@capgo/capacitor-updater 7.29.0 → 7.32.0

package/android/src/main/java/ee/forgr/capacitor_updater/CapacitorUpdaterPlugin.java

@@ -71,7 +71,7 @@ public class CapacitorUpdaterPlugin extends Plugin {
     private static final String[] BREAKING_EVENT_NAMES = { "breakingAvailable", "majorAvailable" };
     private static final String LAST_FAILED_BUNDLE_PREF_KEY = "CapacitorUpdater.lastFailedBundle";
 
-    private final String pluginVersion = "7.29.0";
+    private final String pluginVersion = "7.32.0";
     private static final String DELAY_CONDITION_PREFERENCES = "";
 
     private SharedPreferences.Editor editor;
@@ -703,6 +703,7 @@ public class CapacitorUpdaterPlugin extends Plugin {
                         }
                     }
                     this.implementation.cleanupDownloadDirectories(allowedIds);
+                    this.implementation.cleanupDeltaCache();
                 }
                 this.editor.putString("LatestNativeBuildVersion", this.currentBuildVersion);
                 this.editor.apply();

package/android/src/main/java/ee/forgr/capacitor_updater/CapgoUpdater.java

@@ -403,6 +403,8 @@ public class CapgoUpdater {
                 } else {
                     checksum = CryptoCipher.calcChecksum(downloaded);
                 }
+                CryptoCipher.logChecksumInfo("Calculated checksum", checksum);
+                CryptoCipher.logChecksumInfo("Expected checksum", checksumDecrypted);
                 if ((!checksumDecrypted.isEmpty() || !this.publicKey.isEmpty()) && !checksumDecrypted.equals(checksum)) {
                     logger.error("Error checksum '" + checksumDecrypted + "' '" + checksum + "' '");
                     this.sendStats("checksum_fail");
@@ -491,6 +493,23 @@ public class CapgoUpdater {
         }
     }
 
+    public void cleanupDeltaCache() {
+        if (this.activity == null) {
+            logger.warn("Activity is null, skipping delta cache cleanup");
+            return;
+        }
+        final File cacheFolder = new File(this.activity.getCacheDir(), "capgo_downloads");
+        if (!cacheFolder.exists()) {
+            return;
+        }
+        try {
+            this.deleteDirectory(cacheFolder);
+            logger.info("Cleaned up delta cache folder");
+        } catch (IOException e) {
+            logger.error("Failed to cleanup delta cache: " + e.getMessage());
+        }
+    }
+
     public void cleanupDownloadDirectories(final Set<String> allowedIds) {
         if (this.documentsDir == null) {
             logger.warn("Documents directory is null, skipping download cleanup");

package/android/src/main/java/ee/forgr/capacitor_updater/CryptoCipher.java

@@ -179,24 +179,123 @@ public class CryptoCipher {
         }
     }
 
+    private static byte[] hexStringToByteArray(String s) {
+        int len = s.length();
+        byte[] data = new byte[len / 2];
+        for (int i = 0; i < len; i += 2) {
+            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16));
+        }
+        return data;
+    }
+
     public static String decryptChecksum(String checksum, String publicKey) throws IOException {
         if (publicKey.isEmpty()) {
             logger.error("No encryption set (public key) ignored");
             return checksum;
         }
         try {
-            byte[] checksumBytes = Base64.decode(checksum, Base64.DEFAULT);
+            // TODO: remove this in a month or two
+            // Determine if input is hex or base64 encoded
+            // Hex strings only contain 0-9 and a-f, while base64 contains other characters
+            byte[] checksumBytes;
+            String detectedFormat;
+            if (checksum.matches("^[0-9a-fA-F]+$")) {
+                // Hex encoded (new format from CLI for plugin versions >= 5.30.0, 6.30.0, 7.30.0)
+                checksumBytes = hexStringToByteArray(checksum);
+                detectedFormat = "hex";
+            } else {
+                // TODO: remove backwards compatibility
+                // Base64 encoded (old format for backwards compatibility)
+                checksumBytes = Base64.decode(checksum, Base64.DEFAULT);
+                detectedFormat = "base64";
+            }
+            logger.debug(
+                "Received encrypted checksum format: " +
+                    detectedFormat +
+                    " (length: " +
+                    checksum.length() +
+                    " chars, " +
+                    checksumBytes.length +
+                    " bytes)"
+            );
             PublicKey pKey = CryptoCipher.stringToPublicKey(publicKey);
             byte[] decryptedChecksum = CryptoCipher.decryptRSA(checksumBytes, pKey);
-            // return Base64.encodeToString(decryptedChecksum, Base64.DEFAULT);
-            String result = Base64.encodeToString(decryptedChecksum, Base64.DEFAULT);
-            return result.replaceAll("\\s", ""); // Remove all whitespace, including newlines
+            // Return as hex string to match calcChecksum output format
+            StringBuilder hexString = new StringBuilder();
+            for (byte b : decryptedChecksum) {
+                String hex = Integer.toHexString(0xff & b);
+                if (hex.length() == 1) hexString.append('0');
+                hexString.append(hex);
+            }
+            String result = hexString.toString();
+
+            // Detect checksum algorithm based on length
+            String detectedAlgorithm;
+            if (decryptedChecksum.length == 32) {
+                detectedAlgorithm = "SHA-256";
+            } else if (decryptedChecksum.length == 4) {
+                detectedAlgorithm = "CRC32 (deprecated)";
+                logger.error(
+                    "CRC32 checksum detected. This algorithm is deprecated and no longer supported. Please update your CLI to use SHA-256 checksums."
+                );
+            } else {
+                detectedAlgorithm = "unknown (" + decryptedChecksum.length + " bytes)";
+                logger.error(
+                    "Unknown checksum algorithm detected with " + decryptedChecksum.length + " bytes. Expected SHA-256 (32 bytes)."
+                );
+            }
+            logger.debug(
+                "Decrypted checksum: " +
+                    detectedAlgorithm +
+                    " hex format (length: " +
+                    result.length() +
+                    " chars, " +
+                    decryptedChecksum.length +
+                    " bytes)"
+            );
+            return result;
         } catch (GeneralSecurityException e) {
             logger.error("decryptChecksum fail: " + e.getMessage());
             throw new IOException("Decryption failed: " + e.getMessage());
         }
     }
 
