react-native-stallion 2.1.0 → 2.2.0-alpha.2

package/android/src/main/java/com/stallion/events/StallionEventConstants.java

@@ -3,6 +3,7 @@ package com.stallion.events;
 public class StallionEventConstants {
   public enum NativeProdEventTypes {
     DOWNLOAD_STARTED_PROD,
+    DOWNLOAD_RESUME_PROD,
     DOWNLOAD_ERROR_PROD,
     DOWNLOAD_COMPLETE_PROD,
     SYNC_ERROR_PROD,
@@ -12,7 +13,8 @@ public class StallionEventConstants {
     EXCEPTION_PROD,
     AUTO_ROLLED_BACK_PROD,
     CORRUPTED_FILE_ERROR,
-    FILE_MOUNTING_ERROR
+    FILE_MOUNTING_ERROR,
+    SIGNATURE_VERIFICATION_FAILED
   }
 
   public enum NativeStageEventTypes {
@@ -20,6 +22,7 @@ public class StallionEventConstants {
     DOWNLOAD_COMPLETE_STAGE,
     EXCEPTION_STAGE,
     DOWNLOAD_STARTED_STAGE,
+    DOWNLOAD_RESUME_STAGE,
     DOWNLOAD_ERROR_STAGE,
     INSTALLED_STAGE,
   }

package/android/src/main/java/com/stallion/events/StallionEventManager.java

@@ -18,6 +18,7 @@ public class StallionEventManager {
   public  static final String STALLION_NATIVE_EVENT_NAME = "STALLION_NATIVE_EVENT";
   private static final String EVENTS_KEY = "stored_events";
   private static final int MAX_BATCH_COUNT_SIZE = 9;
+  private static final int MAX_EVENT_STORAGE_LIMIT = 20;
 
   private static StallionEventManager instance;
   private final StallionStateManager stallionStateManager;
@@ -105,6 +106,12 @@ public class StallionEventManager {
     try {
       String eventsString = stallionStateManager.getString(EVENTS_KEY, "{}");
       JSONObject eventsObject = new JSONObject(eventsString);
+
+      // Flush all if limit reached
+      if (eventsObject.length() >= MAX_EVENT_STORAGE_LIMIT) {
+        eventsObject = new JSONObject(); // reset
+      }
+
       eventsObject.put(uniqueId, eventPayload.toString());
       stallionStateManager.setString(EVENTS_KEY, eventsObject.toString());
     } catch (JSONException e) {

package/android/src/main/java/com/stallion/networkmanager/StallionDownloadCacheManager.java

@@ -0,0 +1,48 @@
+package com.stallion.networkmanager;
+
+import com.stallion.storage.StallionConfig;
+import com.stallion.utils.StallionFileManager;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.util.Objects;
+
+public class StallionDownloadCacheManager {
+  private static final String metaFilePath = "/download-cache.meta";
+
+  public static long getDownloadCache(StallionConfig config, String downloadUrl, String downloadPath) {
+    String lastDownloadingUrl = config.getLastDownloadingUrl();
+    long alreadyDownloaded = readMetaFile(downloadPath);
+    if(!Objects.equals(lastDownloadingUrl, downloadUrl) || alreadyDownloaded <= 0) {
+      config.setLastDownloadingUrl(downloadUrl);
+      StallionFileManager.deleteFileOrFolderSilently(new File(downloadPath));
+      return 0;
+    } else {
+      return alreadyDownloaded;
+    }
+  }
+
+  public static void saveDownloadCache(String path, long bytes) {
+    try (FileOutputStream fos = new FileOutputStream(path + metaFilePath)) {
+      fos.write(Long.toString(bytes).getBytes());
+    } catch (Exception ignored) {}
+  }
+
+  private static long readMetaFile(String path) {
+    File meta = new File(path + metaFilePath);
+    if (!meta.exists()) return 0;
+    try (FileInputStream fis = new FileInputStream(meta)) {
+      byte[] data = new byte[(int) meta.length()];
+      fis.read(data);
+      return Long.parseLong(new String(data));
+    } catch (Exception e) {
+      return 0;
+    }
+  }
+
+  public static void deleteDownloadCache(String path) {
+    File meta = new File(path + metaFilePath);
+    if (meta.exists()) meta.delete();
+  }
+}

package/android/src/main/java/com/stallion/networkmanager/StallionFileDownloader.java

@@ -8,6 +8,7 @@ import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
+import java.io.RandomAccessFile;
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.nio.ByteBuffer;
@@ -28,6 +29,7 @@ public class StallionFileDownloader {
   public static void downloadBundle(
     String downloadUrl,
     String downloadDirectory,
+    long alreadyDownloaded,
     StallionDownloadCallback stallionDownloadCallback
   ) {
     executor.execute(() -> {
@@ -61,7 +63,7 @@ public class StallionFileDownloader {
         }
 
         // Download file
-        downloadFile(downloadUrl, downloadedZip, appToken, sdkToken, stallionDownloadCallback);
+        downloadFile(downloadUrl, downloadedZip, appToken, sdkToken, stallionDownloadCallback, alreadyDownloaded, downloadDirectory);
 
         // Validate and unzip the downloaded file
         validateAndUnzip(downloadedZip, downloadDirectory, stallionDownloadCallback);
@@ -75,7 +77,7 @@ public class StallionFileDownloader {
   private static long getFileSize(String downloadUrl, String appToken, String apiKey) throws IOException {
     HttpURLConnection connection = null;
     try {
-      connection = setupConnection(downloadUrl, appToken, apiKey);
+      connection = setupConnection(downloadUrl, appToken, apiKey, 0);
       return connection.getContentLength();
     } finally {
       if (connection != null) {
@@ -96,11 +98,10 @@ public class StallionFileDownloader {
 
   private static File prepareForDownload(String downloadDirectory) throws IOException {
     File downloadFolder = new File(downloadDirectory);
-    if (downloadFolder.exists()) {
-      StallionFileManager.deleteFileOrFolderSilently(downloadFolder);
-    }
-    if (!downloadFolder.mkdirs()) {
-      throw new IOException("Failed to create download directory: " + downloadDirectory);
+    if (!downloadFolder.exists()) {
+      if (!downloadFolder.mkdirs()) {
+        throw new IOException("Failed to create download directory: " + downloadDirectory);
+      }
     }
     return new File(downloadFolder, StallionApiConstants.ZIP_FILE_NAME);
   }
@@ -110,21 +111,21 @@ public class StallionFileDownloader {
     File destinationFile,
     String appToken,
     String sdkToken,
-    StallionDownloadCallback callback
+    StallionDownloadCallback callback,
+    long alreadyDownloaded,
+    String downloadDirectory
   ) throws IOException {
-    HttpURLConnection connection = null;
+    HttpURLConnection connection = setupConnection(downloadUrl, appToken, sdkToken, alreadyDownloaded);
     try (
-      BufferedInputStream inputStream = new BufferedInputStream(setupConnection(downloadUrl, appToken, sdkToken).getInputStream());
-      FileOutputStream fout = new FileOutputStream(destinationFile);
-      BufferedOutputStream bout = new BufferedOutputStream(fout, StallionApiConstants.DOWNLOAD_BUFFER_SIZE)
+      BufferedInputStream inputStream = new BufferedInputStream(connection.getInputStream());
+      RandomAccessFile raf = new RandomAccessFile(destinationFile, "rw")
     ) {
-      connection = setupConnection(downloadUrl, appToken, sdkToken);
-
+      raf.seek(alreadyDownloaded);
       byte[] buffer = new byte[StallionApiConstants.DOWNLOAD_BUFFER_SIZE];
-      long totalBytes = connection.getContentLength();
-      long receivedBytes = 0;
+      long totalBytes = connection.getContentLength() + alreadyDownloaded;
+      long receivedBytes = alreadyDownloaded;
       int bytesRead;
-      double lastProgress = 0;
+      double lastProgress = (double) receivedBytes / totalBytes;
 
