@capgo/capacitor-updater 8.0.0 → 8.1.0

package/ios/Sources/CapacitorUpdaterPlugin/CryptoCipher.swift

@@ -0,0 +1,267 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+import Foundation
+import CryptoKit
+import BigInt
+
+public struct CryptoCipher {
+    private static var logger: Logger!
+
+    public static func setLogger(_ logger: Logger) {
+        self.logger = logger
+    }
+
+    private static func hexStringToData(_ hex: String) -> Data? {
+        var data = Data()
+        var hexIterator = hex.makeIterator()
+        while let c1 = hexIterator.next(), let c2 = hexIterator.next() {
+            guard let byte = UInt8(String([c1, c2]), radix: 16) else {
+                return nil
+            }
+            data.append(byte)
+        }
+        return data
+    }
+
+    private static func isHexString(_ str: String) -> Bool {
+        let hexCharacterSet = CharacterSet(charactersIn: "0123456789abcdefABCDEF")
+        return str.unicodeScalars.allSatisfy { hexCharacterSet.contains($0) }
+    }
+
+    public static func decryptChecksum(checksum: String, publicKey: String) throws -> String {
+        if publicKey.isEmpty {
+            logger.info("No encryption set (public key) ignored")
+            return checksum
+        }
+        do {
+            // Determine if input is hex or base64 encoded
+            // Hex strings only contain 0-9 and a-f, while base64 contains other characters
+            let checksumBytes: Data
+            let detectedFormat: String
+            if isHexString(checksum) {
+                // Hex encoded (new format from CLI for plugin versions >= 5.30.0, 6.30.0, 7.30.0)
+                guard let hexData = hexStringToData(checksum) else {
+                    logger.error("Cannot decode checksum as hex: \(checksum)")
+                    throw CustomError.cannotDecode
+                }
+                checksumBytes = hexData
+                detectedFormat = "hex"
+            } else {
+                // TODO: remove backwards compatibility
+                // Base64 encoded (old format for backwards compatibility)
+                guard let base64Data = Data(base64Encoded: checksum) else {
+                    logger.error("Cannot decode checksum as base64: \(checksum)")
+                    throw CustomError.cannotDecode
+                }
+                checksumBytes = base64Data
+                detectedFormat = "base64"
+            }
+            logger.debug("Received encrypted checksum format: \(detectedFormat) (length: \(checksum.count) chars, \(checksumBytes.count) bytes)")
+
+            if checksumBytes.isEmpty {
+                logger.error("Decoded checksum is empty")
+                throw CustomError.cannotDecode
+            }
+
+            guard let rsaPublicKey = RSAPublicKey.load(rsaPublicKey: publicKey) else {
+                logger.error("The public key is not a valid RSA Public key")
+                throw CustomError.cannotDecode
+            }
+
+            guard let decryptedChecksum = rsaPublicKey.decrypt(data: checksumBytes) else {
+                logger.error("decryptChecksum fail")
+                throw NSError(domain: "Failed to decrypt session key data", code: 2, userInfo: nil)
+            }
+
+            // Return as hex string to match calcChecksum output format
+            let result = decryptedChecksum.map { String(format: "%02x", $0) }.joined()
+
+            // Detect checksum algorithm based on length
+            let detectedAlgorithm: String
+            if decryptedChecksum.count == 32 {
+                detectedAlgorithm = "SHA-256"
+            } else if decryptedChecksum.count == 4 {
+                detectedAlgorithm = "CRC32 (deprecated)"
+                logger.error("CRC32 checksum detected. This algorithm is deprecated and no longer supported. Please update your CLI to use SHA-256 checksums.")
+            } else {
+                detectedAlgorithm = "unknown (\(decryptedChecksum.count) bytes)"
+                logger.error("Unknown checksum algorithm detected with \(decryptedChecksum.count) bytes. Expected SHA-256 (32 bytes).")
+            }
+            logger.debug("Decrypted checksum: \(detectedAlgorithm) hex format (length: \(result.count) chars, \(decryptedChecksum.count) bytes)")
+            return result
+        } catch {
+            logger.error("decryptChecksum fail: \(error.localizedDescription)")
+            throw CustomError.cannotDecode
+        }
+    }
+
+    /// Detect checksum algorithm based on hex string length.
