From 6f388aa55a63ac34acb9840b69648e49154ec8d1 Mon Sep 17 00:00:00 2001 From: mascot6699 Date: Fri, 17 Jan 2020 15:19:44 +0000 Subject: [PATCH] Add crc32 for jsFile included for tamperproofing --- .../main/java/com/crux/sdk/bridge/CruxJSBridge.java | 6 +++++- .../main/java/com/crux/sdk/bridge/GenericUtils.java | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/sdk/src/main/java/com/crux/sdk/bridge/CruxJSBridge.java b/sdk/src/main/java/com/crux/sdk/bridge/CruxJSBridge.java index 2400f3d..5a770a0 100644 --- a/sdk/src/main/java/com/crux/sdk/bridge/CruxJSBridge.java +++ b/sdk/src/main/java/com/crux/sdk/bridge/CruxJSBridge.java @@ -18,6 +18,7 @@ public class CruxJSBridge { private final JSContext jsContext; private JSObject jsClient; private final String cruxJsFileName = "cruxpay-0.1.9.js"; + private final Long cruxJsFileCheckSum = new Long(349195419); public CruxJSBridge(CruxClientInitConfig.Builder configBuilder, Context androidContextObject) throws IOException, CruxClientError { @@ -45,8 +46,11 @@ private void prepareCruxClientInitConfig(CruxClientInitConfig.Builder configBuil configBuilder = null; } - private JSContext getContextForClient(Context androidContextObject) throws IOException { + private JSContext getContextForClient(Context androidContextObject) throws IOException, CruxClientError { String sdkFile = GenericUtils.getFromFile(androidContextObject, cruxJsFileName); + if (GenericUtils.crc32(sdkFile) != cruxJsFileCheckSum) { + throw CruxClientError.getCruxClientError(AndroidCruxClientErrorCode.runningInUnsafeEnvironment); + } JSContext jsContext = new JSContext(); JSPolyFill.fixConsoleLog(jsContext); JSPolyFill.addFetch(jsContext, androidContextObject); diff --git a/sdk/src/main/java/com/crux/sdk/bridge/GenericUtils.java b/sdk/src/main/java/com/crux/sdk/bridge/GenericUtils.java index f652403..27819c1 100644 --- a/sdk/src/main/java/com/crux/sdk/bridge/GenericUtils.java +++ b/sdk/src/main/java/com/crux/sdk/bridge/GenericUtils.java @@ -11,6 +11,8 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.util.Arrays; +import java.util.zip.CRC32; +import java.util.zip.Checksum; import org.liquidplayer.javascript.JSValue; @@ -47,5 +49,13 @@ else if (val.isObject()) return null; } + public static long crc32(String input) { + byte[] bytes = input.getBytes(); + Checksum checksum = new CRC32(); // java.util.zip.CRC32 + checksum.update(bytes, 0, bytes.length); + + return checksum.getValue(); + } + }