add one step to verify the signature in intent for chrome while the intent has a scheme for the app.

new issue has created and moved to https://codereview.chromium.org/2167573003/.
please check that issue and review and discuss about the feature.
Thank you.
As we have changed the account to use company email "alipay", belong to Alibaba inc..

#######
Add one step to verify the signature in intent for chrome while the intent has a scheme for the app.


BUG=629713
TEST=start a website which contains a scheme intent in chrome, one intent case contains official app signature , it can start activity in app, and one another intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.

[cruise1008, 2016-07-18 13:44:48]

Description was changed from

==========
add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


 BUG = 629055
TEST = start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.:
==========

to

==========
add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


 BUG = 629055
TEST = start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add finger256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;finger256=38:9B:49:F7:83:2F:53:E9:01:79:23:22:0A:A8:5E:14:DF:AA:48:86:EC:D7:42:88:18:BF:33:95:43:CF:49:8A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

[please use gerrit instead, 2016-07-18 17:41:35]

I recommend that you re-upload the patch with your @alibaba-inc.com email.
Alibaba employees are already allowed to submit patches to Chromium. If you must
use your @gmail.com email, then please sign the individual agreement in
https://cla.developers.google.com/.

Whichever method your choose, please put your email address and name in the
AUTHORS file:

https://cs.chromium.org/chromium/src/AUTHORS

[cruise1008, 2016-07-19 01:44:00]

Description was changed from

==========
add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


 BUG = 629055
TEST = start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add finger256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;finger256=38:9B:49:F7:83:2F:53:E9:01:79:23:22:0A:A8:5E:14:DF:AA:48:86:EC:D7:42:88:18:BF:33:95:43:CF:49:8A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

to

==========
add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


 BUG = 629055
TEST = start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add finger256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

[cruise1008, 2016-07-19 01:44:17]

Description was changed from

==========
add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


 BUG = 629055
TEST = start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add finger256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

to

==========
add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


 BUG = 629055
TEST = start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

[cruise1008, 2016-07-19 02:47:50]

On 2016/07/18 17:41:35, Rouslan (ツ) wrote:
> I recommend that you re-upload the patch with your @alibaba-inc.com email.
> Alibaba employees are already allowed to submit patches to Chromium. If you
must
> use your @gmail.com email, then please sign the individual agreement in
> https://cla.developers.google.com/.
> 
> Whichever method your choose, please put your email address and name in the
> AUTHORS file:
> 
> https://cs.chromium.org/chromium/src/AUTHORS

Thank you for your advice, I am not familiar with these steps, 
could you please tell the detail how to login with non google account?
I tried but failed,  had no idea.

[esprehn, 2016-07-19 05:47:57]

Description was changed from

==========
add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


 BUG = 629055
TEST = start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

to

==========
add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

[esprehn, 2016-07-19 05:48:10]

Description was changed from

==========
add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

to

==========
Add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

[esprehn, 2016-07-19 05:52:11]

esprehn@chromium.org changed reviewers:
+ esprehn@chromium.org

[esprehn, 2016-07-19 05:52:12]

Can you explain how this works in the change description? What are we hashing?
How will the links work if the app is updated? What should developers do to use
this feature?

https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src...
File
chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java
(right):

https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src...
chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java:148:
fingerPrint = fingerprint.replaceAll(":", "");
I don't think other parts of the platform make this optional, can we just not
allow colons?

https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src...
chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java:158:
return OverrideUrlLoadingResult.NO_OVERRIDE;
Why would there be a exception? Can you scope this to what actually throws?

[esprehn, 2016-07-19 05:52:23]

esprehn@chromium.org changed reviewers:
- esprehn@chromium.org

[cruise1008, 2016-07-19 08:20:43]

Description was changed from

==========
Add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

to

==========
Add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

[cruise1008, 2016-07-19 13:01:40]

Description was changed from

==========
Add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

to

==========
new issue has created and moved to https://codereview.chromium.org/2160193002/.
please check that issue and review and discuss about the feature.
Thank you.

#######
Add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

[cruise1008, 2016-07-19 13:05:55]

Description was changed from

==========
new issue has created and moved to https://codereview.chromium.org/2160193002/.
please check that issue and review and discuss about the feature.
Thank you.

#######
Add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

to

==========
new issue has created and moved to https://codereview.chromium.org/2160193002/.
please check that issue and review and discuss about the feature.
Thank you.
As we have changed the account to use company email "alipay", belong to Alibaba
inc..

#######
Add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

[cruise1008, 2016-07-19 13:15:36]

On 2016/07/19 05:52:12, esprehn wrote:
> Can you explain how this works in the change description? What are we hashing?
> How will the links work if the app is updated? What should developers do to
use
> this feature?
> 
>
https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src...
> File
>
chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java
> (right):
> 
>
https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src...
>
chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java:148:
> fingerPrint = fingerprint.replaceAll(":", "");
> I don't think other parts of the platform make this optional, can we just not
> allow colons?
> 
>
https://codereview.chromium.org/2157933002/diff/40001/chrome/android/java/src...
>
chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java:158:
> return OverrideUrlLoadingResult.NO_OVERRIDE;
> Why would there be a exception? Can you scope this to what actually throws?

thanks a lot for your attention ,  I have changed the code as you point out.
But I am sorry to tell you I have move the stuff to
https://codereview.chromium.org/2160193002/, could you follow here and discuss
more?
Thank you.

[please use gerrit instead, 2016-07-19 15:42:31]

Closing this code review in favor of http://crrev.com/2160193002, which has been
uploaded in order to use author's @alipay.com email address.

[cruise1008, 2016-07-20 02:56:59]

Description was changed from

==========
new issue has created and moved to https://codereview.chromium.org/2160193002/.
please check that issue and review and discuss about the feature.
Thank you.
As we have changed the account to use company email "alipay", belong to Alibaba
inc..

#######
Add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629055
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========

to

==========
new issue has created and moved to https://codereview.chromium.org/2167573003/.
please check that issue and review and discuss about the feature.
Thank you.
As we have changed the account to use company email "alipay", belong to Alibaba
inc..

#######
Add one step to verify the signature in intent for chrome while the intent has a
scheme for the app.


BUG=629713
TEST=start a website which contains a scheme intent in chrome, one intent case
contains official app signature , it can start activity in app, and one another
intent case contains fake app signature,
the chrome won't start activity of the fake app.

e.g.
original intent:
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end".

optimized  intent(add sha256): 
"intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end".

the method is compatible for all chrome.
==========