## 4.5.1.8

* Feature Additions * Allow for both trusted and untrusted transparent keys for plugins.
deptofdefense · Oct 18, 2024 · f654b5f · f654b5f
2 parents e416920 + 2904a8e
commit f654b5f
Show file tree

Hide file tree

Showing 11 changed files with 104 additions and 41 deletions.
diff --git a/VERSION.md b/VERSION.md
@@ -1,5 +1,10 @@
 # Version History
 
+## 4.5.1.8
+
+* Feature Additions
+  * Allow for both trusted and untrusted transparent keys for plugins.
+
 ## 4.5.1.7
 
 * Bug Fixes

diff --git a/atak/ATAK/app/build.gradle b/atak/ATAK/app/build.gradle
@@ -26,7 +26,7 @@ buildscript {
     apply from: '../../gradle/versions.gradle', to: project
 
     ext.ATAK_VERSION = "4.5.1"
-    ext.ATAK_VERSION_SUBMINOR = ".7"
+    ext.ATAK_VERSION_SUBMINOR = ".8"
 
     ext.isDevKitEnabled = { ->
         return getProperty('takRepoMavenUrl', null) != null &&

diff --git a/atak/ATAK/app/src/main/java/com/atak/plugins/impl/AtakPluginRegistry.java b/atak/ATAK/app/src/main/java/com/atak/plugins/impl/AtakPluginRegistry.java
@@ -2,12 +2,9 @@
 package com.atak.plugins.impl;
 
 import android.annotation.SuppressLint;
-
 import android.content.BroadcastReceiver;
 import android.content.Context;
 import android.content.Intent;
-
-import com.atakmap.android.ipc.AtakBroadcast.DocumentedIntentFilter;
 import android.content.SharedPreferences;
 import android.content.pm.ApplicationInfo;
 import android.content.pm.PackageInfo;
@@ -22,6 +19,7 @@
 import android.view.ViewGroup;
 
 import com.atakmap.android.ipc.AtakBroadcast;
+import com.atakmap.android.ipc.AtakBroadcast.DocumentedIntentFilter;
 import com.atakmap.android.maps.MapActivity;
 import com.atakmap.android.maps.MapView;
 import com.atakmap.android.metrics.MetricsApi;
@@ -72,6 +70,8 @@ public final class AtakPluginRegistry {
     private final AtakMapView atakMapView;
 