+    /// SHA-256 = 64 hex chars (32 bytes)
+    /// CRC32 = 8 hex chars (4 bytes)
+    public static func detectChecksumAlgorithm(_ hexChecksum: String) -> String {
+        if hexChecksum.isEmpty {
+            return "empty"
+        }
+        let len = hexChecksum.count
+        if len == 64 {
+            return "SHA-256"
+        } else if len == 8 {
+            return "CRC32 (deprecated)"
+        } else {
+            return "unknown (\(len) hex chars)"
+        }
+    }
+
+    /// Log checksum info and warn if deprecated algorithm detected.
+    public static func logChecksumInfo(label: String, hexChecksum: String) {
+        let algorithm = detectChecksumAlgorithm(hexChecksum)
+        logger.debug("\(label): \(algorithm) hex format (length: \(hexChecksum.count) chars)")
+        if algorithm.contains("CRC32") {
+            logger.error("CRC32 checksum detected. This algorithm is deprecated and no longer supported. Please update your CLI to use SHA-256 checksums.")
+        } else if algorithm.contains("unknown") {
+            logger.error("Unknown checksum algorithm detected. Expected SHA-256 (64 hex chars) but got \(hexChecksum.count) chars.")
+        }
+    }
+
+    public static func calcChecksum(filePath: URL) -> String {
+        let bufferSize = 1024 * 1024 * 5 // 5 MB
+        var sha256 = SHA256()
+
+        do {
+            let fileHandle: FileHandle
+            do {
+                fileHandle = try FileHandle(forReadingFrom: filePath)
+            } catch {
+                logger.error("Cannot open file for checksum: \(filePath.path) \(error)")
+                return ""
+            }
+
+            defer {
+                do {
+                    try fileHandle.close()
+                } catch {
+                    logger.error("Error closing file: \(error)")
+                }
+            }
+
+            while autoreleasepool(invoking: {
+                let fileData: Data
+                do {
+                    if #available(iOS 13.4, *) {
+                        fileData = try fileHandle.read(upToCount: bufferSize) ?? Data()
+                    } else {
+                        fileData = fileHandle.readData(ofLength: bufferSize)
+                    }
+                } catch {
+                    logger.error("Error reading file: \(error)")
+                    return false
+                }
+
+                if fileData.count > 0 {
+                    sha256.update(data: fileData)
+                    return true // Continue
+                } else {
+                    return false // End of file
+                }
+            }) {}
+
+            let digest = sha256.finalize()
+            return digest.compactMap { String(format: "%02x", $0) }.joined()
+        } catch {
+            logger.error("Cannot get checksum: \(filePath.path) \(error)")
+            return ""
+        }
+    }
+
+    public static func decryptFile(filePath: URL, publicKey: String, sessionKey: String, version: String) throws {
+        if publicKey.isEmpty || sessionKey.isEmpty || sessionKey.components(separatedBy: ":").count != 2 {
+            logger.info("Encryption not set, no public key or session, ignored")
+            return
+        }
+
+        if !publicKey.hasPrefix("-----BEGIN RSA PUBLIC KEY-----") {
+            logger.error("The public key is not a valid RSA Public key")
+            return
+        }
+
+        do {
+            guard let rsaPublicKey = RSAPublicKey.load(rsaPublicKey: publicKey) else {
+                logger.error("The public key is not a valid RSA Public key")
+                throw CustomError.cannotDecode
+            }
+
+            let sessionKeyComponents = sessionKey.components(separatedBy: ":")
+            let ivBase64 = sessionKeyComponents[0]
+            let encryptedKeyBase64 = sessionKeyComponents[1]
+
+            guard let ivData = Data(base64Encoded: ivBase64) else {
+                logger.error("Cannot decode sessionKey IV \(ivBase64)")
+                throw CustomError.cannotDecode
+            }
+
+            if ivData.count != 16 {
+                logger.error("IV data has invalid length: \(ivData.count), expected 16")
+                throw CustomError.cannotDecode
+            }
+
+            guard let sessionKeyDataEncrypted = Data(base64Encoded: encryptedKeyBase64) else {
+                logger.error("Cannot decode sessionKey data \(encryptedKeyBase64)")
+                throw NSError(domain: "Invalid session key data", code: 1, userInfo: nil)
+            }
+
+            guard let sessionKeyDataDecrypted = rsaPublicKey.decrypt(data: sessionKeyDataEncrypted) else {
+                logger.error("Failed to decrypt session key data")
+                throw NSError(domain: "Failed to decrypt session key data", code: 2, userInfo: nil)
+            }
+
+            if sessionKeyDataDecrypted.count != 16 {
+                logger.error("Decrypted session key has invalid length: \(sessionKeyDataDecrypted.count), expected 16")
+                throw NSError(domain: "Invalid decrypted session key", code: 5, userInfo: nil)
+            }
+
+            let aesPrivateKey = AES128Key(iv: ivData, aes128Key: sessionKeyDataDecrypted, logger: logger)
+
+            let encryptedData: Data
+            do {
+                encryptedData = try Data(contentsOf: filePath)
+            } catch {
+                logger.error("Failed to read encrypted data: \(error)")
