From e2341363d4b35e28181aa09f9f3d2993004b659f Mon Sep 17 00:00:00 2001
From: krtkush <kartikey92@gmail.com>
Date: Sun, 14 Oct 2018 19:16:28 +0530
Subject: [PATCH] Added check for SHA1 key.

---
 .../newpipe/CheckForNewAppVersionTask.java    | 91 +++++++++++++++++--
 1 file changed, 82 insertions(+), 9 deletions(-)

diff --git a/app/src/main/java/org/schabi/newpipe/CheckForNewAppVersionTask.java b/app/src/main/java/org/schabi/newpipe/CheckForNewAppVersionTask.java
index 9694850d7..fd94980c9 100644
--- a/app/src/main/java/org/schabi/newpipe/CheckForNewAppVersionTask.java
+++ b/app/src/main/java/org/schabi/newpipe/CheckForNewAppVersionTask.java
@@ -4,6 +4,9 @@ import android.app.Application;
 import android.app.PendingIntent;
 import android.content.Intent;
 import android.content.SharedPreferences;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.Signature;
 import android.net.Uri;
 import android.os.AsyncTask;
 import android.preference.PreferenceManager;
@@ -15,10 +18,18 @@ import org.json.JSONException;
 import org.json.JSONObject;
 
 import java.io.BufferedReader;
+import java.io.ByteArrayInputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.net.HttpURLConnection;
 import java.net.URL;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
 
 /**
  * AsyncTask to check if there is a newer version of the NewPipe github apk available or not.
@@ -29,6 +40,7 @@ public class CheckForNewAppVersionTask extends AsyncTask<Void, Void, String> {
 
     private Application app = App.getContext();
 
+    private String GITHUB_APK_SHA1 = "B0:2E:90:7C:1C:D6:FC:57:C3:35:F0:88:D0:8F:50:5F:94:E4:D2:15";
     private String newPipeApiUrl = "https://newpipe.schabi.org/api/data.json";
     private int timeoutPeriod = 10000;
 
@@ -39,23 +51,18 @@ public class CheckForNewAppVersionTask extends AsyncTask<Void, Void, String> {
 
         mPrefs = PreferenceManager.getDefaultSharedPreferences(app);
 
-        // Check if user has enabled/ disabled update checking.
-        if (mPrefs.getBoolean(app.getString(R.string.update_app_key), true)) {
-
-            // Go ahead with further checks.
-            Log.i("pref---", "true");
-        } else {
-            Log.i("pref---", "false");
+        // Check if user has enabled/ disabled update checking
+        // and if the current apk is a github one or not.
+        if (!mPrefs.getBoolean(app.getString(R.string.update_app_key), true)
+                || !getCertificateSHA1Fingerprint().equals(GITHUB_APK_SHA1)) {
             this.cancel(true);
         }
-
     }
 
     @Override
     protected String doInBackground(Void... voids) {
 
         // Make a network request to get latest NewPipe data.
-
         String response;
         HttpURLConnection connection = null;
 
@@ -167,4 +174,70 @@ public class CheckForNewAppVersionTask extends AsyncTask<Void, Void, String> {
             notificationManager.notify(NOTIFICATION_ID, notificationBuilder.build());
         }
     }
+
+    /**
+     * Method to get the apk's SHA1 key.
+     * https://stackoverflow.com/questions/9293019/get-certificate-fingerprint-from-android-app#22506133
+     */
+    private String getCertificateSHA1Fingerprint() {
+
+        PackageManager pm = app.getPackageManager();
+        String packageName = app.getPackageName();
+        int flags = PackageManager.GET_SIGNATURES;
+        PackageInfo packageInfo = null;
+
+        try {
+            packageInfo = pm.getPackageInfo(packageName, flags);
+        } catch (PackageManager.NameNotFoundException e) {
+            e.printStackTrace();
+        }
+
+        Signature[] signatures = packageInfo.signatures;
+        byte[] cert = signatures[0].toByteArray();
+        InputStream input = new ByteArrayInputStream(cert);
+        CertificateFactory cf = null;
+
+        try {
+            cf = CertificateFactory.getInstance("X509");
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        }
+
+        X509Certificate c = null;
+
+        try {
+            c = (X509Certificate) cf.generateCertificate(input);
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        }
+
+        String hexString = null;
+
+        try {
+            MessageDigest md = MessageDigest.getInstance("SHA1");
+            byte[] publicKey = md.digest(c.getEncoded());
+            hexString = byte2HexFormatted(publicKey);
+        } catch (NoSuchAlgorithmException e1) {
+            e1.printStackTrace();
+        } catch (CertificateEncodingException e) {
+            e.printStackTrace();
+        }
+
+        return hexString;
+    }
+
+    private static String byte2HexFormatted(byte[] arr) {
+
+        StringBuilder str = new StringBuilder(arr.length * 2);
+
+        for (int i = 0; i < arr.length; i++) {
+            String h = Integer.toHexString(arr[i]);
+            int l = h.length();
+            if (l == 1) h = "0" + h;
+            if (l > 2) h = h.substring(l - 2, l);
+            str.append(h.toUpperCase());
+            if (i < (arr.length - 1)) str.append(':');
+        }
+        return str.toString();
+    }
 }