[3.9.15-dev] Implement C++ Native password signer library.

2025-06-11 05:00:46 +02:00 · 2019-12-14 22:56:56 +01:00
parent 0f11b02047
commit ffbac126bd
14 changed files with 808 additions and 5 deletions
--- a/app/src/main/java/pl/szczodrzynski/edziennik/App.java
+++ b/app/src/main/java/pl/szczodrzynski/edziennik/App.java
@ -67,6 +67,7 @@ import me.leolin.shortcutbadger.ShortcutBadger;
 import okhttp3.ConnectionSpec;
 import okhttp3.OkHttpClient;
 import okhttp3.TlsVersion;
+import pl.szczodrzynski.edziennik.api.v2.szkolny.interceptor.Signing;
 import pl.szczodrzynski.edziennik.config.Config;
 import pl.szczodrzynski.edziennik.data.db.AppDb;
 import pl.szczodrzynski.edziennik.data.db.modules.debuglog.DebugLog;
@ -214,6 +215,8 @@ public class App extends androidx.multidex.MultiDexApplication implements Config

        loadConfig();

+        Signing.INSTANCE.getCert(this);
+
        Themes.INSTANCE.setThemeInt(config.getUi().getTheme());

        try {
--- a/app/src/main/java/pl/szczodrzynski/edziennik/App.kt
+++ b/app/src/main/java/pl/szczodrzynski/edziennik/App.kt
@ -126,7 +126,7 @@ class Szkolny : /*MultiDexApplication(),*/ Configuration.Provider, CoroutineScop
        if (config.devModePassword != null)
            checkDevModePassword()

-
+        Signing.getCert(this)

        launch { async(Dispatchers.Default) {
            if (config.sync.enabled) {
--- a/app/src/main/java/pl/szczodrzynski/edziennik/Extensions.kt
+++ b/app/src/main/java/pl/szczodrzynski/edziennik/Extensions.kt
@ -381,6 +381,12 @@ fun String.md5(): String {
    return BigInteger(1, md.digest(toByteArray())).toString(16).padStart(32, '0')
 }

+fun String.sha256(): ByteArray {
+    val md = MessageDigest.getInstance("SHA-256")
+    md.update(toByteArray())
+    return md.digest()
+}
+
 fun RequestBody.bodyToString(): String {
    val buffer = Buffer()
    writeTo(buffer)
--- a/app/src/main/java/pl/szczodrzynski/edziennik/MainActivity.kt
+++ b/app/src/main/java/pl/szczodrzynski/edziennik/MainActivity.kt
@ -11,6 +11,7 @@ import android.graphics.BitmapFactory
 import android.graphics.drawable.BitmapDrawable
 import android.os.*
 import android.provider.Settings
+import android.util.Log
 import android.view.Gravity
 import android.view.View
 import android.widget.Toast
@ -37,6 +38,7 @@ import org.greenrobot.eventbus.ThreadMode
 import pl.droidsonroids.gif.GifDrawable
 import pl.szczodrzynski.edziennik.App.APP_URL
 import pl.szczodrzynski.edziennik.api.v2.events.*
+import pl.szczodrzynski.edziennik.api.v2.szkolny.interceptor.Signing
 import pl.szczodrzynski.edziennik.api.v2.task.EdziennikTask
 import pl.szczodrzynski.edziennik.data.db.modules.metadata.Metadata.*
 import pl.szczodrzynski.edziennik.databinding.ActivitySzkolnyBinding
@ -249,6 +251,8 @@ class MainActivity : AppCompatActivity() {

        setContentView(b.root)

+        Log.d(TAG, Signing.appPassword)
+
        errorSnackbar.setCoordinator(b.navView.coordinator, b.navView.bottomBar)

        navLoading = true
--- a/app/src/main/java/pl/szczodrzynski/edziennik/api/v2/szkolny/interceptor/SignatureInterceptor.kt
+++ b/app/src/main/java/pl/szczodrzynski/edziennik/api/v2/szkolny/interceptor/SignatureInterceptor.kt
@ -11,7 +11,6 @@ import pl.szczodrzynski.edziennik.*
 class SignatureInterceptor(val app: App) : Interceptor {
    companion object {
        private const val API_KEY = "szkolny_android_42a66f0842fc7da4e37c66732acf705a"
-        private const val API_PASSWORD = "HodrJ+6OAl9zqlK1IlYBUg=="
    }

    override fun intercept(chain: Interceptor.Chain): Response {
@ -32,7 +31,7 @@ class SignatureInterceptor(val app: App) : Interceptor {

    private fun sign(timestamp: Long, body: String, url: String): String {
        val content = timestamp.toString().md5() + body.md5() + url.md5()
-        val password = API_PASSWORD + BuildConfig.VERSION_CODE.toString() + app.signature
+        val password = Signing.appPassword + BuildConfig.VERSION_CODE.toString() + Signing.appCertificate

        return content.hmacSHA1(password)
    }
--- a/app/src/main/java/pl/szczodrzynski/edziennik/api/v2/szkolny/interceptor/Signing.kt
+++ b/app/src/main/java/pl/szczodrzynski/edziennik/api/v2/szkolny/interceptor/Signing.kt
@ -0,0 +1,51 @@
+/*
+ * Copyright (c) Kuba Szczodrzyński 2019-12-14.
+ */
+
+package pl.szczodrzynski.edziennik.api.v2.szkolny.interceptor
+
+import android.content.Context
+import android.content.pm.PackageInfo
+import android.content.pm.PackageManager
+import android.util.Base64
+import pl.szczodrzynski.edziennik.BuildConfig
+import pl.szczodrzynski.edziennik.sha256
+import java.security.MessageDigest
+
+object Signing {
+
+    private external fun iLoveApple(data: ByteArray, signature: String, timestamp: Long): String
+
+    init {
+        System.loadLibrary("szkolny-signing")
+    }
+
+    var appCertificate = ""
+    fun getCert(context: Context) {
+        with(context) {
+        try {
+            val packageInfo: PackageInfo = packageManager.getPackageInfo(packageName, PackageManager.GET_SIGNATURES)
+            for (signature in packageInfo.signatures) {
+                val signatureBytes = signature.toByteArray()
+                val md = MessageDigest.getInstance("SHA")
+                md.update(signatureBytes)
+                appCertificate = Base64.encodeToString(md.digest(), Base64.NO_WRAP)
+            }
+        } catch (e: Exception) {
+            e.printStackTrace()
+        }
+    }}
+
+    val appPassword by lazy {
+        iLoveApple(
+                "ThisIsOurHardWorkPleaseDoNotCopyOrSteal(c)2019.KubaSz".sha256(),
+                BuildConfig.VERSION_NAME,
+                BuildConfig.VERSION_CODE.toLong()
+        )
+    }
+
+    /*fun provideKey(param1: String, param2: Long): ByteArray {*/
+    fun pleaseStopRightNow(param1: String, param2: Long): ByteArray {
+        return "$param1.MTIzNDU2Nzg5MDz9LXSttO===.$param2".sha256()
+    }
+}