aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java
diff options
context:
space:
mode:
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java51
1 files changed, 22 insertions, 29 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java
index 3af8e70dd..47ecdb21f 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ApiPermissionHelper.java
@@ -18,6 +18,10 @@
package org.sufficientlysecure.keychain.remote;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.Arrays;
+
import android.annotation.SuppressLint;
import android.app.PendingIntent;
import android.content.Context;
@@ -37,11 +41,6 @@ import org.sufficientlysecure.keychain.provider.ApiDataAccessObject;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.util.Log;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-
/**
* Abstract service class for remote APIs that handle app registration and user input.
@@ -234,35 +233,29 @@ public class ApiPermissionHelper {
private boolean isPackageAllowed(String packageName) throws WrongPackageCertificateException {
Log.d(Constants.TAG, "isPackageAllowed packageName: " + packageName);
- ArrayList<String> allowedPkgs = mApiDao.getRegisteredApiApps();
- Log.d(Constants.TAG, "allowed: " + allowedPkgs);
+ byte[] storedPackageCert = mApiDao.getApiAppCertificate(packageName);
- // check if package is allowed to use our service
- if (allowedPkgs.contains(packageName)) {
- Log.d(Constants.TAG, "Package is allowed! packageName: " + packageName);
+ boolean isKnownPackage = storedPackageCert != null;
+ if (!isKnownPackage) {
+ Log.d(Constants.TAG, "Package is NOT allowed! packageName: " + packageName);
+ return false;
+ }
+ Log.d(Constants.TAG, "Package is allowed! packageName: " + packageName);
- // check package signature
- byte[] currentCert;
- try {
- currentCert = getPackageCertificate(packageName);
- } catch (NameNotFoundException e) {
- throw new WrongPackageCertificateException(e.getMessage());
- }
+ byte[] currentPackageCert;
+ try {
+ currentPackageCert = getPackageCertificate(packageName);
+ } catch (NameNotFoundException e) {
+ throw new WrongPackageCertificateException(e.getMessage());
+ }
- byte[] storedCert = mApiDao.getApiAppCertificate(packageName);
- if (Arrays.equals(currentCert, storedCert)) {
- Log.d(Constants.TAG,
- "Package certificate is correct! (equals certificate from database)");
- return true;
- } else {
- throw new WrongPackageCertificateException(
- "PACKAGE NOT ALLOWED! Certificate wrong! (Certificate not " +
- "equals certificate from database)");
- }
+ boolean packageCertMatchesStored = Arrays.equals(currentPackageCert, storedPackageCert);
+ if (packageCertMatchesStored) {
+ Log.d(Constants.TAG,"Package certificate matches expected.");
+ return true;
}
- Log.d(Constants.TAG, "Package is NOT allowed! packageName: " + packageName);
- return false;
+ throw new WrongPackageCertificateException("PACKAGE NOT ALLOWED DUE TO CERTIFICATE MISMATCH!");
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 22:26:39 +0000