@capgo/capacitor-updater 8.0.0 → 8.0.1

package/ios/Plugin/CryptoCipherV2.swift

@@ -0,0 +1,310 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+import Foundation
+import CommonCrypto
+import CryptoKit
+
+///
+/// Constants
+///
+private enum CryptoCipherConstants {
+    static let rsaKeySizeInBits: NSNumber = 2048
+    static let aesAlgorithm: CCAlgorithm = CCAlgorithm(kCCAlgorithmAES)
+    static let aesOptions: CCOptions = CCOptions(kCCOptionPKCS7Padding)
+    static let rsaAlgorithm: SecKeyAlgorithm = .rsaEncryptionOAEPSHA256
+}
+///
+/// The AES key. Contains both the initialization vector and secret key.
+///
+public struct AES128Key {
+    /// Initialization vector
+    private let iv: Data
+    private let aes128Key: Data
+    #if DEBUG
+    public var __debug_iv: Data { iv }
+    public var __debug_aes128Key: Data { aes128Key }
+    #endif
+    init(iv: Data, aes128Key: Data) {
+        self.iv = iv
+        self.aes128Key = aes128Key
+    }
+    ///
+    /// Takes the data and uses the private key to decrypt it. Will call `CCCrypt` in CommonCrypto
+    /// and provide it `ivData` for the initialization vector. Will use cipher block chaining (CBC) as
+    /// the mode of operation.
+    ///
+    /// Returns the decrypted data.
+    ///
+    public func decrypt(data: Data) -> Data? {
+        let encryptedData: UnsafePointer<UInt8> = (data as NSData).bytes.bindMemory(to: UInt8.self, capacity: data.count)
+        let encryptedDataLength: Int = data.count
+
+        if let result: NSMutableData = NSMutableData(length: encryptedDataLength) {
+            let keyData: UnsafePointer<UInt8> = (self.aes128Key as NSData).bytes.bindMemory(to: UInt8.self, capacity: self.aes128Key.count)
+            let keyLength: size_t = size_t(self.aes128Key.count)
+            let ivData: UnsafePointer<UInt8> = (iv as NSData).bytes.bindMemory(to: UInt8.self, capacity: self.iv.count)
+
+            let decryptedData: UnsafeMutablePointer<UInt8> = UnsafeMutablePointer<UInt8>(result.mutableBytes.assumingMemoryBound(to: UInt8.self))
+            let decryptedDataLength: size_t = size_t(result.length)
+
+            var decryptedLength: size_t = 0
+
+            let status: CCCryptorStatus = CCCrypt(CCOperation(kCCDecrypt), CryptoCipherConstants.aesAlgorithm, CryptoCipherConstants.aesOptions, keyData, keyLength, ivData, encryptedData, encryptedDataLength, decryptedData, decryptedDataLength, &decryptedLength)
+
+            if Int32(status) == Int32(kCCSuccess) {
+                result.length = Int(decryptedLength)
+                return result as Data
+            } else {
+                return nil
+            }
+        } else {
+            return nil
+        }
+    }
+}
+
+///
+/// The RSA public key.
+///
+public struct RSAPublicKey {
+    private let publicKey: SecKey
+
+    #if DEBUG
+    public var __debug_publicKey: SecKey { self.publicKey }
+    #endif
+
+    fileprivate init(publicKey: SecKey) {
+        self.publicKey = publicKey
+    }
+
+    ///
+    /// Takes the data and uses the public key to decrypt it.
+    /// Returns the decrypted data.
+    ///
+    public func decrypt(data: Data) -> Data? {
+        do {
+            guard let decryptedData = RSAPublicKey.decryptWithRSAKey(data, rsaKeyRef: self.publicKey, padding: SecPadding()) else {
+                throw CustomError.cannotDecryptSessionKey
+            }
+
+            return decryptedData
+        } catch {
+            print("Error decrypting data: \(error)")
+            return nil
+        }
+    }
+
+    ///
+    /// Allows you to load an RSA public key (i.e. one downloaded from the net).