     private final static String[] ACCEPTABLE_KEY_LIST = new String[] {
+            "30820617308203ffa003020102021430ef06964292ed5775a5545915fe24c10dccabc1300d06092a864886f70d01010b0500308199310b30090603550406130255533111300f06035504080c0856697267696e69613115301306035504070c0c466f72742042656c766f6972310c300a060355040a0c0354414b31173015060355040b0c0e50726f647563742043656e7465723139303706035504030c3054414b2050726f647563742043656e746572204154414b20556e747275737465642042756e646c652052656c656173653020170d3232303231353137323435305a180f32303532303230383137323435305a308199310b30090603550406130255533111300f06035504080c0856697267696e69613115301306035504070c0c466f72742042656c766f6972310c300a060355040a0c0354414b31173015060355040b0c0e50726f647563742043656e7465723139303706035504030c3054414b2050726f647563742043656e746572204154414b20556e747275737465642042756e646c652052656c6561736530820222300d06092a864886f70d01010105000382020f003082020a0282020100bd499cf539fe32d5218d0a80de29dd9a956e1855d84119492675fd33a48c57d5328d8f19792938bc8d16211777e7d79f9a5b6145dc734abad349e91ee48fcaad027778718481d9bc8431b6d4059b3c79ece573311e77513de16d826578dfc9d43c2936b237c858c3279113eb8d755c1d7855d74a94384488989bcd1cf04f1cd9a289a0a76ee3ee1aa62a3a3ff133c8fff2729949f9179580f9ed5d3965353616b5a8c9c8199d1d1d30d9cebb939affcf0fa0f2554e2ad944d63caf62cd67f35b4566a4a1267088efda6b8a4618acb648a22804516111f8c9298afbb7b8943a61d25e766be09cefefa6fc4cba99bc9fd200d61a8bbd6b3f55a03afe35fb455f0bc46b55c1f3259d318eee5e8224a1ac0ed812eb1dd9af79af15b686a9d793b9b2fc33dd5d8a0a64e2af7821537cbca1ecc574a238f266144b77effa583b5929a9270a6c5b819de345f90a1a3f4082cb094d95a7a28b31f552b7bdd497f6bd4c874f9f406b20a280e9c9cbb2e2f983f4e7e88c9fb81608f3c953ea0c5670016d7f0cd4b1a661d420c00f5019dde9c7ed5bf9f7a744c387147c839dcafccb51cc026654f07d7bd8cd1f3e2521d950ceb87602fb3a98248af6dcd46c9a96cd8b71de93a128e7342e27482f99cdf939bd03d82061fe0b56e4dcff3bd9bd2dbfc3d2aad74505e137539dc5c73aff7be0d074b9cc9166b49b04f334de44a6223c0b8bc10203010001a3533051301d0603551d0e041604148e766b04db181603742ebe47296e0f7ff4719daf301f0603551d230418301680148e766b04db181603742ebe47296e0f7ff4719daf300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038202010016be7b4b0fdb0233235e7387e5e02c7bf2aceb0ad54779f0ef568336352af00e4deb91b9ecf9535b37f92fc33f2f266ad9aa9c7bcd598c2d8436d42964102fb7e9d8ce917b39c389e93c1186145f8f861d95bd4f20f3584a223bf676f91374005ed1ed627a545bf6310426c1a9f83e52450982a57e00c213d0a07e2a0774fa8ec428fbf8b4fec3764fb8801b09f2c97e7995c6a2da8c012fab47df6e28476bc786402e8b0a96702b60d97b10ea7a2c6e3d6c6a29d7e1ae0b7c2a2aa1d78c0c1102388fa1ca133a18c670617700527a1e17d882db883b704afc22b8cd48983ad67c9d25ea25f26eceeb9b114a9d8295407ad63a3054dce29f3fc4d2a9cb76fdab7883a60fc6a22b223f05346efcefcf77968e64adf041bbabea31575df873b566276d35e2869d527088070c26678bf84a4824dec1a682e80c711569cf9a538931e097d281e3c73eb826f8e5e84eff6be3bff4820c1fc0affb98606505f58d39e56ce8550a3e37dd5b7677bcedf9ff9a6a65d922be8b7dbdac822f105e98475d16ec6a66926eeb5fa61248d3cabb0d590221e797fd13a84d9dc84d98a8e3abe274c9861946f28ace944400fc101c928faf5bc1d3655c6cbd5bed1647c0572ba4eb2c21dc1175194bac3ef1eb2469f6523121f80a0d1909d9c5d69f3aeba145379ee7990e34cc4b507b880fce895cbb08a78000b4fb29c5269395ee49496a3ba48a",
