DescriptionI have moved to https://codereview.chromium.org/2167573003/, according to Roslyn's advice .
code will be updated at new issue.
Thanks for understanding.
quote"
> I recommend that you re-upload the patch with your @alibaba-inc.com email.
> Alibaba employees are already allowed to submit patches to Chromium. If you
must
> use your @gmail.com email, then please sign the individual agreement in
> https://cla.developers.google.com/.
>
> Whichever method your choose, please put your email address and name in the
> AUTHORS file:
>
> https://cs.chromium.org/chromium/src/AUTHORS
"
########
Verify intent signatures.
This patch adds one step to verify the signature in intent
for chrome while the intent has a scheme for the app.
To test, start a website which contains a scheme intent in
chrome, one intent case contains official app signature,
it can start activity in app, and one another intent case
contains fake app signature, chrome won't start activity of
the fake app.
For example, original intent:
intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end
More secure intent (additional sha256):
intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end
And we now extend this feature to support apps contain more than one signature.
sha256 param in intent scheme can concat by "," as same package name and "|" as intended target app.
such as sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A,123449F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A|5B9B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF499F;
BUG=629713
Patch Set 1 #Patch Set 2 : Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. #Patch Set 3 : add author #Patch Set 4 : add catch clause for computeNormalizedSha256Fingerprint exception #Patch Set 5 : fix bug and support multi keystores for one app #
Total comments: 1
Messages
Total messages: 13 (10 generated)
|