+                throw NSError(domain: "Failed to read encrypted data", code: 3, userInfo: nil)
+            }
+
+            if encryptedData.isEmpty {
+                logger.error("Encrypted file data is empty")
+                throw NSError(domain: "Empty encrypted data", code: 6, userInfo: nil)
+            }
+
+            guard let decryptedData = aesPrivateKey.decrypt(data: encryptedData) else {
+                logger.error("Failed to decrypt data")
+                throw NSError(domain: "Failed to decrypt data", code: 4, userInfo: nil)
+            }
+
+            if decryptedData.isEmpty {
+                logger.error("Decrypted data is empty")
+                throw NSError(domain: "Empty decrypted data", code: 7, userInfo: nil)
+            }
+
+            do {
+                try decryptedData.write(to: filePath, options: .atomic)
+                if !FileManager.default.fileExists(atPath: filePath.path) {
+                    logger.error("File was not created after write")
+                    throw NSError(domain: "File write failed", code: 8, userInfo: nil)
+                }
+            } catch {
+                logger.error("Error writing decrypted file: \(error)")
+                throw error
+            }
+
+        } catch {
+            logger.error("decryptFile fail")
+            throw CustomError.cannotDecode
+        }
+    }
+}

package/ios/Sources/CapacitorUpdaterPlugin/DelayUpdateUtils.swift

@@ -0,0 +1,220 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+//
+//  DelayUpdateUtils.swift
+//  Plugin
+//
+//  Created by Auto-generated based on Android implementation
+//  Copyright © 2024 Capgo. All rights reserved.
+//
+
+import Foundation
+import Version
+
+public class DelayUpdateUtils {
+
+    static let DELAY_CONDITION_PREFERENCES = "DELAY_CONDITION_PREFERENCES_CAPGO"
+    static let BACKGROUND_TIMESTAMP_KEY = "BACKGROUND_TIMESTAMP_KEY_CAPGO"
+    private let logger: Logger
+
+    private let currentVersionNative: Version
+
+    public enum CancelDelaySource {
+        case killed
+        case background
+        case foreground
+
+        var description: String {
+            switch self {
+            case .killed: return "KILLED"
+            case .background: return "BACKGROUND"
+            case .foreground: return "FOREGROUND"
+            }
+        }
+    }
+
+    public init(currentVersionNative: Version, logger: Logger) {
+        self.currentVersionNative = currentVersionNative
+        self.logger = logger
+    }
+
+    public func checkCancelDelay(source: CancelDelaySource) {
+        let delayUpdatePreferences = UserDefaults.standard.string(forKey: DelayUpdateUtils.DELAY_CONDITION_PREFERENCES) ?? "[]"
+        let delayConditionList: [DelayCondition] = fromJsonArr(json: delayUpdatePreferences).map { obj -> DelayCondition in
+            let kind: String = obj.value(forKey: "kind") as! String
+            let value: String? = obj.value(forKey: "value") as? String
+            return DelayCondition(kind: kind, value: value)
+        }
+
+        var delayConditionListToKeep: [DelayCondition] = []
+        var index = 0
+
+        for condition in delayConditionList {
+            let kind = condition.getKind()
+            let value = condition.getValue()
+
+            switch kind {
+            case "background":
+                if source == .foreground {
+                    let backgroundedAt = getBackgroundTimestamp()
+                    let now = Int64(Date().timeIntervalSince1970 * 1000) // Convert to milliseconds
+                    let delta = max(0, now - backgroundedAt)
+
+                    var longValue: Int64 = 0
+                    if let value = value, !value.isEmpty {
+                        longValue = Int64(value) ?? 0
+                    }
+
+                    if delta > longValue {
+                        logger.info("Background condition (value: \(value ?? "")) deleted at index \(index). Delta: \(delta), longValue: \(longValue)")
+                    } else {
+                        delayConditionListToKeep.append(condition)
+                        logger.info("Background delay (value: \(value ?? "")) condition kept at index \(index) (source: \(source.description))")
+                    }
+                } else {
+                    delayConditionListToKeep.append(condition)
+                    logger.info("Background delay (value: \(value ?? "")) condition kept at index \(index) (source: \(source.description))")
+                }
+
+            case "kill":
+                if source == .killed {
+                    logger.info("Kill delay (value: \(value ?? "")) condition removed at index \(index) after app kill")
+                } else {
+                    delayConditionListToKeep.append(condition)
+                    logger.info("Kill delay (value: \(value ?? "")) condition kept at index \(index) (source: \(source.description))")
+                }
+
+            case "date":
+                if let value = value, !value.isEmpty {
+                    do {
+                        let dateFormatter = ISO8601DateFormatter()
+                        dateFormatter.formatOptions = [.withInternetDateTime, .withFractionalSeconds]
+
+                        if let date = dateFormatter.date(from: value) {
+                            if Date() > date {
+                                logger.info("Date delay (value: \(value)) condition removed due to expired date at index \(index)")