       // Ensure totalBytes is valid
       if (totalBytes <= 0) {
@@ -133,9 +134,11 @@ public class StallionFileDownloader {
       }
 
       while ((bytesRead = inputStream.read(buffer)) != -1) {
-        bout.write(buffer, 0, bytesRead);
+        raf.write(buffer, 0, bytesRead);
         receivedBytes += bytesRead;
 
+        StallionDownloadCacheManager.saveDownloadCache(downloadDirectory, receivedBytes);
+
         double progress = (double) receivedBytes / totalBytes;
         if (Double.isNaN(progress) || Double.isInfinite(progress)) {
           callback.onReject(StallionApiConstants.DOWNLOAD_ERROR_PREFIX, "Invalid progress calculation");
@@ -148,8 +151,7 @@ public class StallionFileDownloader {
         }
       }
 
-      bout.close();
-      fout.close();
+      raf.close();
       inputStream.close();
 
       // Check for incomplete download
@@ -161,18 +163,25 @@ public class StallionFileDownloader {
       callback.onReject(StallionApiConstants.DOWNLOAD_ERROR_PREFIX, "IOException occurred: ");
       throw e;
     } finally {
-      if (connection != null) {
-        connection.disconnect();
-      }
+      connection.disconnect();
     }
   }
 
 
-  private static HttpURLConnection setupConnection(String downloadUrl, String appToken, String sdkToken) throws IOException {
+  private static HttpURLConnection setupConnection(
+    String downloadUrl,
+    String appToken,
+    String sdkToken,
+    long offset
+  ) throws IOException {
     URL url = new URL(downloadUrl);
     HttpURLConnection connection = (HttpURLConnection) url.openConnection();
     connection.setRequestMethod("GET");
 
+    if (offset > 0) {
+      connection.setRequestProperty("Range", "bytes=" + offset + "-");
+    }
+
     if(!appToken.isEmpty()) {
       connection.setRequestProperty(StallionApiConstants.STALLION_APP_TOKEN_KEY, appToken);
     }

package/android/src/main/java/com/stallion/networkmanager/StallionStageManager.java

@@ -4,6 +4,7 @@ import com.facebook.react.bridge.Promise;
 import com.facebook.react.bridge.ReadableMap;
 import com.stallion.events.StallionEventConstants;
 import com.stallion.events.StallionEventManager;
+import com.stallion.storage.StallionConfig;
 import com.stallion.storage.StallionConfigConstants;
 import com.stallion.storage.StallionMetaConstants;
 import com.stallion.storage.StallionStateManager;
@@ -21,14 +22,18 @@ public class StallionStageManager {
         && receivedHash != null
         && !receivedHash.isEmpty()
     ) {
-      String downloadPath = stallionStateManager.getStallionConfig().getFilesDirectory()
+      StallionConfig config = stallionStateManager.getStallionConfig();
+      String downloadPath = config.getFilesDirectory()
         + StallionConfigConstants.STAGE_DIRECTORY
         + StallionConfigConstants.TEMP_FOLDER_SLOT;
+      long alreadyDownloaded = StallionDownloadCacheManager.getDownloadCache(config, receivedDownloadUrl, downloadPath);
+
+      emitDownloadStartedStage(receivedHash, alreadyDownloaded > 0);
 
-      emitDownloadStartedStage(receivedHash);
       StallionFileDownloader.downloadBundle(
         receivedDownloadUrl,
         downloadPath,
+        alreadyDownloaded,
         new StallionDownloadCallback() {
           @Override
           public void onReject(String prefix, String error) {
@@ -42,6 +47,7 @@ public class StallionStageManager {
             stallionStateManager.stallionMeta.setStageTempHash(receivedHash);
             stallionStateManager.syncStallionMeta();
             emitDownloadSuccessStage(receivedHash);
+            StallionDownloadCacheManager.deleteDownloadCache(downloadPath);
             promise.resolve(successPayload);
           }
 
@@ -77,13 +83,15 @@ public class StallionStageManager {
     );
   }
 
-  private static void emitDownloadStartedStage(String releaseHash) {
+  private static void emitDownloadStartedStage(String releaseHash, Boolean isResume) {
     JSONObject startedPayload = new JSONObject();
     try {
       startedPayload.put("releaseHash", releaseHash);
     } catch (Exception ignored) { }
     StallionEventManager.getInstance().sendEvent(
-      StallionEventConstants.NativeStageEventTypes.DOWNLOAD_STARTED_STAGE.toString(),
+      isResume ?
+        StallionEventConstants.NativeStageEventTypes.DOWNLOAD_RESUME_STAGE.toString()
+        : StallionEventConstants.NativeStageEventTypes.DOWNLOAD_STARTED_STAGE.toString(),
       startedPayload
     );
   }

package/android/src/main/java/com/stallion/networkmanager/StallionSyncHandler.java

@@ -5,10 +5,14 @@ import com.stallion.storage.StallionConfigConstants;
 import com.stallion.storage.StallionMetaConstants;
 import com.stallion.storage.StallionStateManager;
 import com.stallion.storage.StallionConfig;
+import com.stallion.utils.StallionFileManager;
+import com.stallion.utils.StallionSignatureVerification;
 import com.stallion.utils.StallionSlotManager;
 import com.stallion.events.StallionEventConstants.NativeProdEventTypes;
 
 import org.json.JSONObject;
+
+import java.io.File;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 public class StallionSyncHandler {
@@ -85,11 +89,13 @@ public class StallionSyncHandler {
 
     StallionStateManager stateManager = StallionStateManager.getInstance();
     String lastRolledBackHash = stateManager.stallionMeta.getLastRolledBackHash();
+    String lastUnverifiedHash = stateManager.getStallionConfig().getLastUnverifiedHash();
 
     if (
-        !newReleaseHash.isEmpty()
-        && !newReleaseUrl.isEmpty()
-        && !newReleaseHash.equals(lastRolledBackHash)
+          !newReleaseHash.isEmpty()
+          && !newReleaseUrl.isEmpty()
+          && !newReleaseHash.equals(lastRolledBackHash)
+          && !newReleaseHash.equals(lastUnverifiedHash)
     ) {
       if(stateManager.getIsMounted()) {
         downloadNewRelease(newReleaseHash, newReleaseUrl);
@@ -106,16 +112,22 @@ public class StallionSyncHandler {
     }
     try {
       StallionStateManager stateManager = StallionStateManager.getInstance();
-      String downloadPath = stateManager.getStallionConfig().getFilesDirectory()
+      StallionConfig config = stateManager.getStallionConfig();
+      String downloadPath = config.getFilesDirectory()
         + StallionConfigConstants.PROD_DIRECTORY
         + StallionConfigConstants.TEMP_FOLDER_SLOT;
-      String projectId = stateManager.getStallionConfig().getProjectId();
+      String projectId = config.getProjectId();
+      String downloadUrl = newReleaseUrl + "?projectId=" + projectId;
+      String publicSigningKey = config.getPublicSigningKey();
+
+      long alreadyDownloaded = StallionDownloadCacheManager.getDownloadCache(config, downloadUrl, downloadPath);
 
