",
-      "MGF1",
-      new MGF1ParameterSpec("SHA-256"),
-      PSource.PSpecified.DEFAULT
-    );
-    cipher.init(Cipher.DECRYPT_MODE, privateKey, oaepParams);
-    return cipher.doFinal(source);
+    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
+    cipher.init(Cipher.DECRYPT_MODE, publicKey);
+    byte[] decryptedBytes = cipher.doFinal(source);
+    return decryptedBytes;
   }
   public static byte[] decryptAES(byte[] cipherText, SecretKey key, byte[] iv) {
@@ -64,82 +57,133 @@ public class CryptoCipher {
     return new SecretKeySpec(sessionKey, 0, sessionKey.length, "AES");
   }
-  private static PrivateKey readPkcs8PrivateKey(byte[] pkcs8Bytes)
+  private static PublicKey readX509PublicKey(byte[] x509Bytes)
     throws GeneralSecurityException {
     KeyFactory keyFactory = KeyFactory.getInstance("RSA");
-    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(pkcs8Bytes);
+    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(x509Bytes);
     try {
-      return keyFactory.generatePrivate(keySpec);
+      return keyFactory.generatePublic(keySpec);
     } catch (InvalidKeySpecException e) {
       throw new IllegalArgumentException("Unexpected key format!", e);
     }
   }
-  private static byte[] join(byte[] byteArray1, byte[] byteArray2) {
-    byte[] bytes = new byte[byteArray1.length + byteArray2.length];
-    System.arraycopy(byteArray1, 0, bytes, 0, byteArray1.length);
-    System.arraycopy(
-      byteArray2,
-      0,
-      bytes,
-      byteArray1.length,
-      byteArray2.length
+  public static PublicKey stringToPublicKey(String public_key)
+    throws GeneralSecurityException {
+    // Base64 decode the result
+    String pkcs1Pem = public_key.toString();
+    pkcs1Pem = pkcs1Pem.replace("-----BEGIN RSA PUBLIC KEY-----", "");
+    pkcs1Pem = pkcs1Pem.replace("-----END RSA PUBLIC KEY-----", "");
+    pkcs1Pem = pkcs1Pem.replace("\\n", "");
+    pkcs1Pem = pkcs1Pem.replace(" ", "");
+    byte[] pkcs1EncodedBytes = Base64.decode(pkcs1Pem, Base64.DEFAULT);
+    // extract the public key
+    return readPkcs1PublicKey(pkcs1EncodedBytes);
+  }
+  // since the public key is in pkcs1 format, we have to convert it to x509 format similar
+  // to what needs done with the private key converting to pkcs8 format
+  // so, the rest of the code below here is adapted from here https://stackoverflow.com/a/54246646
+  private static final int SEQUENCE_TAG = 0x30;
+  private static final int BIT_STRING_TAG = 0x03;
+  private static final byte[] NO_UNUSED_BITS = new byte[] { 0x00 };
+  private static final byte[] RSA_ALGORITHM_IDENTIFIER_SEQUENCE = {
+    (byte) 0x30,
+    (byte) 0x0d,
+    (byte) 0x06,
+    (byte) 0x09,
+    (byte) 0x2a,
+    (byte) 0x86,
+    (byte) 0x48,
+    (byte) 0x86,
+    (byte) 0xf7,
+    (byte) 0x0d,
+    (byte) 0x01,
+    (byte) 0x01,
+    (byte) 0x01,
+    (byte) 0x05,
+    (byte) 0x00,
+  };
+  private static PublicKey readPkcs1PublicKey(byte[] pkcs1Bytes)
+    throws NoSuchAlgorithmException, InvalidKeySpecException, GeneralSecurityException {
+    // convert the pkcs1 public key to an x509 favorable format
+    byte[] keyBitString = createDEREncoding(
+      BIT_STRING_TAG,
+      joinPublic(NO_UNUSED_BITS, pkcs1Bytes)
     );
-    return bytes;
+    byte[] keyInfoValue = joinPublic(
+      RSA_ALGORITHM_IDENTIFIER_SEQUENCE,
+      keyBitString
+    );
+    byte[] keyInfoSequence = createDEREncoding(SEQUENCE_TAG, keyInfoValue);
+    return readX509PublicKey(keyInfoSequence);
   }
-  private static PrivateKey readPkcs1PrivateKey(byte[] pkcs1Bytes)
-    throws GeneralSecurityException {
-    // We can't use Java internal APIs to parse ASN.1 structures, so we build a PKCS#8 key Java can understand
-    int pkcs1Length = pkcs1Bytes.length;
-    int totalLength = pkcs1Length + 22;
-    byte[] pkcs8Header = new byte[] {
-      0x30,
-      (byte) 0x82,
-      (byte) ((totalLength >> 8) & 0xff),
-      (byte) (totalLength & 0xff), // Sequence + total length
-      0x2,
-      0x1,
-      0x0, // Integer (0)
-      0x30,
-      0xD,
-      0x6,
-      0x9,
-      0x2A,
-      (byte) 0x86,
-      0x48,
-      (byte) 0x86,
-      (byte) 0xF7,
-      0xD,
-      0x1,
-      0x1,
-      0x1,
-      0x5,
-      0x0, // Sequence: 1.2.840.113549.1.1.1, NULL
-      0x4,
-      (byte) 0x82,
-      (byte) ((pkcs1Length >> 8) & 0xff),
-      (byte) (pkcs1Length & 0xff), // Octet string + length
-    };
-    byte[] pkcs8bytes = join(pkcs8Header, pkcs1Bytes);
-    return readPkcs8PrivateKey(pkcs8bytes);
+  private static byte[] joinPublic(byte[]... bas) {
+    int len = 0;
+    for (int i = 0; i < bas.length; i++) {
+      len += bas[i].length;
+    }
+    byte[] buf = new byte[len];
+    int off = 0;
+    for (int i = 0; i < bas.length; i++) {
+      System.arraycopy(bas[i], 0, buf, off, bas[i].length);
+      off += bas[i].length;
+    }
+    return buf;
   }
-  public static PrivateKey stringToPrivateKey(String private_key)
-    throws GeneralSecurityException {
-    // Base64 decode the result
+  private static byte[] createDEREncoding(int tag, byte[] value) {
+    if (tag < 0 || tag >= 0xFF) {
+      throw new IllegalArgumentException(
+        "Currently only single byte tags supported"
+      );
+    }
-    String pkcs1Pem = private_key;
-    pkcs1Pem = pkcs1Pem.replace("-----BEGIN RSA PRIVATE KEY-----", "");
-    pkcs1Pem = pkcs1Pem.replace("-----END RSA PRIVATE KEY-----", "");
-    pkcs1Pem = pkcs1Pem.replace("\\n", "");
-    pkcs1Pem = pkcs1Pem.replace(" ", "");
+    byte[] lengthEncoding = createDERLengthEncoding(value.length);
+    int size = 1 + lengthEncoding.length + value.length;
+    byte[] derEncodingBuf = new byte[size];
+    int off = 0;
+    derEncodingBuf[off++] = (byte) tag;
+    System.arraycopy(
+      lengthEncoding,
+      0,
+      derEncodingBuf,
+      off,
+      lengthEncoding.length
+    );
+    off += lengthEncoding.length;
+    System.arraycopy(value, 0, derEncodingBuf, off, value.length);
+    return derEncodingBuf;
+  }
+  private static byte[] createDERLengthEncoding(int size) {
+    if (size <= 0x7F) {
+      // single byte length encoding
+      return new byte[] { (byte) size };
+    } else if (size <= 0xFF) {
+      // double byte length encoding
+      return new byte[] { (byte) 0x81, (byte) size };
+    } else if (size <= 0xFFFF) {
+      // triple byte length encoding
+      return new byte[] {
+        (byte) 0x82,
+        (byte) (size >> Byte.SIZE),
+        (byte) size,
+      };
+    }
-    byte[] pkcs1EncodedBytes = Base64.decode(
-      pkcs1Pem.getBytes(),
-      Base64.DEFAULT
+    throw new IllegalArgumentException(
+      "size too large, only up to 64KiB length encoding supported: " + size
     );
-    // extract the private key
-    return readPkcs1PrivateKey(pkcs1EncodedBytes);
   }
 }

package/dist/docs.json CHANGED Viewed

@@ -1863,14 +1863,14 @@
           "type": "string | undefined"
         },
         {
-          "name": "privateKey",
+          "name": "publicKey",
           "tags": [
             {
               "text": "undefined",
               "name": "default"
             }
           ],
-          "docs": "Configure the private key for end to end live update encryption.\n\nOnly available for Android and iOS.",
+          "docs": "Configure the public key for end to end live update encryption.\n\nOnly available for Android and iOS.",
           "complexTypes": [],
           "type": "string | undefined"
         },
@@ -2029,6 +2029,22 @@
           "docs": "Set the default channel for the app in the config.",
           "complexTypes": [],
           "type": "string | undefined"
+        },
+        {
+          "name": "forceEncryption",
+          "tags": [
+            {
+              "text": "true",
+              "name": "default"
+            },
+            {
+              "text": "6.0.0",
+              "name": "since"
+            }
+          ],
+          "docs": "If set to true with encryption enabled, the plugin will only accept encrypted bundles.",
+          "complexTypes": [],
+          "type": "boolean | undefined"
         }
       ],
       "docs": "CapacitorUpdater can be configured with these options:"

package/dist/esm/definitions.d.ts CHANGED Viewed

@@ -78,13 +78,13 @@ declare module "@capacitor/cli" {
              */
             statsUrl?: string;
             /**
-             * Configure the private key for end to end live update encryption.
