microsoft
/
cordova-plugin-code-push
зеркало из https://github.com/microsoft/cordova-plugin-code-push.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Moved code signing verification after deployment of the update (#306)

This commit is contained in:
Kamen Goranchev 2017-10-25 15:12:02 +02:00 коммит произвёл Ruslan Bikkinin
Родитель 0fad1829c7
Коммит df50322281
4 изменённых файлов: 41 добавлений и 45 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
bin/www/fileUtil.js
Просмотреть файл

@ -104,7 +104,7 @@ var FileUtil = (function () {
var copyOne = function () { var copyOne = function () {
if (i < entries.length) { if (i < entries.length) {
var nextEntry = entries[i++]; var nextEntry = entries[i++];
if (nextEntry.name === ".DS_Store" || nextEntry.name === "__MACOSX" || nextEntry.name === ".codepushrelease") { if (nextEntry.name === ".DS_Store" || nextEntry.name === "__MACOSX") {
copyOne(); copyOne();
} }
else { else {

40
bin/www/localPackage.js
Просмотреть файл

@ -1,10 +1,10 @@
/******************************************************************************************** /********************************************************************************************
THIS FILE HAS BEEN COMPILED FROM TYPESCRIPT SOURCES. THIS FILE HAS BEEN COMPILED FROM TYPESCRIPT SOURCES.
PLEASE DO NOT MODIFY THIS FILE DIRECTLY AS YOU WILL LOSE YOUR CHANGES WHEN RECOMPILING. PLEASE DO NOT MODIFY THIS FILE DIRECTLY AS YOU WILL LOSE YOUR CHANGES WHEN RECOMPILING.
INSTEAD, EDIT THE TYPESCRIPT SOURCES UNDER THE WWW FOLDER, AND THEN RUN GULP. INSTEAD, EDIT THE TYPESCRIPT SOURCES UNDER THE WWW FOLDER, AND THEN RUN GULP.
FOR MORE INFORMATION, PLEASE SEE CONTRIBUTING.md. FOR MORE INFORMATION, PLEASE SEE CONTRIBUTING.md.
*********************************************************************************************/ *********************************************************************************************/
"use strict"; "use strict";
@ -43,42 +43,40 @@ var LocalPackage = (function (_super) {
Sdk.reportStatusDeploy(_this, AcquisitionStatus.DeploymentFailed, _this.deploymentKey); Sdk.reportStatusDeploy(_this, AcquisitionStatus.DeploymentFailed, _this.deploymentKey);
}; };
var newPackageLocation = LocalPackage.VersionsDir + "/" + this.packageHash; var newPackageLocation = LocalPackage.VersionsDir + "/" + this.packageHash;
var donePackageFileCopy = function (deployDir) { var signatureVerified = function (deployDir) {
_this.localPath = deployDir.fullPath; _this.localPath = deployDir.fullPath;
_this.finishInstall(deployDir, installOptions, installSuccess, installError); _this.finishInstall(deployDir, installOptions, installSuccess, installError);
}; };
var newPackageUnzippedAndVerified = function (error) { var donePackageFileCopy = function (deployDir) {
if (error) { _this.verifyPackage(deployDir, installError, CodePushUtil.getNodeStyleCallbackFor(signatureVerified, installError));
installError && installError(new Error("Could not unzip and verify package. " + CodePushUtil.getErrorMessage(error))); };
var newPackageUnzipped = function (unzipError) {
if (unzipError) {
installError && installError(new Error("Could not unzip package" + CodePushUtil.getErrorMessage(unzipError)));
} }
else { else {
LocalPackage.handleDeployment(newPackageLocation, CodePushUtil.getNodeStyleCallbackFor(donePackageFileCopy, installError)); LocalPackage.handleDeployment(newPackageLocation, CodePushUtil.getNodeStyleCallbackFor(donePackageFileCopy, installError));
} }
}; };
FileUtil.getDataDirectory(LocalPackage.DownloadUnzipDir, false, function (error, directoryEntry) { FileUtil.getDataDirectory(LocalPackage.DownloadUnzipDir, false, function (error, directoryEntry) {
var unzipAndVerifyPackage = function () { var unzipPackage = function () {
FileUtil.getDataDirectory(LocalPackage.DownloadUnzipDir, true, function (innerError, unzipDir) { FileUtil.getDataDirectory(LocalPackage.DownloadUnzipDir, true, function (innerError, unzipDir) {
if (innerError) { if (innerError) {
installError && installError(innerError); installError && installError(innerError);
return; return;
} }
zip.unzip(_this.localPath, unzipDir.toInternalURL(), function (unzipError) { zip.unzip(_this.localPath, unzipDir.toInternalURL(), newPackageUnzipped);
if (unzipError) {
installError && installError(new Error("Could not unzip package. " + CodePushUtil.getErrorMessage(unzipError)));
}
_this.verifyPackage(unzipDir, installError, newPackageUnzippedAndVerified);
});
}); });
}; };
if (!error && !!directoryEntry) { if (!error && !!directoryEntry) {
directoryEntry.removeRecursively(function () { directoryEntry.removeRecursively(function () {
unzipAndVerifyPackage(); unzipPackage();
}, function (cleanupError) { }, function (cleanupError) {
installError && installError(FileUtil.fileErrorToError(cleanupError)); installError && installError(FileUtil.fileErrorToError(cleanupError));
}); });
} }
else { else {
unzipAndVerifyPackage(); unzipPackage();
} }
}); });
} }
@ -98,7 +96,7 @@ var LocalPackage = (function (_super) {
} }
if (!expectedHash) { if (!expectedHash) {
CodePushUtil.logMessage("The update contents succeeded the data integrity check."); CodePushUtil.logMessage("The update contents succeeded the data integrity check.");
callback(null, false); callback(null, unzipDir);
if (contents != null) { if (contents != null) {
CodePushUtil.logMessage("Warning! JWT signature exists in codepush update but code integrity check couldn't be performed because there is no public key configured. \n" + CodePushUtil.logMessage("Warning! JWT signature exists in codepush update but code integrity check couldn't be performed because there is no public key configured. \n" +
"Please ensure that a public key is properly configured within your application."); "Please ensure that a public key is properly configured within your application.");
@ -107,7 +105,7 @@ var LocalPackage = (function (_super) {
} }
if (localHash === expectedHash) { if (localHash === expectedHash) {
CodePushUtil.logMessage("The update contents succeeded the code signing check."); CodePushUtil.logMessage("The update contents succeeded the code signing check.");
callback(null, true); callback(null, unzipDir);
return; return;
} }
installError(new Error("The update contents failed the code signing check.")); installError(new Error("The update contents failed the code signing check."));