+    ///
+    public static func load(rsaPublicKey: String) -> RSAPublicKey? {
+        var pubKey: String = rsaPublicKey
+        pubKey = pubKey.replacingOccurrences(of: "-----BEGIN RSA PUBLIC KEY-----", with: "")
+        pubKey = pubKey.replacingOccurrences(of: "-----END RSA PUBLIC KEY-----", with: "")
+        pubKey = pubKey.replacingOccurrences(of: "\\n+", with: "", options: .regularExpression)
+        pubKey = pubKey.trimmingCharacters(in: .whitespacesAndNewlines)
+        do {
+            guard let rsaPublicKeyData: Data = Data(base64Encoded: String(pubKey)) else {
+                throw CustomError.cannotDecode
+            }
+
+            guard let publicKey: SecKey = .loadPublicFromData(rsaPublicKeyData) else {
+                throw CustomError.cannotDecode
+            }
+
+            return RSAPublicKey(publicKey: publicKey)
+        } catch {
+            print("Error load RSA: \(error)")
+            return nil
+        }
+    }
+
+    // code is copied from here: https://github.com/btnguyen2k/swiftutils/blob/88494f4c635b6c6d42ef0fb30a7d666acd38c4fa/SwiftUtils/RSAUtils.swift#L393
+    public static func decryptWithRSAKey(_ encryptedData: Data, rsaKeyRef: SecKey, padding: SecPadding) -> Data? {
+        let blockSize = SecKeyGetBlockSize(rsaKeyRef)
+        let dataSize = encryptedData.count / MemoryLayout<UInt8>.size
+
+        var encryptedDataAsArray = [UInt8](repeating: 0, count: dataSize)
+        (encryptedData as NSData).getBytes(&encryptedDataAsArray, length: dataSize)
+
+        var decryptedData = [UInt8](repeating: 0, count: 0)
+        var idx = 0
+        while idx < encryptedDataAsArray.count {
+            var idxEnd = idx + blockSize
+            if idxEnd > encryptedDataAsArray.count {
+                idxEnd = encryptedDataAsArray.count
+            }
+            var chunkData = [UInt8](repeating: 0, count: blockSize)
+            for i in idx..<idxEnd {
+                chunkData[i-idx] = encryptedDataAsArray[i]
+            }
+
+            var decryptedDataBuffer = [UInt8](repeating: 0, count: blockSize)
+            var decryptedDataLength = blockSize
+
+            let status = SecKeyDecrypt(rsaKeyRef, padding, chunkData, idxEnd-idx, &decryptedDataBuffer, &decryptedDataLength)
+            if status != noErr {
+                return nil
+            }
+            let finalData = removePadding(decryptedDataBuffer)
+            decryptedData += finalData
+
+            idx += blockSize
+        }
+
+        return Data(decryptedData)
+    }
+
+    // code is copied from here: https://github.com/btnguyen2k/swiftutils/blob/88494f4c635b6c6d42ef0fb30a7d666acd38c4fa/SwiftUtils/RSAUtils.swift#L429
+    private static func removePadding(_ data: [UInt8]) -> [UInt8] {
+        var idxFirstZero = -1
+        var idxNextZero = data.count
+        for i in 0..<data.count {
+            if data[i] == 0 {
+                if idxFirstZero < 0 {
+                    idxFirstZero = i
+                } else {
+                    idxNextZero = i
+                    break
+                }
+            }
+        }
+        if idxNextZero-idxFirstZero-1 == 0 {
+            idxNextZero = idxFirstZero
+            idxFirstZero = -1
+        }
+        var newData = [UInt8](repeating: 0, count: idxNextZero-idxFirstZero-1)
+        for i in idxFirstZero+1..<idxNextZero {
+            newData[i-idxFirstZero-1] = data[i]
+        }
+        return newData
+    }
+}
+
+fileprivate extension SecKey {
+    func exportToData() -> Data? {
+        var error: Unmanaged<CFError>?
