diff options
author | Sarah Chin <sarahchin@google.com> | 2023-07-11 20:48:27 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-07-11 20:48:27 +0000 |
commit | b410016f8277c2c6c3fc5cfd2f42719fcc5328cc (patch) | |
tree | cd493015001332ebd6f99b63b0e8e9797de3e1b7 | |
parent | 69c589e8b2e274e0d059fc9787b846b084f376ac (diff) | |
parent | 695c77f587b890c1478c38d6b135de2e2e08c718 (diff) | |
download | gsma_services-b410016f8277c2c6c3fc5cfd2f42719fcc5328cc.tar.gz |
Use public APIs for authentication library am: f77a70cdb5 am: 695c77f587
Original change: https://android-review.googlesource.com/c/platform/frameworks/libs/gsma_services/+/2649207
Change-Id: Iabcd7e0438611a33358993ca11f4a29ca1b998e2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2 files changed, 92 insertions, 135 deletions
diff --git a/ts43authentication/src/com/android/libraries/ts43authentication/AuthenticationException.java b/ts43authentication/src/com/android/libraries/ts43authentication/AuthenticationException.java index bed5877..45f72c8 100644 --- a/ts43authentication/src/com/android/libraries/ts43authentication/AuthenticationException.java +++ b/ts43authentication/src/com/android/libraries/ts43authentication/AuthenticationException.java @@ -16,16 +16,11 @@ package com.android.libraries.ts43authentication; -import android.annotation.IntDef; -import android.annotation.NonNull; -import android.annotation.Nullable; import android.os.OutcomeReceiver; import android.os.PersistableBundle; import com.android.libraries.entitlement.ServiceEntitlementException; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; import java.net.URL; import java.util.concurrent.Executor; @@ -90,20 +85,6 @@ public class AuthenticationException extends Exception { */ public static final int ERROR_INVALID_HTTP_RESPONSE = 8; - @Retention(RetentionPolicy.SOURCE) - @IntDef(prefix = {"ERROR_"}, value = { - ERROR_UNSPECIFIED, - ERROR_INVALID_APP_NAME, - ERROR_MUST_USE_OIDC, - ERROR_SERVICE_NOT_AVAILABLE, - ERROR_ICC_AUTHENTICATION_NOT_AVAILABLE, - ERROR_EAP_AKA_SYNCHRONIZATION_FAILURE, - ERROR_MAXIMUM_EAP_AKA_ATTEMPTS, - ERROR_HTTP_RESPONSE_FAILED, - ERROR_INVALID_HTTP_RESPONSE, - }) - public @interface AuthenticationError {} - /** * The HTTP status code has not been specified. */ @@ -115,12 +96,12 @@ public class AuthenticationException extends Exception { */ public static final String RETRY_AFTER_UNSPECIFIED = ""; - @AuthenticationError private final int mError; + private final int mError; private final int mHttpStatusCode; - @NonNull private final String mRetryAfter; + private final String mRetryAfter; - private AuthenticationException(@AuthenticationError int error, int httpStatusCode, - @NonNull String retryAfter, @NonNull String message) { + private AuthenticationException(int error, int httpStatusCode, String retryAfter, + String message) { super(message); mError = error; mHttpStatusCode = httpStatusCode; @@ -128,11 +109,11 @@ public class AuthenticationException extends Exception { } /** - * Create an AuthenticationException for the given {@link AuthenticationError}. + * Create an AuthenticationException for the given authentication error. * @param error The authentication error. * @param message The detail message with more information about the exception. */ - public AuthenticationException(@AuthenticationError int error, @NonNull String message) { + public AuthenticationException(int error, String message) { this(error, HTTP_STATUS_CODE_UNSPECIFIED, RETRY_AFTER_UNSPECIFIED, message); } @@ -140,7 +121,7 @@ public class AuthenticationException extends Exception { * Create an AuthenticationException from the given {@link ServiceEntitlementException}. * @param exception The service entitlement exception from the TS.43 library. */ - public AuthenticationException(@NonNull ServiceEntitlementException exception) { + public AuthenticationException(ServiceEntitlementException