-      emitDownloadStarted(newReleaseHash);
+      emitDownloadStarted(newReleaseHash, alreadyDownloaded > 0);
 
       StallionFileDownloader.downloadBundle(
-        newReleaseUrl + "?projectId=" + projectId,
+        downloadUrl,
         downloadPath,
+        alreadyDownloaded,
         new StallionDownloadCallback() {
           @Override
           public void onReject(String prefix, String error) {
@@ -126,6 +138,22 @@ public class StallionSyncHandler {
           @Override
           public void onSuccess(String successPayload) {
             isDownloadInProgress.set(false);
+            StallionDownloadCacheManager.deleteDownloadCache(downloadPath);
+
+            if(publicSigningKey != null && !publicSigningKey.isEmpty()) {
+              if(
+                !StallionSignatureVerification.verifyReleaseSignature(
+                downloadPath + StallionConfigConstants.UNZIP_FOLDER_NAME,
+                publicSigningKey)
+              ) {
+                // discard the downloaded release
+                config.setLastUnverifiedHash(newReleaseHash);
+                emitSignatureVerificationFailed(newReleaseHash);
+                StallionFileManager.deleteFileOrFolderSilently(new File(downloadPath));
+                return;
+              }
+            }
+
             stateManager.stallionMeta.setCurrentProdSlot(StallionMetaConstants.SlotStates.NEW_SLOT);
             stateManager.stallionMeta.setProdTempHash(newReleaseHash);
             String currentProdNewHash = stateManager.stallionMeta.getProdNewHash();
@@ -182,13 +210,23 @@ public class StallionSyncHandler {
     );
   }
 
-  private static void emitDownloadStarted(String releaseHash) {
+  private static void emitDownloadStarted(String releaseHash, Boolean isResume) {
+    JSONObject successPayload = new JSONObject();
+    try {
+      successPayload.put("releaseHash", releaseHash);
+    } catch (Exception ignored) { }
+    StallionEventManager.getInstance().sendEvent(
+      isResume ? NativeProdEventTypes.DOWNLOAD_RESUME_PROD.toString(): NativeProdEventTypes.DOWNLOAD_STARTED_PROD.toString(),
+      successPayload
+    );
+  }
+  private static void emitSignatureVerificationFailed(String releaseHash) {
     JSONObject successPayload = new JSONObject();
     try {
       successPayload.put("releaseHash", releaseHash);
     } catch (Exception ignored) { }
     StallionEventManager.getInstance().sendEvent(
-      NativeProdEventTypes.DOWNLOAD_STARTED_PROD.toString(),
+      NativeProdEventTypes.SIGNATURE_VERIFICATION_FAILED.toString(),
       successPayload
     );
   }

package/android/src/main/java/com/stallion/storage/StallionConfig.java

@@ -19,6 +19,10 @@ public class StallionConfig {
   private final String appVersion;
   private final SharedPreferences sharedPreferences;
   private final String filesDirectory;
+  private String lastDownloadingUrl;
+  private String lastUnverifiedHash;
+  private final String publicSigningKey;
+
 
   public StallionConfig(Context context, SharedPreferences sharedPreferences) {
     this.sharedPreferences = sharedPreferences;
@@ -31,6 +35,7 @@ public class StallionConfig {
       parentPackageName
     );
     this.projectId = stallionProjectIdRes != 0 ?context.getString(stallionProjectIdRes) : "";
+
     int stallionAppTokenRes = res.getIdentifier(
       StallionConfigConstants.STALLION_APP_TOKEN_IDENTIFIER,
       "string",
@@ -38,6 +43,13 @@ public class StallionConfig {
     );
     this.appToken = stallionAppTokenRes != 0 ? context.getString(stallionAppTokenRes) : "";
 
+    int stallionPublicKeyRes = res.getIdentifier(
+      StallionConfigConstants.STALLION_PUBLIC_SIGNING_KEY_IDENTIFIER,
+      "string",
+      parentPackageName
+    );
+    this.publicSigningKey = stallionPublicKeyRes != 0 ? context.getString(stallionPublicKeyRes) : "";
+
     // get or generate UID
     String cachedUniqueId = sharedPreferences.getString(
       StallionConfigConstants.UNIQUE_ID_IDENTIFIER,
@@ -63,6 +75,30 @@ public class StallionConfig {
 
     this.appVersion = fetchAppVersion(context);
     this.filesDirectory = context.getFilesDir().getAbsolutePath();
+    this.lastDownloadingUrl = sharedPreferences.getString(StallionConfigConstants.LAST_DOWNLOADING_URL_IDENTIFIER, "");
+    this.lastUnverifiedHash = sharedPreferences.getString(StallionConfigConstants.LAST_UNVERIFIED_HASH, "");
+  }
+
+  public String getLastDownloadingUrl() {
+    return this.lastDownloadingUrl;
+  }
+
+  public void setLastDownloadingUrl(String newUrl) {
+    this.lastDownloadingUrl = newUrl;
+    SharedPreferences.Editor editor = sharedPreferences.edit();
+    editor.putString(StallionConfigConstants.LAST_DOWNLOADING_URL_IDENTIFIER, newUrl);
+    editor.apply();
+  }
+
+  public String getLastUnverifiedHash() {
+    return this.lastUnverifiedHash;
+  }
+
+  public void setLastUnverifiedHash(String newUnverifiedHash) {
+    this.lastUnverifiedHash = newUnverifiedHash;
+    SharedPreferences.Editor editor = sharedPreferences.edit();
+    editor.putString(StallionConfigConstants.LAST_UNVERIFIED_HASH, newUnverifiedHash);
+    editor.apply();
   }
 
   private String fetchAppVersion(Context context) {
@@ -105,6 +141,10 @@ public class StallionConfig {
 
   public String getFilesDirectory() { return this.filesDirectory; }
 
+  public String getPublicSigningKey() {
+    return this.publicSigningKey;
+  }
+
   public JSONObject toJSON() {
     JSONObject configJson = new JSONObject();
     try {

package/android/src/main/java/com/stallion/storage/StallionConfigConstants.java

@@ -7,8 +7,11 @@ public class StallionConfigConstants {
 
   public static final String STALLION_PROJECT_ID_IDENTIFIER = "StallionProjectId";
   public static final String STALLION_APP_TOKEN_IDENTIFIER = "StallionAppToken";
+  public static final String STALLION_PUBLIC_SIGNING_KEY_IDENTIFIER = "StallionPublicSigningKey";
   public static final String UNIQUE_ID_IDENTIFIER = "stallionDeviceId";
   public static final String API_KEY_IDENTIFIER = "x-sdk-access-token";
+  public static final String LAST_DOWNLOADING_URL_IDENTIFIER = "StallionLastDownloadingUrl";
+  public static final String LAST_UNVERIFIED_HASH = "LastUnverifiedHash";
 
   public static final String PROD_DIRECTORY = "/StallionProd";
   public static final String STAGE_DIRECTORY = "/StallionStage";

package/android/src/main/java/com/stallion/utils/StallionSignatureVerification.java

