@capgo/capacitor-updater 6.11.2 → 6.12.0

package/android/src/main/java/ee/forgr/capacitor_updater/CapacitorUpdater.java

@@ -365,6 +365,7 @@ public class CapacitorUpdater {
       version,
       sessionKey,
       checksum,
+      this.publicKey,
       manifest != null
     );
 
@@ -373,26 +374,6 @@ public class CapacitorUpdater {
     }
   }
 
-  private String decryptChecksum(String checksum, String version)
-    throws IOException {
-    if (this.publicKey.isEmpty()) {
-      Log.e(CapacitorUpdater.TAG, "The public key is empty");
-      return checksum;
-    }
-    try {
-      byte[] checksumBytes = Base64.decode(checksum, Base64.DEFAULT);
-      PublicKey pKey = CryptoCipherV2.stringToPublicKey(this.publicKey);
-      byte[] decryptedChecksum = CryptoCipherV2.decryptRSA(checksumBytes, pKey);
-      // return Base64.encodeToString(decryptedChecksum, Base64.DEFAULT);
-      String result = Base64.encodeToString(decryptedChecksum, Base64.DEFAULT);
-      return result.replaceAll("\\s", ""); // Remove all whitespace, including newlines
-    } catch (GeneralSecurityException e) {
-      Log.e(TAG, "decryptChecksum fail: " + e.getMessage());
-      this.sendStats("decrypt_fail", version);
-      throw new IOException("Decryption failed: " + e.getMessage());
-    }
-  }
-
   public Boolean finishDownload(
     String id,
     String dest,
@@ -412,12 +393,15 @@ public class CapacitorUpdater {
       if (!isManifest) {
         String checksumDecrypted = Objects.requireNonNullElse(checksumRes, "");
         if (!this.hasOldPrivateKeyPropertyInConfig && !sessionKey.isEmpty()) {
-          this.decryptFileV2(downloaded, sessionKey, version);
-          checksumDecrypted = this.decryptChecksum(checksumRes, version);
-          checksum = this.calcChecksumV2(downloaded);
+          CryptoCipherV2.decryptFile(downloaded, publicKey, sessionKey);
+          checksumDecrypted = CryptoCipherV2.decryptChecksum(
+            checksumRes,
+            publicKey
+          );
+          checksum = CryptoCipherV2.calcChecksum(downloaded);
         } else {
-          this.decryptFile(downloaded, sessionKey, version);
-          checksum = this.calcChecksum(downloaded);
+          CryptoCipher.decryptFile(downloaded, privateKey, sessionKey, version);
+          checksum = CryptoCipher.calcChecksum(downloaded);
         }
         if (
           (!checksumDecrypted.isEmpty() || !this.publicKey.isEmpty()) &&
@@ -517,177 +501,6 @@ public class CapacitorUpdater {
     this.editor.commit();
   }
 