+             * Configure the public key for end to end live update encryption.
              *
              * Only available for Android and iOS.
              *
              * @default undefined
              */
-            privateKey?: string;
+            publicKey?: string;
             /**
              * Configure the current version of the app. This will be used for the first update request.
              * If not set, the plugin will get the version from the native code.
@@ -170,6 +170,15 @@ declare module "@capacitor/cli" {
              * @since  5.5.0
              */
             defaultChannel?: string;
+            /**
+             * If set to true with encryption enabled, the plugin will only accept encrypted bundles.
+             *
+             *
+             *
+             * @default true
+             * @since  6.0.0
+             */
+            forceEncryption?: boolean;
         };
     }
 }

package/dist/esm/definitions.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../src/definitions.ts"],"names":[],"mappings":"AAAA;;;;GAIG","sourcesContent":["/\n This Source Code Form is subject to the terms of the Mozilla Public\n * License, v. 2.0. If a copy of the MPL was not distributed with this\n * file, You can obtain one at https://mozilla.org/MPL/2.0/.\n /\n\n/// <reference types=\"@capacitor/cli\" />\n\nimport type { PluginListenerHandle } from \"@capacitor/core\";\n\ndeclare module \"@capacitor/cli\" {\n export interface PluginsConfig {\n /\n CapacitorUpdater can be configured with these options:\n /\n CapacitorUpdater?: {\n /\n Configure the number of milliseconds the native plugin should wait before considering an update 'failed'.\n \n Only available for Android and iOS.\n \n @default 10000 // (10 seconds)\n * @example 1000 // (1 second)\n /\n appReadyTimeout?: number;\n /\n Configure the number of milliseconds the native plugin should wait before considering API timeout.\n \n Only available for Android and iOS.\n \n @default 20 // (20 second)\n * @example 10 // (10 second)\n /\n responseTimeout?: number;\n /\n Configure whether the plugin should use automatically delete failed bundles.\n \n Only available for Android and iOS.\n \n @default true\n * @example false\n /\n autoDeleteFailed?: boolean;\n\n /\n Configure whether the plugin should use automatically delete previous bundles after a successful update.\n \n Only available for Android and iOS.\n \n @default true\n * @example false\n /\n autoDeletePrevious?: boolean;\n\n /\n Configure whether the plugin should use Auto Update via an update server.\n \n Only available for Android and iOS.\n \n @default true\n * @example false\n /\n autoUpdate?: boolean;\n\n /\n Automatically delete previous downloaded bundles when a newer native app bundle is installed to the device.\n \n Only available for Android and iOS.\n \n @default true\n * @example false\n /\n resetWhenUpdate?: boolean;\n\n /\n Configure the URL / endpoint to which update checks are sent.\n \n Only available for Android and iOS.\n \n @default https://api.capgo.app/auto_update\n * @example https://example.com/api/auto_update\n /\n updateUrl?: string;\n\n /\n Configure the URL / endpoint to which update statistics are sent.\n \n Only available for Android and iOS. Set to \"\" to disable stats reporting.\n \n @default https://api.capgo.app/stats\n * @example https://example.com/api/stats\n /\n statsUrl?: string;\n /\n Configure the private key for end to end live update encryption.\n \n Only available for Android and iOS.\n \n @default undefined\n /\n privateKey?: string;\n\n /\n Configure the current version of the app. This will be used for the first update request.\n * If not set, the plugin will get the version from the native code.\n \n Only available for Android and iOS.\n \n @default undefined\n * @since 4.17.48\n /\n version?: string;\n /\n Make the plugin direct install the update when the app what just updated/installed. Only for autoUpdate mode.\n \n Only available for Android and iOS.\n \n @default undefined\n * @since 5.1.0\n /\n directUpdate?: boolean;\n\n /\n Configure the delay period for period update check. the unit is in seconds.\n \n Only available for Android and iOS.\n * Cannot be less than 600 seconds (10 minutes).\n \n @default 600 // (10 minutes)\n /\n periodCheckDelay?: number;\n\n /\n Configure the CLI to use a local server for testing or self-hosted update server.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localS3?: boolean;\n /\n Configure the CLI to use a local server for testing or self-hosted update server.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localHost?: string;\n /\n Configure the CLI to use a local server for testing or self-hosted update server.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localWebHost?: string;\n /\n Configure the CLI to use a local server for testing or self-hosted update server.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localSupa?: string;\n /\n Configure the CLI to use a local server for testing.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localSupaAnon?: string;\n\n /\n Allow the plugin to modify the updateUrl, statsUrl and channelUrl dynamically from the JavaScript side.\n \n \n * @default false\n * @since 5.4.0\n /\n allowModifyUrl?: boolean;\n\n /\n Set the default channel for the app in the config.\n \n \n \n @default undefined\n * @since 5.5.0\n /\n defaultChannel?: string;\n };\n }\n}\n\nexport interface CapacitorUpdaterPlugin {\n /\n Notify Capacitor Updater that the current bundle is working (a rollback will occur if this method is not called on every app launch)\n * By default this method should be called in the first 10 sec after app launch, otherwise a rollback will occur.\n * Change this behaviour with {@link appReadyTimeout}\n \n @returns {Promise<AppReadyResult>} an Promise resolved directly\n * @throws {Error}\n /\n notifyAppReady(): Promise<AppReadyResult>;\n\n /\n Set the updateUrl for the app, this will be used to check for updates.\n \n @param options contains the URL to use for checking for updates.\n * @returns {Promise<void>}\n * @throws {Error}\n * @since 5.4.0\n /\n setUpdateUrl(options: UpdateUrl): Promise<void>;\n\n /\n Set the statsUrl for the app, this will be used to send statistics. Passing an empty string will disable statistics gathering.\n \n @param options contains the URL to use for sending statistics.\n * @returns {Promise<void>}\n * @throws {Error}\n * @since 5.4.0\n /\n setStatsUrl(options: StatsUrl): Promise<void>;\n\n /\n Set the channelUrl for the app, this will be used to set the channel.\n \n @param options contains the URL to use for setting the channel.\n * @returns {Promise<void>}\n * @throws {Error}\n * @since 5.4.0\n /\n setChannelUrl(options: ChannelUrl): Promise<void>;\n\n /\n Download a new bundle from the provided URL, it should be a zip file, with files inside or with a unique id inside with all your files\n \n @example const bundle = await CapacitorUpdater.download({ url: `https://example.com/versions/${version}/dist.zip`, version });\n * @returns {Promise<BundleInfo>} The {@link BundleInfo} for the specified bundle.\n * @param options The {@link DownloadOptions} for downloading a new bundle zip.\n /\n download(options: DownloadOptions): Promise<BundleInfo>;\n\n /\n Set the next bundle to be used when the app is reloaded.\n \n @param options Contains the ID of the next Bundle to set on next app launch. {@link BundleInfo.id}\n * @returns {Promise<BundleInfo>} The {@link BundleInfo} for the specified bundle id.\n * @throws {Error} When there is no index.html file inside the bundle folder.\n /\n next(options: BundleId): Promise<BundleInfo>;\n\n /\n Set the current bundle and immediately reloads the app.\n \n @param options A {@link BundleId} object containing the new bundle id to set as current.\n * @returns {Promise<void>}\n * @throws {Error} When there are is no index.html file inside the bundle folder.\n /\n set(options: BundleId): Promise<void>;\n\n /\n Deletes the specified bundle from the native app storage. Use with {@link list} to get the stored Bundle IDs.