@@ -0,0 +1,129 @@
+package com.stallion.utils;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.DigestInputStream;
+import java.security.KeyFactory;
+import java.security.MessageDigest;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Scanner;
+
+import org.json.JSONArray;
+import org.json.JSONObject;
+
+public class StallionSignatureVerification {
+
+  public static final String SIGNATURE_FILE_NAME = ".stallionsigned";
+
+  public static boolean verifyReleaseSignature(String downloadedBundlePath, String publicKeyPem) {
+    try {
+      File folderPath = new File(downloadedBundlePath);
+      File signatureFile = new File(folderPath, SIGNATURE_FILE_NAME);
+      if (!signatureFile.exists()) return false;
+
+      String jwt = readFileLegacy(signatureFile);
+      String[] jwtParts = jwt.split("\\.");
+      if (jwtParts.length != 3) return false;
+
+      String header = jwtParts[0];
+      String payload = jwtParts[1];
+      String signature = jwtParts[2];
+
+      byte[] signatureBytes = base64UrlDecode(signature);
+      byte[] signedContent = (header + "." + payload).getBytes(StandardCharsets.UTF_8);
+
+      String cleanedPem = publicKeyPem
+        .replace("-----BEGIN PUBLIC KEY-----", "")
+        .replace("-----END PUBLIC KEY-----", "")
+        .replaceAll("\\s", "");
+
+      byte[] decodedKey = android.util.Base64.decode(cleanedPem, android.util.Base64.DEFAULT);
+      X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodedKey);
+      KeyFactory keyFactory = KeyFactory.getInstance("RSA");
+      PublicKey pubKey = keyFactory.generatePublic(keySpec);
+
+      Signature sig = Signature.getInstance("SHA256withRSA");
+      sig.initVerify(pubKey);
+      sig.update(signedContent);
+      if (!sig.verify(signatureBytes)) return false;
+
+      String jsonPayload = new String(base64UrlDecode(payload), StandardCharsets.UTF_8);
+      JSONObject payloadObj = new JSONObject(jsonPayload);
+      String expectedHash = payloadObj.optString("packageHash", "");
+
+      String actualHash = computeFolderHash(folderPath);
+      return expectedHash.equals(actualHash);
+
+    } catch (Exception e) {
+      e.printStackTrace();
+      return false;
+    }
+  }
+
+  private static String computeFolderHash(File folder) throws Exception {
+    ArrayList<String> manifest = new ArrayList<>();
+    addFolderContentsToManifest(folder, "", manifest);
+    Collections.sort(manifest);
+    JSONArray jsonArray = new JSONArray();
+    for (String entry : manifest) {
+      jsonArray.put(entry);
+    }
+    String jsonString = jsonArray.toString().replace("\\/", "/");
+    return computeHash(new ByteArrayInputStream(jsonString.getBytes(StandardCharsets.UTF_8)));
+  }
+
+  private static void addFolderContentsToManifest(File folder, String pathPrefix, ArrayList<String> manifest) throws Exception {
+    File[] files = folder.listFiles();
+    for (File file : files) {
+      String fileName = file.getName();
+      String relativePath = pathPrefix.isEmpty() ? fileName : pathPrefix + "/" + fileName;
+      if (isIgnored(relativePath)) continue;
+      if (file.isDirectory()) {
+        addFolderContentsToManifest(file, relativePath, manifest);
+      } else {
+        manifest.add(relativePath + ":" + computeHash(new FileInputStream(file)));
+      }
+    }
+  }
+
+  private static boolean isIgnored(String path) {
+    return path.equals(".DS_Store") || path.equals(SIGNATURE_FILE_NAME) || path.startsWith("__MACOSX/");
+  }
+
+  private static String computeHash(InputStream stream) throws Exception {
+    MessageDigest digest = MessageDigest.getInstance("SHA-256");
+    DigestInputStream dis = new DigestInputStream(stream, digest);
+    byte[] buffer = new byte[8192];
+    while (dis.read(buffer) != -1);
+    dis.close();
+    byte[] hash = digest.digest();
+    return String.format("%064x", new java.math.BigInteger(1, hash));
+  }
+
+  private static String readFileLegacy(File file) throws IOException {
+    Scanner scanner = new Scanner(file, "UTF-8");
+    StringBuilder sb = new StringBuilder();
+    while (scanner.hasNextLine()) {
+      sb.append(scanner.nextLine());
+    }
+    scanner.close();
+    return sb.toString();
+  }
+
+  private static byte[] base64UrlDecode(String input) {
+    String converted = input.replace('-', '+').replace('_', '/');
+    switch (converted.length() % 4) {
+      case 2: converted += "=="; break;
+      case 3: converted += "="; break;
+    }
+    return android.util.Base64.decode(converted, android.util.Base64.NO_WRAP);
+  }
+}

package/ios/main/Stallion.swift

@@ -149,6 +149,7 @@ class Stallion: RCTEventEmitter {
   
   @objc func restart() {
       DispatchQueue.main.async {
+          self.stallionStateManager.isMounted = false
           RCTTriggerReloadCommandListeners("Stallion: Restart")
       }
   }

package/ios/main/StallionConfig.h

@@ -2,7 +2,7 @@
 //  StallionConfig.h
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import <Foundation/Foundation.h>
@@ -15,10 +15,13 @@
 @property (nonatomic, copy) NSString *sdkToken;
 @property (nonatomic, copy, readonly) NSString *appVersion;
 @property (nonatomic, copy, readonly) NSString *filesDirectory;
+@property (nonatomic, copy, readonly) NSString *publicSigningKey;
+@property (nonatomic, copy) NSString *lastUnverifiedHash;
 
 - (instancetype)initWithDefaults:(NSUserDefaults *)defaults;
 
 - (void)updateSdkToken:(NSString *)newSdkToken;
+- (void)updateLastUnverifiedHash:(NSString *)newUnverifiedHash;
 - (NSDictionary *)toDictionary;
 
 @end

package/ios/main/StallionConfig.m

@@ -2,7 +2,7 @@
 //  StallionConfig.m
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import "StallionConfig.h"
@@ -17,8 +17,9 @@
         _appToken = [[NSBundle mainBundle] objectForInfoDictionaryKey:STALLION_APP_TOKEN_IDENTIFIER] ?: @"";
         _sdkToken = [defaults stringForKey:API_KEY_IDENTIFIER] ?: @"";
         _appVersion = [[NSBundle mainBundle] objectForInfoDictionaryKey:STALLION_APP_VERSION_IDENTIFIER] ?: @"";
-      
         _filesDirectory = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES).firstObject ?: @"";
+        _publicSigningKey = [[NSBundle mainBundle] objectForInfoDictionaryKey:STALLION_PUBLIC_SIGNING_KEY_IDENTIFIER] ?: @"";
+        _lastUnverifiedHash = [defaults stringForKey:LAST_UNVERIFIED_KEY_IDENTIFIER] ?: @"";
 
         NSString *cachedUid = [defaults stringForKey:UNIQUE_ID_IDENTIFIER];
         if (cachedUid && ![cachedUid isEqualToString:@""]) {
@@ -44,6 +45,12 @@
     [[NSUserDefaults standardUserDefaults] synchronize];
 }
 
+- (void)updateLastUnverifiedHash:(NSString *)newUnverifiedHash {
+    _lastUnverifiedHash = newUnverifiedHash ?: @"";
+    [[NSUserDefaults standardUserDefaults] setObject:_lastUnverifiedHash forKey:LAST_UNVERIFIED_KEY_IDENTIFIER];
+    [[NSUserDefaults standardUserDefaults] synchronize];
+}
+
 - (NSDictionary *)toDictionary {
     @try {
         return @{

package/ios/main/StallionConfigConstants.h

@@ -2,7 +2,7 @@
 //  StallionConfigConstants.h
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import <Foundation/Foundation.h>
@@ -29,4 +29,8 @@ extern NSString *const UNZIP_FOLDER_NAME;
 
 extern NSString *const STALLION_META_IDENTIFIER;
 