+        if let cfData: CFData = SecKeyCopyExternalRepresentation(self, &error) {
+            if error != nil {
+                return nil
+            } else {
+                return cfData as Data
+            }
+        } else {
+            return nil
+        }
+    }
+    static func loadPublicFromData(_ data: Data) -> SecKey? {
+        let keyDict: [NSObject: NSObject] = [
+            kSecAttrKeyType: kSecAttrKeyTypeRSA,
+            kSecAttrKeyClass: kSecAttrKeyClassPublic,
+            kSecAttrKeySizeInBits: CryptoCipherConstants.rsaKeySizeInBits
+        ]
+        return SecKeyCreateWithData(data as NSData, keyDict as CFDictionary, nil)
+    }
+    static func loadPrivateFromData(_ data: Data) -> SecKey? {
+        let keyDict: [NSObject: NSObject] = [
+            kSecAttrKeyType: kSecAttrKeyTypeRSA,
+            kSecAttrKeyClass: kSecAttrKeyClassPrivate,
+            kSecAttrKeySizeInBits: CryptoCipherConstants.rsaKeySizeInBits
+        ]
+        return SecKeyCreateWithData(data as CFData, keyDict as CFDictionary, nil)
+    }
+}
+
+public struct CryptoCipherV2 {
+
+    public static func decryptChecksum(checksum: String, publicKey: String, version: String) throws -> String {
+        if publicKey.isEmpty {
+            return checksum
+        }
+        do {
+            let checksumBytes: Data = Data(base64Encoded: checksum)!
+            guard let rsaPublicKey: RSAPublicKey = .load(rsaPublicKey: publicKey) else {
+                print("cannot decode publicKey", publicKey)
+                throw CustomError.cannotDecode
+            }
+            guard let decryptedChecksum = rsaPublicKey.decrypt(data: checksumBytes) else {
+                throw NSError(domain: "Failed to decrypt session key data", code: 2, userInfo: nil)
+            }
+            return decryptedChecksum.base64EncodedString()
+        } catch {
+            print("\(CapacitorUpdater.TAG) Cannot decrypt checksum: \(checksum)", error)
+            throw CustomError.cannotDecode
+        }
+    }
+    public static func calcChecksum(filePath: URL) -> String {
+        let bufferSize = 1024 * 1024 * 5 // 5 MB
+        var sha256 = SHA256()
+
+        do {
+            let fileHandle = try FileHandle(forReadingFrom: filePath)
+            defer {
+                fileHandle.closeFile()
+            }
+
+            while autoreleasepool(invoking: {
+                let fileData = fileHandle.readData(ofLength: bufferSize)
+                if fileData.count > 0 {
+                    sha256.update(data: fileData)
+                    return true // Continue
+                } else {
+                    return false // End of file
+                }
+            }) {}
+
+            let digest = sha256.finalize()
+            return digest.compactMap { String(format: "%02x", $0) }.joined()
+        } catch {
+            print("\(CapacitorUpdater.TAG) Cannot get checksum: \(filePath.path)", error)
+            return ""
+        }
+    }
+
+    public static func decryptFile(filePath: URL, publicKey: String, sessionKey: String, version: String) throws {
+        if publicKey.isEmpty || sessionKey.isEmpty  || sessionKey.components(separatedBy: ":").count != 2 {
+            print("\(CapacitorUpdater.TAG) Cannot find public key or sessionKey")
+            return
+        }
+        do {
+            guard let rsaPublicKey: RSAPublicKey = .load(rsaPublicKey: publicKey) else {
+                print("cannot decode publicKey", publicKey)
+                throw CustomError.cannotDecode
+            }
+
+            let sessionKeyArray: [String] = sessionKey.components(separatedBy: ":")
+            guard let ivData: Data = Data(base64Encoded: sessionKeyArray[0]) else {
+                print("cannot decode sessionKey", sessionKey)
+                throw CustomError.cannotDecode
+            }
+
+            guard let sessionKeyDataEncrypted = Data(base64Encoded: sessionKeyArray[1]) else {
+                throw NSError(domain: "Invalid session key data", code: 1, userInfo: nil)
+            }
+
+            guard let sessionKeyDataDecrypted = rsaPublicKey.decrypt(data: sessionKeyDataEncrypted) else {
+                throw NSError(domain: "Failed to decrypt session key data", code: 2, userInfo: nil)
+            }
+
+            let aesPrivateKey = AES128Key(iv: ivData, aes128Key: sessionKeyDataDecrypted)
+
+            guard let encryptedData = try? Data(contentsOf: filePath) else {
+                throw NSError(domain: "Failed to read encrypted data", code: 3, userInfo: nil)
+            }
+
+            guard let decryptedData = aesPrivateKey.decrypt(data: encryptedData) else {
+                throw NSError(domain: "Failed to decrypt data", code: 4, userInfo: nil)
+            }
+
+            try decryptedData.write(to: filePath)
+
+        } catch {
+            print("\(CapacitorUpdater.TAG) Cannot decode: \(filePath.path)", error)
+            throw CustomError.cannotDecode
+        }
+    }
+}

package/ios/Plugin/InternalUtils.swift

@@ -0,0 +1,258 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+import Foundation
+
+extension Collection {
+    subscript(safe index: Index) -> Element? {
+        return indices.contains(index) ? self[index] : nil
+    }
+}
+extension URL {
+    var isDirectory: Bool {
+        (try? resourceValues(forKeys: [.isDirectoryKey]))?.isDirectory == true
+    }
+    var exist: Bool {
+        return FileManager().fileExists(atPath: self.path)
+    }
+}
+struct SetChannelDec: Decodable {
+    let status: String?