exception) { this(convertToAuthenticationError(exception.getErrorCode()), convertToHttpStatusCode(exception.getHttpStatus()), convertToRetryAfter(exception.getRetryAfter()), exception.getMessage()); @@ -150,7 +131,7 @@ public class AuthenticationException extends Exception { * The error code for why authentication failed, or {@link #ERROR_UNSPECIFIED} if it is * unspecified. */ - @AuthenticationError public int getError() { + public int getError() { return mError; } @@ -168,11 +149,11 @@ public class AuthenticationException extends Exception { * {@code HTTP-date} or the number of seconds to delay, as defined in * <a href="https://tools.ietf.org/html/rfc7231#section-7.1.3">RFC 7231</a> */ - @NonNull public String getRetryAfter() { + public String getRetryAfter() { return mRetryAfter; } - @AuthenticationError private static int convertToAuthenticationError(int errorCode) { + private static int convertToAuthenticationError(int errorCode) { switch (errorCode) { case ServiceEntitlementException.ERROR_PHONE_NOT_AVAILABLE: case ServiceEntitlementException.ERROR_SERVER_NOT_CONNECTABLE: @@ -201,7 +182,7 @@ public class AuthenticationException extends Exception { return httpStatusCode; } - private static String convertToRetryAfter(@Nullable String retryAfter) { + private static String convertToRetryAfter(String retryAfter) { if (retryAfter == null || retryAfter.isEmpty() || retryAfter.equals(ServiceEntitlementException.RETRY_AFTER_UNSPECIFIED)) { return RETRY_AFTER_UNSPECIFIED; diff --git a/ts43authentication/src/com/android/libraries/ts43authentication/Ts43AuthenticationLibrary.java b/ts43authentication/src/com/android/libraries/ts43authentication/Ts43AuthenticationLibrary.java index 50220c9..23cd411 100644 --- a/ts43authentication/src/com/android/libraries/ts43authentication/Ts43AuthenticationLibrary.java +++ b/ts43authentication/src/com/android/libraries/ts43authentication/Ts43AuthenticationLibrary.java @@ -16,10 +16,6 @@ package com.android.libraries.ts43authentication; -import android.annotation.CallbackExecutor; -import android.annotation.NonNull; -import android.annotation.Nullable; -import android.annotation.StringDef; import android.content.Context; import android.content.pm.PackageInfo; import android.content.pm.PackageManager; @@ -37,8 +33,6 @@ import android.util.Log; import com.android.libraries.entitlement.ServiceEntitlementException; import com.android.libraries.entitlement.Ts43Authentication; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; import java.net.URL; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -82,48 +76,39 @@ public class Ts43AuthenticationLibrary extends Handler { */ public static final String KEY_APPEND_SHA_TO_APP_NAME_BOOL = "append_sha_to_app_name"; - @Retention(RetentionPolicy.SOURCE) - @StringDef(prefix = {"KEY_"}, value = { - KEY_ALLOWED_CERTIFICATES_STRING_ARRAY, - KEY_APPEND_SHA_TO_APP_NAME_BOOL, - }) - public @interface ConfigurationKey {} - private static final int EVENT_REQUEST_EAP_AKA_AUTHENTICATION = 0; private static final int EVENT_REQUEST_OIDC_AUTHENTICATION_SERVER = 1; private static final int EVENT_REQUEST_OIDC_AUTHENTICATION = 2; - @NonNull private final ReentrantLock mLock = new ReentrantLock(); - @NonNull private final Context mContext; - @NonNull private final PackageManager mPackageManager; + private final ReentrantLock mLock = new ReentrantLock(); + private final Context mContext; + private final PackageManager mPackageManager; /** * Create an instance of the TS.43 Authentication Library. * @param context The application context. * @param looper The looper to run authentication requests on. */ - public Ts43AuthenticationLibrary(@NonNull Context context, @NonNull Looper looper) { + public Ts43AuthenticationLibrary(Context context, Looper looper) { super(looper); mContext = context; mPackageManager = mContext.getPackageManager(); } private static