13
www/fileUtil.ts
Просмотреть файл

@ -72,7 +72,7 @@ class FileUtil {
callback(null, exists); callback(null, exists);
}); });
} }
/** /**
* Gets a DirectoryEntry based on a path. * Gets a DirectoryEntry based on a path.
*/ */
@ -128,10 +128,9 @@ class FileUtil {
if (i < entries.length) { if (i < entries.length) {
var nextEntry = entries[i++]; var nextEntry = entries[i++];
/* recursively call copyOne on copy success */ /* recursively call copyOne on copy success */
if (nextEntry.name === ".DS_Store" || nextEntry.name === "__MACOSX" || nextEntry.name === ".codepushrelease") { if (nextEntry.name === ".DS_Store" || nextEntry.name === "__MACOSX") {
/* /*
Native-side exception occurs while trying to copy .DS_Store and __MACOSX entries generated by macOS + Native-side exception occurs while trying to copy .DS_Store and __MACOSX entries generated by macOS, so just skip them
code signing jwt file should not be copied, so just skip them
*/ */
copyOne(); copyOne();
} else { } else {
@ -192,7 +191,7 @@ class FileUtil {
} }
/** /**
* Recursively deletes the contents of a directory. * Recursively deletes the contents of a directory.
*/ */
public static deleteDirectory(dirLocation: string, deleteDirCallback: Callback<void>) { public static deleteDirectory(dirLocation: string, deleteDirCallback: Callback<void>) {
FileUtil.getDataDirectory(dirLocation, false, (oldDirError: Error, dirToDelete: DirectoryEntry) => { FileUtil.getDataDirectory(dirLocation, false, (oldDirError: Error, dirToDelete: DirectoryEntry) => {
@ -330,4 +329,4 @@ class FileUtil {
} }
} }
export = FileUtil; export = FileUtil;

