From b37498d5f61faf37c5cbe7ca58f004ceacdffb0f Mon Sep 17 00:00:00 2001 From: Joe Bowser Date: Tue, 14 Oct 2014 10:11:09 -0700 Subject: [PATCH 1/5] Replacing Math.random() with something a little more random. --- framework/src/org/apache/cordova/CordovaBridge.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java index 081127d5..a6ebebbd 100644 --- a/framework/src/org/apache/cordova/CordovaBridge.java +++ b/framework/src/org/apache/cordova/CordovaBridge.java @@ -18,6 +18,8 @@ */ package org.apache.cordova; +import java.security.SecureRandom; + import org.apache.cordova.PluginManager; import org.json.JSONArray; import org.json.JSONException; @@ -107,7 +109,8 @@ public class CordovaBridge { /** Called by cordova.js to initialize the bridge. */ int generateBridgeSecret() { - expectedBridgeSecret = (int)(Math.random() * Integer.MAX_VALUE); + SecureRandom randGen = new SecureRandom(); + expectedBridgeSecret = (int)(randGen.nextInt() * Integer.MAX_VALUE); return expectedBridgeSecret; } From 16343ffe7009dca68af77a53cebb90e76d6a9fe3 Mon Sep 17 00:00:00 2001 From: Joe Bowser Date: Fri, 17 Oct 2014 13:52:33 -0700 Subject: [PATCH 2/5] Undoing change to Math.random() for now, this creates a weird bug --- framework/src/org/apache/cordova/CordovaBridge.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java index a6ebebbd..c007db36 100644 --- a/framework/src/org/apache/cordova/CordovaBridge.java +++ b/framework/src/org/apache/cordova/CordovaBridge.java @@ -109,8 +109,7 @@ public class CordovaBridge { /** Called by cordova.js to initialize the bridge. */ int generateBridgeSecret() { - SecureRandom randGen = new SecureRandom(); - expectedBridgeSecret = (int)(randGen.nextInt() * Integer.MAX_VALUE); + expectedBridgeSecret = (int)(Math.random() * Integer.MAX_VALUE); return expectedBridgeSecret; } From 53dae454308d6a0d03c653f85b330d4678290fab Mon Sep 17 00:00:00 2001 From: Joe Bowser Date: Fri, 17 Oct 2014 15:30:28 -0700 Subject: [PATCH 3/5] Fixed the SecureRandom so it only returns positive values --- framework/src/org/apache/cordova/CordovaBridge.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/framework/src/org/apache/cordova/CordovaBridge.java b/framework/src/org/apache/cordova/CordovaBridge.java index c007db36..c3f10f3b 100644 --- a/framework/src/org/apache/cordova/CordovaBridge.java +++ b/framework/src/org/apache/cordova/CordovaBridge.java @@ -109,7 +109,8 @@ public class CordovaBridge { /** Called by cordova.js to initialize the bridge. */ int generateBridgeSecret() { - expectedBridgeSecret = (int)(Math.random() * Integer.MAX_VALUE); + SecureRandom randGen = new SecureRandom(); + expectedBridgeSecret = randGen.nextInt(Integer.MAX_VALUE); return expectedBridgeSecret; } From 77c51d3ae7ddbd79afe30100600fa5e155bcbaa7 Mon Sep 17 00:00:00 2001 From: Andrew Grieve Date: Tue, 21 Oct 2014 12:43:30 -0400 Subject: [PATCH 4/5] gradle: Allow absolute paths to keystore files --- bin/templates/project/build.gradle | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/bin/templates/project/build.gradle b/bin/templates/project/build.gradle index 2e4d5cbb..974a19f1 100644 --- a/bin/templates/project/build.gradle +++ b/bin/templates/project/build.gradle @@ -180,14 +180,21 @@ def ensureValueExists(filePath, props, key) { def addSigningProps(propsFilePath, signingConfig) { def propsFile = file(propsFilePath) + def props = new Properties() propsFile.withReader { reader -> - def props = new Properties() props.load(reader) - signingConfig.keyAlias = ensureValueExists(propsFilePath, props, 'keyAlias') - signingConfig.keyPassword = props.get('keyPassword') - signingConfig.storeFile = RelativePath.parse(true, ensureValueExists(propsFilePath, props, 'storeFile')).getFile(propsFile.getParentFile()) - signingConfig.storePassword = props.get('storePassword') } + def storeFile = new File(ensureValueExists(propsFilePath, props, 'storeFile')) + if (!storeFile.isAbsolute()) { + storeFile = RelativePath.parse(true, storeFile.toString()).getFile(propsFile.getParentFile()) + } + if (!storeFile.exists()) { + throw new FileNotFoundException('Keystore file does not exist: ' + storeFile.getAbsolutePath()) + } + signingConfig.keyAlias = ensureValueExists(propsFilePath, props, 'keyAlias') + signingConfig.keyPassword = props.get('keyPassword') + signingConfig.storeFile = storeFile + signingConfig.storePassword = props.get('storePassword') } if (file('build-extras.gradle').exists()) { From ce5d9a2ee816ff6f774a0dbfe034be38dc9a0194 Mon Sep 17 00:00:00 2001 From: Andrew Grieve Date: Tue, 21 Oct 2014 12:59:34 -0400 Subject: [PATCH 5/5] gradle: Allow storeType to be set (allows using .p12 files) --- bin/templates/project/build.gradle | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bin/templates/project/build.gradle b/bin/templates/project/build.gradle index 974a19f1..b62a258f 100644 --- a/bin/templates/project/build.gradle +++ b/bin/templates/project/build.gradle @@ -195,6 +195,16 @@ def addSigningProps(propsFilePath, signingConfig) { signingConfig.keyPassword = props.get('keyPassword') signingConfig.storeFile = storeFile signingConfig.storePassword = props.get('storePassword') + def storeType = props.get('storeType') + if (!storeType) { + def filename = storeFile.getName().toLowerCase(); + if (filename.endsWith('.p12') || filename.endsWith('.pfx')) { + storeType = 'pkcs12' + } + } + if (storeType) { + signingConfig.storeType = storeType + } } if (file('build-extras.gradle').exists()) {