+extern NSString *const STALLION_PUBLIC_SIGNING_KEY_IDENTIFIER;
+
+extern NSString *const LAST_UNVERIFIED_KEY_IDENTIFIER;
+
 @end

package/ios/main/StallionConfigConstants.m

@@ -2,7 +2,7 @@
 //  StallionConfigConstants.m
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import "StallionConfigConstants.h"
@@ -29,4 +29,8 @@ NSString *const ANDROID_BUNDLE_FILE_NAME = @"/index.android.bundle";
 NSString *const DEFAULT_JS_BUNDLE_LOCATION_BASE = @"assets:/";
 NSString *const UNZIP_FOLDER_NAME = @"/build";
 
+NSString *const STALLION_PUBLIC_SIGNING_KEY_IDENTIFIER = @"StallionPublicSigningKey";
+
+NSString *const LAST_UNVERIFIED_KEY_IDENTIFIER = @"LastUnverifiedHash";
+
 @end

package/ios/main/StallionConstants.swift

@@ -78,6 +78,7 @@ class StallionConstants {
       static let INSTALLED_PROD = "INSTALLED_PROD"
       static let STABILIZED_PROD = "STABILIZED_PROD"
       static let EXCEPTION_PROD = "EXCEPTION_PROD"
+      static let SIGNATURE_VERIFICATION_FAILED = "SIGNATURE_VERIFICATION_FAILED"
     }
     public struct NativeEventTypesStage {
       static let DOWNLOAD_STARTED_STAGE = "DOWNLOAD_STARTED_STAGE"

package/ios/main/StallionEventHandler.h

@@ -2,7 +2,7 @@
 //  StallionEventHandler.h
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import <Foundation/Foundation.h>

package/ios/main/StallionEventHandler.m

@@ -2,7 +2,7 @@
 //  StallionEventHandler.m
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import "StallionEventHandler.h"
@@ -15,6 +15,7 @@
 static NSString *const STALLION_NATIVE_EVENT_NAME = @"STALLION_NATIVE_EVENT";
 static NSString *const EVENTS_KEY = @"stored_events";
 static NSInteger const MAX_BATCH_COUNT_SIZE = 9;
+static NSInteger const MAX_EVENT_STORAGE_LIMIT = 20;
 
 @implementation StallionEventHandler
 
@@ -30,11 +31,11 @@ static NSInteger const MAX_BATCH_COUNT_SIZE = 9;
 // Emit event to React Native and store locally
 - (void)cacheEvent:(NSString *)eventName eventPayload:(NSDictionary *)eventPayload {
     StallionStateManager *stallionStateManager = [StallionStateManager sharedInstance];
-    
+
     NSString *projectId = stallionStateManager.stallionConfig.projectId ?: @"";
     NSString *appVersion = stallionStateManager.stallionConfig.appVersion ?: @"";
     NSString *uid = stallionStateManager.stallionConfig.uid ?: @"";
-  
+
     NSMutableDictionary *mutablePayload = [eventPayload mutableCopy];
     NSString *uniqueId = [[NSUUID UUID] UUIDString];
     mutablePayload[@"eventId"] = uniqueId;
@@ -62,6 +63,11 @@ static NSInteger const MAX_BATCH_COUNT_SIZE = 9;
             eventsObject = [NSMutableDictionary dictionary];
         }
 
+        // Enforce max size
+        if (eventsObject.count >= MAX_EVENT_STORAGE_LIMIT) {
+            eventsObject = [NSMutableDictionary dictionary];
+        }
+
         eventsObject[uniqueId] = eventPayload;
 
         NSData *updatedData = [NSJSONSerialization dataWithJSONObject:eventsObject options:0 error:nil];

package/ios/main/StallionExceptionHandler.h

@@ -2,7 +2,7 @@
 //  StallionExceptionHandler.h
 //  react-native-stallion
 //
-//  Created by Jasbir Singh Shergill on 29/01/25.
+//  Created by Thor963 on 29/01/25.
 //
 
 #import <Foundation/Foundation.h>

package/ios/main/StallionExceptionHandler.m

@@ -2,7 +2,7 @@
 //  StallionExceptionHandler.m
 //  react-native-stallion
 //
-//  Created by Jasbir Singh Shergill on 29/01/25.
+//  Created by Thor963 on 29/01/25.
 //
 
 #import "StallionExceptionHandler.h"
@@ -51,7 +51,10 @@ void handleException(NSException *exception) {
         }
 
   } else if (meta.switchState == SwitchStateStage) {
-        [StallionSlotManager rollbackStage];
+    
+    if(isAutoRollback) {
+      [StallionSlotManager rollbackStage];
+    }
     
     [[StallionEventHandler sharedInstance] cacheEvent:StallionObjConstants.exception_stage_event
           eventPayload:@{
@@ -60,6 +63,7 @@ void handleException(NSException *exception) {
               StallionObjConstants.is_auto_rollback_key: isAutoRollback ? @"true" : @"false"
           }];
 
+      if(!exceptionAlertDismissed) {
         UIAlertController *alert = [UIAlertController alertControllerWithTitle:@"Stallion Exception Handler"
            message:[NSString stringWithFormat:@"%@\n%@",
                     @"A crash occurred in the app. Build was rolled back. Check crash report below. Continue crash to invoke other exception handlers. \n \n",
@@ -82,6 +86,7 @@ void handleException(NSException *exception) {
         while (exceptionAlertDismissed == FALSE) {
             [[NSRunLoop currentRunLoop] runUntilDate:[NSDate dateWithTimeIntervalSinceNow:0.1]];
         }
+      }
     }
 
     // Call default exception handler if available

package/ios/main/StallionFileManager.h

@@ -2,7 +2,7 @@
 //  StallionFileManager.h
 //  react-native-stallion
 //
-//  Created by Jasbir Singh Shergill on 29/01/25.
+//  Created by Thor963 on 29/01/25.
 //
 
 #import <Foundation/Foundation.h>

package/ios/main/StallionFileManager.m

@@ -2,7 +2,7 @@
 //  StallionFileManager.m
 //  react-native-stallion
 //
-//  Created by Jasbir Singh Shergill on 29/01/25.
+//  Created by Thor963 on 29/01/25.
 //
 #import "StallionFileManager.h"
 

package/ios/main/StallionMeta.h

@@ -2,7 +2,7 @@
 //  StallionMeta.h
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import <Foundation/Foundation.h>

package/ios/main/StallionMeta.m

@@ -2,7 +2,7 @@
 //  StallionMeta.m
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import "StallionMeta.h"

package/ios/main/StallionMetaConstants.h

@@ -2,7 +2,7 @@
 //  StallionMetaConstants.h
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import <Foundation/Foundation.h>

package/ios/main/StallionMetaConstants.m

@@ -2,7 +2,7 @@
 //  StallionMetaConstants.m
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import "StallionMetaConstants.h"