+    /**
+     * Detect checksum algorithm based on hex string length.
+     * SHA-256 = 64 hex chars (32 bytes)
+     * CRC32 = 8 hex chars (4 bytes)
+     */
+    public static String detectChecksumAlgorithm(String hexChecksum) {
+        if (hexChecksum == null || hexChecksum.isEmpty()) {
+            return "empty";
+        }
+        int len = hexChecksum.length();
+        if (len == 64) {
+            return "SHA-256";
+        } else if (len == 8) {
+            return "CRC32 (deprecated)";
+        } else {
+            return "unknown (" + len + " hex chars)";
+        }
+    }
+
+    /**
+     * Log checksum info and warn if deprecated algorithm detected.
+     */
+    public static void logChecksumInfo(String label, String hexChecksum) {
+        String algorithm = detectChecksumAlgorithm(hexChecksum);
+        logger.debug(label + ": " + algorithm + " hex format (length: " + hexChecksum.length() + " chars)");
+        if (algorithm.contains("CRC32")) {
+            logger.error(
+                "CRC32 checksum detected. This algorithm is deprecated and no longer supported. Please update your CLI to use SHA-256 checksums."
+            );
+        } else if (algorithm.contains("unknown")) {
+            logger.error(
+                "Unknown checksum algorithm detected. Expected SHA-256 (64 hex chars) but got " + hexChecksum.length() + " chars."
+            );
+        }
+    }
+
     public static String calcChecksum(File file) {
         final int BUFFER_SIZE = 1024 * 1024 * 5; // 5 MB buffer size
         MessageDigest digest;

package/android/src/main/java/ee/forgr/capacitor_updater/DownloadService.java

@@ -641,6 +641,8 @@ public class DownloadService extends Worker {
             // Delete the compressed file
             compressedFile.delete();
             String calculatedHash = CryptoCipher.calcChecksum(finalTargetFile);
+            CryptoCipher.logChecksumInfo("Calculated checksum", calculatedHash);
+            CryptoCipher.logChecksumInfo("Expected checksum", expectedHash);
 
             // Verify checksum
             if (calculatedHash.equals(expectedHash)) {

package/ios/Sources/CapacitorUpdaterPlugin/CapacitorUpdaterPlugin.swift

@@ -54,7 +54,7 @@ public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
         CAPPluginMethod(name: "isShakeMenuEnabled", returnType: CAPPluginReturnPromise)
     ]
     public var implementation = CapgoUpdater()
-    private let pluginVersion: String = "7.29.0"
+    private let pluginVersion: String = "7.32.0"
     static let updateUrlDefault = "https://plugin.capgo.app/updates"
     static let statsUrlDefault = "https://plugin.capgo.app/stats"
     static let channelUrlDefault = "https://plugin.capgo.app/channel_self"
@@ -366,6 +366,7 @@ public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
                 return id.isEmpty ? nil : id
             })
             implementation.cleanupDownloadDirectories(allowedIds: allowedIds)
+            implementation.cleanupDeltaCache()
         }
         UserDefaults.standard.set(self.currentBuildVersion, forKey: "LatestNativeBuildVersion")
         UserDefaults.standard.synchronize()
@@ -501,6 +502,8 @@ public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
                 }
 