+                            } else {
+                                delayConditionListToKeep.append(condition)
+                                logger.info("Date delay (value: \(value)) condition kept at index \(index)")
+                            }
+                        } else {
+                            logger.error("Date delay (value: \(value)) condition removed due to parsing issue at index \(index)")
+                        }
+                    } catch {
+                        logger.error("Date delay (value: \(value)) condition removed due to parsing issue at index \(index): \(error)")
+                    }
+                } else {
+                    logger.error("Date delay (value: \(value ?? "")) condition removed due to empty value at index \(index)")
+                }
+
+            case "nativeVersion":
+                if let value = value, !value.isEmpty {
+                    do {
+                        let versionLimit = try Version(value)
+                        if currentVersionNative >= versionLimit {
+                            logger.info("Native version delay (value: \(value)) condition removed due to above limit at index \(index)")
+                        } else {
+                            delayConditionListToKeep.append(condition)
+                            logger.info("Native version delay (value: \(value)) condition kept at index \(index)")
+                        }
+                    } catch {
+                        logger.error("Native version delay (value: \(value)) condition removed due to parsing issue at index \(index): \(error)")
+                    }
+                } else {
+                    logger.error("Native version delay (value: \(value ?? "")) condition removed due to empty value at index \(index)")
+                }
+
+            default:
+                logger.error("Unknown delay condition kind: \(kind) at index \(index)")
+            }
+
+            index += 1
+        }
+
+        if !delayConditionListToKeep.isEmpty {
+            let json = toJson(object: delayConditionListToKeep.map { $0.toJSON() })
+            _ = setMultiDelay(delayConditions: json)
+        } else {
+            // Clear all delay conditions if none are left to keep
+            _ = cancelDelay(source: "checkCancelDelay")
+        }
+    }
+
+    public func setMultiDelay(delayConditions: String) -> Bool {
+        do {
+            UserDefaults.standard.set(delayConditions, forKey: DelayUpdateUtils.DELAY_CONDITION_PREFERENCES)
+            UserDefaults.standard.synchronize()
+            logger.info("Delay update saved")
+            return true
+        } catch {
+            logger.error("Failed to delay update, [Error calling 'setMultiDelay()']: \(error)")
+            return false
+        }
+    }
+
+    public func setBackgroundTimestamp(_ backgroundTimestamp: Int64) {
+        do {
+            UserDefaults.standard.set(backgroundTimestamp, forKey: DelayUpdateUtils.BACKGROUND_TIMESTAMP_KEY)
+            UserDefaults.standard.synchronize()
+            logger.info("Background timestamp saved")
+        } catch {
+            logger.error("Failed to save background timestamp, [Error calling 'setBackgroundTimestamp()']: \(error)")
+        }
+    }
+
+    public func unsetBackgroundTimestamp() {
+        do {
+            UserDefaults.standard.removeObject(forKey: DelayUpdateUtils.BACKGROUND_TIMESTAMP_KEY)
+            UserDefaults.standard.synchronize()
+            logger.info("Background timestamp removed")
+        } catch {
+            logger.error("Failed to remove background timestamp, [Error calling 'unsetBackgroundTimestamp()']: \(error)")
+        }
+    }
+
+    private func getBackgroundTimestamp() -> Int64 {
+        do {
+            let timestamp = UserDefaults.standard.object(forKey: DelayUpdateUtils.BACKGROUND_TIMESTAMP_KEY) as? Int64 ?? 0
+            return timestamp
+        } catch {
+            logger.error("Failed to get background timestamp, [Error calling 'getBackgroundTimestamp()']: \(error)")
+            return 0
+        }
+    }
+
+    public func cancelDelay(source: String) -> Bool {
+        do {
+            UserDefaults.standard.removeObject(forKey: DelayUpdateUtils.DELAY_CONDITION_PREFERENCES)
+            UserDefaults.standard.synchronize()
+            logger.info("All delays canceled from \(source)")
+            return true
+        } catch {
+            logger.error("Failed to cancel update delay: \(error)")
+            return false
+        }
+    }
+
+    // MARK: - Helper methods
+
+    private func toJson(object: Any) -> String {
+        guard let data = try? JSONSerialization.data(withJSONObject: object, options: []) else {
+            return ""
+        }
+        return String(data: data, encoding: String.Encoding.utf8) ?? ""
+    }
+
+    private func fromJsonArr(json: String) -> [NSObject] {
+        guard let jsonData = json.data(using: .utf8) else {
+            return []
+        }
+        let object = try? JSONSerialization.jsonObject(
+            with: jsonData,
+            options: .mutableContainers
+        ) as? [NSObject]
+        return object ?? []
+    }
+}

package/ios/Sources/CapacitorUpdaterPlugin/DeviceIdHelper.swift

@@ -0,0 +1,120 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+import Foundation
+import Security
+
+/**
+ * Helper class to manage device ID persistence across app installations.