+    let error: String?
+    let message: String?
+}
+public class SetChannel: NSObject {
+    var status: String = ""
+    var error: String = ""
+    var message: String = ""
+}
+extension SetChannel {
+    func toDict() -> [String: Any] {
+        var dict: [String: Any] = [String: Any]()
+        let otherSelf: Mirror = Mirror(reflecting: self)
+        for child: Mirror.Child in otherSelf.children {
+            if let key: String = child.label {
+                dict[key] = child.value
+            }
+        }
+        return dict
+    }
+}
+struct GetChannelDec: Decodable {
+    let channel: String?
+    let status: String?
+    let error: String?
+    let message: String?
+    let allowSet: Bool?
+}
+public class GetChannel: NSObject {
+    var channel: String = ""
+    var status: String = ""
+    var error: String = ""
+    var message: String = ""
+    var allowSet: Bool = true
+}
+extension GetChannel {
+    func toDict() -> [String: Any] {
+        var dict: [String: Any] = [String: Any]()
+        let otherSelf: Mirror = Mirror(reflecting: self)
+        for child: Mirror.Child in otherSelf.children {
+            if let key: String = child.label {
+                dict[key] = child.value
+            }
+        }
+        return dict
+    }
+}
+struct InfoObject: Codable {
+    let platform: String?
+    let device_id: String?
+    let app_id: String?
+    let custom_id: String?
+    let version_build: String?
+    let version_code: String?
+    let version_os: String?
+    var version_name: String?
+    var old_version_name: String?
+    let plugin_version: String?
+    let is_emulator: Bool?
+    let is_prod: Bool?
+    var action: String?
+    var channel: String?
+    var defaultChannel: String?
+}
+
+public struct ManifestEntry: Codable {
+    let file_name: String?
+    let file_hash: String?
+    let download_url: String?
+}
+
+extension ManifestEntry {
+    func toDict() -> [String: Any] {
+        var dict: [String: Any] = [String: Any]()
+        let mirror = Mirror(reflecting: self)
+        for child in mirror.children {
+            if let key = child.label {
+                dict[key] = child.value
+            }
+        }
+        return dict
+    }
+}
+
+struct AppVersionDec: Decodable {
+    let version: String?
+    let checksum: String?
+    let url: String?
+    let message: String?
+    let error: String?
+    let session_key: String?
+    let major: Bool?
+    let data: [String: String]?
+    let manifest: [ManifestEntry]?
+}
+
+public class AppVersion: NSObject {
+    var version: String = ""
+    var checksum: String = ""
+    var url: String = ""
+    var message: String?
+    var error: String?
+    var sessionKey: String?
+    var major: Bool?
+    var data: [String: String]?
+    var manifest: [ManifestEntry]?
