Add ApkHashExtractor

Author: lfkellogg

firebase-appdistribution/src/main/java/com/google/firebase/appdistribution/impl/ApkHashExtractor.java

@@ -0,0 +1,140 @@
+package com.google.firebase.appdistribution.impl;
+
+import static com.google.firebase.appdistribution.impl.ReleaseIdentificationUtils.getPackageInfoWithMetadata;
+
+import android.content.Context;
+import android.content.pm.PackageInfo;
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import androidx.annotation.VisibleForTesting;
+import com.google.firebase.appdistribution.FirebaseAppDistributionException;
+import com.google.firebase.appdistribution.FirebaseAppDistributionException.Status;
+import java.io.File;
+import java.io.IOException;
+import java.nio.ByteBuffer;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.ConcurrentMap;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipFile;
+
+/** Extracts a hash of the installed APK. */
+class ApkHashExtractor {
+
+  private static final String TAG = "ApkHashExtractor:";
+  private static final int BYTES_IN_LONG = 8;
+
+  private final ConcurrentMap<String, String> cachedApkHashes = new ConcurrentHashMap<>();
+  private Context applicationContext;
+
+  ApkHashExtractor(Context applicationContext) {
+    this.applicationContext = applicationContext;
+  }
+
+  /**
+   * Extract the SHA-256 hash of the installed APK.
+   *
+   * <p>The result is stored in an in-memory cache to avoid computing it repeatedly.
+   */
+  String extractApkHash() throws FirebaseAppDistributionException {
+    PackageInfo metadataPackageInfo = getPackageInfoWithMetadata(applicationContext);
+    String installedReleaseApkHash = extractApkHash(metadataPackageInfo);
+    if (installedReleaseApkHash == null || installedReleaseApkHash.isEmpty()) {
+      throw new FirebaseAppDistributionException(
+          "Could not calculate hash of installed APK", Status.UNKNOWN);
+    }
+    return installedReleaseApkHash;
+  }
+
+  @VisibleForTesting
+  String extractApkHash(PackageInfo packageInfo) {
+    File sourceFile = new File(packageInfo.applicationInfo.sourceDir);
+
+    String key =
+        String.format(
+            Locale.ENGLISH, "%s.%d", sourceFile.getAbsolutePath(), sourceFile.lastModified());
+    if (!cachedApkHashes.containsKey(key)) {
+      cachedApkHashes.put(key, calculateApkHash(sourceFile));
+    }
+    return cachedApkHashes.get(key);
+  }
+
+  @Nullable
+  String calculateApkHash(@NonNull File file) {
+    LogWrapper.getInstance().v(TAG + "Calculating release id for " + file.getPath());
+    LogWrapper.getInstance().v(TAG + "File size: " + file.length());
+
+    long start = System.currentTimeMillis();
+    long entries = 0;
+    String zipFingerprint = null;
+    try {
+      MessageDigest digest = MessageDigest.getInstance("SHA-256");
+      ArrayList<Byte> checksums = new ArrayList<>();
+
+      // Since calculating the codeHash returned from the release backend is computationally
+      // expensive, we has the existing checksum data from the ZipFile and compare it to
+      // (1) the apk hash returned by the backend, or (2) look up a mapping from the apk zip hash to
+      // the
+      // full codehash, and compare that to the codehash to the backend
+      ZipFile zis = new ZipFile(file);
+      try {
+        Enumeration<? extends ZipEntry> zipEntries = zis.entries();
+        while (zipEntries.hasMoreElements()) {
+          ZipEntry zip = zipEntries.nextElement();
+          entries += 1;
+          byte[] crcBytes = longToByteArray(zip.getCrc());
+          for (byte b : crcBytes) {
+            checksums.add(b);
+          }
+        }
+      } finally {
+        zis.close();
+      }
+      byte[] checksumByteArray = digest.digest(arrayListToByteArray(checksums));
+      StringBuilder sb = new StringBuilder();
+      for (byte b : checksumByteArray) {
+        sb.append(String.format("%02x", b));
+      }
+      zipFingerprint = sb.toString();
+
+    } catch (IOException | NoSuchAlgorithmException e) {
+      LogWrapper.getInstance().v(TAG + "id calculation failed for " + file.getPath());
+      return null;
+    } finally {
+      long elapsed = System.currentTimeMillis() - start;
+      if (elapsed > 2 * 1000) {
+        LogWrapper.getInstance()
+            .v(
+                TAG
+                    + String.format(
+                        "Long id calculation time %d ms and %d entries for %s",
+                        elapsed, entries, file.getPath()));
+      }
+
+      LogWrapper.getInstance()
+          .v(TAG + String.format("Finished calculating %d entries in %d ms", entries, elapsed));
+      LogWrapper.getInstance()
+          .v(TAG + String.format("%s hashes to %s", file.getPath(), zipFingerprint));
+    }
+
+    return zipFingerprint;
+  }
+
+  private static byte[] longToByteArray(long x) {
+    ByteBuffer buffer = ByteBuffer.allocate(BYTES_IN_LONG);
+    buffer.putLong(x);
+    return buffer.array();
+  }
+
+  private static byte[] arrayListToByteArray(ArrayList<Byte> list) {
+    byte[] result = new byte[list.size()];
+    for (int i = 0; i < list.size(); i++) {
+      result[i] = list.get(i);
+    }
+    return result;
+  }
+}

firebase-appdistribution/src/main/java/com/google/firebase/appdistribution/impl/FirebaseAppDistributionImpl.java