-  private String calcChecksum(File file) {
-    final int BUFFER_SIZE = 1024 * 1024 * 5; // 5 MB buffer size
-    CRC32 crc = new CRC32();
-
-    try (FileInputStream fis = new FileInputStream(file)) {
-      byte[] buffer = new byte[BUFFER_SIZE];
-      int length;
-      while ((length = fis.read(buffer)) != -1) {
-        crc.update(buffer, 0, length);
-      }
-      return String.format("%08x", crc.getValue());
-    } catch (IOException e) {
-      System.err.println(
-        TAG + " Cannot calc checksum: " + file.getPath() + " " + e.getMessage()
-      );
-      return "";
-    }
-  }
-
-  private String calcChecksumV2(File file) {
-    final int BUFFER_SIZE = 1024 * 1024 * 5; // 5 MB buffer size
-    MessageDigest digest;
-    try {
-      digest = MessageDigest.getInstance("SHA-256");
-    } catch (java.security.NoSuchAlgorithmException e) {
-      System.err.println(TAG + " SHA-256 algorithm not available");
-      return "";
-    }
-
-    try (FileInputStream fis = new FileInputStream(file)) {
-      byte[] buffer = new byte[BUFFER_SIZE];
-      int length;
-      while ((length = fis.read(buffer)) != -1) {
-        digest.update(buffer, 0, length);
-      }
-      byte[] hash = digest.digest();
-      StringBuilder hexString = new StringBuilder();
-      for (byte b : hash) {
-        String hex = Integer.toHexString(0xff & b);
-        if (hex.length() == 1) hexString.append('0');
-        hexString.append(hex);
-      }
-      return hexString.toString();
-    } catch (IOException e) {
-      System.err.println(
-        TAG +
-        " Cannot calc checksum v2: " +
-        file.getPath() +
-        " " +
-        e.getMessage()
-      );
-      return "";
-    }
-  }
-
-  private void decryptFileV2(
-    final File file,
-    final String ivSessionKey,
-    final String version
-  ) throws IOException {
-    // (str != null && !str.isEmpty())
-    if (
-      this.publicKey.isEmpty() ||
-      ivSessionKey == null ||
-      ivSessionKey.isEmpty() ||
-      ivSessionKey.split(":").length != 2
-    ) {
-      Log.i(TAG, "Cannot found public key or sessionKey");
-      return;
-    }
-    if (!this.publicKey.startsWith("-----BEGIN RSA PUBLIC KEY-----")) {
-      Log.e(
-        CapacitorUpdater.TAG,
-        "The public key is not a valid RSA Public key"
-      );
-      return;
-    }
-    try {
-      String ivB64 = ivSessionKey.split(":")[0];
-      String sessionKeyB64 = ivSessionKey.split(":")[1];
-      byte[] iv = Base64.decode(ivB64.getBytes(), Base64.DEFAULT);
-      byte[] sessionKey = Base64.decode(
-        sessionKeyB64.getBytes(),
-        Base64.DEFAULT
-      );
-      PublicKey pKey = CryptoCipherV2.stringToPublicKey(this.publicKey);
-      byte[] decryptedSessionKey = CryptoCipherV2.decryptRSA(sessionKey, pKey);
-
-      SecretKey sKey = CryptoCipherV2.byteToSessionKey(decryptedSessionKey);
-      byte[] content = new byte[(int) file.length()];
-
-      try (
-        final FileInputStream fis = new FileInputStream(file);
-        final BufferedInputStream bis = new BufferedInputStream(fis);
-        final DataInputStream dis = new DataInputStream(bis)
-      ) {
-        dis.readFully(content);
-        dis.close();
-        byte[] decrypted = CryptoCipherV2.decryptAES(content, sKey, iv);
-        // write the decrypted string to the file
-        try (
-          final FileOutputStream fos = new FileOutputStream(
-            file.getAbsolutePath()
-          )
-        ) {
-          fos.write(decrypted);
-        }
-      }
-    } catch (GeneralSecurityException e) {
-      Log.i(TAG, "decryptFile fail");
-      this.sendStats("decrypt_fail", version);
-      e.printStackTrace();
-      throw new IOException("GeneralSecurityException");
-    }
-  }
-
-  private void decryptFile(
-    final File file,
-    final String ivSessionKey,
-    final String version
-  ) throws IOException {
-    // (str != null && !str.isEmpty())
-    if (this.privateKey == null || this.privateKey.isEmpty()) {
-      Log.i(TAG, "Cannot found privateKey");
-      return;
-    } else if (
-      ivSessionKey == null ||
-      ivSessionKey.isEmpty() ||
-      ivSessionKey.split(":").length != 2
-    ) {
-      Log.i(TAG, "Cannot found sessionKey");
-      return;
-    }
-    try {
-      String ivB64 = ivSessionKey.split(":")[0];
-      String sessionKeyB64 = ivSessionKey.split(":")[1];
-      byte[] iv = Base64.decode(ivB64.getBytes(), Base64.DEFAULT);
-      byte[] sessionKey = Base64.decode(
-        sessionKeyB64.getBytes(),
-        Base64.DEFAULT
-      );
-      PrivateKey pKey = CryptoCipher.stringToPrivateKey(this.privateKey);
-      byte[] decryptedSessionKey = CryptoCipher.decryptRSA(sessionKey, pKey);
-      SecretKey sKey = CryptoCipher.byteToSessionKey(decryptedSessionKey);
-      byte[] content = new byte[(int) file.length()];
-
-      try (
-        final FileInputStream fis = new FileInputStream(file);
-        final BufferedInputStream bis = new BufferedInputStream(fis);
-        final DataInputStream dis = new DataInputStream(bis)
-      ) {
-        dis.readFully(content);
-        dis.close();
-        byte[] decrypted = CryptoCipher.decryptAES(content, sKey, iv);
-        // write the decrypted string to the file
-        try (
-          final FileOutputStream fos = new FileOutputStream(
-            file.getAbsolutePath()
-          )
-        ) {
-          fos.write(decrypted);
-        }
-      }
-    } catch (GeneralSecurityException e) {
-      Log.i(TAG, "decryptFile fail");
-      this.sendStats("decrypt_fail", version);
-      e.printStackTrace();
-      throw new IOException("GeneralSecurityException");
-    }
-  }
-
   public void downloadBackground(
     final String url,
     final String version,