\n \n @param options A {@link BundleId} object containing the ID of a bundle to delete (note, this is the bundle id, NOT the version name)\n * @returns {Promise<void>} When the bundle is deleted\n * @throws {Error}\n /\n delete(options: BundleId): Promise<void>;\n\n /\n Get all locally downloaded bundles in your app\n \n @returns {Promise<BundleListResult>} A Promise containing the {@link BundleListResult.bundles}\n * @throws {Error}\n /\n list(): Promise<BundleListResult>;\n\n /\n Reset the app to the `builtin` bundle (the one sent to Apple App Store / Google Play Store ) or the last successfully loaded bundle.\n \n @param options Containing {@link ResetOptions.toLastSuccessful}, `true` resets to the builtin bundle and `false` will reset to the last successfully loaded bundle.\n * @returns {Promise<void>}\n * @throws {Error}\n /\n reset(options?: ResetOptions): Promise<void>;\n\n /\n Get the current bundle, if none are set it returns `builtin`. currentNative is the original bundle installed on the device\n \n @returns {Promise<CurrentBundleResult>} A Promise evaluating to the {@link CurrentBundleResult}\n * @throws {Error}\n /\n current(): Promise<CurrentBundleResult>;\n\n /\n Reload the view\n \n @returns {Promise<void>} A Promise which is resolved when the view is reloaded\n * @throws {Error}\n /\n reload(): Promise<void>;\n\n /\n Sets a {@link DelayCondition} array containing conditions that the Plugin will use to determine when to install updates.\n \n @example\n * // Install the update after the user kills the app or after a background of 300000 ms (5 minutes)\n * await CapacitorUpdater.setMultiDelay({ delayConditions: [{ kind: 'kill' }, { kind: 'background', value: '300000' }] })\n * @example\n * // Install the update after the specific iso8601 date is expired\n * await CapacitorUpdater.setMultiDelay({ delayConditions: [{ kind: 'date', value: '2022-09-14T06:14:11.920Z' }] })\n * @example\n * // Install the update after the first background (default behaviour without setting delay)\n * await CapacitorUpdater.setMultiDelay({ delayConditions: [{ kind: 'background' }] })\n * @param options Containing the {@link MultiDelayConditions} array of conditions to set\n * @returns {Promise<void>}\n * @throws {Error}\n * @since 4.3.0\n /\n setMultiDelay(options: MultiDelayConditions): Promise<void>;\n\n /\n Cancels a {@link DelayCondition} to process an update immediately.\n \n @returns {Promise<void>}\n * @throws {Error}\n * @since 4.0.0\n /\n cancelDelay(): Promise<void>;\n\n /\n Get Latest bundle available from update Url\n \n @returns {Promise<LatestVersion>} A Promise resolved when url is loaded\n * @throws {Error}\n * @since 4.0.0\n /\n getLatest(): Promise<LatestVersion>;\n\n /\n Sets the channel for this device. The channel has to allow for self assignment for this to work.\n * Do not use this method to set the channel at boot when `autoUpdate` is enabled in the {@link PluginsConfig}.\n * This method is to set the channel after the app is ready.\n \n @param options Is the {@link SetChannelOptions} channel to set\n * @returns {Promise<ChannelRes>} A Promise which is resolved when the new channel is set\n * @throws {Error}\n * @since 4.7.0\n /\n setChannel(options: SetChannelOptions): Promise<ChannelRes>;\n\n /\n Unset the channel for this device. The device will then return to the default channel\n \n @returns {Promise<ChannelRes>} A Promise resolved when channel is set\n * @throws {Error}\n * @since 4.7.0\n /\n unsetChannel(options: UnsetChannelOptions): Promise<void>;\n\n /\n Get the channel for this device\n \n @returns {Promise<ChannelRes>} A Promise that resolves with the channel info\n * @throws {Error}\n * @since 4.8.0\n /\n getChannel(): Promise<GetChannelRes>;\n\n /\n Set a custom ID for this device\n \n @param options is the {@link SetCustomIdOptions} customId to set\n * @returns {Promise<void>} an Promise resolved instantly\n * @throws {Error}\n * @since 4.9.0\n /\n setCustomId(options: SetCustomIdOptions): Promise<void>;\n\n /\n Get the native app version or the builtin version if set in config\n \n @returns {Promise<BuiltinVersion>} A Promise with version for this device\n * @since 5.2.0\n /\n getBuiltinVersion(): Promise<BuiltinVersion>;\n\n /\n Get unique ID used to identify device (sent to auto update server)\n \n @returns {Promise<DeviceId>} A Promise with id for this device\n * @throws {Error}\n /\n getDeviceId(): Promise<DeviceId>;\n\n /\n Get the native Capacitor Updater plugin version (sent to auto update server)\n \n @returns {Promise<PluginVersion>} A Promise with Plugin version\n * @throws {Error}\n /\n getPluginVersion(): Promise<PluginVersion>;\n\n /\n Get the state of auto update config.\n \n @returns {Promise<AutoUpdateEnabled>} The status for auto update. Evaluates to `false` in manual mode.\n * @throws {Error}\n /\n isAutoUpdateEnabled(): Promise<AutoUpdateEnabled>;\n\n /\n Remove all listeners for this plugin.\n \n @since 1.0.0\n /\n removeAllListeners(): Promise<void>;\n\n /\n Listen for bundle download event in the App. Fires once a download has started, during downloading and when finished.\n \n @since 2.0.11\n /\n addListener(\n eventName: \"download\",\n listenerFunc: (state: DownloadEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for no need to update event, useful when you want force check every time the app is launched\n \n @since 4.0.0\n /\n addListener(\n eventName: \"noNeedUpdate\",\n listenerFunc: (state: NoNeedEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for available update event, useful when you want to force check every time the app is launched\n \n @since 4.0.0\n /\n addListener(\n eventName: \"updateAvailable\",\n listenerFunc: (state: UpdateAvailableEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for downloadComplete events.\n \n @since 4.0.0\n /\n addListener(\n eventName: \"downloadComplete\",\n listenerFunc: (state: DownloadCompleteEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for Major update event in the App, let you know when major update is blocked by setting disableAutoUpdateBreaking\n \n @since 2.3.0\n /\n addListener(\n eventName: \"majorAvailable\",\n listenerFunc: (state: MajorAvailableEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for update fail event in the App, let you know when update has fail to install at next app start\n \n @since 2.3.0\n /\n addListener(\n eventName: \"updateFailed\",\n listenerFunc: (state: UpdateFailedEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for download fail event in the App, let you know when a bundle download has failed\n \n @since 4.0.0\n /\n addListener(\n eventName: \"downloadFailed\",\n listenerFunc: (state: DownloadFailedEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for reload event in the App, let you know when reload has happened\n \n @since 4.3.0\n /\n addListener(\n eventName: \"appReloaded\",\n listenerFunc: () => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for app ready event in the App, let you know when app is ready to use\n \n @since 5.1.0\n /\n addListener(\n eventName: \"appReady\",\n listenerFunc: (state: AppReadyEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n}\n\nexport type BundleStatus = \"success\" \| \"error\" \| \"pending\" \| \"downloading\";\n\nexport type DelayUntilNext = \"background\" \| \"kill\" \| \"nativeVersion\" \| \"date\";\n\nexport interface NoNeedEvent {\n /\n Current status of download, between 0 and 100.\n \n @since 4.0.0\n /\n bundle: BundleInfo;\n}\n\nexport interface UpdateAvailableEvent {\n /\n Current status of download, between 0 and 100.\n \n @since 4.0.0\n /\n bundle: BundleInfo;\n}\n\nexport interface ChannelRes {\n /\n Current status of set channel\n \n @since 4.7.0\n /\n status: string;\n error?: any;\n message?: any;\n}\n\nexport interface GetChannelRes {\n /\n Current status of get channel\n \n @since 4.8.0\n /\n channel?: string;\n error?: any;\n message?: any;\n status?: string;\n allowSet?: boolean;\n}\n\nexport interface DownloadEvent {\n /\n Current status of download, between 0 and 100.\n \n @since 4.0.0\n /\n percent: number;\n bundle: BundleInfo;\n}\n\nexport interface MajorAvailableEvent {\n /\n Emit when a new major bundle is available.\n \n @since 4.0.0\n /\n version: string;\n}\n\nexport interface DownloadFailedEvent {\n /\n Emit when a download fail.