@@ -40,8 +40,6 @@
 import com.google.firebase.appdistribution.UpdateProgress;
 import com.google.firebase.appdistribution.UpdateStatus;
 import com.google.firebase.appdistribution.UpdateTask;
-import com.google.firebase.inject.Provider;
-import com.google.firebase.installations.FirebaseInstallationsApi;
 
 /**
  * This class is the "real" implementation of the Firebase App Distribution API which should only be
@@ -101,34 +99,6 @@ class FirebaseAppDistributionImpl implements FirebaseAppDistribution {
     lifecycleNotifier.addOnActivityResumedListener(this::onActivityResumed);
   }
 
-  FirebaseAppDistributionImpl(
-      @NonNull FirebaseApp firebaseApp,
-      @NonNull Provider<FirebaseInstallationsApi> firebaseInstallationsApiProvider,
-      @NonNull SignInStorage signInStorage,
-      @NonNull FirebaseAppDistributionLifecycleNotifier lifecycleNotifier) {
-    this(
-        firebaseApp,
-        new TesterSignInManager(firebaseApp, firebaseInstallationsApiProvider, signInStorage),
-        new NewReleaseFetcher(
-            firebaseApp,
-            new FirebaseAppDistributionTesterApiClient(),
-            firebaseInstallationsApiProvider),
-        new ApkUpdater(firebaseApp, new ApkInstaller()),
-        new AabUpdater(),
-        signInStorage,
-        lifecycleNotifier);
-  }
-
-  FirebaseAppDistributionImpl(
-      @NonNull FirebaseApp firebaseApp,
-      @NonNull Provider<FirebaseInstallationsApi> firebaseInstallationsApiProvider) {
-    this(
-        firebaseApp,
-        firebaseInstallationsApiProvider,
-        new SignInStorage(firebaseApp.getApplicationContext()),
-        FirebaseAppDistributionLifecycleNotifier.getInstance());
-  }
-
   @Override
   @NonNull
   public UpdateTask updateIfNewReleaseAvailable() {

firebase-appdistribution/src/main/java/com/google/firebase/appdistribution/impl/FirebaseAppDistributionRegistrar.java

@@ -24,6 +24,7 @@
 import com.google.firebase.components.ComponentContainer;
 import com.google.firebase.components.ComponentRegistrar;
 import com.google.firebase.components.Dependency;
+import com.google.firebase.inject.Provider;
 import com.google.firebase.installations.FirebaseInstallationsApi;
 import com.google.firebase.platforminfo.LibraryVersionComponent;
 import java.util.Arrays;
@@ -55,13 +56,26 @@ public class FirebaseAppDistributionRegistrar implements ComponentRegistrar {
 
   private FirebaseAppDistribution buildFirebaseAppDistribution(ComponentContainer container) {
     FirebaseApp firebaseApp = container.get(FirebaseApp.class);
-    FirebaseAppDistribution appDistribution =
-        new FirebaseAppDistributionImpl(
-            firebaseApp, container.getProvider(FirebaseInstallationsApi.class));
+    Context context = firebaseApp.getApplicationContext();
+    Provider<FirebaseInstallationsApi> firebaseInstallationsApiProvider =
+        container.getProvider(FirebaseInstallationsApi.class);
+    SignInStorage signInStorage = new SignInStorage(context);
+    FirebaseAppDistributionTesterApiClient testerApiClient =
+        new FirebaseAppDistributionTesterApiClient();
     FirebaseAppDistributionLifecycleNotifier lifecycleNotifier =
         FirebaseAppDistributionLifecycleNotifier.getInstance();
+    ApkHashExtractor apkHashExtractor = new ApkHashExtractor(firebaseApp.getApplicationContext());
+    FirebaseAppDistribution appDistribution =
+        new FirebaseAppDistributionImpl(
+            firebaseApp,
+            new TesterSignInManager(firebaseApp, firebaseInstallationsApiProvider, signInStorage),
+            new NewReleaseFetcher(
+                firebaseApp, testerApiClient, firebaseInstallationsApiProvider, apkHashExtractor),
+            new ApkUpdater(firebaseApp, new ApkInstaller()),
+            new AabUpdater(),
+            signInStorage,
+            lifecycleNotifier);
 