package/android/src/main/java/ee/forgr/capacitor_updater/CapacitorUpdaterPlugin.java

@@ -60,7 +60,7 @@ public class CapacitorUpdaterPlugin extends Plugin {
   private static final String channelUrlDefault =
     "https://plugin.capgo.app/channel_self";
 
-  private final String PLUGIN_VERSION = "6.11.2";
+  private final String PLUGIN_VERSION = "6.12.0";
   private static final String DELAY_CONDITION_PREFERENCES = "";
 
   private SharedPreferences.Editor editor;

package/android/src/main/java/ee/forgr/capacitor_updater/CryptoCipher.java

@@ -13,6 +13,12 @@ package ee.forgr.capacitor_updater;
  */
 import android.util.Base64;
 import android.util.Log;
+import java.io.BufferedInputStream;
+import java.io.DataInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
@@ -24,6 +30,7 @@ import java.security.spec.InvalidKeySpecException;
 import java.security.spec.MGF1ParameterSpec;
 import java.security.spec.PKCS8EncodedKeySpec;
 import java.security.spec.X509EncodedKeySpec;
+import java.util.zip.CRC32;
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
 import javax.crypto.IllegalBlockSizeException;
@@ -146,6 +153,84 @@ public class CryptoCipher {
     return readPkcs1PrivateKey(pkcs1EncodedBytes);
   }
 