+            "30820613308203fba00302010202144aec2ed8a9712e8901bd89a4c270abf5768ee0f3300d06092a864886f70d01010b0500308197310b30090603550406130255533111300f06035504080c0856697267696e69613115301306035504070c0c466f72742042656c766f6972310c300a060355040a0c0354414b31173015060355040b0c0e50726f647563742043656e7465723137303506035504030c2e54414b2050726f647563742043656e746572204154414b20547275737465642042756e646c652052656c656173653020170d3232303231363232313033345a180f32303532303230393232313033345a308197310b30090603550406130255533111300f06035504080c0856697267696e69613115301306035504070c0c466f72742042656c766f6972310c300a060355040a0c0354414b31173015060355040b0c0e50726f647563742043656e7465723137303506035504030c2e54414b2050726f647563742043656e746572204154414b20547275737465642042756e646c652052656c6561736530820222300d06092a864886f70d01010105000382020f003082020a0282020100d1b8096cf83b498493ea982354d822d8f31677317e8bfe9802bf22a633c139a61668aae4ee3a71a981b0978697b4d8438856820dfe86cce97d6f123c72a19e28dac1457d12652e3209670b7680c7dd6136eef71411a32f058b1c5ea717b6fc1b820218a8cb55d56595d1eaa1714b4ebfb939c9e1450fce186be162a272684b38b49458ce80c9f2b547f6d39734dff32dc55449b992d252e0af911c78fb3251730cb5c35daff74b77c56bd97a0a4251678aeb618f3689cbc53ba8ea7bff60b9e9a0f288d668d50546dc8a9e3322f4d6d16bb204f939848a2c8307c9228271730d96474feea1016d939f4094690e4d520839e4d74800ae9e28c42032d2ba9f7128f8c48de18c9581a9cfad5b62b2eac44ea77cf24750c74964c4be91f073ceb09142662a69178f379f78e30ff80b7e1aa0378d73c13a94573f8f66a47bd22d02a27538a4155032a07f8321938f38986aa15361acf320a22e6c5657e611e314e3029e48f92094fbe6b2abe5ddc86bdb6f071e898c53d95c755c9985c2e7da341d75963198b1eeb9f2bfa0f6a6add03091ec4ce10f34d0bc23593b3478cd9b4f42f863f998c5fd34e69facd2793ce6fa1463a3d40b117905de53c2729b56ff2c12d3647487fe60f4afcfa21f8f1a70d2d13795db7823c374f70073410bd46f187081d95a92fbfaeb9f0502b97b20e16201d48341dc0520a06029014376f9325bc22d0203010001a3533051301d0603551d0e041604149cda2e93cb9d6395b13a739e6f630a609ea37369301f0603551d230418301680149cda2e93cb9d6395b13a739e6f630a609ea37369300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038202010056666b2320bac33947f2edc1e494cacfb4187e42a4c970a0d549ac7960963c3c421208815cb00b089ce74c1e28fbd9623b90f8ebbe5c08f09f96033c76c7056473c67b55657d3027196f0eb44740fb6b40dcabd3d83485186cabd8257248ea7f391ccdec75c09a949393476467bbe82fb5daf45b7bdf12434e3bf3d310c3ef1fa6e7c9273aadef78e79883d5d422c879b774542d84a4dbfbed9428a430c5b906ca1ea02c91a9145deed620a949353fe17cf6553d394fdb2ec9944b33a42a8bbe795a7a42a5c47d68425739b373587232666d99217fc5e5dd2ff5afd83b8944667b406b22cd317e7e9d0a0c428af2777daa341b58421d058ba45e3bc1cca188b7382767df1f22f9765ad659472913dc731d3df659362043f214e2de41c802863b8ae64051cebca19aaad09f33ec21c58a51aa565208d3fc5c8fea91f1d2d0ebbc391a6ae2fef1930940a701078614d98a6712371455d4765bbe7f94d078965669beab6c8dcdd4971a1d69defe26db90c648df4e81a777cc56b81709b73d6227cce602843f38e5c01483888216ad067a87c2834e14eb2a9301e5d31db3a800cfb3d95d7bc11d3bdda3bf9415066df727b7fb822a5f0dbb668690984a4140fc886b61253544c2905ccbea05991ec45640bcbc099bb03c8cb2d031f3deacd1f80903be7322457e27ed7f8f0580df7da8a6929a18a3807b9542a99451f8b2089ce303",