\n \n @since 4.0.0\n /\n version: string;\n}\n\nexport interface DownloadCompleteEvent {\n /\n Emit when a new update is available.\n \n @since 4.0.0\n /\n bundle: BundleInfo;\n}\n\nexport interface UpdateFailedEvent {\n /\n Emit when a update failed to install.\n \n @since 4.0.0\n /\n bundle: BundleInfo;\n}\n\nexport interface AppReadyEvent {\n /\n Emitted when the app is ready to use.\n \n @since 5.2.0\n /\n bundle: BundleInfo;\n status: string;\n}\n\nexport interface LatestVersion {\n /\n Result of getLatest method\n \n @since 4.0.0\n /\n version: string;\n major?: boolean;\n message?: string;\n sessionKey?: string;\n error?: string;\n old?: string;\n url?: string;\n}\n\nexport interface BundleInfo {\n id: string;\n version: string;\n downloaded: string;\n checksum: string;\n status: BundleStatus;\n}\n\nexport interface SetChannelOptions {\n channel: string;\n triggerAutoUpdate?: boolean;\n}\n\nexport interface UnsetChannelOptions {\n triggerAutoUpdate?: boolean;\n}\n\nexport interface SetCustomIdOptions {\n customId: string;\n}\n\nexport interface DelayCondition {\n /\n Set up delay conditions in setMultiDelay\n * @param value is useless for @param kind \"kill\", optional for \"background\" (default value: \"0\") and required for \"nativeVersion\" and \"date\"\n /\n kind: DelayUntilNext;\n value?: string;\n}\n\nexport interface AppReadyResult {\n bundle: BundleInfo;\n}\n\nexport interface UpdateUrl {\n url: string;\n}\n\nexport interface StatsUrl {\n url: string;\n}\n\nexport interface ChannelUrl {\n url: string;\n}\n\nexport interface DownloadOptions {\n /\n The URL of the bundle zip file (e.g: dist.zip) to be downloaded. (This can be any URL. E.g: Amazon S3, a GitHub tag, any other place you've hosted your bundle.)\n /\n url: string;\n\n /\n The version code/name of this bundle/version\n */\n version: string;\n sessionKey?: string;\n checksum?: string;\n}\n\nexport interface BundleId {\n id: string;\n}\n\nexport interface BundleListResult {\n bundles: BundleInfo[];\n}\n\nexport interface ResetOptions {\n toLastSuccessful: boolean;\n}\n\nexport interface CurrentBundleResult {\n bundle: BundleInfo;\n native: string;\n}\n\nexport interface MultiDelayConditions {\n delayConditions: DelayCondition[];\n}\n\nexport interface BuiltinVersion {\n version: string;\n}\n\nexport interface DeviceId {\n deviceId: string;\n}\n\nexport interface PluginVersion {\n version: string;\n}\n\nexport interface AutoUpdateEnabled {\n enabled: boolean;\n}\n"]}
1	+ {"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../src/definitions.ts"],"names":[],"mappings":"AAAA;;;;GAIG","sourcesContent":["/\n This Source Code Form is subject to the terms of the Mozilla Public\n * License, v. 2.0. If a copy of the MPL was not distributed with this\n * file, You can obtain one at https://mozilla.org/MPL/2.0/.\n /\n\n/// <reference types=\"@capacitor/cli\" />\n\nimport type { PluginListenerHandle } from \"@capacitor/core\";\n\ndeclare module \"@capacitor/cli\" {\n export interface PluginsConfig {\n /\n CapacitorUpdater can be configured with these options:\n /\n CapacitorUpdater?: {\n /\n Configure the number of milliseconds the native plugin should wait before considering an update 'failed'.\n \n Only available for Android and iOS.\n \n @default 10000 // (10 seconds)\n * @example 1000 // (1 second)\n /\n appReadyTimeout?: number;\n /\n Configure the number of milliseconds the native plugin should wait before considering API timeout.\n \n Only available for Android and iOS.\n \n @default 20 // (20 second)\n * @example 10 // (10 second)\n /\n responseTimeout?: number;\n /\n Configure whether the plugin should use automatically delete failed bundles.\n \n Only available for Android and iOS.\n \n @default true\n * @example false\n /\n autoDeleteFailed?: boolean;\n\n /\n Configure whether the plugin should use automatically delete previous bundles after a successful update.\n \n Only available for Android and iOS.\n \n @default true\n * @example false\n /\n autoDeletePrevious?: boolean;\n\n /\n Configure whether the plugin should use Auto Update via an update server.\n \n Only available for Android and iOS.\n \n @default true\n * @example false\n /\n autoUpdate?: boolean;\n\n /\n Automatically delete previous downloaded bundles when a newer native app bundle is installed to the device.\n \n Only available for Android and iOS.\n \n @default true\n * @example false\n /\n resetWhenUpdate?: boolean;\n\n /\n Configure the URL / endpoint to which update checks are sent.\n \n Only available for Android and iOS.\n \n @default https://api.capgo.app/auto_update\n * @example https://example.com/api/auto_update\n /\n updateUrl?: string;\n\n /\n Configure the URL / endpoint to which update statistics are sent.\n \n Only available for Android and iOS. Set to \"\" to disable stats reporting.\n \n @default https://api.capgo.app/stats\n * @example https://example.com/api/stats\n /\n statsUrl?: string;\n /\n Configure the public key for end to end live update encryption.\n \n Only available for Android and iOS.\n \n @default undefined\n /\n publicKey?: string;\n\n /\n Configure the current version of the app. This will be used for the first update request.\n * If not set, the plugin will get the version from the native code.\n \n Only available for Android and iOS.\n \n @default undefined\n * @since 4.17.48\n /\n version?: string;\n /\n Make the plugin direct install the update when the app what just updated/installed. Only for autoUpdate mode.\n \n Only available for Android and iOS.\n \n @default undefined\n * @since 5.1.0\n /\n directUpdate?: boolean;\n\n /\n Configure the delay period for period update check. the unit is in seconds.\n \n Only available for Android and iOS.\n * Cannot be less than 600 seconds (10 minutes).\n \n @default 600 // (10 minutes)\n /\n periodCheckDelay?: number;\n\n /\n Configure the CLI to use a local server for testing or self-hosted update server.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localS3?: boolean;\n /\n Configure the CLI to use a local server for testing or self-hosted update server.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localHost?: string;\n /\n Configure the CLI to use a local server for testing or self-hosted update server.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localWebHost?: string;\n /\n Configure the CLI to use a local server for testing or self-hosted update server.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localSupa?: string;\n /\n Configure the CLI to use a local server for testing.\n \n \n * @default undefined\n * @since 4.17.48\n /\n localSupaAnon?: string;\n\n /\n Allow the plugin to modify the updateUrl, statsUrl and channelUrl dynamically from the JavaScript side.\n \n \n * @default false\n * @since 5.4.0\n /\n allowModifyUrl?: boolean;\n\n /\n Set the default channel for the app in the config.\n \n \n \n @default undefined\n * @since 5.5.0\n /\n defaultChannel?: string;\n\n /\n If set to true with encryption enabled, the plugin will only accept encrypted bundles.\n \n \n \n @default true\n * @since 6.0.0\n /\n forceEncryption?: boolean;\n };\n }\n}\n\nexport interface CapacitorUpdaterPlugin {\n /\n Notify Capacitor Updater that the current bundle is working (a rollback will occur if this method is not called on every app launch)\n * By default this method should be called in the first 10 sec after app launch, otherwise a rollback will occur.\n * Change this behaviour with {@link appReadyTimeout}\n \n @returns {Promise<AppReadyResult>} an Promise resolved directly\n * @throws {Error}\n /\n notifyAppReady(): Promise<AppReadyResult>;\n\n /\n Set the updateUrl for the app, this will be used to check for updates.\n \n @param options contains the URL to use for checking for updates.\n * @returns {Promise<void>}\n * @throws {Error}\n * @since 5.4.0\n /\n setUpdateUrl(options: UpdateUrl): Promise<void>;\n\n /\n Set the statsUrl for the app, this will be used to send statistics. Passing an empty string will disable statistics gathering.\n \n @param options contains the URL to use for sending statistics.\n * @returns {Promise<void>}\n * @throws {Error}\n * @since 5.4.0\n /\n setStatsUrl(options: StatsUrl): Promise<void>;\n\n /\n Set the channelUrl for the app, this will be used to set the channel.