+  public static void decryptFile(
+    final File file,
+    final String privateKey,
+    final String ivSessionKey,
+    final String version
+  ) throws IOException {
+    // (str != null && !str.isEmpty())
+    if (privateKey == null || privateKey.isEmpty()) {
+      Log.i(CapacitorUpdater.TAG, "Cannot found privateKey");
+      return;
+    } else if (
+      ivSessionKey == null ||
+      ivSessionKey.isEmpty() ||
+      ivSessionKey.split(":").length != 2
+    ) {
+      Log.i(CapacitorUpdater.TAG, "Cannot found sessionKey");
+      return;
+    }
+    try {
+      String ivB64 = ivSessionKey.split(":")[0];
+      String sessionKeyB64 = ivSessionKey.split(":")[1];
+      byte[] iv = Base64.decode(ivB64.getBytes(), Base64.DEFAULT);
+      byte[] sessionKey = Base64.decode(
+        sessionKeyB64.getBytes(),
+        Base64.DEFAULT
+      );
+      PrivateKey pKey = CryptoCipher.stringToPrivateKey(privateKey);
+      byte[] decryptedSessionKey = CryptoCipher.decryptRSA(sessionKey, pKey);
+      SecretKey sKey = CryptoCipher.byteToSessionKey(decryptedSessionKey);
+      byte[] content = new byte[(int) file.length()];
+
+      try (
+        final FileInputStream fis = new FileInputStream(file);
+        final BufferedInputStream bis = new BufferedInputStream(fis);
+        final DataInputStream dis = new DataInputStream(bis)
+      ) {
+        dis.readFully(content);
+        dis.close();
+        byte[] decrypted = CryptoCipher.decryptAES(content, sKey, iv);
+        // write the decrypted string to the file
+        try (
+          final FileOutputStream fos = new FileOutputStream(
+            file.getAbsolutePath()
+          )
+        ) {
+          fos.write(decrypted);
+        }
+      }
+    } catch (GeneralSecurityException e) {
+      Log.i(CapacitorUpdater.TAG, "decryptFile fail");
+      e.printStackTrace();
+      throw new IOException("GeneralSecurityException");
+    }
+  }
+
+  public static String calcChecksum(File file) {
+    final int BUFFER_SIZE = 1024 * 1024 * 5; // 5 MB buffer size
+    CRC32 crc = new CRC32();
+
+    try (FileInputStream fis = new FileInputStream(file)) {
+      byte[] buffer = new byte[BUFFER_SIZE];
+      int length;
+      while ((length = fis.read(buffer)) != -1) {
+        crc.update(buffer, 0, length);
+      }
+      return String.format("%08x", crc.getValue());
+    } catch (IOException e) {
+      System.err.println(
+        CapacitorUpdater.TAG +
+        " Cannot calc checksum: " +
+        file.getPath() +
+        " " +
+        e.getMessage()
+      );
+      return "";
+    }
+  }
+
   public static PublicKey stringToPublicKey(String publicKey) {
     byte[] encoded = Base64.decode(publicKey, Base64.DEFAULT);
 

package/android/src/main/java/ee/forgr/capacitor_updater/CryptoCipherV2.java

@@ -12,10 +12,18 @@ package ee.forgr.capacitor_updater;
  * references: http://stackoverflow.com/questions/12471999/rsa-encryption-decryption-in-android
  */
 import android.util.Base64;
+import android.util.Log;
+import java.io.BufferedInputStream;
+import java.io.DataInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.KeyFactory;
+import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
 import java.security.spec.InvalidKeySpecException;
@@ -26,7 +34,6 @@ import javax.crypto.IllegalBlockSizeException;
 import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PSource;
 import javax.crypto.spec.SecretKeySpec;
 
 public class CryptoCipherV2 {
@@ -134,6 +141,145 @@ public class CryptoCipherV2 {
     return buf;
   }
 