+}
+
+extension AppVersion {
+    func toDict() -> [String: Any] {
+        var dict: [String: Any] = [String: Any]()
+        let otherSelf: Mirror = Mirror(reflecting: self)
+        for child: Mirror.Child in otherSelf.children {
+            if let key: String = child.label {
+                if key == "manifest", let manifestEntries = child.value as? [ManifestEntry] {
+                    dict[key] = manifestEntries.map { $0.toDict() }
+                } else {
+                    dict[key] = child.value
+                }
+            }
+        }
+        return dict
+    }
+}
+
+extension OperatingSystemVersion {
+    func getFullVersion(separator: String = ".") -> String {
+        return "\(majorVersion)\(separator)\(minorVersion)\(separator)\(patchVersion)"
+    }
+}
+extension Bundle {
+    var versionName: String? {
+        return infoDictionary?["CFBundleShortVersionString"] as? String
+    }
+    var versionCode: String? {
+        return infoDictionary?["CFBundleVersion"] as? String
+    }
+}
+
+extension ISO8601DateFormatter {
+    convenience init(_ formatOptions: Options) {
+        self.init()
+        self.formatOptions = formatOptions
+    }
+}
+extension Formatter {
+    static let iso8601withFractionalSeconds: ISO8601DateFormatter = ISO8601DateFormatter([.withInternetDateTime, .withFractionalSeconds])
+}
+extension Date {
+    var iso8601withFractionalSeconds: String { return Formatter.iso8601withFractionalSeconds.string(from: self) }
+}
+extension String {
+
+    var fileURL: URL {
+        return URL(fileURLWithPath: self)
+    }
+
+    var lastPathComponent: String {
+        get {
+            return fileURL.lastPathComponent
+        }
+    }
+    var iso8601withFractionalSeconds: Date? {
+        return Formatter.iso8601withFractionalSeconds.date(from: self)
+    }
+    func trim(using characterSet: CharacterSet = .whitespacesAndNewlines) -> String {
+        return trimmingCharacters(in: characterSet)
+    }
+}
+
+enum CustomError: Error {
+    // Throw when an unzip fail
+    case cannotUnzip
+    case cannotWrite
+    case cannotDecode
+    case cannotUnflat
+    case cannotCreateDirectory
+    case cannotDeleteDirectory
+    case cannotDecryptSessionKey
+    case invalidBase64
+
+    // Throw in all other cases
+    case unexpected(code: Int)
+}
+
+extension CustomError: LocalizedError {
+    public var errorDescription: String? {
+        switch self {
+        case .cannotUnzip:
+            return NSLocalizedString(
+                "The file cannot be unzip",
+                comment: "Invalid zip"
+            )
+        case .cannotCreateDirectory:
+            return NSLocalizedString(
+                "The folder cannot be created",
+                comment: "Invalid folder"
+            )
+        case .cannotDeleteDirectory:
+            return NSLocalizedString(
+                "The folder cannot be deleted",
+                comment: "Invalid folder"
+            )
+        case .cannotUnflat:
+            return NSLocalizedString(
+                "The file cannot be unflat",
+                comment: "Invalid folder"
+            )
+        case .unexpected:
+            return NSLocalizedString(
+                "An unexpected error occurred.",
+                comment: "Unexpected Error"
+            )
+        case .cannotDecode:
+            return NSLocalizedString(
+                "Decoding the zip failed with this key",
+                comment: "Invalid public key"
+            )
+        case .cannotWrite:
+            return NSLocalizedString(
+                "Cannot write to the destination",
+                comment: "Invalid destination"
+            )
+        case .cannotDecryptSessionKey:
+            return NSLocalizedString(
+                "Decrypting the session key failed",
+                comment: "Invalid session key"
+            )
+        case .invalidBase64:
