always use fingerprint hashes in lowercase

* Utils.getBinaryHash() converts it to lowercase() * Utils.getPackageSig() outputs lowercase * fdroidserver outputs lowercase for all hash entries
2026-06-18 04:39:45 -04:00 · 2021-01-05 15:26:38 +01:00
parent 018e3221a7
commit 2975d4c09f
3 changed files with 63 additions and 27 deletions
--- a/app/src/test/java/org/fdroid/fdroid/UtilsTest.java
+++ b/app/src/test/java/org/fdroid/fdroid/UtilsTest.java
@@ -2,9 +2,9 @@
 package org.fdroid.fdroid;

 import android.content.Context;
-
+import android.content.pm.PackageInfo;
+import android.content.pm.Signature;
 import androidx.test.core.app.ApplicationProvider;
-
 import org.fdroid.fdroid.views.AppDetailsRecyclerViewAdapter;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -12,6 +12,7 @@ import org.robolectric.RobolectricTestRunner;

 import java.io.File;
 import java.util.Date;
+import java.util.Random;
 import java.util.TimeZone;

 import static org.junit.Assert.assertEquals;
@@ -215,4 +216,40 @@ public class UtilsTest {
            }
        }
    }
+
+    /**
+     * Test the replacement for the ancient fingerprint algorithm.
+     *
+     * @see org.fdroid.fdroid.data.Apk#sig
+     */
+    @Test
+    public void testGetsig() {
+        /*
+         * I don't fully understand the loop used here. I've copied it verbatim
+         * from getsig.java bundled with FDroidServer. I *believe* it is taking
+         * the raw byte encoding of the certificate & converting it to a byte
+         * array of the hex representation of the original certificate byte
+         * array. This is then MD5 sum'd. It's a really bad way to be doing this
+         * if I'm right... If I'm not right, I really don't know! see lines
+         * 67->75 in getsig.java bundled with Fdroidserver
+         */
+        for (int length : new int[]{256, 345, 1233, 4032, 12092}) {
+            byte[] rawCertBytes = new byte[length];
+            new Random().nextBytes(rawCertBytes);
+            final byte[] fdroidSig = new byte[rawCertBytes.length * 2];
+            for (int j = 0; j < rawCertBytes.length; j++) {
+                byte v = rawCertBytes[j];
+                int d = (v >> 4) & 0xF;
+                fdroidSig[j * 2] = (byte) (d >= 10 ? ('a' + d - 10) : ('0' + d));
+                d = v & 0xF;
+                fdroidSig[j * 2 + 1] = (byte) (d >= 10 ? ('a' + d - 10) : ('0' + d));
+            }
+            String sig = Utils.hashBytes(fdroidSig, "md5");
+            assertEquals(sig, Utils.getsig(rawCertBytes));
+
+            PackageInfo packageInfo = new PackageInfo();
+            packageInfo.signatures = new Signature[]{new Signature(rawCertBytes)};
+            assertEquals(sig, Utils.getPackageSig(packageInfo));
+        }
+    }
 }