+  public static void decryptFile(
+    final File file,
+    final String publicKey,
+    final String ivSessionKey
+  ) throws IOException {
+    if (
+      publicKey.isEmpty() ||
+      ivSessionKey == null ||
+      ivSessionKey.isEmpty() ||
+      ivSessionKey.split(":").length != 2
+    ) {
+      Log.i(CapacitorUpdater.TAG, "Cannot found public key or sessionKey");
+      return;
+    }
+    if (!publicKey.startsWith("-----BEGIN RSA PUBLIC KEY-----")) {
+      Log.e(
+        CapacitorUpdater.TAG,
+        "The public key is not a valid RSA Public key"
+      );
+      return;
+    }
+
+    try {
+      String ivB64 = ivSessionKey.split(":")[0];
+      String sessionKeyB64 = ivSessionKey.split(":")[1];
+      byte[] iv = Base64.decode(ivB64.getBytes(), Base64.DEFAULT);
+      byte[] sessionKey = Base64.decode(
+        sessionKeyB64.getBytes(),
+        Base64.DEFAULT
+      );
+      PublicKey pKey = CryptoCipherV2.stringToPublicKey(publicKey);
+      byte[] decryptedSessionKey = CryptoCipherV2.decryptRSA(sessionKey, pKey);
+
+      SecretKey sKey = CryptoCipherV2.byteToSessionKey(decryptedSessionKey);
+      byte[] content = new byte[(int) file.length()];
+
+      try (
+        final FileInputStream fis = new FileInputStream(file);
+        final BufferedInputStream bis = new BufferedInputStream(fis);
+        final DataInputStream dis = new DataInputStream(bis)
+      ) {
+        dis.readFully(content);
+        dis.close();
+        byte[] decrypted = CryptoCipherV2.decryptAES(content, sKey, iv);
+        // write the decrypted string to the file
+        try (
+          final FileOutputStream fos = new FileOutputStream(
+            file.getAbsolutePath()
+          )
+        ) {
+          fos.write(decrypted);
+        }
+      }
+    } catch (GeneralSecurityException e) {
+      Log.i(CapacitorUpdater.TAG, "decryptFile fail");
+      e.printStackTrace();
+      throw new IOException("GeneralSecurityException");
+    }
+  }
+
+  public static String decryptChecksum(String checksum, String publicKey)
+    throws IOException {
+    if (publicKey.isEmpty()) {
+      Log.e(CapacitorUpdater.TAG, "The public key is empty");
+      return checksum;
+    }
+    try {
+      byte[] checksumBytes = Base64.decode(checksum, Base64.DEFAULT);
+      PublicKey pKey = CryptoCipherV2.stringToPublicKey(publicKey);
+      byte[] decryptedChecksum = CryptoCipherV2.decryptRSA(checksumBytes, pKey);
+      // return Base64.encodeToString(decryptedChecksum, Base64.DEFAULT);
+      String result = Base64.encodeToString(decryptedChecksum, Base64.DEFAULT);
+      return result.replaceAll("\\s", ""); // Remove all whitespace, including newlines
+    } catch (GeneralSecurityException e) {
+      Log.e(CapacitorUpdater.TAG, "decryptChecksum fail: " + e.getMessage());
+      throw new IOException("Decryption failed: " + e.getMessage());
+    }
+  }
+
+  public static String decryptChecksum(
+    String checksum,
+    String publicKey,
+    String version
+  ) throws IOException {
+    if (publicKey.isEmpty()) {
+      Log.e(CapacitorUpdater.TAG, "The public key is empty");
+      return checksum;
+    }
+    try {
+      byte[] checksumBytes = Base64.decode(checksum, Base64.DEFAULT);
+      PublicKey pKey = CryptoCipherV2.stringToPublicKey(publicKey);
+      byte[] decryptedChecksum = CryptoCipherV2.decryptRSA(checksumBytes, pKey);
+      // return Base64.encodeToString(decryptedChecksum, Base64.DEFAULT);
+      String result = Base64.encodeToString(decryptedChecksum, Base64.DEFAULT);
+      return result.replaceAll("\\s", ""); // Remove all whitespace, including newlines
+    } catch (GeneralSecurityException e) {
+      Log.e(CapacitorUpdater.TAG, "decryptChecksum fail: " + e.getMessage());
+      throw new IOException("Decryption failed: " + e.getMessage());
+    }
+  }
+
+  public static String calcChecksum(File file) {
+    final int BUFFER_SIZE = 1024 * 1024 * 5; // 5 MB buffer size
+    MessageDigest digest;
+    try {
+      digest = MessageDigest.getInstance("SHA-256");
+    } catch (java.security.NoSuchAlgorithmException e) {
+      System.err.println(
+        CapacitorUpdater.TAG + " SHA-256 algorithm not available"
+      );
+      return "";
+    }
+
+    try (FileInputStream fis = new FileInputStream(file)) {
+      byte[] buffer = new byte[BUFFER_SIZE];
+      int length;
+      while ((length = fis.read(buffer)) != -1) {
+        digest.update(buffer, 0, length);
+      }
+      byte[] hash = digest.digest();
+      StringBuilder hexString = new StringBuilder();
+      for (byte b : hash) {
+        String hex = Integer.toHexString(0xff & b);
+        if (hex.length() == 1) hexString.append('0');
+        hexString.append(hex);
+      }
+      return hexString.toString();
+    } catch (IOException e) {
+      System.err.println(
+        CapacitorUpdater.TAG +
+        " Cannot calc checksum v2: " +
+        file.getPath() +
+        " " +
+        e.getMessage()
+      );
+      return "";
+    }
+  }
+
   private static byte[] createDEREncoding(int tag, byte[] value) {
     if (tag < 0 || tag >= 0xFF) {
       throw new IllegalArgumentException(