+            return NSLocalizedString(
+                "Decrypting the base64 failed",
+                comment: "Invalid checksum key"
+            )
+        }
+    }
+}

package/package.json

@@ -1,7 +1,6 @@
 {
   "name": "@capgo/capacitor-updater",
-  "version": "8.0.0",
-  "packageManager": "pnpm@8.5.1",
+  "version": "8.0.1",
   "license": "MPL-2.0",
   "description": "Live update for capacitor apps",
   "main": "dist/plugin.cjs.js",
@@ -10,10 +9,12 @@
   "unpkg": "dist/plugin.js",
   "files": [
     "android/src/main/",
+    "android/proguard-rules.pro",
     "android/build.gradle",
     "dist/",
     "ios/Plugin/",
-    "CapgoCapacitorUpdater.podspec"
+    "CapgoCapacitorUpdater.podspec",
+    "Package.swift"
   ],
   "author": "Martin Donadieu",
   "repository": {
@@ -25,25 +26,29 @@
   },
   "keywords": [
     "capacitor",
-    "plugin",
-    "OTA",
-    "manual update",
+    "live updates",
     "live update",
+    "updates",
     "auto update",
+    "manual update",
+    "capgo",
+    "plugin",
+    "OTA",
     "ionic",
     "appflow alternative",
-    "capgo",
+    "capawesome alternative",
     "native"
   ],
   "scripts": {
     "verify": "npm run verify:ios && npm run verify:android && npm run verify:web",
     "verify:ios": "cd ios && pod install && xcodebuild -workspace Plugin.xcworkspace -scheme Plugin && cd ..",
+    "verify:iosSPM": "xcodebuild -workspace ios/Plugin.xcworkspace -scheme Plugin -destination generic/platform=iOS",
     "verify:android": "cd android && ./gradlew clean build test && cd ..",
     "verify:web": "npm run build",
     "lint": "npm run eslint && npm run prettier -- --check && npm run swiftlint -- lint",
     "fmt": "npm run eslint -- --fix && npm run prettier -- --write && npm run swiftlint -- --autocorrect --format",
-    "eslint": "eslint . --ext ts",
-    "prettier": "prettier --config .prettierrc.js \"**/*.{css,html,ts,js,java}\"",
+    "eslint": "eslint . --ext .ts",
+    "prettier": "prettier \"**/*.{css,html,ts,js,java}\" --plugin=prettier-plugin-java",
     "swiftlint": "node-swiftlint",
     "docgen": "docgen --api CapacitorUpdaterPlugin --output-readme README.md --output-json dist/docs.json",
     "docgen:api": "docgen --api CapacitorUpdaterPlugin --output-readme api.md --output-json dist/docs.json && awk '{sub(/###/,\"##\")}1' api.md > temp.txt && mv temp.txt api.md",
@@ -53,28 +58,27 @@
     "prepublishOnly": "npm run build"
   },
   "devDependencies": {
-    "@capacitor/android": "^5.0.3",
-    "@capacitor/cli": "^5.0.3",
-    "@capacitor/core": "^5.0.3",
-    "@capacitor/docgen": "^0.2.1",
-    "@capacitor/ios": "^5.0.3",
-    "@ionic/eslint-config": "^0.3.0",
-    "@ionic/prettier-config": "^3.0.0",
-    "@ionic/swiftlint-config": "^1.1.2",
-    "@types/node": "^20.2.3",
-    "@typescript-eslint/eslint-plugin": "^5.59.7",
-    "@typescript-eslint/parser": "^5.59.7",
-    "eslint": "^8.41.0",
-    "eslint-plugin-import": "^2.27.5",
-    "prettier": "^2.8.8",
-    "prettier-plugin-java": "^2.1.0",
-    "rimraf": "^5.0.1",
-    "rollup": "^3.23.0",
-    "swiftlint": "^1.0.2",
-    "typescript": "^5.0.4"
+    "@capacitor/android": "^7.0.0",
+    "@capacitor/cli": "^7.0.0",
+    "@capacitor/core": "^7.0.0",
+    "@capacitor/docgen": "^0.3.0",
+    "@capacitor/ios": "^7.0.0",
+    "@ionic/eslint-config": "^0.4.0",
+    "@ionic/prettier-config": "^4.0.0",
+    "@ionic/swiftlint-config": "^2.0.0",
+    "@types/node": "^22.13.1",
+    "eslint": "^8.57.0",
+    "eslint-plugin-import": "^2.31.0",
+    "husky": "^9.1.7",
+    "prettier": "^3.4.2",
+    "prettier-plugin-java": "^2.6.7",
+    "rimraf": "^6.0.1",
+    "rollup": "^4.34.6",
+    "swiftlint": "^2.0.0",
+    "typescript": "^5.7.3"
   },
   "peerDependencies": {
-    "@capacitor/core": "^5.0.0"
+    "@capacitor/core": ">=7.0.0"
   },
   "prettier": "@ionic/prettier-config",
   "swiftlint": "@ionic/swiftlint-config",