+ * Uses iOS Keychain to persist the device ID.
+ */
+class DeviceIdHelper {
+    private static let keychainService = "app.capgo.updater"
+    private static let keychainAccount = "deviceId"
+    private static let legacyDefaultsKey = "appUUID"
+
+    /**
+     * Gets or creates a device ID that persists across reinstalls.
+     *
+     * This method:
+     * 1. First checks for an existing ID in Keychain (persists across reinstalls)
+     * 2. Falls back to UserDefaults (for migration from older versions)
+     * 3. Generates a new UUID if neither exists
+     * 4. Stores the ID in Keychain for future use
+     *
+     * @return Device ID as a lowercase UUID string
+     */
+    static func getOrCreateDeviceId() -> String {
+        // Try to get device ID from Keychain first
+        if let keychainDeviceId = getDeviceIdFromKeychain() {
+            return keychainDeviceId.lowercased()
+        }
+
+        // Migration: Check UserDefaults for existing device ID
+        var deviceId = UserDefaults.standard.string(forKey: legacyDefaultsKey)
+
+        if deviceId == nil || deviceId!.isEmpty {
+            // Generate new device ID if none exists
+            deviceId = UUID().uuidString
+        }
+
+        // Ensure lowercase for consistency
+        deviceId = deviceId!.lowercased()
+
+        // Save to Keychain for persistence across reinstalls
+        saveDeviceIdToKeychain(deviceId: deviceId!)
+
+        return deviceId!
+    }
+
+    /**
+     * Retrieves the device ID from iOS Keychain.
+     *
+     * @return Device ID string or nil if not found
+     */
+    private static func getDeviceIdFromKeychain() -> String? {
+        let query: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: keychainService,
+            kSecAttrAccount as String: keychainAccount,
+            kSecReturnData as String: true,
+            kSecMatchLimit as String: kSecMatchLimitOne
+        ]
+
+        var result: AnyObject?
+        let status = SecItemCopyMatching(query as CFDictionary, &result)
+
+        guard status == errSecSuccess,
+              let data = result as? Data,
+              let deviceId = String(data: data, encoding: .utf8) else {
+            return nil
+        }
+
+        return deviceId
+    }
+
+    /**
+     * Saves the device ID to iOS Keychain with appropriate accessibility settings.
+     *
+     * Uses kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly:
+     * - Data persists across reinstalls
+     * - Data is NOT synced to iCloud
+     * - Data is accessible after first device unlock
+     * - Data stays on this device only (privacy-friendly)
+     *
+     * @param deviceId The device ID to save
+     */
+    private static func saveDeviceIdToKeychain(deviceId: String) {
+        guard let data = deviceId.data(using: .utf8) else {
+            return
+        }
+
+        // Delete any existing entry first
+        let deleteQuery: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: keychainService,
+            kSecAttrAccount as String: keychainAccount
+        ]
+        SecItemDelete(deleteQuery as CFDictionary)
+
+        // Add new entry with appropriate accessibility
+        let addQuery: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: keychainService,
+            kSecAttrAccount as String: keychainAccount,
+            kSecValueData as String: data,
+            // This ensures data persists across reinstalls but stays on device (not synced)
+            kSecAttrAccessible as String: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly
+        ]
+
+        let status = SecItemAdd(addQuery as CFDictionary, nil)
+
+        if status != errSecSuccess {
+            // Log error but don't crash - we'll fall back to UserDefaults on next launch
+            print("Failed to save device ID to Keychain: \(status)")
+        }
+    }
+}