             "3082037130820259a00302010202047112d53a300d06092a864886f70d01010b05003069310b3009060355040613025553310b3009060355040813025641311330110603550407130a46742042656c766f69723110300e060355040a130755532041726d7931153013060355040b130c4e6574742057617272696f72310f300d06035504031306436869726f6e301e170d3137303132333135313835395a170d3432303131373135313835395a3069310b3009060355040613025553310b3009060355040813025641311330110603550407130a46742042656c766f69723110300e060355040a130755532041726d7931153013060355040b130c4e6574742057617272696f72310f300d06035504031306436869726f6e30820122300d06092a864886f70d01010105000382010f003082010a0282010100848d4e32ef5abe3faffaba91ef5bdfb00f6087efdd89fe7e36d8ac74284b482f0a403636edd2d6ab6493b9ecf5788a96bafdc91ff1168e4db8c05f57d9f1868c5e31b4ce088efc1b920131df7a99e223a3f20c651c50cdd4565040a2dbc11a745f76ccde21fd780b6755fbff7bed30829f4d32549f2c2a75dd57c0c386bd50a956101776a1614908cecf44ce07c2ef5247708d098d534787d3c495db85fbd7552e2bf6ef981cbfaf225b20f0e3964e8f6e798fccda73df91e025507ee118296581f32e2d18d2650f050a6fbcb13ba53ff1921a769c7b7de86a701862cf5524422012d6f1cb311f89f1937e42bf9f35ca1226d97a40a3a8a1d663f51d75daf38b0203010001a321301f301d0603551d0e0416041461a39efde992f22585609192fc6bd2838ed34171300d06092a864886f70d01010b050003820101000f3610c512a9494687d701806ae01685a8dc92b58f4e07e55b42b4fb5ca36aa8537bea496f27c4e0fabd04b633c1e7ad5dccafe86d38a4fac6698f22680f45edf160f55937ae335aa81d907fb8ba3130cf50f0c5a547c4c0984f2e8b76aa9bc11b247348eff41665abe8831d126cc52261b8352e9c9098b474ee2f8b17fec50333998b7f90bba9c4836a8105212f41a964f60425ec36be2c6cca31619745d4d37b57d1ad7e09a4a4d124e7c60b9530681738f6221a4da00ad5962b9ee0f4ee7f97135f5f515118b79dfad7dc183c16f186986f2b253ceca18d7a332399a63704e028e209cc23f89d9bb4edbdaff4cfd36767602ae746364b18a89a1d7f05b36e",
             "3082030d308201f5a00302010202044fce2f46300d06092a864886f70d01010b05003037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f6964204465627567301e170d3133303132323135323932395a170d3134303132323135323932395a3037310b30090603550406130255533110300e060355040a1307416e64726f6964311630140603550403130d416e64726f696420446562756730820122300d06092a864886f70d01010105000382010f003082010a02820101009b715652725d49cd5ce8e52c3c1dfa77b60861e23a787c8d1dd4b980596ef7fa9e843500ec7dbf883416e58b5e43fd58eb0faeb5412717629b033b28e3760650c88e635f54538af20c52289087b895f175bf0ccb8135c83e0db8c08dd58f4262881317ae88b659d7e73fdc5d3c3cc96b1e0d2a957ceec45632870a23e794e0b403047a9265e74e115f9af6a18d747cc45c4591fd0bf6f6e5fcd5d305b4f6b1cd392d71ecb6428c7ccf4f3cef96a0dce499bb24ff888319fabc5aa2163ae723637f20e79f14037c20854b305b39f0f2106831c9e4145857f987d6c8fedf7e5bf9b4f0fd3662bf1761f301ded0550ad7f1172394035b9e5ba8d7a8384f00555bf50203010001a321301f301d0603551d0e04160414b4531a77e455c714390e73ff7f828179f97c2c41300d06092a864886f70d01010b0500038201010082b47e77b10ed6262c936f66d16affb6607668d62b87ce1399ddcfcebce67f92c2630352bf0b7685610cac1ad97c0b3cfd0fc1c24842cfb0f839ea49b952b7f0b12121aed87b19a7944d2b24cb6a373a651ac9919164826961dc35a37061874940afcafad1f8466caf08f4b405634afa3723f59ca22ff8bcb66a30794d74b08e62ed213eabbdea6260b5cb2fc8844d21f196636fba1cea077a51a969193d99fbca156298a18909cfc16511708317b684e0d3744217d05276aaf71cac68063bd0c58d7097d9f5ebbd3d9cd0faed8744222422bb3572acab31e67bbcaf1f290d7f56d2a54d2d39ca04338f7e426556a6e3271d3f68e88ca1140e49b46d8dd497fb",
