Verify intent signatures.

chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.chrome.browser.externalnav;
 
 import android.content.ActivityNotFoundException;
 import android.content.ComponentName;
 import android.content.Intent;
+import android.content.pm.PackageManager;
 import android.content.pm.ResolveInfo;
+import android.content.pm.Signature;
 import android.net.Uri;
 import android.os.SystemClock;
 import android.provider.Browser;
 import android.text.TextUtils;
 import android.webkit.WebView;
 
 import org.chromium.base.CommandLine;
 import org.chromium.base.Log;
 import org.chromium.base.VisibleForTesting;
 import org.chromium.base.metrics.RecordHistogram;
 import org.chromium.chrome.browser.ChromeSwitches;
 import org.chromium.chrome.browser.IntentHandler;
 import org.chromium.chrome.browser.UrlConstants;
 import org.chromium.chrome.browser.tab.Tab;
 import org.chromium.chrome.browser.tab.TabRedirectHandler;
 import org.chromium.chrome.browser.util.IntentUtils;
 import org.chromium.chrome.browser.util.UrlUtilities;
 import org.chromium.ui.base.PageTransition;
 
 import java.net.URI;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
 /**
  * Logic related to the URL overriding/intercepting functionality.
  * This feature allows Chrome to convert certain navigations to Android Intents allowing
  * applications like Youtube to direct users clicking on a http(s) link to their native app.
  */
 public class ExternalNavigationHandler {
     private static final String TAG = "UrlHandler";
     private static final String SCHEME_WTAI = "wtai://wp/";
@@ skipping 62 matching lines @@
         boolean hasBrowserFallbackUrl = false;
         String browserFallbackUrl =
                 IntentUtils.safeGetStringExtra(intent, EXTRA_BROWSER_FALLBACK_URL);
         if (browserFallbackUrl != null
                 && UrlUtilities.isValidForIntentFallbackNavigation(browserFallbackUrl)) {
             hasBrowserFallbackUrl = true;
         } else {
             browserFallbackUrl = null;
         }
 
+        try {
+            //scheme
+            String scheme = intent.getData().getScheme();
+            String fragment = intent.getData().getFragment();
+            if (!TextUtils.isEmpty(scheme) && null != fragment && fragment.contains(";")) {
+                String[] parts = fragment.split(";");
+                String[] part = null;

[palmer, 2016/07/20 18:53:48]

Declare this where it's used (line 146).

+                Set<Set<String>> allFingerPrint256 = new HashSet<>();
+                String fingerPrint256 = "";

[palmer, 2016/07/20 18:53:48]

Declare this where it's used (line 148).

+                String pkgName = "";
+                /**
+                 * same package name , different keystores, generated fingerprint256 set.
+                 *
+                 * 1.an app's signature may update and change from old, so need config and
+                 * support new and old, but this is optional.(e.g. a.only config new fingerprint
+                 * b. only config old fingerprint. c.config new and old fingerprint)
+                 *
+                 * 2.one apk itself may contain more than one keystore to sign.
+                 *
+                 * example: suppose apk's new signature is 3A4FXXXXXX,12XXXXXXX,and old signature
+                 * is 1B2AXXXX. you can config the intent like "...;sha256=3A4FXXXXXX,12XXXXXXX;.."
+                 * or "..;sha256=3A4FXXXXXX,12XXXXXXX|1B2AXXXX;.."
+                 */
+                String[] fingerPrint256DifGroups;
+                for (String each : parts) {
+                    part = each.split("=");
+                    if (part[0].equals("sha256")) {
+                        fingerPrint256 = part[1];
+                        fingerPrint256DifGroups = fingerPrint256.split("\\|");
+                        for (String v : fingerPrint256DifGroups) {
+                            Set<String> fingerPrint256GroupSignKeySet = new HashSet<>();
+                            Collections.addAll(fingerPrint256GroupSignKeySet, v.split(","));
+                            allFingerPrint256.add(fingerPrint256GroupSignKeySet);
+                        }
+                    }
+                    if (part[0].equals("package")) {
+                        pkgName = part[1];
+                    }
+                }
+                if (!TextUtils.isEmpty(pkgName) && !TextUtils.isEmpty(fingerPrint256)) {
+                    PackageManager pm = mDelegate.getAssociatedActivityContext()
+                            .getPackageManager();
+                    Signature[] signatures = pm.getPackageInfo(pkgName,
+                            PackageManager.GET_SIGNATURES).signatures;
+                    HashSet<String> fingerPrint256Set = new HashSet<String>();
+                    String fingerPrint = "";