\n \n @param options contains the URL to use for setting the channel.\n * @returns {Promise<void>}\n * @throws {Error}\n * @since 5.4.0\n /\n setChannelUrl(options: ChannelUrl): Promise<void>;\n\n /\n Download a new bundle from the provided URL, it should be a zip file, with files inside or with a unique id inside with all your files\n \n @example const bundle = await CapacitorUpdater.download({ url: `https://example.com/versions/${version}/dist.zip`, version });\n * @returns {Promise<BundleInfo>} The {@link BundleInfo} for the specified bundle.\n * @param options The {@link DownloadOptions} for downloading a new bundle zip.\n /\n download(options: DownloadOptions): Promise<BundleInfo>;\n\n /\n Set the next bundle to be used when the app is reloaded.\n \n @param options Contains the ID of the next Bundle to set on next app launch. {@link BundleInfo.id}\n * @returns {Promise<BundleInfo>} The {@link BundleInfo} for the specified bundle id.\n * @throws {Error} When there is no index.html file inside the bundle folder.\n /\n next(options: BundleId): Promise<BundleInfo>;\n\n /\n Set the current bundle and immediately reloads the app.\n \n @param options A {@link BundleId} object containing the new bundle id to set as current.\n * @returns {Promise<void>}\n * @throws {Error} When there are is no index.html file inside the bundle folder.\n /\n set(options: BundleId): Promise<void>;\n\n /\n Deletes the specified bundle from the native app storage. Use with {@link list} to get the stored Bundle IDs.\n \n @param options A {@link BundleId} object containing the ID of a bundle to delete (note, this is the bundle id, NOT the version name)\n * @returns {Promise<void>} When the bundle is deleted\n * @throws {Error}\n /\n delete(options: BundleId): Promise<void>;\n\n /\n Get all locally downloaded bundles in your app\n \n @returns {Promise<BundleListResult>} A Promise containing the {@link BundleListResult.bundles}\n * @throws {Error}\n /\n list(): Promise<BundleListResult>;\n\n /\n Reset the app to the `builtin` bundle (the one sent to Apple App Store / Google Play Store ) or the last successfully loaded bundle.\n \n @param options Containing {@link ResetOptions.toLastSuccessful}, `true` resets to the builtin bundle and `false` will reset to the last successfully loaded bundle.\n * @returns {Promise<void>}\n * @throws {Error}\n /\n reset(options?: ResetOptions): Promise<void>;\n\n /\n Get the current bundle, if none are set it returns `builtin`. currentNative is the original bundle installed on the device\n \n @returns {Promise<CurrentBundleResult>} A Promise evaluating to the {@link CurrentBundleResult}\n * @throws {Error}\n /\n current(): Promise<CurrentBundleResult>;\n\n /\n Reload the view\n \n @returns {Promise<void>} A Promise which is resolved when the view is reloaded\n * @throws {Error}\n /\n reload(): Promise<void>;\n\n /\n Sets a {@link DelayCondition} array containing conditions that the Plugin will use to determine when to install updates.\n \n @example\n * // Install the update after the user kills the app or after a background of 300000 ms (5 minutes)\n * await CapacitorUpdater.setMultiDelay({ delayConditions: [{ kind: 'kill' }, { kind: 'background', value: '300000' }] })\n * @example\n * // Install the update after the specific iso8601 date is expired\n * await CapacitorUpdater.setMultiDelay({ delayConditions: [{ kind: 'date', value: '2022-09-14T06:14:11.920Z' }] })\n * @example\n * // Install the update after the first background (default behaviour without setting delay)\n * await CapacitorUpdater.setMultiDelay({ delayConditions: [{ kind: 'background' }] })\n * @param options Containing the {@link MultiDelayConditions} array of conditions to set\n * @returns {Promise<void>}\n * @throws {Error}\n * @since 4.3.0\n /\n setMultiDelay(options: MultiDelayConditions): Promise<void>;\n\n /\n Cancels a {@link DelayCondition} to process an update immediately.\n \n @returns {Promise<void>}\n * @throws {Error}\n * @since 4.0.0\n /\n cancelDelay(): Promise<void>;\n\n /\n Get Latest bundle available from update Url\n \n @returns {Promise<LatestVersion>} A Promise resolved when url is loaded\n * @throws {Error}\n * @since 4.0.0\n /\n getLatest(): Promise<LatestVersion>;\n\n /\n Sets the channel for this device. The channel has to allow for self assignment for this to work.\n * Do not use this method to set the channel at boot when `autoUpdate` is enabled in the {@link PluginsConfig}.\n * This method is to set the channel after the app is ready.\n \n @param options Is the {@link SetChannelOptions} channel to set\n * @returns {Promise<ChannelRes>} A Promise which is resolved when the new channel is set\n * @throws {Error}\n * @since 4.7.0\n /\n setChannel(options: SetChannelOptions): Promise<ChannelRes>;\n\n /\n Unset the channel for this device. The device will then return to the default channel\n \n @returns {Promise<ChannelRes>} A Promise resolved when channel is set\n * @throws {Error}\n * @since 4.7.0\n /\n unsetChannel(options: UnsetChannelOptions): Promise<void>;\n\n /\n Get the channel for this device\n \n @returns {Promise<ChannelRes>} A Promise that resolves with the channel info\n * @throws {Error}\n * @since 4.8.0\n /\n getChannel(): Promise<GetChannelRes>;\n\n /\n Set a custom ID for this device\n \n @param options is the {@link SetCustomIdOptions} customId to set\n * @returns {Promise<void>} an Promise resolved instantly\n * @throws {Error}\n * @since 4.9.0\n /\n setCustomId(options: SetCustomIdOptions): Promise<void>;\n\n /\n Get the native app version or the builtin version if set in config\n \n @returns {Promise<BuiltinVersion>} A Promise with version for this device\n * @since 5.2.0\n /\n getBuiltinVersion(): Promise<BuiltinVersion>;\n\n /\n Get unique ID used to identify device (sent to auto update server)\n \n @returns {Promise<DeviceId>} A Promise with id for this device\n * @throws {Error}\n /\n getDeviceId(): Promise<DeviceId>;\n\n /\n Get the native Capacitor Updater plugin version (sent to auto update server)\n \n @returns {Promise<PluginVersion>} A Promise with Plugin version\n * @throws {Error}\n /\n getPluginVersion(): Promise<PluginVersion>;\n\n /\n Get the state of auto update config.\n \n @returns {Promise<AutoUpdateEnabled>} The status for auto update. Evaluates to `false` in manual mode.\n * @throws {Error}\n /\n isAutoUpdateEnabled(): Promise<AutoUpdateEnabled>;\n\n /\n Remove all listeners for this plugin.\n \n @since 1.0.0\n /\n removeAllListeners(): Promise<void>;\n\n /\n Listen for bundle download event in the App. Fires once a download has started, during downloading and when finished.\n \n @since 2.0.11\n /\n addListener(\n eventName: \"download\",\n listenerFunc: (state: DownloadEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for no need to update event, useful when you want force check every time the app is launched\n \n @since 4.0.0\n /\n addListener(\n eventName: \"noNeedUpdate\",\n listenerFunc: (state: NoNeedEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for available update event, useful when you want to force check every time the app is launched\n \n @since 4.0.0\n /\n addListener(\n eventName: \"updateAvailable\",\n listenerFunc: (state: UpdateAvailableEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for downloadComplete events.\n \n @since 4.0.0\n /\n addListener(\n eventName: \"downloadComplete\",\n listenerFunc: (state: DownloadCompleteEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for Major update event in the App, let you know when major update is blocked by setting disableAutoUpdateBreaking\n \n @since 2.3.0\n /\n addListener(\n eventName: \"majorAvailable\",\n listenerFunc: (state: MajorAvailableEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for update fail event in the App, let you know when update has fail to install at next app start\n \n @since 2.3.0\n /\n addListener(\n eventName: \"updateFailed\",\n listenerFunc: (state: UpdateFailedEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for download fail event in the App, let you know when a bundle download has failed\n \n @since 4.0.0\n /\n addListener(\n eventName: \"downloadFailed\",\n listenerFunc: (state: DownloadFailedEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for reload event in the App, let you know when reload has happened\n \n @since 4.3.0\n /\n addListener(\n eventName: \"appReloaded\",\n listenerFunc: () => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n\n /\n Listen for app ready event in the App, let you know when app is ready to use\n \n @since 5.1.0\n /\n addListener(\n eventName: \"appReady\",\n listenerFunc: (state: AppReadyEvent) => void\n ): Promise<PluginListenerHandle> & PluginListenerHandle;\n}\n\nexport type BundleStatus = \"success\" \| \"error\" \| \"pending\" \| \"downloading\";\n\nexport type DelayUntilNext = \"background\" \| \"kill\" \| \"nativeVersion\" \| \"date\";\n\nexport interface NoNeedEvent {\n /\n Current status of download, between 0 and 100.