Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(548)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2160193002: Verify intent signatures. (Closed)

Created:
4 years, 5 months ago by xiaohai
Modified:
4 years, 5 months ago
CC:
chromium-reviews
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

I have moved to https://codereview.chromium.org/2167573003/, according to Roslyn's advice . code will be updated at new issue. Thanks for understanding. quote" > I recommend that you re-upload the patch with your @alibaba-inc.com email. > Alibaba employees are already allowed to submit patches to Chromium. If you must > use your @gmail.com email, then please sign the individual agreement in > https://cla.developers.google.com/. > > Whichever method your choose, please put your email address and name in the > AUTHORS file: > > https://cs.chromium.org/chromium/src/AUTHORS " ######## Verify intent signatures. This patch adds one step to verify the signature in intent for chrome while the intent has a scheme for the app. To test, start a website which contains a scheme intent in chrome, one intent case contains official app signature, it can start activity in app, and one another intent case contains fake app signature, chrome won't start activity of the fake app. For example, original intent: intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;package=com.eg.oandroid.AlipayGphone;end More secure intent (additional sha256): intent://platformapi/startapp?appId=20000001&_t=1468848794586#Intent;scheme=alipays;sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A;package=com.eg.android.AlipayGphone;end And we now extend this feature to support apps contain more than one signature. sha256 param in intent scheme can concat by "," as same package name and "|" as intended target app. such as sha256=389B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A,123449F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF498A|5B9B49F7832F53E9017923220AA85E14DFAA4886ECD7428818BF339543CF499F; BUG=629713

Patch Set 1 #

Patch Set 2 : Add one step to verify the signature in intent for chrome while the intent has a scheme for the app. #

Patch Set 3 : add author #

Patch Set 4 : add catch clause for computeNormalizedSha256Fingerprint exception #

Patch Set 5 : fix bug and support multi keystores for one app #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+114 lines, -1 line) Patch
M AUTHORS View 1 2 1 chunk +1 line, -0 lines 1 comment Download
M chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationDelegate.java View 2 chunks +6 lines, -1 line 0 comments Download
M chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationDelegateImpl.java View 1 chunk +5 lines, -0 lines 0 comments Download
M chrome/android/java/src/org/chromium/chrome/browser/externalnav/ExternalNavigationHandler.java View 1 2 3 4 4 chunks +102 lines, -0 lines 0 comments Download

Messages

Total messages: 13 (10 generated)
please use gerrit instead
https://codereview.chromium.org/2160193002/diff/80001/AUTHORS File AUTHORS (right): https://codereview.chromium.org/2160193002/diff/80001/AUTHORS#newcode725 AUTHORS:725: Jiajia Li <jiajia.lijj@alipay.com> This email address should match the ...
4 years, 5 months ago (2016-07-19 15:41:16 UTC) #4
please use gerrit instead
I am not able to view http://crbug.com/629055. Can you open up the permissions to reviewers? ...
4 years, 5 months ago (2016-07-19 15:47:35 UTC) #7
jiajia
4 years, 5 months ago (2016-07-20 02:25:43 UTC) #9 
On 2016/07/19 15:47:35, Rouslan (ツ) wrote:
> I am not able to view http://crbug.com/629055. Can you open up the permissions
> to reviewers? You can do this by adding the reviewer emails to CC list.

Hi , I changed author email to my own and moved to new issue at
https://codereview.chromium.org/2167573003/.
Also I change a new bug issue. You can check it at codereview.

Powered by Google App Engine
This is Rietveld 408576698