Revision 820d8f32
| src/info/guardianproject/checkey/AppListFragment.java | ||
|---|---|---|
| 34 | 34 |
import android.webkit.WebView; |
| 35 | 35 |
import android.widget.AdapterView.AdapterContextMenuInfo; |
| 36 | 36 |
import android.widget.ListView; |
| 37 |
import android.widget.Toast; |
|
| 37 | 38 |
|
| 39 |
import java.security.NoSuchAlgorithmException; |
|
| 38 | 40 |
import java.util.List; |
| 39 | 41 |
|
| 40 | 42 |
public class AppListFragment extends ListFragment implements LoaderCallbacks<List<AppEntry>> {
|
| ... | ... | |
| 110 | 112 |
} |
| 111 | 113 |
|
| 112 | 114 |
private void bySigningCertificate(AppEntry appEntry, Intent intent) {
|
| 113 |
String urlString = "https://androidobservatory.org/?searchby=certhash&q=" |
|
| 114 |
+ Utils.getBinaryHash(appEntry.getApkFile(), "sha1"); |
|
| 115 |
intent.setData(Uri.parse(urlString)); |
|
| 115 |
String sha1; |
|
| 116 |
try {
|
|
| 117 |
sha1 = Utils.getCertificateFingerprint(appEntry.getApkFile(), "sha1"); |
|
| 118 |
} catch (NoSuchAlgorithmException e) {
|
|
| 119 |
e.printStackTrace(); |
|
| 120 |
Toast.makeText(getActivity(), "Cannot make fingerprint of signing certificate", |
|
| 121 |
Toast.LENGTH_LONG).show(); |
|
| 122 |
return; |
|
| 123 |
} |
|
| 124 |
intent.setData(Uri.parse("https://androidobservatory.org/?searchby=certhash&q=" + sha1));
|
|
| 116 | 125 |
intent.putExtra(Intent.EXTRA_TITLE, R.string.by_signing_certificate); |
| 117 | 126 |
startActivity(intent); |
| 118 | 127 |
} |
| src/info/guardianproject/checkey/Utils.java | ||
|---|---|---|
| 7 | 7 |
import java.io.File; |
| 8 | 8 |
import java.io.FileInputStream; |
| 9 | 9 |
import java.io.IOException; |
| 10 |
import java.io.InputStream; |
|
| 10 | 11 |
import java.math.BigInteger; |
| 11 | 12 |
import java.security.MessageDigest; |
| 12 | 13 |
import java.security.NoSuchAlgorithmException; |
| 14 |
import java.security.cert.Certificate; |
|
| 15 |
import java.security.cert.CertificateEncodingException; |
|
| 16 |
import java.util.jar.JarEntry; |
|
| 17 |
import java.util.jar.JarFile; |
|
| 13 | 18 |
|
| 14 | 19 |
public final class Utils {
|
| 15 | 20 |
|
| 21 |
public static String getCertificateFingerprint(File apkFile, String hashAlgorithm) |
|
| 22 |
throws NoSuchAlgorithmException {
|
|
| 23 |
byte[] rawCertBytes; |
|
| 24 |
try {
|
|
| 25 |
JarFile apkJar = new JarFile(apkFile); |
|
| 26 |
JarEntry aSignedEntry = (JarEntry) apkJar.getEntry("AndroidManifest.xml");
|
|
| 27 |
|
|
| 28 |
if (aSignedEntry == null) {
|
|
| 29 |
apkJar.close(); |
|
| 30 |
return null; |
|
| 31 |
} |
|
| 32 |
|
|
| 33 |
InputStream tmpIn = apkJar.getInputStream(aSignedEntry); |
|
| 34 |
byte[] buff = new byte[2048]; |
|
| 35 |
while (tmpIn.read(buff, 0, buff.length) != -1) {
|
|
| 36 |
/* |
|
| 37 |
* NOP - apparently have to READ from the JarEntry before you |
|
| 38 |
* can call getCerficates() and have it return != null. Yay |
|
| 39 |
* Java. |
|
| 40 |
*/ |
|
| 41 |
} |
|
| 42 |
tmpIn.close(); |
|
| 43 |
|
|
| 44 |
if (aSignedEntry.getCertificates() == null |
|
| 45 |
|| aSignedEntry.getCertificates().length == 0) {
|
|
| 46 |
apkJar.close(); |
|
| 47 |
return null; |
|
| 48 |
} |
|
| 49 |
|
|
| 50 |
Certificate signer = aSignedEntry.getCertificates()[0]; |
|
| 51 |
apkJar.close(); |
|
| 52 |
rawCertBytes = signer.getEncoded(); |
|
| 53 |
|
|
| 54 |
MessageDigest md = MessageDigest.getInstance(hashAlgorithm); |
|
| 55 |
String hash = toHexString(md.digest(rawCertBytes)); |
|
| 56 |
md.reset(); |
|
| 57 |
Log.i("SigningCertificate", "raw hash: " + hash);
|
|
| 58 |
|
|
| 59 |
return hash; |
|
| 60 |
} catch (CertificateEncodingException e) {
|
|
| 61 |
} catch (IOException e) {
|
|
| 62 |
} |
|
| 63 |
return "BAD_CERTIFICATE"; |
|
| 64 |
} |
|
| 65 |
|
|
| 16 | 66 |
public static String getBinaryHash(File apk, String algo) {
|
| 17 | 67 |
FileInputStream fis = null; |
| 18 | 68 |
BufferedInputStream bis = null; |
Also available in: Unified diff