\n \n @since 4.0.0\n /\n bundle: BundleInfo;\n}\n\nexport interface UpdateAvailableEvent {\n /\n Current status of download, between 0 and 100.\n \n @since 4.0.0\n /\n bundle: BundleInfo;\n}\n\nexport interface ChannelRes {\n /\n Current status of set channel\n \n @since 4.7.0\n /\n status: string;\n error?: any;\n message?: any;\n}\n\nexport interface GetChannelRes {\n /\n Current status of get channel\n \n @since 4.8.0\n /\n channel?: string;\n error?: any;\n message?: any;\n status?: string;\n allowSet?: boolean;\n}\n\nexport interface DownloadEvent {\n /\n Current status of download, between 0 and 100.\n \n @since 4.0.0\n /\n percent: number;\n bundle: BundleInfo;\n}\n\nexport interface MajorAvailableEvent {\n /\n Emit when a new major bundle is available.\n \n @since 4.0.0\n /\n version: string;\n}\n\nexport interface DownloadFailedEvent {\n /\n Emit when a download fail.\n \n @since 4.0.0\n /\n version: string;\n}\n\nexport interface DownloadCompleteEvent {\n /\n Emit when a new update is available.\n \n @since 4.0.0\n /\n bundle: BundleInfo;\n}\n\nexport interface UpdateFailedEvent {\n /\n Emit when a update failed to install.\n \n @since 4.0.0\n /\n bundle: BundleInfo;\n}\n\nexport interface AppReadyEvent {\n /\n Emitted when the app is ready to use.\n \n @since 5.2.0\n /\n bundle: BundleInfo;\n status: string;\n}\n\nexport interface LatestVersion {\n /\n Result of getLatest method\n \n @since 4.0.0\n /\n version: string;\n major?: boolean;\n message?: string;\n sessionKey?: string;\n error?: string;\n old?: string;\n url?: string;\n}\n\nexport interface BundleInfo {\n id: string;\n version: string;\n downloaded: string;\n checksum: string;\n status: BundleStatus;\n}\n\nexport interface SetChannelOptions {\n channel: string;\n triggerAutoUpdate?: boolean;\n}\n\nexport interface UnsetChannelOptions {\n triggerAutoUpdate?: boolean;\n}\n\nexport interface SetCustomIdOptions {\n customId: string;\n}\n\nexport interface DelayCondition {\n /\n Set up delay conditions in setMultiDelay\n * @param value is useless for @param kind \"kill\", optional for \"background\" (default value: \"0\") and required for \"nativeVersion\" and \"date\"\n /\n kind: DelayUntilNext;\n value?: string;\n}\n\nexport interface AppReadyResult {\n bundle: BundleInfo;\n}\n\nexport interface UpdateUrl {\n url: string;\n}\n\nexport interface StatsUrl {\n url: string;\n}\n\nexport interface ChannelUrl {\n url: string;\n}\n\nexport interface DownloadOptions {\n /\n The URL of the bundle zip file (e.g: dist.zip) to be downloaded. (This can be any URL. E.g: Amazon S3, a GitHub tag, any other place you've hosted your bundle.)\n /\n url: string;\n\n /\n The version code/name of this bundle/version\n */\n version: string;\n sessionKey?: string;\n checksum?: string;\n}\n\nexport interface BundleId {\n id: string;\n}\n\nexport interface BundleListResult {\n bundles: BundleInfo[];\n}\n\nexport interface ResetOptions {\n toLastSuccessful: boolean;\n}\n\nexport interface CurrentBundleResult {\n bundle: BundleInfo;\n native: string;\n}\n\nexport interface MultiDelayConditions {\n delayConditions: DelayCondition[];\n}\n\nexport interface BuiltinVersion {\n version: string;\n}\n\nexport interface DeviceId {\n deviceId: string;\n}\n\nexport interface PluginVersion {\n version: string;\n}\n\nexport interface AutoUpdateEnabled {\n enabled: boolean;\n}\n"]}

package/ios/Plugin/CapacitorUpdater.swift CHANGED Viewed

@@ -168,6 +168,7 @@ enum CustomError: Error {
     case cannotUnflat
     case cannotCreateDirectory
     case cannotDeleteDirectory
+    case cannotDecryptSessionKey
     // Throw in all other cases
     case unexpected(code: Int)
@@ -204,13 +205,18 @@ extension CustomError: LocalizedError {
         case .cannotDecode:
             return NSLocalizedString(
                 "Decoding the zip failed with this key",
-                comment: "Invalid private key"
+                comment: "Invalid public key"
             )
         case .cannotWrite:
             return NSLocalizedString(
                 "Cannot write to the destination",
                 comment: "Invalid destination"
             )
+        case .cannotDecryptSessionKey:
+            return NSLocalizedString(
+                "Decrypting the session key failed",
+                comment: "Invalid session key"
+            )
         }
     }
 }
@@ -240,7 +246,9 @@ extension CustomError: LocalizedError {
     public var defaultChannel: String = ""
     public var appId: String = ""
     public var deviceID = UIDevice.current.identifierForVendor?.uuidString ?? ""
-    public var privateKey: String = ""
+    public var publicKey: String? = ""
+    public var hasOldPrivateKeyPropertyInConfig: Bool = false
+    public var forceEncryption: Bool = false
     public var notifyDownload: (String, Int) -> Void = { _, _  in }
@@ -366,13 +374,19 @@ extension CustomError: LocalizedError {
     }
     private func decryptFile(filePath: URL, sessionKey: String, version: String) throws {
-        if self.privateKey.isEmpty || sessionKey.isEmpty  || sessionKey.components(separatedBy: ":").count != 2 {
-            print("\(self.TAG) Cannot found privateKey or sessionKey")
+        if sessionKey.isEmpty  || sessionKey.components(separatedBy: ":").count != 2 {
+            if (self.forceEncryption && self.publicKey != nil && !self.publicKey!.isEmpty) {
+                print("\(self.TAG) Cannot accept non-encrypted bundle")
+                self.sendStats(action: "decrypt_fail", versionName: version)
+                throw CustomError.cannotDecode
+            }
+            print("\(self.TAG) Cannot find public key or sessionKey")
             return
         }
         do {
-            guard let rsaPrivateKey: RSAPrivateKey = .load(rsaPrivateKey: self.privateKey) else {
-                print("cannot decode privateKey", self.privateKey)
+            guard let rsaPublicKey: RSAPublicKey = .load(rsaPublicKey: self.publicKey!) else {
+                print("cannot decode publicKey", self.publicKey!)
                 throw CustomError.cannotDecode
             }
@@ -382,21 +396,25 @@ extension CustomError: LocalizedError {
                 throw CustomError.cannotDecode
             }
+            //            guard let base64EncodedData = sessionKeyArray[1].data(using: .utf8)! else {
+            //                throw NSError(domain: "Invalid session key data", code: 1, userInfo: nil)
+            //            }
             guard let sessionKeyDataEncrypted = Data(base64Encoded: sessionKeyArray[1]) else {
                 throw NSError(domain: "Invalid session key data", code: 1, userInfo: nil)
             }
-            guard let sessionKeyDataDecrypted = rsaPrivateKey.decrypt(data: sessionKeyDataEncrypted) else {
+            guard let sessionKeyDataDecrypted = try? rsaPublicKey.decrypt(data: sessionKeyDataEncrypted) else {
                 throw NSError(domain: "Failed to decrypt session key data", code: 2, userInfo: nil)
             }
-            let aesPrivateKey = AES128Key(iv: ivData, aes128Key: sessionKeyDataDecrypted)
+            let aesPublicKey = AES128Key(iv: ivData, aes128Key: sessionKeyDataDecrypted)
             guard let encryptedData = try? Data(contentsOf: filePath) else {
                 throw NSError(domain: "Failed to read encrypted data", code: 3, userInfo: nil)
             }
-            guard let decryptedData = aesPrivateKey.decrypt(data: encryptedData) else {
