fixup! fixup! Add info.xml

nextcloud · Jan 8, 2021 · 73389ed · 73389ed
1 parent 4c33541
commit 73389ed
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 14 deletions.
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php
@@ -243,17 +243,17 @@ private function createSignatureData(array $hashes,
 		$privateKey->setHash('sha1');
 		// See https://tools.ietf.org/html/rfc3447#page-38
 		$privateKey->setSaltLength(0);
-		$signature = $privateKey->sign(json_encode($hashes));
+		$sha1signature = $privateKey->sign(json_encode($hashes));
 
 		$privateKey->setHash('sha512');
-		$newSignature = $privateKey->sign(json_encode($hashes));
+		$sha512signature = $privateKey->sign(json_encode($hashes));
 
 		return [
 			'hashes' => $hashes,
-			'signature' => base64_encode($signature),
+			'signature' => base64_encode($sha1signature),
 			'signatures' => [
-				'sha1' => base64_encode($signature),
-				'sha512' => base64_encode($newSignature),
+				'sha1' => base64_encode($sha1signature),
+				'sha512' => base64_encode($sha512signature),
 			],
 			'certificate' => $certificate->saveX509($certificate->currentCert),
 		];
@@ -324,11 +324,12 @@ public function writeCoreSignature(X509 $certificate,
 	 * @param string $signaturePath
 	 * @param string $basePath
 	 * @param string $certificateCN
+	 * @param string|null $forceHash
 	 * @return array
 	 * @throws InvalidSignatureException
 	 * @throws \Exception
 	 */
-	private function verify(string $signaturePath, string $basePath, string $certificateCN, bool $forceNewHash = false): array {
+	private function verify(string $signaturePath, string $basePath, string $certificateCN, ?string $forceHash = null): array {
 		if (!$this->isCodeCheckEnforced()) {
 			return [];
 		}
@@ -370,10 +371,10 @@ private function verify(string $signaturePath, string $basePath, string $certifi
 		// See https://tools.ietf.org/html/rfc3447#page-38
 		$rsa->setSaltLength(0);
 
-		if ($forceNewHash || isset($signatureData['signatures'])) {
+		if ($forceHash && isset($signatureData['signatures'][$forceHash])) {
 			// Check the sha512 hash
-			$rsa->setHash('sha512');
-			if (!$rsa->verify(json_encode($expectedHashes), base64_decode($signatureData['signatures']['sha512']))) {
+			$rsa->setHash($forceHash);
+			if (!$rsa->verify(json_encode($expectedHashes), base64_decode($signatureData['signatures'][$forceHash]))) {
 				throw new InvalidSignatureException('Signature could not get verified.');
 			}
 		} else {
@@ -527,16 +528,16 @@ public function verifyAppSignature(string $appId, string $path = ''): array {
 			}
 
 			$minVersion = $this->infoParser->getMinVersion($path . '/appinfo/info.xml');
-			$forceNewHashed = false;
-			if ($minVersion >= 21) {
-				$forceNewHashed = true;
+			$forceHash = null;
+			if ($minVersion >= 22) {
+				$forceHash = 'sha512';
 			}
 
 			$result = $this->verify(
 				$path . '/appinfo/signature.json',
 				$path,
 				$appId,
-				$forceNewHashed
+				$forceHash
 			);
 		} catch (\Exception $e) {
 			$result = [
@@ -587,7 +588,7 @@ public function verifyCoreSignature(): array {
 				$this->environmentHelper->getServerRoot() . '/core/signature.json',
 				$this->environmentHelper->getServerRoot(),
 				'core',
-				true
+				'sha512'
 			);
 		} catch (\Exception $e) {
 			$result = [

diff --git a/lib/private/IntegrityCheck/Helpers/InfoParser.php b/lib/private/IntegrityCheck/Helpers/InfoParser.php
@@ -1,4 +1,5 @@
 <?php
+
 declare(strict_types=1);
 
 /**
-Original file line number
+Diff line change
@@ -1,4 +1,5 @@
     <?php
     declare(strict_types=1);
     /**
@@ Expand Down @@