public/cordova-plugin-cescit-integrity
public/cordova-plugin-cescit-integrity
9
0
Fork 0
forked from github/cordova-plugin-cescit-integrity
Code Pull Requests Activity

完成插件改造.抽取验证接口地址为变量

Browse Source
This commit is contained in:
范大德 2023-10-24 13:03:14 +08:00
parent df0b9a91d7
commit 9e31998f5e
5 changed files with 56 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
plugin.xml
View File

@ -15,6 +15,7 @@
<js-module src="www/AntiTampering.js" name="CescitIntegrity">
<clobbers target="cordova.plugins.CescitIntegrity" />
</js-module>
<preference name="APK_HASH_URL"/>
<!-- <hook type="after_prepare" src="scripts/clear_hashes.js" /> -->
<!-- <hook type="before_run" src="scripts/clear_hashes.js" /> -->
@ -32,6 +33,9 @@
<param name="onload" value="true" />
</feature>
</config-file>
<config-file target="AndroidManifest.xml" parent="/manifest/application">
<meta-data android:name="APK_HASH_URL" android:value="$APK_HASH_URL" />
</config-file>
<source-file src="src/android/com/cescit/integrity/Config.java" target-dir="src/com/cescit/integrity" />
<source-file src="src/android/com/cescit/integrity/CescitIntegrity.java" target-dir="src/com/cescit/integrity" />

4
src/android/com/cescit/integrity/ApkIntegrity.java
View File

@ -18,7 +18,6 @@ import java.nio.charset.StandardCharsets;
class ApkIntegrity {
private static final String MESSAGE_DIGEST_ALGORITHM = "SHA-256";
private static final String ASSETS_BASE_PATH = "";
// Collections.unmodifiableMap 使得返回的内容只能只读访问
private static final Map<String, String> hashList = Collections.unmodifiableMap(
@ -28,7 +27,8 @@ class ApkIntegrity {
public static JSONObject check(Context context) throws Exception {
JSONObject result = new JSONObject();
Map<String, String> nowHashList = getHashMap(context);
String ret = HttpUtil.getHttpRequestData((String) Config.getConfig("APK_HASH_URL"));
String ret = HttpUtil.getHttpRequestData(Config.getConfig(context,"APK_HASH_URL"),Config.getHeader(context));
JSONObject obj = new JSONObject(ret);
String upHash = obj.getString("apk");
String nowHash = nowHashList.get("apk");

9
src/android/com/cescit/integrity/CescitIntegrity.java
View File

@ -29,7 +29,7 @@ public class CescitIntegrity extends CordovaPlugin {
@Override
public void run () {
try {
String ret = HttpUtil.getHttpRequestData((String) Config.getConfig("APK_HASH_URL"));
String ret = HttpUtil.getHttpRequestData(Config.getConfig(context,"APK_HASH_URL"),Config.getHeader(context));
JSONObject obj = new JSONObject(ret);
if(obj.getBoolean("ApkIntegrity")) {
ApkIntegrity.check(context);
@ -39,9 +39,12 @@ public class CescitIntegrity extends CordovaPlugin {
}
if(obj.getBoolean("AssetsIntegrity")) {
AssetsIntegrity.check(context);
}
}
if(obj.getBoolean("DebugDetection")) {
DebugDetection.check(context.getPackageName());
}
} catch (final Exception e) {
e.printStackTrace();
//e.printStackTrace();
throw new TamperingException("Anti-Tampering check failed");
}
}

26
src/android/com/cescit/integrity/Config.java
View File

@ -2,19 +2,23 @@ package com.cescit.integrity;
import java.util.HashMap;
import java.util.Map;
import android.content.pm.PackageManager;
import android.content.Context;
import android.content.pm.ApplicationInfo;
class Config {
private static final String APK_HASH_URL = "http://webf.cewater.com.cn/apk-hash/jm.json";
private static final Map<String,String> headers = new HashMap<String,String>();
// 获取配置
public static <T> T getConfig(String key) throws Exception{
// res资源路径文件hash键值对
Map<String, T> config = new HashMap<String,T>();
config.put("APK_HASH_URL", (T) APK_HASH_URL);
T result = null;
for(String configKey : config.keySet()){
result = config.get(configKey);
}
return (T) result;
public static String getConfig(Context context,String key) throws Exception{
ApplicationInfo appInfo = context.getPackageManager()
.getApplicationInfo(context.getPackageName(), PackageManager.GET_META_DATA);
return appInfo.metaData.getString(key);
}
}
public static Map<String,String> getHeader(Context context) throws PackageManager.NameNotFoundException {
PackageManager packageManager = context.getPackageManager();
headers.put("version", packageManager.getPackageInfo(context.getPackageName(), 0).versionName);
return headers;
}
}

46
src/android/com/cescit/integrity/HttpUtil.java
View File

@ -1,37 +1,45 @@
package com.cescit.integrity;
import org.json.JSONException;
import org.json.JSONObject;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Map;
public class HttpUtil {
public static String getHttpRequestData(String urlPath) {
public static String getHttpRequestData(String urlPath,Map<String,String>header) {
// 首先抓取异常并处理
String returnString = "";
try{
// 代码实现以GET请求方式为主,POST跳过
/** 1 GET方式请求数据 start*/
// 1 创建URL对象,接收用户传递访问地址对象链接
URL url = new URL(urlPath);
// 2 打开用户传递URL参数地址
HttpURLConnection connect = (HttpURLConnection) url.openConnection();
// 3 设置HTTP请求的一些参数信息
connect.setRequestMethod("GET"); // 参数必须大写
if(header!=null && header.isEmpty()){
for(String key:header.keySet()){
connect.setRequestProperty(key, header.get(key));
}
}
connect.connect();
// 4 获取URL请求到的数据并创建数据流接收
InputStream isString = connect.getInputStream();
// 5 构建一个字符流缓冲对象,承载URL读取到的数据
BufferedReader isRead = new BufferedReader(new InputStreamReader(isString));
// 6 输出打印获取到的文件流
String str = "";
while ((str = isRead.readLine()) != null) {
@ -40,19 +48,23 @@ public class HttpUtil {
// System.out.println(str);
returnString += str;
}
// 7 关闭流
isString.close();
connect.disconnect();
// 8 JSON转List对象
// do somthings
}catch(Exception e){
e.printStackTrace();
try {
JSONObject jsonObject = new JSONObject();
jsonObject.put("ResIntegrity",true);
jsonObject.put("AssetsIntegrity",true);
jsonObject.put("DebugDetection",true);
return jsonObject.toString();
} catch (JSONException jsonException) {
}
}
return returnString;
}
}
}
}