             "3082038930820271a00302010202040885ec68300d06092a864886f70d01010b05003075310b30090603550406130255533110300e06035504081307556e6b6e6f776e311430120603550407130b726170746f72782e6f72673110300e060355040a1307526170746f7258311a3018060355040b1311526170746f7220436f6e736f727469756d3110300e06035504031307556e6b6e6f776e301e170d3137303531373230303533325a170d3434313030323230303533325a3075310b30090603550406130255533110300e06035504081307556e6b6e6f776e311430120603550407130b726170746f72782e6f72673110300e060355040a1307526170746f7258311a3018060355040b1311526170746f7220436f6e736f727469756d3110300e06035504031307556e6b6e6f776e30820122300d06092a864886f70d01010105000382010f003082010a0282010100a23b3a0d799312fc4e9d6c842e2778f378b873b71dd041aa438903e08c77a387e446c72f626f7766cd90dfe5aeb2d9d1ab997bc70de0d2c338925991de0511547e78b70b77b99a29af71baa8cef3dd9cedd88a13ac0c0cfeef30d33890eff178d992168aeb13272833e8aea6c3c698e09e6789bc9d8d2373b3a13e7ab75f710cacff3c0e7fe1d06a191d73f990554d84ef8da2784388ccacdaacb366bd4acae5c646bdf68b822804a7dfff0e7a4887579719b7badce060710847b0a652895d2ea11107f92d5fef8efb9677a19bb1f0cd8e572b97a92fcf0b9952ce7f41784783521ec373920c55e4292030df3c0fcf3dd1ace8267ec71f868d62f0c5f58f908b0203010001a321301f301d0603551d0e04160414c414ae3840cc708132c2b8b4ac981f7c3bf35a87300d06092a864886f70d01010b05000382010100a0be7e78c323bf5d68db99280bce6392f3315bc0bced005793055e791c052a5d12aeedee2c743da05e6409e24cbbb84ad4d50c2b0bae9bb930187875b928cb59b46e429f28d9306a476fb1679849e5bd8f274d7717e84fa05c3845d582616960f7863ee7b901793ad0869b236de36fb0ed265e2c16e6ac9aeb211b620393db310b9bae158e3551953548dd4b7d4e2425f283ae8ff67221d96bfc92610de4e49989cc398a3e077ecaad3b1b4002d49ccc0badfc626502aa98dbc1d73ef2227b63562891575cd2c5c91c6915b5394cb3b342b74838f069af219501fd827e296e3eb7e28ec273ad0340e05e0a9782fb2a4e080cc7ffc51503bb95f3940c3a9b8ee0",
@@ -232,21 +232,37 @@ public static boolean verifySignature(final Context context,
      */
     public static boolean verifyTrust(final Context context,
             final String pkgname) {
+        final String[] trustedShortHash = new String[] {"213df7e", "f05b36e", "a9b8ee0", "089ce303"};
+        final List<String> trustedKeys = new ArrayList<>(trustedShortHash.length);
+        for(String publicKey : ACCEPTABLE_KEY_LIST) {
+            for(String shortHash : trustedShortHash) {
+                if(publicKey.endsWith(shortHash)) {
+                    trustedKeys.add(publicKey);
+                }
+            }
+        }
         try {
             final PackageManager pm = context.getPackageManager();
             final PackageInfo pi = pm.getPackageInfo(pkgname,
                     PackageManager.GET_SIGNATURES);
             for (final Signature sig : pi.signatures) {
                 final String val = sig.toCharsString();
-                if (val.endsWith("213df7e") || val.endsWith("f05b36e") ||
-                        val.endsWith("a9b8ee0"))
-                    return true;
+                for(String trustedKey : trustedKeys) {
+                    if (val.equals(trustedKey))
+                        return true;
+                }
             }
 
         } catch (Exception ignored) {
         }
 
-        if (PluginValidator.checkAppTransparencySignature(context, pkgname, ACCEPTABLE_KEY_LIST))
+
+        // Need to perform both a check against the wider acceptable key list in order to properly
+        // cache the case where a public key in the acceptable key list verifies the validity of the
+        // app transparency signature/message.  Then check the much more narrow scoped keys to see
+        // if it is trusted.
+        if (PluginValidator.checkAppTransparencySignature(context, pkgname, ACCEPTABLE_KEY_LIST) &&
+                PluginValidator.checkAppTransparencySignature(context, pkgname, (String[])trustedKeys.toArray(new String[0])))
             return true;
 
         return false;