[palmer, 2016/07/20 18:53:48]

Declare this where it's used (line 169).

+                    if (signatures.length > 0) {
+                        for (Signature each : signatures) {
+                            fingerPrint = computeNormalizedSha256Fingerprint(each.toByteArray());
+                            fingerPrint256Set.add(fingerPrint);
+                        }
+                    }
+                    if (!allFingerPrint256.contains(fingerPrint256Set)) {
+                        return OverrideUrlLoadingResult.NO_OVERRIDE;
+                    }
+                }
+            }
+        } catch (PackageManager.NameNotFoundException e) {
+            return OverrideUrlLoadingResult.NO_OVERRIDE;
+        } catch (Exception ignore) {
+            //ignore the check sign miss

[palmer, 2016/07/20 18:53:48]

Why?

+        }
+
         long time = SystemClock.elapsedRealtime();
         OverrideUrlLoadingResult result = shouldOverrideUrlLoadingInternal(
                 params, intent, hasBrowserFallbackUrl, browserFallbackUrl);
         RecordHistogram.recordTimesHistogram("Android.StrictMode.OverrideUrlLoadingTime",
                 SystemClock.elapsedRealtime() - time, TimeUnit.MILLISECONDS);
 
         if (result == OverrideUrlLoadingResult.NO_OVERRIDE && hasBrowserFallbackUrl
                 && (params.getRedirectHandler() == null
                         // For instance, if this is a chained fallback URL, we ignore it.
                         || !params.getRedirectHandler().shouldNotOverrideUrlLoading())) {
@@ skipping 388 matching lines @@
         String defaultSmsPackageName = mDelegate.getDefaultSmsPackageName();
         if (defaultSmsPackageName == null) return null;
         // Makes sure that the default SMS app actually resolves the intent.
         for (ResolveInfo resolveInfo : resolvingComponentNames) {
             if (defaultSmsPackageName.equals(resolveInfo.activityInfo.packageName)) {
                 return defaultSmsPackageName;
             }
         }
         return null;
     }
+
+    /**
+     * compute normalized sha256fingerprint from signatures
+     *
+     * @return hexString of the fingerprint
+     */
+    private static String computeNormalizedSha256Fingerprint(byte[] signature) {

[palmer, 2016/07/20 18:53:48]

Although this is for Android package signatures, it'd be better to name this
method's argument more generally. Also you can make the method name more
concise:

    getSha256(byte[] bytes)

+        MessageDigest digester;
+        try {
+            digester = MessageDigest.getInstance("SHA-256");
+        } catch (NoSuchAlgorithmException e) {
+            throw new AssertionError("No SHA-256 implementation found.");
+        }
+        digester.update(signature);
+        return byteArrayToHexString(digester.digest());
+    }
+
+    /**
+     * convert byteArray to String
+     *
+     * @return hexString
+     */
+    private static String byteArrayToHexString(byte[] array) {

[palmer, 2016/07/20 18:53:48]

Is there not already a function that does this somewhere in Java, Android, or
Chrome?

+        if (array.length == 0) {
+            return "";
+        }
+        StringBuilder data = new StringBuilder();
+        for (byte anArray : array) {

[palmer, 2016/07/20 18:53:47]

Use more concise names:

   for (byte b : bytes)

+            data.append(Integer.toHexString((anArray >> 4) & 0x0f));
+            data.append(Integer.toHexString(anArray & 0x0f));
+        }
+        return data.toString().toUpperCase();
+    }
 }