-    Context context = firebaseApp.getApplicationContext();
     if (context instanceof Application) {
       Application firebaseApplication = (Application) context;
       firebaseApplication.registerActivityLifecycleCallbacks(lifecycleNotifier);

firebase-appdistribution/src/main/java/com/google/firebase/appdistribution/impl/NewReleaseFetcher.java

@@ -14,13 +14,10 @@
 
 package com.google.firebase.appdistribution.impl;
 
-import static com.google.firebase.appdistribution.impl.ReleaseIdentificationUtils.calculateApkHash;
 import static com.google.firebase.appdistribution.impl.ReleaseIdentificationUtils.getPackageInfo;
-import static com.google.firebase.appdistribution.impl.ReleaseIdentificationUtils.getPackageInfoWithMetadata;
 import static com.google.firebase.appdistribution.impl.TaskUtils.runAsyncInTask;
 
 import android.content.Context;
-import android.content.pm.PackageInfo;
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 import androidx.annotation.VisibleForTesting;
@@ -34,8 +31,6 @@
 import com.google.firebase.inject.Provider;
 import com.google.firebase.installations.FirebaseInstallationsApi;
 import com.google.firebase.installations.InstallationTokenResult;
-import java.io.File;
-import java.util.Locale;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.ConcurrentMap;
 import java.util.concurrent.Executor;
@@ -51,6 +46,7 @@ class NewReleaseFetcher {
   private final FirebaseApp firebaseApp;
   private final FirebaseAppDistributionTesterApiClient firebaseAppDistributionTesterApiClient;
   private final Provider<FirebaseInstallationsApi> firebaseInstallationsApiProvider;
+  private final ApkHashExtractor apkHashExtractor;
   private final Context context;
   // Maintain an in-memory mapping from source file to APK hash to avoid re-calculating the hash
   private static final ConcurrentMap<String, String> cachedApkHashes = new ConcurrentHashMap<>();
@@ -61,22 +57,26 @@ class NewReleaseFetcher {
   NewReleaseFetcher(
       @NonNull FirebaseApp firebaseApp,
       @NonNull FirebaseAppDistributionTesterApiClient firebaseAppDistributionTesterApiClient,
-      @NonNull Provider<FirebaseInstallationsApi> firebaseInstallationsApiProvider) {
+      @NonNull Provider<FirebaseInstallationsApi> firebaseInstallationsApiProvider,
+      ApkHashExtractor apkHashExtractor) {
     this(
         firebaseApp,
         firebaseAppDistributionTesterApiClient,
         firebaseInstallationsApiProvider,
+        apkHashExtractor,
         Executors.newSingleThreadExecutor());
   }
 
   NewReleaseFetcher(
       @NonNull FirebaseApp firebaseApp,
       @NonNull FirebaseAppDistributionTesterApiClient firebaseAppDistributionTesterApiClient,
       @NonNull Provider<FirebaseInstallationsApi> firebaseInstallationsApiProvider,
+      ApkHashExtractor apkHashExtractor,
       @NonNull Executor executor) {
     this.firebaseApp = firebaseApp;
     this.firebaseAppDistributionTesterApiClient = firebaseAppDistributionTesterApiClient;
     this.firebaseInstallationsApiProvider = firebaseInstallationsApiProvider;
+    this.apkHashExtractor = apkHashExtractor;
     this.taskExecutor = executor;
     this.context = firebaseApp.getApplicationContext();
   }
@@ -206,29 +206,10 @@ private String getInstalledAppVersionName(Context context)
     return getPackageInfo(context).versionName;
   }
 
-  @VisibleForTesting
-  String extractApkHash(PackageInfo packageInfo) {
-    File sourceFile = new File(packageInfo.applicationInfo.sourceDir);
-
-    String key =
-        String.format(
-            Locale.ENGLISH, "%s.%d", sourceFile.getAbsolutePath(), sourceFile.lastModified());
-    if (!cachedApkHashes.containsKey(key)) {
-      cachedApkHashes.put(key, calculateApkHash(sourceFile));
-    }
-    return cachedApkHashes.get(key);
-  }
-
   private boolean hasSameHashAsInstalledRelease(AppDistributionReleaseInternal newRelease)
       throws FirebaseAppDistributionException {
-    Context context = firebaseApp.getApplicationContext();
-    PackageInfo metadataPackageInfo = getPackageInfoWithMetadata(context);
-    String installedReleaseApkHash = extractApkHash(metadataPackageInfo);
-
-    if (installedReleaseApkHash == null || installedReleaseApkHash.isEmpty()) {
-      throw new FirebaseAppDistributionException(
-          "Could not calculate hash of installed APK", Status.UNKNOWN);
-    } else if (newRelease.getApkHash().isEmpty()) {
+    String installedReleaseApkHash = apkHashExtractor.extractApkHash();
+    if (newRelease.getApkHash().isEmpty()) {
       throw new FirebaseAppDistributionException(
           "Missing APK hash from new release", Status.UNKNOWN);
     }