+            guard let decryptedData = try? aesPublicKey.decrypt(data: encryptedData) else {
                 throw NSError(domain: "Failed to decrypt data", code: 4, userInfo: nil)
             }
@@ -569,7 +587,12 @@ extension CustomError: LocalizedError {
                 case .success:
                     self.notifyDownload(id, 71)
                     do {
+                        if self.hasOldPrivateKeyPropertyInConfig {
+                            print("\(self.TAG) There is still an privateKey property in the config")
+                        }
                         try self.decryptFile(filePath: fileURL, sessionKey: sessionKey, version: version)
                         checksum = self.getChecksum(filePath: fileURL)
                         try self.saveDownloaded(sourceZip: fileURL, id: id, base: self.documentsDir.appendingPathComponent(self.bundleDirectoryHot))
                         self.notifyDownload(id, 85)

package/ios/Plugin/CapacitorUpdaterPlugin.swift CHANGED Viewed

@@ -15,14 +15,14 @@ import Version
 @objc(CapacitorUpdaterPlugin)
 public class CapacitorUpdaterPlugin: CAPPlugin {
     public var implementation = CapacitorUpdater()
-    private let PLUGIN_VERSION: String = "5.7.17"
+    private let PLUGIN_VERSION: String = "6.0.0-alpha.0"
     static let updateUrlDefault = "https://api.capgo.app/updates"
     static let statsUrlDefault = "https://api.capgo.app/stats"
     static let channelUrlDefault = "https://api.capgo.app/channel_self"
     let DELAY_CONDITION_PREFERENCES = ""
     private var updateUrl = ""
     private var statsUrl = ""
-    private var defaultPrivateKey = "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA4pW9olT0FBXXivRCzd3xcImlWZrqkwcF2xTkX/FwXmj9eh9H\nkBLrsQmfsC+PJisRXIOGq6a0z3bsGq6jBpp3/Jr9jiaW5VuPGaKeMaZZBRvi/N5f\nIMG3hZXSOcy0IYg+E1Q7RkYO1xq5GLHseqG+PXvJsNe4R8R/Bmd/ngq0xh/cvcrH\nHpXwO0Aj9tfprlb+rHaVV79EkVRWYPidOLnK1n0EFHFJ1d/MyDIp10TEGm2xHpf/\nBrlb1an8wXEuzoC0DgYaczgTjovwR+ewSGhSHJliQdM0Qa3o1iN87DldWtydImMs\nPjJ3DUwpsjAMRe5X8Et4+udFW2ciYnQo9H0CkwIDAQABAoIBAQCtjlMV/4qBxAU4\nu0ZcWA9yywwraX0aJ3v1xrfzQYV322Wk4Ea5dbSxA5UcqCE29DA1M824t1Wxv/6z\npWbcTP9xLuresnJMtmgTE7umfiubvTONy2sENT20hgDkIwcq1CfwOEm61zjQzPhQ\nkSB5AmEsyR/BZEsUNc+ygR6AWOUFB7tj4yMc32LOTWSbE/znnF2BkmlmnQykomG1\n2oVqM3lUFP7+m8ux1O7scO6IMts+Z/eFXjWfxpbebUSvSIR83GXPQZ34S/c0ehOg\nyHdmCSOel1r3VvInMe+30j54Jr+Ml/7Ee6axiwyE2e/bd85MsK9sVdp0OtelXaqA\nOZZqWvN5AoGBAP2Hn3lSq+a8GsDH726mHJw60xM0LPbVJTYbXsmQkg1tl3NKJTMM\nQqz41+5uys+phEgLHI9gVJ0r+HaGHXnJ4zewlFjsudstb/0nfctUvTqnhEhfNo9I\ny4kufVKPRF3sMEeo7CDVJs4GNBLycEyIBy6Mbv0VcO7VaZqggRwu4no9AoGBAOTK\n6NWYs1BWlkua2wmxexGOzehNGedInp0wGr2l4FDayWjkZLqvB+nNXUQ63NdHlSs4\nWB2Z1kQXZxVaI2tPYexGUKXEo2uFob63uflbuE029ovDXIIPFTPtGNdNXwhHT5a+\nPhmy3sMc+s2BSNM5qaNmfxQxhdd6gRU6oikE+c0PAoGAMn3cKNFqIt27hkFLUgIL\nGKIuf1iYy9/PNWNmEUaVj88PpopRtkTu0nwMpROzmH/uNFriKTvKHjMvnItBO4wV\nkHW+VadvrFL0Rrqituf9d7z8/1zXBNo+juePVe3qc7oiM2NVA4Tv4YAixtM5wkQl\nCgQ15nlqsGYYTg9BJ1e/CxECgYEAjEYPzO2reuUrjr0p8F59ev1YJ0YmTJRMk0ks\nC/yIdGo/tGzbiU3JB0LfHPcN8Xu07GPGOpfYM7U5gXDbaG6qNgfCaHAQVdr/mQPi\nJQ1kCQtay8QCkscWk9iZM1//lP7LwDtxraXqSCwbZSYP9VlUNZeg8EuQqNU2EUL6\nqzWexmcCgYEA0prUGNBacraTYEknB1CsbP36UPWsqFWOvevlz+uEC5JPxPuW5ZHh\nSQN7xl6+PHyjPBM7ttwPKyhgLOVTb3K7ex/PXnudojMUK5fh7vYfChVTSlx2p6r0\nDi58PdD+node08cJH+ie0Yphp7m+D4+R9XD0v0nEvnu4BtAW6DrJasw=\n-----END RSA PRIVATE KEY-----\n"
+    private var defaultPublicKey = "-----BEGIN RSA PUBLIC KEY-----\nMIIBCgKCAQEA4pW9olT0FBXXivRCzd3xcImlWZrqkwcF2xTkX/FwXmj9eh9HkBLr\nsQmfsC+PJisRXIOGq6a0z3bsGq6jBpp3/Jr9jiaW5VuPGaKeMaZZBRvi/N5fIMG3\nhZXSOcy0IYg+E1Q7RkYO1xq5GLHseqG+PXvJsNe4R8R/Bmd/ngq0xh/cvcrHHpXw\nO0Aj9tfprlb+rHaVV79EkVRWYPidOLnK1n0EFHFJ1d/MyDIp10TEGm2xHpf/Brlb\n1an8wXEuzoC0DgYaczgTjovwR+ewSGhSHJliQdM0Qa3o1iN87DldWtydImMsPjJ3\nDUwpsjAMRe5X8Et4+udFW2ciYnQo9H0CkwIDAQAB\n-----END RSA PUBLIC KEY-----\n"
     private var backgroundTaskID: UIBackgroundTaskIdentifier = UIBackgroundTaskIdentifier.invalid
     private var currentVersionNative: Version = "0.0.0"
     private var autoUpdate = false
@@ -52,6 +52,7 @@ public class CapacitorUpdaterPlugin: CAPPlugin {
         }
         print("\(self.implementation.TAG) version native \(self.currentVersionNative.description)")
         implementation.versionBuild = getConfig().getString("version", Bundle.main.versionName)!
+        implementation.forceEncryption = getConfig().getBoolean("forceEncryption", true)
         autoDeleteFailed = getConfig().getBoolean("autoDeleteFailed", true)
         autoDeletePrevious = getConfig().getBoolean("autoDeletePrevious", true)
         directUpdate = getConfig().getBoolean("directUpdate", false)
@@ -67,7 +68,11 @@ public class CapacitorUpdaterPlugin: CAPPlugin {
             periodCheckDelay = periodCheckDelayValue
         }
-        implementation.privateKey = getConfig().getString("privateKey", self.defaultPrivateKey)!
+        implementation.publicKey = getConfig().getString("publicKey", self.defaultPublicKey)!
+        implementation.hasOldPrivateKeyPropertyInConfig = false
+        if getConfig().getString("privateKey") != nil && !getConfig().getString("privateKey")!.isEmpty {
+            implementation.hasOldPrivateKeyPropertyInConfig = true
+        }
         implementation.notifyDownload = notifyDownload
         implementation.PLUGIN_VERSION = self.PLUGIN_VERSION
         let config = (self.bridge?.viewController as? CAPBridgeViewController)?.instanceDescriptor().legacyConfig
@@ -643,7 +648,7 @@ public class CapacitorUpdaterPlugin: CAPPlugin {
             let current = self.implementation.getCurrentBundle()
             if (res.message) != nil {
-                print("\(self.implementation.TAG) API message: \(res.message ?? "")")
+                print("\(self.implementation.TAG) API response: \(res.message ?? "")")
                 if res.major == true {
                     self.notifyListeners("majorAvailable", data: ["version": res.version])
                 }
@@ -792,6 +797,7 @@ public class CapacitorUpdaterPlugin: CAPPlugin {
             return
         }
         let timer = Timer.scheduledTimer(withTimeInterval: TimeInterval(periodCheckDelay), repeats: true) { _ in
+            print("\(self.implementation.TAG) Period Check")
             DispatchQueue.global(qos: .background).async {
                 let res = self.implementation.getLatest(url: url)
                 let current = self.implementation.getCurrentBundle()

package/ios/Plugin/CryptoCipher.swift CHANGED Viewed

@@ -14,7 +14,7 @@ private enum CryptoCipherConstants {
     static let rsaKeySizeInBits: NSNumber = 2048
     static let aesAlgorithm: CCAlgorithm = CCAlgorithm(kCCAlgorithmAES)
     static let aesOptions: CCOptions = CCOptions(kCCOptionPKCS7Padding)
-    static let rsaAlgorithm: SecKeyAlgorithm = .rsaEncryptionOAEPSHA256
+    static let rsaAlgorithm: SecKeyAlgorithm = .rsaEncryptionPKCS1
 }
 ///
 /// The AES key. Contains both the initialization vector and secret key.
@@ -32,7 +32,7 @@ public struct AES128Key {
         self.aes128Key = aes128Key
     }
     ///
-    /// Takes the data and uses the private key to decrypt it. Will call `CCCrypt` in CommonCrypto
+    /// Takes the data and uses the key to decrypt it. Will call `CCCrypt` in CommonCrypto
     /// and provide it `ivData` for the initialization vector. Will use cipher block chaining (CBC) as
     /// the mode of operation.
     ///
@@ -67,73 +67,36 @@ public struct AES128Key {
 }
 ///
-/// The RSA keypair. Includes both private and public key.
+/// The RSA public key.
 ///
-public struct RSAKeyPair {
-    private let privateKey: SecKey
+public struct RSAPublicKey {
     private let publicKey: SecKey
     #if DEBUG
-    public var __debug_privateKey: SecKey { self.privateKey }
     public var __debug_publicKey: SecKey { self.publicKey }
     #endif
-    fileprivate init(privateKey: SecKey, publicKey: SecKey) {
-        self.privateKey = privateKey
+    fileprivate init(publicKey: SecKey) {
         self.publicKey = publicKey
     }
-    public func extractPublicKey() -> RSAPublicKey {
-        RSAPublicKey(publicKey: publicKey)
-    }
     ///
-    /// Takes the data and uses the private key to decrypt it.
+    /// Takes the data and uses the public key to decrypt it.
     /// Returns the decrypted data.