package/ios/main/StallionSignatureVerification.swift

@@ -0,0 +1,135 @@
+import Foundation
+import CommonCrypto
+import Security
+
+class StallionSignatureVerification {
+
+    static let signatureFileName = ".stallionsigned"
+
+    static func verifyReleaseSignature(downloadedBundlePath: String, publicKeyPem: String) -> Bool {
+        do {
+            let signatureFilePath = (downloadedBundlePath as NSString).appendingPathComponent(signatureFileName)
+            guard FileManager.default.fileExists(atPath: signatureFilePath) else { return false }
+
+            let jwt = try String(contentsOfFile: signatureFilePath, encoding: .utf8)
+            let parts = jwt.components(separatedBy: ".")
+            guard parts.count == 3 else { return false }
+            let header = parts[0]
+            let payload = parts[1]
+            let signatureB64 = parts[2]
+
+            guard let signatureData = base64UrlDecode(signatureB64),
+                  let signedData = (header + "." + payload).data(using: .utf8) else { return false }
+
+            guard let pubKey = try? convertPemToPublicKey(pemString: publicKeyPem) else { return false }
+
+            var error: Unmanaged<CFError>?
+            let verified = SecKeyVerifySignature(
+                pubKey,
+                .rsaSignatureMessagePKCS1v15SHA256,
+                signedData as CFData,
+                signatureData as CFData,
+                &error
+            )
+
+            guard verified else { return false }
+
+            guard let payloadData = base64UrlDecode(payload),
+                  let payloadJson = try JSONSerialization.jsonObject(with: payloadData) as? [String: Any],
+                  let expectedHash = payloadJson["packageHash"] as? String else { return false }
+
+            let actualHash = try computeCodePushStyleHash(folderPath: downloadedBundlePath)
+            return expectedHash == actualHash
+
+        } catch {
+            print("Signature verification error: \(error)")
+            return false
+        }
+    }
+
+    private static func computeCodePushStyleHash(folderPath: String) throws -> String {
+        var manifest: [String] = []
+        try addContentsOfFolder(to: &manifest, folderPath: folderPath, pathPrefix: "")
+        let sortedManifest = manifest.sorted()
+        let jsonData = try JSONSerialization.data(withJSONObject: sortedManifest, options: [])
+        var jsonString = String(data: jsonData, encoding: .utf8) ?? ""
+        jsonString = jsonString.replacingOccurrences(of: "\\/", with: "/")
+        return sha256Hex(jsonString)
+    }
+
+    private static func addContentsOfFolder(to manifest: inout [String], folderPath: String, pathPrefix: String) throws {
+        let items = try FileManager.default.contentsOfDirectory(atPath: folderPath)
+        for item in items {
+            let fullPath = (folderPath as NSString).appendingPathComponent(item)
+            let relativePath = pathPrefix.isEmpty ? item : (pathPrefix as NSString).appendingPathComponent(item)
+
+            if isIgnored(relativePath) { continue }
+
+            var isDir: ObjCBool = false
+            FileManager.default.fileExists(atPath: fullPath, isDirectory: &isDir)
+
+            if isDir.boolValue {
+                try addContentsOfFolder(to: &manifest, folderPath: fullPath, pathPrefix: relativePath)
+            } else {
+                let data = try Data(contentsOf: URL(fileURLWithPath: fullPath))
+                let hash = sha256Hex(data)
+                manifest.append("\(relativePath):\(hash)")
+            }
+        }
+    }
+
+    private static func isIgnored(_ path: String) -> Bool {
+        return path.hasPrefix("__MACOSX/") ||
+               path == ".DS_Store" ||
+               path.hasSuffix("/.DS_Store") ||
+               path == signatureFileName ||
+               path.hasSuffix("/\(signatureFileName)")
+    }
+
+    private static func sha256Hex(_ input: String) -> String {
+        guard let data = input.data(using: .utf8) else { return "" }
+        return sha256Hex(data)
+    }
+
+    private static func sha256Hex(_ data: Data) -> String {
+        var digest = [UInt8](repeating: 0, count: Int(CC_SHA256_DIGEST_LENGTH))
+        data.withUnsafeBytes {
+            _ = CC_SHA256($0.baseAddress, CC_LONG(data.count), &digest)
+        }
+        return digest.map { String(format: "%02x", $0) }.joined()
+    }
+
+    private static func base64UrlDecode(_ input: String) -> Data? {
+        var base64 = input.replacingOccurrences(of: "-", with: "+")
+                             .replacingOccurrences(of: "_", with: "/")
+        let padding = base64.count % 4
+        if padding > 0 {
+            base64 += String(repeating: "=", count: 4 - padding)
+        }
+        return Data(base64Encoded: base64)
+    }
+
+    private static func convertPemToPublicKey(pemString: String) throws -> SecKey {
+        let cleaned = pemString
+            .replacingOccurrences(of: "-----BEGIN PUBLIC KEY-----\n", with: "")
+            .replacingOccurrences(of: "-----END PUBLIC KEY-----", with: "")
+            .replacingOccurrences(of: "\n", with: "")
+            .replacingOccurrences(of: "\r", with: "")
+
+        guard let keyData = Data(base64Encoded: cleaned, options: .ignoreUnknownCharacters) else {
+            throw NSError(domain: "Stallion", code: -1, userInfo: [NSLocalizedDescriptionKey: "Invalid base64 key"])
+        }
+
+        let keyDict: [String: Any] = [
+            kSecAttrKeyType as String: kSecAttrKeyTypeRSA,
+            kSecAttrKeyClass as String: kSecAttrKeyClassPublic,
+            kSecAttrKeySizeInBits as String: 2048
+        ]
+
+        var error: Unmanaged<CFError>?
+        guard let secKey = SecKeyCreateWithData(keyData as CFData, keyDict as CFDictionary, &error) else {
+            throw error!.takeRetainedValue() as Error
+        }
+        return secKey
+    }
+}

package/ios/main/StallionSlotManager.h

@@ -2,7 +2,7 @@
 //  StallionSlotManager.h
 //  react-native-stallion
 //
-//  Created by Jasbir Singh Shergill on 29/01/25.
+//  Created by Thor963 on 29/01/25.
 //
 
 #import <Foundation/Foundation.h>

package/ios/main/StallionSlotManager.m

@@ -2,7 +2,7 @@
 //  StallionSlotManager.m
 //  react-native-stallion
 //
-//  Created by Jasbir Singh Shergill on 29/01/25.
+//  Created by Thor963 on 29/01/25.
 //
 
 #import "StallionSlotManager.h"

package/ios/main/StallionStageManager.swift

@@ -2,7 +2,7 @@
 //  StallionStageManager.swift
 //  react-native-stallion
 //
-//  Created by Jasbir Singh Shergill on 29/01/25.
+//  Created by Thor963 on 29/01/25.
 //
 
 import Foundation

package/ios/main/StallionStateManager.h

@@ -2,7 +2,7 @@
 //  StallionStateManager.h
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import <Foundation/Foundation.h>

package/ios/main/StallionStateManager.m

@@ -2,7 +2,7 @@
 //  StallionStateManager.m
 //  DoubleConversion
 //
-//  Created by Jasbir Singh Shergill on 28/01/25.
+//  Created by Thor963 on 28/01/25.
 //
 
 #import "StallionStateManager.h"

package/ios/main/StallionSyncHandler.swift

@@ -2,7 +2,7 @@
 //  StallionSyncHandler.swift
 //  react-native-stallion
 //
-//  Created by Jasbir Singh Shergill on 29/01/25.
+//  Created by Thor963 on 29/01/25.
 //
 
 import Foundation
@@ -152,8 +152,9 @@ class StallionSyncHandler {
 
         let stateManager = StallionStateManager.sharedInstance()
         let lastRolledBackHash = stateManager?.stallionMeta?.lastRolledBackHash ?? ""
+        let lastUnverifiedHash = stateManager?.stallionConfig?.lastUnverifiedHash ?? ""
 
-        if newReleaseHash != lastRolledBackHash {
+        if newReleaseHash != lastRolledBackHash && newReleaseHash != lastUnverifiedHash {
             if stateManager?.isMounted == true {
                 downloadNewRelease(newReleaseHash: newReleaseHash, newReleaseUrl: newReleaseUrl)
             } else {
@@ -179,29 +180,52 @@ class StallionSyncHandler {
       let downloadPath = config.filesDirectory + "/" + StallionConstants.PROD_DIRECTORY + "/" + StallionConstants.TEMP_FOLDER_SLOT
       let projectId = config.projectId ?? ""
       
