From 839465ced5b8aad780f99d0871101fd302147ee1 Mon Sep 17 00:00:00 2001
From: Tebbe Ubben <tebbe@ubben.eu>
Date: Wed, 1 May 2019 16:56:06 +0200
Subject: [PATCH] Demo keystore

---
 app/src/main/assets/revoked_certs.txt |   2 ++
 demo_keystore.jks                     | Bin 0 -> 2066 bytes
 revoking_leaked_apks.md               |  19 +++++++++++++++++++
 3 files changed, 21 insertions(+)
 create mode 100644 demo_keystore.jks
 create mode 100644 revoking_leaked_apks.md

diff --git a/app/src/main/assets/revoked_certs.txt b/app/src/main/assets/revoked_certs.txt
index e69de29bb2..59a55d9e42 100644
--- a/app/src/main/assets/revoked_certs.txt
+++ b/app/src/main/assets/revoked_certs.txt
@@ -0,0 +1,2 @@
+#Demo certificate
+51:6D:12:67:4C:27:F4:9B:9F:E5:42:9B:01:B3:98:E4:66:2B:85:B7:A8:DD:70:32:B7:6A:D7:97:9A:0D:97:10
\ No newline at end of file
diff --git a/demo_keystore.jks b/demo_keystore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..38c3bcabaa2542ca1766a2a8855312fad4a32973
GIT binary patch
literal 2066
zcmV+t2<`X&?f&fm0006200031000311Z!n^FaQ7nYID?MkpKV%05F0C{4fp%3M&Qy
z1OX}n5di@O00e>r=(~+So85MMr!;sa5}UidNE8Dr+6eT`9kB1K726A6(g}mqjzfPF
z9ts_tfDS0k)~WdB{m$J|-1HVGceSlKG<(v7$~Z)lX;VnjPxAXsSMn%&kdET9&MONL
zA68xN4Tlq91gCZ6ACYpId2}`aJc?OX<Q<H!W3Z|n?hs<gBQ`h|x^0}+$u`+pd1`Y8
z)CIqbm^?`2Y#x)BqQl1WakwLtwS71&EiuuCbZ4y^(uUj_5uMs@LNgPLmo)n2uPj#S
zMp>Hm<y`kY*p)l^K7k=}UR&F`V(RaJNR|bP8?zDq8v?yZ^_W%UxJ!g^#QY&x|J<4J
z1x#AnWnCD~M3K;}Set&U??KAlW?JAIT*z=CI1MWhB!=O6#*-21<D%J}`l%8#GrwuO
zv%DB7!ZK?vFFJC)1mNu0KdGqOtd75<c2`Q7+v3*SwIY|f)f+<VyU>FlHd`cc`z&^J
zxWhaOhi%Shi<vM2oLq9U8x%TMF7)yqaS}0$-w8b7(B6F}Yb4PnM)r_emduLRvszjN
ziI@2SRT%)>+);D?o7dUZicrG6i~}j%5YQsKb6>Pos<u67g*ZG?=5)KGv(u_hS51>1
zulW7l*iBdQpbF_w3rMOEIjY~nmxK)wo^EC3Yb`W6ap+g;Xv|9Z1^qzkZbZ_}w%2y$
zM;hyI9Ys*^-(frj9S`RLvIPWAdH57maBx}Vp<#iF35CKQB*2zfu9<-e=1Sv`4dL5p
z!r0l@C?aFmF28{l^K+Q`PKGIVbCl<$qlp-~ZiT>(u(X7}d;;s2Dc=dCfOEHBjeiD`
zO028r9E19Jq)N9mv=Y$`e%m8{QQy*Bosd0GQn+8T>B@(Yh$UOU3u{nEP<RYhjyr9B
z)LA;ix63_*nsL)4qlo%k-T~Li$K`B?TJ<D}%Acy@p8Ld_5^Huy6xG5P1$_3X(rlgK
zxzDrviBO>vhlHDVvi_v4bR*mnksOLuBTtgUXC;o}PpW4ODG>^k=;jviGL(xL9s<6I
zqzwvzY4F=(B!{WID8QdM{nMYKS?l?bABGiBzAJ;?H|Bo>`dbj9a<W!v_b{(&O{uN?
z|3yAL9_R{mK4L_7DiMM{Qoo$3b?D}pzN|^|lVuYhN*t#0w(4Ol2g(OVouS~-s}{U`
z9G)E~8#Q%^K_)VEczoUee;xXHDQtp{rB1d;Q{5T10{J`A92+iKYEA0Y`7ZA@lztqg
zL_#*~;QN+MzgN^%Q##icMDz=rlU+9J$6{~Z;p=*UUn!3s1DrfFlCIhq!|s<WWC|`f
zHmO*=oLqnNBk?c^?uBS_8*!7n*|{sM1DpK7Zv>1JI7kz@jcfO7PivCd27<}~2{w-6
z73AOOL08I4=ZOnKlEA@-q<f9<USM;CyyjWj>oO)LmcK9ift__o{UR+n=!KZE#lB6?
ziDe|&=PI+4S-(Jo{e3rbFT3iSg8iqnc8z_wKs&HRlu3(YxAi@0IJ*AN5}boRPY81l
z5Y>xEuK*c9(5>=SScg}QVJr(Vv(AZI8^=zMbur=ne~NWGz=j3(F!;e=QDaSNJHWjy
z2IQH?^Wv_dw3_PH96hD*Z7uhS#^XCeZ6TyEhL~_2G%NM3-S{lu9^T3%DJSP-kr1;I
z1=}tj!gRx`7trGM7jN}C^JmYHGXMYp0RRP9E;TSY0008bFoFWfFoFTGpaTK{0s;gu
zRBT%?4F(A+hDe6@4FLfQ1pqJ=F%vKm1_M<D3KI%JZe((AX=FiAQ!pME4KX<|H83$T
zG&46eFj^N4G&C?YGBhzXGdDCaS}+wc6EG15162eH6AD3YWO8q5WI<3<FoFRhFbxI?
zDuzgg_YDC70R;d9f&mWzFoFRJ0)hbn0O?~CSQ^3CT_p=HVDO%jO>48Mh-?Zbnodo@
zgQ5eV)1QUwSU;04MI~)rwL$M%ui=&P2r@VQs=b$CtvGT%|DnHE(!w!eH^DafyUCih
zPD;1%S(%;FgTH3R*eSj^H`m=^!UJx~RrJW2nF?)4FvBod?)WuBJ@!C3M6l)^KPg`5
z4GjS=r9C&5z(?1cE0JJBfX+d>=&^|4mmv?NZ!Zg2`)`{c^W#J$@wI0>E+<(6W}O9L
zIS#pcRsQ9}JMIKYkC<C1rj4Sm42aSO{TFB8AFH$+nig7B+~P*3QM_(!U7BBl%V&(s
zGpsoVktgQEqxa2H%eq{-9QWnNBLV{f00E;RFdr}-1_M<c4g?ki6!(GS`!}(cJA~-x
zTAWDHigYVqH!uwb2`Yw2hW8Bt0Sg5H1A+ko0Gx!KlzL73rGd0>S!FJ_K*BtSw3{At
z3Hif~{z-Hj?@H`Q#!KmdwWbRslT_Ld9lbD$=?vYxj`}}sblCaJ-Fr*|!}Jrl-$!2#
z&1rE<=>Ndd4^WG+9tn`A()l+(xL><waVYl=9u7~3koK!7w5uFt-+S>*%7sf^9N3%_
zLgycm6Ki*S+AC~7T`O&RwfF8*WTUBTHw2tVpTH%0(@|&Yd>GWf?XgAH-@#*~SlsN+
zn^}liBY-=cR4H9qH!?_n^Xn_wG`kS$p!T)M{^mv}SI@54k}9`Hw!X-X4O8NuRE@%z
w*G(|o{K&i(s_hQwaCl&zxKd!)j{&H~MaC&rdv#-(8#e?}1iiLzl<@x#<kp_Kj{pDw