     ///
     public func decrypt(data: Data) -> Data? {
-        var error: Unmanaged<CFError>?
-        if let decryptedData: CFData = SecKeyCreateDecryptedData(self.privateKey, CryptoCipherConstants.rsaAlgorithm, data as CFData, &error) {
-            if error != nil {
-                return nil
-            } else {
-                return decryptedData as Data
+        do {
+            guard let decryptedData = RSAPublicKey.decryptWithRSAKey(data, rsaKeyRef: self.publicKey, padding: SecPadding()) else {
+                throw CustomError.cannotDecryptSessionKey
             }
-        } else {
-            return nil
-        }
-    }
-}
-///
-/// The RSA public key.
-///
-public struct RSAPublicKey {
-    private let publicKey: SecKey
-    #if DEBUG
-    public var __debug_publicKey: SecKey { self.publicKey }
-    #endif
-    fileprivate init(publicKey: SecKey) {
-        self.publicKey = publicKey
-    }
-    ///
-    /// Takes the data and uses the public key to encrypt it.
-    /// Returns the encrypted data.
-    ///
-    public func encrypt(data: Data) -> Data? {
-        var error: Unmanaged<CFError>?
-        if let encryptedData: CFData = SecKeyCreateEncryptedData(self.publicKey, CryptoCipherConstants.rsaAlgorithm, data as CFData, &error) {
-            if error != nil {
-                return nil
-            } else {
-                return encryptedData as Data
-            }
-        } else {
+            return decryptedData
+        } catch {
+            print("Error decrypting data: \(error)")
             return nil
         }
     }
     ///
     /// Allows you to export the RSA public key to a format (so you can send over the net).
     ///
@@ -145,72 +108,87 @@ public struct RSAPublicKey {
     ///
     /// Allows you to load an RSA public key (i.e. one downloaded from the net).
     ///
-    public static func load(rsaPublicKeyData: Data) -> RSAPublicKey? {
-        if let publicKey: SecKey = .loadPublicFromData(rsaPublicKeyData) {
+    public static func load(rsaPublicKey: String) -> RSAPublicKey? {
+        var pubKey: String = rsaPublicKey
+        pubKey = pubKey.replacingOccurrences(of: "-----BEGIN RSA PUBLIC KEY-----", with: "")
+        pubKey = pubKey.replacingOccurrences(of: "-----END RSA PUBLIC KEY-----", with: "")
+        pubKey = pubKey.replacingOccurrences(of: "\\n+", with: "", options: .regularExpression)
+        pubKey = pubKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        do {
+            guard let rsaPublicKeyData: Data = Data(base64Encoded: String(pubKey)) else {
+                throw CustomError.cannotDecode
+            }
+            guard let publicKey: SecKey = .loadPublicFromData(rsaPublicKeyData) else {
+                throw CustomError.cannotDecode
+            }
             return RSAPublicKey(publicKey: publicKey)
-        } else {
+        } catch {
+            print("Error load RSA: \(error)")
             return nil
         }
     }
-}
-///
-/// The RSA public key.
-///
-public struct RSAPrivateKey {
-    private let privateKey: SecKey
-    #if DEBUG
-    public var __debug_privateKey: SecKey { self.privateKey }
-    #endif
+    // code is copied from here: https://github.com/btnguyen2k/swiftutils/blob/88494f4c635b6c6d42ef0fb30a7d666acd38c4fa/SwiftUtils/RSAUtils.swift#L393
+    public static func decryptWithRSAKey(_ encryptedData: Data, rsaKeyRef: SecKey, padding: SecPadding) -> Data? {
+        let blockSize = SecKeyGetBlockSize(rsaKeyRef)
+        let dataSize = encryptedData.count / MemoryLayout<UInt8>.size
-    fileprivate init(privateKey: SecKey) {
-        self.privateKey = privateKey
-    }
-    ///
-    /// Takes the data and uses the private key to decrypt it.
-    /// Returns the decrypted data.
-    ///
-    public func decrypt(data: Data) -> Data? {
-        var error: Unmanaged<CFError>?
-        if let decryptedData: CFData = SecKeyCreateDecryptedData(self.privateKey, CryptoCipherConstants.rsaAlgorithm, data as CFData, &error) {
-            if error != nil {
-                return nil
-            } else {
-                return decryptedData as Data
+        var encryptedDataAsArray = [UInt8](repeating: 0, count: dataSize)
+        (encryptedData as NSData).getBytes(&encryptedDataAsArray, length: dataSize)
+        var decryptedData = [UInt8](repeating: 0, count: 0)
+        var idx = 0
+        while idx < encryptedDataAsArray.count {
+            var idxEnd = idx + blockSize
+            if idxEnd > encryptedDataAsArray.count {
+                idxEnd = encryptedDataAsArray.count
+            }
+            var chunkData = [UInt8](repeating: 0, count: blockSize)
+            for i in idx..<idxEnd {
+                chunkData[i-idx] = encryptedDataAsArray[i]
             }
-        } else {
-            return nil
-        }
-    }
-    ///
-    /// Allows you to export the RSA public key to a format (so you can send over the net).
-    ///
-    public func export() -> Data? {
-        return privateKey.exportToData()
-    }
+            var decryptedDataBuffer = [UInt8](repeating: 0, count: blockSize)
+            var decryptedDataLength = blockSize
-    ///
-    /// Allows you to load an RSA public key (i.e. one downloaded from the net).
-    ///
-    public static func load(rsaPrivateKey: String) -> RSAPrivateKey? {
-        var privKey: String = rsaPrivateKey
-        privKey = privKey.replacingOccurrences(of: "-----BEGIN RSA PRIVATE KEY-----", with: "")
-        privKey = privKey.replacingOccurrences(of: "-----END RSA PRIVATE KEY-----", with: "")
-        privKey = privKey.replacingOccurrences(of: "\\n+", with: "", options: .regularExpression)
-        privKey = privKey.trimmingCharacters(in: .whitespacesAndNewlines)
-        do {
-            guard let rsaPrivateKeyData: Data  = Data(base64Encoded: privKey) else {
-                throw CustomError.cannotDecode
+            let status = SecKeyDecrypt(rsaKeyRef, padding, chunkData, idxEnd-idx, &decryptedDataBuffer, &decryptedDataLength)
+            if status != noErr {
+                return nil
             }
-            guard let privateKey: SecKey = .loadPrivateFromData(rsaPrivateKeyData) else {
-                throw CustomError.cannotDecode
+            let finalData = removePadding(decryptedDataBuffer)
+            decryptedData += finalData
+            idx += blockSize
+        }
+        return Data(decryptedData)
+    }
+    // code is copied from here: https://github.com/btnguyen2k/swiftutils/blob/88494f4c635b6c6d42ef0fb30a7d666acd38c4fa/SwiftUtils/RSAUtils.swift#L429
+    private static func removePadding(_ data: [UInt8]) -> [UInt8] {
+        var idxFirstZero = -1
+        var idxNextZero = data.count
+        for i in 0..<data.count {
+            if data[i] == 0 {
+                if idxFirstZero < 0 {
+                    idxFirstZero = i
+                } else {
+                    idxNextZero = i
+                    break
+                }
             }
-            return RSAPrivateKey(privateKey: privateKey)
-        } catch {
-            print("Error load RSA: \(error)")
-            return nil
         }
+        if idxNextZero-idxFirstZero-1 == 0 {
+            idxNextZero = idxFirstZero
+            idxFirstZero = -1
+        }
+        var newData = [UInt8](repeating: 0, count: idxNextZero-idxFirstZero-1)
+        for i in idxFirstZero+1..<idxNextZero {
+            newData[i-idxFirstZero-1] = data[i]
+        }
+        return newData
     }
 }
@@ -233,14 +211,6 @@ fileprivate extension SecKey {
             kSecAttrKeyClass: kSecAttrKeyClassPublic,
             kSecAttrKeySizeInBits: CryptoCipherConstants.rsaKeySizeInBits
         ]
-        return SecKeyCreateWithData(data as CFData, keyDict as CFDictionary, nil)
-    }
-    static func loadPrivateFromData(_ data: Data) -> SecKey? {
-        let keyDict: [NSObject: NSObject] = [
-            kSecAttrKeyType: kSecAttrKeyTypeRSA,
-            kSecAttrKeyClass: kSecAttrKeyClassPrivate,
-            kSecAttrKeySizeInBits: CryptoCipherConstants.rsaKeySizeInBits
-        ]
-        return SecKeyCreateWithData(data as CFData, keyDict as CFDictionary, nil)
+        return SecKeyCreateWithData(data as NSData, keyDict as CFDictionary, nil)
     }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@capgo/capacitor-updater",
-  "version": "5.7.17",
+  "version": "6.0.0-alpha.0",
   "packageManager": "pnpm@8.15.4",
   "license": "MPL-2.0",
   "description": "Live update for capacitor apps",