+      let publicSigningKey = config.publicSigningKey ?? ""
+      
       guard let fromUrl = URL(string: newReleaseUrl + "?projectId=" + projectId) else { return }
 
       emitDownloadStarted(releaseHash: newReleaseHash)
 
-      StallionFileDownloader().downloadBundle(url: fromUrl, downloadDirectory: downloadPath, onProgress: { progress in
-        // Handle progress updates if necessary
-    }, resolve: { _ in
-        completeDownload()
-      stateManager.stallionMeta?.currentProdSlot =  SlotStates.newSlot
-      stateManager.stallionMeta?.prodTempHash =  newReleaseHash
-      if let currentProdNewHash = stateManager.stallionMeta?.prodNewHash,
-         !currentProdNewHash.isEmpty {
-          StallionSlotManager.stabilizeProd()
-      }
-      stateManager.syncStallionMeta()
-      emitDownloadSuccess(releaseHash: newReleaseHash)
-    }, reject: { code, prefix, error  in
-        completeDownload()
-      emitDownloadError(
-        releaseHash: newReleaseHash,
-        error: "\(String(describing: prefix))\(String(describing: error))"
+      StallionFileDownloader().downloadBundle(
+        url: fromUrl,
+        downloadDirectory: downloadPath,
+        onProgress: { progress in
+          // Handle progress updates if necessary
+        },
+        resolve: { _ in
+          completeDownload()
+          
+          if(publicSigningKey != nil && !publicSigningKey.isEmpty) {
+            if(
+              !StallionSignatureVerification.verifyReleaseSignature(
+                downloadedBundlePath: downloadPath + "/" + StallionConstants.FilePaths.ZipFolderName,
+                publicKeyPem: publicSigningKey
+              )
+            ) {
+              // discard downloaded release
+              config.updateLastUnverifiedHash(newReleaseHash)
+              emitSignatureVerificationFailed(releaseHash: newReleaseHash)
+              StallionFileManager.deleteFileOrFolderSilently(downloadPath)
+              return;
+            }
+          }
+          stateManager.stallionMeta?.currentProdSlot =  SlotStates.newSlot
+          stateManager.stallionMeta?.prodTempHash =  newReleaseHash
+          if let currentProdNewHash = stateManager.stallionMeta?.prodNewHash,
+             !currentProdNewHash.isEmpty {
+              StallionSlotManager.stabilizeProd()
+          }
+          stateManager.syncStallionMeta()
+          emitDownloadSuccess(releaseHash: newReleaseHash)
+        },
+        reject: { code, prefix, error  in
+          completeDownload()
+          emitDownloadError(
+            releaseHash: newReleaseHash,
+            error: "\(String(describing: prefix))\(String(describing: error))"
+          )
+        }
       )
-    })
   }
     
     private static func completeDownload() {
@@ -246,5 +270,13 @@ class StallionSyncHandler {
                              shouldCache: true
       )
     }
+  
+    private static func emitSignatureVerificationFailed(releaseHash: String) {
+      let verificationFailurePayload: NSDictionary = ["releaseHash": releaseHash]
+      Stallion.sendEventToRn(eventName: StallionConstants.NativeEventTypesProd.SIGNATURE_VERIFICATION_FAILED,
+                             eventBody: verificationFailurePayload,
+                             shouldCache: true
+      )
+    }
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "react-native-stallion",
-  "version": "2.1.0",
+  "version": "2.2.0-alpha.2",
   "description": "Offical React Native SDK for Stallion",
   "main": "index",
   "types": "types/index.d.ts",

package/src/main/utils/StallionNativeUtils.js

@@ -32,5 +32,8 @@ export const onLaunchNative = StallionNativeModule === null || StallionNativeMod
 export const sync = StallionNativeModule === null || StallionNativeModule === void 0 ? void 0 : StallionNativeModule.sync;
 export const popEventsNative = StallionNativeModule === null || StallionNativeModule === void 0 ? void 0 : StallionNativeModule.popEvents;
 export const acknowledgeEventsNative = StallionNativeModule === null || StallionNativeModule === void 0 ? void 0 : StallionNativeModule.acknowledgeEvents;
-export const restart = StallionNativeModule === null || StallionNativeModule === void 0 ? void 0 : StallionNativeModule.restart;
+export const restart = () => {
+  var _StallionNativeModule;
+  StallionNativeModule === null || StallionNativeModule === void 0 ? void 0 : (_StallionNativeModule = StallionNativeModule.restart) === null || _StallionNativeModule === void 0 ? void 0 : _StallionNativeModule.call(StallionNativeModule);
+};
 //# sourceMappingURL=StallionNativeUtils.js.map