31
www/localPackage.ts
Просмотреть файл

@ -66,33 +66,32 @@ class LocalPackage extends Package implements ILocalPackage {
var newPackageLocation = LocalPackage.VersionsDir + "/" + this.packageHash; var newPackageLocation = LocalPackage.VersionsDir + "/" + this.packageHash;
var donePackageFileCopy = (deployDir: DirectoryEntry) => { var signatureVerified = (deployDir: DirectoryEntry) => {
this.localPath = deployDir.fullPath; this.localPath = deployDir.fullPath;
this.finishInstall(deployDir, installOptions, installSuccess, installError); this.finishInstall(deployDir, installOptions, installSuccess, installError);
}; };
var newPackageUnzippedAndVerified: Callback<boolean> = (error) => { var donePackageFileCopy = (deployDir: DirectoryEntry) => {
if (error) { this.verifyPackage(deployDir, installError, CodePushUtil.getNodeStyleCallbackFor<DirectoryEntry>(signatureVerified, installError))
installError && installError(new Error("Could not unzip and verify package. " + CodePushUtil.getErrorMessage(error))); };
var newPackageUnzipped = function (unzipError: Error) {
if (unzipError) {
installError && installError(new Error("Could not unzip package" + CodePushUtil.getErrorMessage(unzipError)));
} else { } else {
LocalPackage.handleDeployment(newPackageLocation, CodePushUtil.getNodeStyleCallbackFor<DirectoryEntry>(donePackageFileCopy, installError)); LocalPackage.handleDeployment(newPackageLocation, CodePushUtil.getNodeStyleCallbackFor<DirectoryEntry>(donePackageFileCopy, installError));
} }
}; };
FileUtil.getDataDirectory(LocalPackage.DownloadUnzipDir, false, (error: Error, directoryEntry: DirectoryEntry) => { FileUtil.getDataDirectory(LocalPackage.DownloadUnzipDir, false, (error: Error, directoryEntry: DirectoryEntry) => {
var unzipAndVerifyPackage = () => { var unzipPackage = () => {
FileUtil.getDataDirectory(LocalPackage.DownloadUnzipDir, true, (innerError: Error, unzipDir: DirectoryEntry) => { FileUtil.getDataDirectory(LocalPackage.DownloadUnzipDir, true, (innerError: Error, unzipDir: DirectoryEntry) => {
if (innerError) { if (innerError) {
installError && installError(innerError); installError && installError(innerError);
return; return;
} }
zip.unzip(this.localPath, unzipDir.toInternalURL(), (unzipError: any) => { zip.unzip(this.localPath, unzipDir.toInternalURL(), newPackageUnzipped);
if (unzipError) {
installError && installError(new Error("Could not unzip package. " + CodePushUtil.getErrorMessage(unzipError)));
}
this.verifyPackage(unzipDir, installError, newPackageUnzippedAndVerified);
});
}); });
}; };
@ -100,12 +99,12 @@ class LocalPackage extends Package implements ILocalPackage {
if (!error && !!directoryEntry) { if (!error && !!directoryEntry) {
/* Unzip directory not clean */ /* Unzip directory not clean */
directoryEntry.removeRecursively(() => { directoryEntry.removeRecursively(() => {
unzipAndVerifyPackage(); unzipPackage();
}, (cleanupError: FileError) => { }, (cleanupError: FileError) => {
installError && installError(FileUtil.fileErrorToError(cleanupError)); installError && installError(FileUtil.fileErrorToError(cleanupError));
}); });
} else { } else {
unzipAndVerifyPackage(); unzipPackage();
} }
}); });
} catch (e) { } catch (e) {
@ -113,7 +112,7 @@ class LocalPackage extends Package implements ILocalPackage {
} }
} }
private verifyPackage(unzipDir: DirectoryEntry, installError: ErrorCallback, callback: Callback<boolean>): void { private verifyPackage(unzipDir: DirectoryEntry, installError: ErrorCallback, callback: Callback<DirectoryEntry>): void {
var packageHashSuccess = (localHash: string) => { var packageHashSuccess = (localHash: string) => {
CodePushUtil.logMessage("Expected hash: " + this.packageHash + ", actual hash: " + localHash); CodePushUtil.logMessage("Expected hash: " + this.packageHash + ", actual hash: " + localHash);
FileUtil.readFile(cordova.file.dataDirectory, unzipDir.fullPath + '/www', '.codepushrelease', (error, contents) => { FileUtil.readFile(cordova.file.dataDirectory, unzipDir.fullPath + '/www', '.codepushrelease', (error, contents) => {
@ -128,7 +127,7 @@ class LocalPackage extends Package implements ILocalPackage {
// -> no code signing // -> no code signing
if (!expectedHash) { if (!expectedHash) {
CodePushUtil.logMessage("The update contents succeeded the data integrity check."); CodePushUtil.logMessage("The update contents succeeded the data integrity check.");
callback(null, false); callback(null, unzipDir);
// .codepushrelease was read but there is no public key in config.xml // .codepushrelease was read but there is no public key in config.xml
if (contents != null) { if (contents != null) {
@ -141,7 +140,7 @@ class LocalPackage extends Package implements ILocalPackage {
// code signing is active, only proceed if the locally computed hash is the same as the one decoded from the JWT // code signing is active, only proceed if the locally computed hash is the same as the one decoded from the JWT
if (localHash === expectedHash) { if (localHash === expectedHash) {
CodePushUtil.logMessage("The update contents succeeded the code signing check."); CodePushUtil.logMessage("The update contents succeeded the code signing check.");
callback(null, true); callback(null, unzipDir);
return; return;
} }