package/android/src/main/java/ee/forgr/capacitor_updater/DownloadService.java

@@ -48,6 +48,7 @@ public class DownloadService extends Worker {
   public static final String VERSION = "version";
   public static final String SESSIONKEY = "sessionkey";
   public static final String CHECKSUM = "checksum";
+  public static final String PUBLIC_KEY = "publickey";
   public static final String IS_MANIFEST = "is_manifest";
   private static final String UPDATE_FILE = "update.dat";
 
@@ -100,6 +101,7 @@ public class DownloadService extends Worker {
       String version = getInputData().getString(VERSION);
       String sessionKey = getInputData().getString(SESSIONKEY);
       String checksum = getInputData().getString(CHECKSUM);
+      String publicKey = getInputData().getString(PUBLIC_KEY);
       boolean isManifest = getInputData().getBoolean(IS_MANIFEST, false);
 
       Log.d(TAG, "doWork isManifest: " + isManifest);
@@ -113,6 +115,7 @@ public class DownloadService extends Worker {
             dest,
             version,
             sessionKey,
+            publicKey,
             manifest.toString()
           );
           return createSuccessResult(dest, version, sessionKey, checksum, true);
@@ -154,6 +157,7 @@ public class DownloadService extends Worker {
     String dest,
     String version,
     String sessionKey,
+    String publicKey,
     String manifestString
   ) {
     try {
@@ -231,7 +235,8 @@ public class DownloadService extends Worker {
                 targetFile,
                 cacheFile,
                 fileHash,
-                id
+                sessionKey,
+                publicKey
               );
             }
 
@@ -426,7 +431,8 @@ public class DownloadService extends Worker {
     File targetFile,
     File cacheFile,
     String expectedHash,
-    String id
+    String sessionKey,
+    String publicKey
   ) throws Exception {
     Log.d(TAG, "downloadAndVerify " + downloadUrl);
 
@@ -461,6 +467,20 @@ public class DownloadService extends Worker {
         }
       }
 
+      String decryptedExpectedHash = expectedHash;
+
+      if (!publicKey.isEmpty() && sessionKey != null && !sessionKey.isEmpty()) {
+        Log.d(
+          CapacitorUpdater.TAG + " DLSrv",
+          "Decrypting file " + targetFile.getName()
+        );
+        CryptoCipherV2.decryptFile(compressedFile, publicKey, sessionKey);
+        decryptedExpectedHash = CryptoCipherV2.decryptChecksum(
+          decryptedExpectedHash,
+          publicKey
+        );
+      }
+
       // Decompress the file
       try (
         FileInputStream fis = new FileInputStream(compressedFile);
@@ -476,10 +496,10 @@ public class DownloadService extends Worker {
 
       // Delete the compressed file
       compressedFile.delete();
+      String calculatedHash = CryptoCipherV2.calcChecksum(targetFile);
 
       // Verify checksum
-      String actualHash = calculateFileHash(targetFile);
-      if (actualHash.equals(expectedHash)) {
+      if (calculatedHash.equals(decryptedExpectedHash)) {
         // Only cache if checksum is correct
         copyFile(targetFile, cacheFile);
       } else {

package/android/src/main/java/ee/forgr/capacitor_updater/DownloadWorkerManager.java

@@ -47,6 +47,7 @@ public class DownloadWorkerManager {
     String version,
     String sessionKey,
     String checksum,
+    String publicKey,
     boolean isManifest
   ) {
     initializeIfNeeded(context.getApplicationContext());
@@ -68,6 +69,7 @@ public class DownloadWorkerManager {
       .putString(DownloadService.SESSIONKEY, sessionKey)
       .putString(DownloadService.CHECKSUM, checksum)
       .putBoolean(DownloadService.IS_MANIFEST, isManifest)
+      .putString(DownloadService.PUBLIC_KEY, publicKey)
       .build();
 
     // Create network constraints