package/src/main/utils/StallionNativeUtils.js.map

@@ -1 +1 @@
-{"version":3,"names":["StallionNativeModule","setSdkTokenNative","updateSdkToken","getStallionMetaNative","Promise","resolve","reject","getStallionMeta","then","metaString","JSON","parse","_","catch","getStallionConfigNative","getStallionConfig","configString","toggleStallionSwitchNative","toggleStallionSwitch","downloadBundleNative","downloadStageBundle","onLaunchNative","onLaunch","sync","popEventsNative","popEvents","acknowledgeEventsNative","acknowledgeEvents","restart"],"sourceRoot":"../../../../src","sources":["main/utils/StallionNativeUtils.ts"],"mappings":"AAAA,OAAOA,oBAAoB,MAAM,4BAA4B;AAW7D,OAAO,MAAMC,iBAAqC,GAChDD,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEE,cAAc;AAEtC,OAAO,MAAMC,qBAA6C,GAAGA,CAAA,KAAM;EACjE,OAAO,IAAIC,OAAO,CAAC,CAACC,OAAO,EAAEC,MAAM,KAAK;IACtCN,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEO,eAAe,CAAC,CAAC,CACpCC,IAAI,CAAEC,UAAkB,IAAK;MAC5B,IAAI;QACFJ,OAAO,CAACK,IAAI,CAACC,KAAK,CAACF,UAAU,CAAC,CAAC;MACjC,CAAC,CAAC,OAAOG,CAAC,EAAE;QACVN,MAAM,CAAC,qBAAqB,CAAC;MAC/B;IACF,CAAC,CAAC,CACDO,KAAK,CAAC,MAAM;MACXP,MAAM,CAAC,6BAA6B,CAAC;IACvC,CAAC,CAAC;EACN,CAAC,CAAC;AACJ,CAAC;AAED,OAAO,MAAMQ,uBAAiD,GAAGA,CAAA,KAAM;EACrE,OAAO,IAAIV,OAAO,CAAC,CAACC,OAAO,EAAEC,MAAM,KAAK;IACtCN,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEe,iBAAiB,CAAC,CAAC,CACtCP,IAAI,CAAEQ,YAAoB,IAAK;MAC9B,IAAI;QACFX,OAAO,CAACK,IAAI,CAACC,KAAK,CAACK,YAAY,CAAC,CAAC;MACnC,CAAC,CAAC,OAAOJ,CAAC,EAAE;QACVN,MAAM,CAAC,uBAAuB,CAAC;MACjC;IACF,CAAC,CAAC,CACDO,KAAK,CAAC,MAAM;MACXP,MAAM,CAAC,+BAA+B,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,CAAC;AACJ,CAAC;AAED,OAAO,MAAMW,0BAAuD,GAClEjB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEkB,oBAAoB;AAE5C,OAAO,MAAMC,oBAA2C,GACtDnB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEoB,mBAAmB;AAE3C,OAAO,MAAMC,cAAqC,GAChDrB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEsB,QAAQ;AAEhC,OAAO,MAAMC,IAAgB,GAAGvB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEuB,IAAI;AAE1D,OAAO,MAAMC,eAAsC,GACjDxB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEyB,SAAS;AAEjC,OAAO,MAAMC,uBAA8D,GACzE1B,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAE2B,iBAAiB;AAEzC,OAAO,MAAMC,OAAmB,GAAG5B,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAE4B,OAAO"}
+{"version":3,"names":["StallionNativeModule","setSdkTokenNative","updateSdkToken","getStallionMetaNative","Promise","resolve","reject","getStallionMeta","then","metaString","JSON","parse","_","catch","getStallionConfigNative","getStallionConfig","configString","toggleStallionSwitchNative","toggleStallionSwitch","downloadBundleNative","downloadStageBundle","onLaunchNative","onLaunch","sync","popEventsNative","popEvents","acknowledgeEventsNative","acknowledgeEvents","restart","_StallionNativeModule","call"],"sourceRoot":"../../../../src","sources":["main/utils/StallionNativeUtils.ts"],"mappings":"AAAA,OAAOA,oBAAoB,MAAM,4BAA4B;AAW7D,OAAO,MAAMC,iBAAqC,GAChDD,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEE,cAAc;AAEtC,OAAO,MAAMC,qBAA6C,GAAGA,CAAA,KAAM;EACjE,OAAO,IAAIC,OAAO,CAAC,CAACC,OAAO,EAAEC,MAAM,KAAK;IACtCN,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEO,eAAe,CAAC,CAAC,CACpCC,IAAI,CAAEC,UAAkB,IAAK;MAC5B,IAAI;QACFJ,OAAO,CAACK,IAAI,CAACC,KAAK,CAACF,UAAU,CAAC,CAAC;MACjC,CAAC,CAAC,OAAOG,CAAC,EAAE;QACVN,MAAM,CAAC,qBAAqB,CAAC;MAC/B;IACF,CAAC,CAAC,CACDO,KAAK,CAAC,MAAM;MACXP,MAAM,CAAC,6BAA6B,CAAC;IACvC,CAAC,CAAC;EACN,CAAC,CAAC;AACJ,CAAC;AAED,OAAO,MAAMQ,uBAAiD,GAAGA,CAAA,KAAM;EACrE,OAAO,IAAIV,OAAO,CAAC,CAACC,OAAO,EAAEC,MAAM,KAAK;IACtCN,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEe,iBAAiB,CAAC,CAAC,CACtCP,IAAI,CAAEQ,YAAoB,IAAK;MAC9B,IAAI;QACFX,OAAO,CAACK,IAAI,CAACC,KAAK,CAACK,YAAY,CAAC,CAAC;MACnC,CAAC,CAAC,OAAOJ,CAAC,EAAE;QACVN,MAAM,CAAC,uBAAuB,CAAC;MACjC;IACF,CAAC,CAAC,CACDO,KAAK,CAAC,MAAM;MACXP,MAAM,CAAC,+BAA+B,CAAC;IACzC,CAAC,CAAC;EACN,CAAC,CAAC;AACJ,CAAC;AAED,OAAO,MAAMW,0BAAuD,GAClEjB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEkB,oBAAoB;AAE5C,OAAO,MAAMC,oBAA2C,GACtDnB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEoB,mBAAmB;AAE3C,OAAO,MAAMC,cAAqC,GAChDrB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEsB,QAAQ;AAEhC,OAAO,MAAMC,IAAgB,GAAGvB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEuB,IAAI;AAE1D,OAAO,MAAMC,eAAsC,GACjDxB,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAEyB,SAAS;AAEjC,OAAO,MAAMC,uBAA8D,GACzE1B,oBAAoB,aAApBA,oBAAoB,uBAApBA,oBAAoB,CAAE2B,iBAAiB;AAEzC,OAAO,MAAMC,OAAO,GAAGA,CAAA,KAAM;EAAA,IAAAC,qBAAA;EAC3B7B,oBAAoB,aAApBA,oBAAoB,wBAAA6B,qBAAA,GAApB7B,oBAAoB,CAAE4B,OAAO,cAAAC,qBAAA,uBAA7BA,qBAAA,CAAAC,IAAA,CAAA9B,oBAAgC,CAAC;AACnC,CAAC"}

package/types/main/utils/StallionNativeUtils.d.ts

@@ -8,5 +8,5 @@ export declare const onLaunchNative: TOnLaunchBundleNative;
 export declare const sync: () => void;
 export declare const popEventsNative: () => Promise<string>;
 export declare const acknowledgeEventsNative: (eventIds: string) => Promise<string>;
-export declare const restart: () => null;
+export declare const restart: () => void;
 //# sourceMappingURL=StallionNativeUtils.d.ts.map

package/types/main/utils/StallionNativeUtils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"StallionNativeUtils.d.ts","sourceRoot":"","sources":["../../../../src/main/utils/StallionNativeUtils.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,2BAA2B,EAC3B,qBAAqB,EACrB,wBAAwB,EACzB,MAAM,uBAAuB,CAAC;AAE/B,eAAO,MAAM,iBAAiB,EAAE,kBACM,CAAC;AAEvC,eAAO,MAAM,qBAAqB,EAAE,sBAcnC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,wBAcrC,CAAC;AAEF,eAAO,MAAM,0BAA0B,EAAE,2BACG,CAAC;AAE7C,eAAO,MAAM,oBAAoB,EAAE,qBACQ,CAAC;AAE5C,eAAO,MAAM,cAAc,EAAE,qBACG,CAAC;AAEjC,eAAO,MAAM,IAAI,EAAE,MAAM,IAAiC,CAAC;AAE3D,eAAO,MAAM,eAAe,EAAE,MAAM,OAAO,CAAC,MAAM,CACjB,CAAC;AAElC,eAAO,MAAM,uBAAuB,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CACjC,CAAC;AAE1C,eAAO,MAAM,OAAO,EAAE,MAAM,IAAoC,CAAC"}
+{"version":3,"file":"StallionNativeUtils.d.ts","sourceRoot":"","sources":["../../../../src/main/utils/StallionNativeUtils.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,qBAAqB,EACrB,kBAAkB,EAClB,sBAAsB,EACtB,2BAA2B,EAC3B,qBAAqB,EACrB,wBAAwB,EACzB,MAAM,uBAAuB,CAAC;AAE/B,eAAO,MAAM,iBAAiB,EAAE,kBACM,CAAC;AAEvC,eAAO,MAAM,qBAAqB,EAAE,sBAcnC,CAAC;AAEF,eAAO,MAAM,uBAAuB,EAAE,wBAcrC,CAAC;AAEF,eAAO,MAAM,0BAA0B,EAAE,2BACG,CAAC;AAE7C,eAAO,MAAM,oBAAoB,EAAE,qBACQ,CAAC;AAE5C,eAAO,MAAM,cAAc,EAAE,qBACG,CAAC;AAEjC,eAAO,MAAM,IAAI,EAAE,MAAM,IAAiC,CAAC;AAE3D,eAAO,MAAM,eAAe,EAAE,MAAM,OAAO,CAAC,MAAM,CACjB,CAAC;AAElC,eAAO,MAAM,uBAAuB,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,CACjC,CAAC;AAE1C,eAAO,MAAM,OAAO,YAEnB,CAAC"}