literal 0
HcmV?d00001

diff --git a/revoking_leaked_apks.md b/revoking_leaked_apks.md
new file mode 100644
index 0000000000..33fc64b429
--- /dev/null
+++ b/revoking_leaked_apks.md
@@ -0,0 +1,19 @@
+## Revoking leaked APKs
+In order to revoke a leaked APK, you need to extract the certificate first. This can be done by extracting the file ``META-INF\CERT.RSA``. Open a terminal and run ``keytool -printcert -file CERT.RSA`` to get the SHA-256 fingerprint. They ``keytool`` utility is part of every JDK installation.
+```
+> keytool -printcert -file CERT.RSA
+Owner: O=AndroidAPS
+Issuer: O=AndroidAPS
+Serial number: 30546c5b
+Valid from: Wed May 01 16:37:40 CEST 2019 until: Sun Apr 24 16:37:40 CEST 2044
+Certificate fingerprints:
+         SHA1: C4:EF:80:AD:CD:07:6F:28:B6:2E:8C:AE:C5:54:19:39:2E:E5:15:0D
+         SHA256: 51:6D:12:67:4C:27:F4:9B:9F:E5:42:9B:01:B3:98:E4:66:2B:85:B7:A8:DD:70:32:B7:6A:D7:97:9A:0D:97:10
+Signature algorithm name: SHA256withRSA
+Subject Public Key Algorithm: 2048-bit RSA key
+Version: 3
+```
+Now revoke the certificate by attaching the SHA-256 checksum to ``app/src/main/assets/revoked_certs.txt`` and prepending a comment (starting with ``#``). Finally, push the changes to ``master`` branch to populate the changes.
+
+### Demo keystore
+You can verify this works by signing an APK with the demo keystore. The  password for both the keystore and the key is ``androidaps``.
\ No newline at end of file