                 checksum = try CryptoCipher.decryptChecksum(checksum: checksum, publicKey: self.implementation.publicKey)
+                CryptoCipher.logChecksumInfo(label: "Bundle checksum", hexChecksum: next.getChecksum())
+                CryptoCipher.logChecksumInfo(label: "Expected checksum", hexChecksum: checksum)
                 if (checksum != "" || self.implementation.publicKey != "") && next.getChecksum() != checksum {
                     self.logger.error("Error checksum \(next.getChecksum()) \(checksum)")
                     self.implementation.sendStats(action: "checksum_fail", versionName: next.getVersionName())
@@ -1332,6 +1335,8 @@ public class CapacitorUpdaterPlugin: CAPPlugin, CAPBridgedPlugin {
                         return
                     }
                     res.checksum = try CryptoCipher.decryptChecksum(checksum: res.checksum, publicKey: self.implementation.publicKey)
+                    CryptoCipher.logChecksumInfo(label: "Bundle checksum", hexChecksum: next.getChecksum())
+                    CryptoCipher.logChecksumInfo(label: "Expected checksum", hexChecksum: res.checksum)
                     if res.checksum != "" && next.getChecksum() != res.checksum && res.manifest == nil {
                         self.logger.error("Error checksum \(next.getChecksum()) \(res.checksum)")
                         self.implementation.sendStats(action: "checksum_fail", versionName: next.getVersionName())

package/ios/Sources/CapacitorUpdaterPlugin/CapgoUpdater.swift

@@ -520,6 +520,8 @@ import UIKit
                             if !self.publicKey.isEmpty && !sessionKey.isEmpty {
                                 // assume that calcChecksum != null
                                 let calculatedChecksum = CryptoCipher.calcChecksum(filePath: destFilePath)
+                                CryptoCipher.logChecksumInfo(label: "Calculated checksum", hexChecksum: calculatedChecksum)
+                                CryptoCipher.logChecksumInfo(label: "Expected checksum", hexChecksum: fileHash)
                                 if calculatedChecksum != fileHash {
                                     self.sendStats(action: "download_manifest_checksum_fail", versionName: "\(version):\(finalFileName)")
                                     throw NSError(domain: "ChecksumError", code: 1, userInfo: [NSLocalizedDescriptionKey: "Computed checksum is not equal to required checksum (\(calculatedChecksum) != \(fileHash)) for file \(fileName) at url \(downloadUrl)"])
@@ -781,6 +783,7 @@ import UIKit
 
         do {
             checksum = CryptoCipher.calcChecksum(filePath: finalPath)
+            CryptoCipher.logChecksumInfo(label: "Calculated bundle checksum", hexChecksum: checksum)
             logger.info("Downloading: 80% (unzipping)")
             try self.saveDownloaded(sourceZip: finalPath, id: id, base: self.libraryDir.appendingPathComponent(self.bundleDirectory), notify: true)
 
@@ -975,6 +978,19 @@ import UIKit
         return self.delete(id: id, removeInfo: true)
     }
 
+    public func cleanupDeltaCache() {
+        let fileManager = FileManager.default
+        guard fileManager.fileExists(atPath: cacheFolder.path) else {
+            return
+        }
+        do {
+            try fileManager.removeItem(at: cacheFolder)
+            logger.info("Cleaned up delta cache folder")
+        } catch {
+            logger.error("Failed to cleanup delta cache: \(error.localizedDescription)")
+        }
+    }
+
     public func cleanupDownloadDirectories(allowedIds: Set<String>) {
         let bundleRoot = libraryDir.appendingPathComponent(bundleDirectory)
         let fileManager = FileManager.default

package/ios/Sources/CapacitorUpdaterPlugin/CryptoCipher.swift

@@ -15,16 +15,52 @@ public struct CryptoCipher {
         self.logger = logger
     }
 
