Verify intent signatures.

chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 package org.chromium.chrome.browser.externalnav;
 
 import android.content.ActivityNotFoundException;
 import android.content.ComponentName;
 import android.content.Intent;
 import android.content.pm.ResolveInfo;
@@ skipping 10 matching lines @@
 import org.chromium.chrome.browser.ChromeSwitches;
 import org.chromium.chrome.browser.IntentHandler;
 import org.chromium.chrome.browser.UrlConstants;
 import org.chromium.chrome.browser.tab.Tab;
 import org.chromium.chrome.browser.tab.TabRedirectHandler;
 import org.chromium.chrome.browser.util.IntentUtils;
 import org.chromium.chrome.browser.util.UrlUtilities;
 import org.chromium.ui.base.PageTransition;
 
 import java.net.URI;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
 /**
  * Logic related to the URL overriding/intercepting functionality.
  * This feature allows Chrome to convert certain navigations to Android Intents allowing
  * applications like Youtube to direct users clicking on a http(s) link to their native app.
  */
 public class ExternalNavigationHandler {
     private static final String TAG = "UrlHandler";
     private static final String SCHEME_WTAI = "wtai://wp/";
@@ skipping 62 matching lines @@
         boolean hasBrowserFallbackUrl = false;
         String browserFallbackUrl =
                 IntentUtils.safeGetStringExtra(intent, EXTRA_BROWSER_FALLBACK_URL);
         if (browserFallbackUrl != null
                 && UrlUtilities.isValidForIntentFallbackNavigation(browserFallbackUrl)) {
             hasBrowserFallbackUrl = true;
         } else {
             browserFallbackUrl = null;
         }
 
+        if (!intentPackageSignatureMatches(intent)) {
+            return OverrideUrlLoadingResult.NO_OVERRIDE;
+        }
+
         long time = SystemClock.elapsedRealtime();
         OverrideUrlLoadingResult result = shouldOverrideUrlLoadingInternal(
                 params, intent, hasBrowserFallbackUrl, browserFallbackUrl);
         RecordHistogram.recordTimesHistogram("Android.StrictMode.OverrideUrlLoadingTime",
                 SystemClock.elapsedRealtime() - time, TimeUnit.MILLISECONDS);
 
         if (result == OverrideUrlLoadingResult.NO_OVERRIDE && hasBrowserFallbackUrl
                 && (params.getRedirectHandler() == null
                         // For instance, if this is a chained fallback URL, we ignore it.
                         || !params.getRedirectHandler().shouldNotOverrideUrlLoading())) {
             return clobberCurrentTabWithFallbackUrl(browserFallbackUrl, params);
         }
         return result;
     }
 
+    /**
+     * When a custom scheme intent is trying to launch another application, verify the signature
+     * fingerprints of intent, if the fingerprint match fingerprints of target application, the
+     * intent should override, or it shouldn't.
+     *
+     * @param intent intent from url.
+     * @return boolean, true if the feature is not supported or url should override,
+     * false if the the intent should not override.
+     */

[please use gerrit instead, 2016/08/01 21:05:24]

/**
 * Check if the signature specified in the intent matches the signatures of
 * the package to launch.
 *
 * @param intent The intent to launch.
 * @return True if OK to launch the intent based on the signature.
 */

+    private boolean intentPackageSignatureMatches(Intent intent) {
+        //This feature is based on a custom scheme. Variable scheme is used to check whether
+        //the intent url has an extra custom scheme, if not, the feature won't work.

[please use gerrit instead, 2016/08/01 21:05:24]

Add a space after "//".

+        String scheme = intent.getData().getScheme();
+        String fragment = intent.getData().getFragment();
+        if (!TextUtils.isEmpty(scheme) && fragment != null && fragment.contains(";")) {
+            String[] parts = fragment.split(";");
+            Set<Set<String>> allFingerPrint256 = new HashSet<>();
+            //Consider that apks may have same package name but different keystores.
+            //1. An apk's signature may update and differ from old, so you may need config and
+            //support new and old signatures, but this is optional. (e.g. (1)only config new
+            //fingerprint. (2)only config old fingerprint.(3)config new and old fingerprint)
+            //2. An apk itself may contain more than one keystore to sign.
+            //e.g.suppose apk's new signatures are sha256_1 and sha256_2, old signature
+            //is sha256_3. You can config the intent like "...;sha256=sha256_1,sha256_2;..."
+            //or "...;sha256=sha256_1,sha256_2|sha256_3;..."

[please use gerrit instead, 2016/08/01 21:05:24]

Add a space after "//".

+            String pkgName = "";
+            String fingerPrint256 = "";
+            String[] fingerPrint256DifGroups;
+            for (int i = 0; i < parts.length; ++i) {
+                String[] part = parts[i].split("=");
+                if (part.length < 2) {
+                    return false;
+                }
+                if (part[0].equals("sha256")) {
+                    fingerPrint256 = part[1];
+                }
+                if (part[0].equals("package")) {
+                    pkgName = part[1];
+                }
+            }
+            if (!TextUtils.isEmpty(pkgName) && !TextUtils.isEmpty(fingerPrint256)) {
+                fingerPrint256DifGroups = fingerPrint256.split("\\|");
+                for (int i = 0; i < fingerPrint256DifGroups.length; ++i) {
+                    Set<String> fingerPrint256GroupSignKeySet = new HashSet<>();
+                    Collections.addAll(fingerPrint256GroupSignKeySet, fingerPrint256DifGroups[i]
+                            .split(","));
+                    allFingerPrint256.add(fingerPrint256GroupSignKeySet);
+                }
+                Set<String> fingerPrint256Set = mDelegate.getPackageSHA256Fingerprints(pkgName);
+                if (fingerPrint256Set == null || !allFingerPrint256.contains(fingerPrint256Set)) {
+                    return false;
+                }
+            }
+        }
+        return true;
+    }
+
     private boolean resolversSubsetOf(List<ResolveInfo> infos, List<ResolveInfo> container) {
         HashSet<ComponentName> containerSet = new HashSet<>();
         for (ResolveInfo info : container) {
             containerSet.add(
                     new ComponentName(info.activityInfo.packageName, info.activityInfo.name));
         }
         for (ResolveInfo info : infos) {
             if (!containerSet.contains(new ComponentName(
                     info.activityInfo.packageName, info.activityInfo.name))) {
                 return false;
@@ skipping 374 matching lines @@
         if (defaultSmsPackageName == null) return null;
         // Makes sure that the default SMS app actually resolves the intent.
         for (ResolveInfo resolveInfo : resolvingComponentNames) {
             if (defaultSmsPackageName.equals(resolveInfo.activityInfo.packageName)) {
                 return defaultSmsPackageName;
             }
         }
         return null;
     }
 }