+    private static func hexStringToData(_ hex: String) -> Data? {
+        var data = Data()
+        var hexIterator = hex.makeIterator()
+        while let c1 = hexIterator.next(), let c2 = hexIterator.next() {
+            guard let byte = UInt8(String([c1, c2]), radix: 16) else {
+                return nil
+            }
+            data.append(byte)
+        }
+        return data
+    }
+
+    private static func isHexString(_ str: String) -> Bool {
+        let hexCharacterSet = CharacterSet(charactersIn: "0123456789abcdefABCDEF")
+        return str.unicodeScalars.allSatisfy { hexCharacterSet.contains($0) }
+    }
+
     public static func decryptChecksum(checksum: String, publicKey: String) throws -> String {
         if publicKey.isEmpty {
             logger.info("No encryption set (public key) ignored")
             return checksum
         }
         do {
-            guard let checksumBytes = Data(base64Encoded: checksum) else {
-                logger.error("Cannot decode checksum as base64: \(checksum)")
-                throw CustomError.cannotDecode
+            // Determine if input is hex or base64 encoded
+            // Hex strings only contain 0-9 and a-f, while base64 contains other characters
+            let checksumBytes: Data
+            let detectedFormat: String
+            if isHexString(checksum) {
+                // Hex encoded (new format from CLI for plugin versions >= 5.30.0, 6.30.0, 7.30.0)
+                guard let hexData = hexStringToData(checksum) else {
+                    logger.error("Cannot decode checksum as hex: \(checksum)")
+                    throw CustomError.cannotDecode
+                }
+                checksumBytes = hexData
+                detectedFormat = "hex"
+            } else {
+                // TODO: remove backwards compatibility
+                // Base64 encoded (old format for backwards compatibility)
+                guard let base64Data = Data(base64Encoded: checksum) else {
+                    logger.error("Cannot decode checksum as base64: \(checksum)")
+                    throw CustomError.cannotDecode
+                }
+                checksumBytes = base64Data
+                detectedFormat = "base64"
             }
+            logger.debug("Received encrypted checksum format: \(detectedFormat) (length: \(checksum.count) chars, \(checksumBytes.count) bytes)")
 
             if checksumBytes.isEmpty {
                 logger.error("Decoded checksum is empty")
@@ -41,12 +77,56 @@ public struct CryptoCipher {
                 throw NSError(domain: "Failed to decrypt session key data", code: 2, userInfo: nil)
             }
 
-            return decryptedChecksum.base64EncodedString()
+            // Return as hex string to match calcChecksum output format
+            let result = decryptedChecksum.map { String(format: "%02x", $0) }.joined()
+
+            // Detect checksum algorithm based on length
+            let detectedAlgorithm: String
+            if decryptedChecksum.count == 32 {
+                detectedAlgorithm = "SHA-256"
+            } else if decryptedChecksum.count == 4 {
+                detectedAlgorithm = "CRC32 (deprecated)"
+                logger.error("CRC32 checksum detected. This algorithm is deprecated and no longer supported. Please update your CLI to use SHA-256 checksums.")
+            } else {
+                detectedAlgorithm = "unknown (\(decryptedChecksum.count) bytes)"
+                logger.error("Unknown checksum algorithm detected with \(decryptedChecksum.count) bytes. Expected SHA-256 (32 bytes).")
+            }
+            logger.debug("Decrypted checksum: \(detectedAlgorithm) hex format (length: \(result.count) chars, \(decryptedChecksum.count) bytes)")
+            return result
         } catch {
             logger.error("decryptChecksum fail: \(error.localizedDescription)")
             throw CustomError.cannotDecode
         }
     }
+
+    /// Detect checksum algorithm based on hex string length.
+    /// SHA-256 = 64 hex chars (32 bytes)
+    /// CRC32 = 8 hex chars (4 bytes)
+    public static func detectChecksumAlgorithm(_ hexChecksum: String) -> String {
+        if hexChecksum.isEmpty {
+            return "empty"
+        }
+        let len = hexChecksum.count
+        if len == 64 {
+            return "SHA-256"
+        } else if len == 8 {
+            return "CRC32 (deprecated)"
+        } else {
+            return "unknown (\(len) hex chars)"
+        }
+    }
+
+    /// Log checksum info and warn if deprecated algorithm detected.
+    public static func logChecksumInfo(label: String, hexChecksum: String) {
+        let algorithm = detectChecksumAlgorithm(hexChecksum)
+        logger.debug("\(label): \(algorithm) hex format (length: \(hexChecksum.count) chars)")
+        if algorithm.contains("CRC32") {
+            logger.error("CRC32 checksum detected. This algorithm is deprecated and no longer supported. Please update your CLI to use SHA-256 checksums.")
+        } else if algorithm.contains("unknown") {
+            logger.error("Unknown checksum algorithm detected. Expected SHA-256 (64 hex chars) but got \(hexChecksum.count) chars.")
+        }
+    }
+
     public static func calcChecksum(filePath: URL) -> String {
         let bufferSize = 1024 * 1024 * 5 // 5 MB
         var sha256 = SHA256()

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@capgo/capacitor-updater",
-  "version": "7.29.0",
+  "version": "7.32.0",
   "license": "MPL-2.0",
   "description": "Live update for capacitor apps",
   "main": "dist/plugin.cjs.js",