class EapAkaAuthenticationRequest { - @NonNull private final String mAppName; - @Nullable private final String mAppVersion; + private final String mAppName; + private final String mAppVersion; private final int mSlotIndex; - @NonNull private final URL mEntitlementServerAddress; - @Nullable private final String mEntitlementVersion; - @NonNull private final String mAppId; - @NonNull private final Executor mExecutor; - @NonNull private final OutcomeReceiver< + private final URL mEntitlementServerAddress; + private final String mEntitlementVersion; + private final String mAppId; + private final Executor mExecutor; + private final OutcomeReceiver< Ts43Authentication.Ts43AuthToken, AuthenticationException> mCallback; - private EapAkaAuthenticationRequest(@NonNull String appName, @Nullable String appVersion, - int slotIndex, @NonNull URL entitlementServerAddress, - @Nullable String entitlementVersion, @NonNull String appId, - @NonNull @CallbackExecutor Executor executor, - @NonNull OutcomeReceiver< + private EapAkaAuthenticationRequest(String appName, String appVersion, int slotIndex, + URL entitlementServerAddress, String entitlementVersion, String appId, + Executor executor, OutcomeReceiver< Ts43Authentication.Ts43AuthToken, AuthenticationException> callback) { mAppName = appName; mAppVersion = appVersion; @@ -137,20 +122,18 @@ public class Ts43AuthenticationLibrary extends Handler { } private static class OidcAuthenticationServerRequest { - @NonNull private final String mAppName; - @Nullable private final String mAppVersion; + private final String mAppName; + private final String mAppVersion; private final int mSlotIndex; - @NonNull private final URL mEntitlementServerAddress; - @Nullable private final String mEntitlementVersion; - @NonNull private final String mAppId; - @NonNull private final Executor mExecutor; - @NonNull private final OutcomeReceiver<URL, AuthenticationException> mCallback; - - private OidcAuthenticationServerRequest(@NonNull String appName, - @Nullable String appVersion, int slotIndex, @NonNull URL entitlementServerAddress, - @Nullable String entitlementVersion, @NonNull String appId, - @NonNull @CallbackExecutor Executor executor, - @NonNull OutcomeReceiver<URL, AuthenticationException> callback) { + private final URL mEntitlementServerAddress; + private final String mEntitlementVersion; + private final String mAppId; + private final Executor mExecutor; + private final OutcomeReceiver<URL, AuthenticationException> mCallback; + + private OidcAuthenticationServerRequest(String appName, String appVersion, int slotIndex, + URL entitlementServerAddress, String entitlementVersion, String appId, + Executor executor, OutcomeReceiver<URL, AuthenticationException> callback) { mAppName = appName; mAppVersion = appVersion; mSlotIndex = slotIndex; @@ -163,17 +146,15 @@ public class Ts43AuthenticationLibrary extends Handler { } private static class OidcAuthenticationRequest { - @NonNull private final URL mEntitlementServerAddress; - @Nullable private final String mEntitlementVersion; - @NonNull private final URL mAesUrl; - @NonNull private final Executor mExecutor; - @NonNull private final OutcomeReceiver< + private final URL mEntitlementServerAddress; + private final String mEntitlementVersion; + private final URL mAesUrl; + private final Executor mExecutor; + private final OutcomeReceiver< Ts43Authentication.Ts43AuthToken, AuthenticationException> mCallback; - private OidcAuthenticationRequest(@NonNull URL entitlementServerAddress, - @Nullable String entitlementVersion, @NonNull URL aesUrl, - @NonNull @CallbackExecutor Executor executor, - @NonNull OutcomeReceiver< + private OidcAuthenticationRequest(URL entitlementServerAddress, String entitlementVersion, + URL aesUrl, Executor executor, OutcomeReceiver< Ts43Authentication.Ts43AuthToken, AuthenticationException> callback) { mEntitlementServerAddress = entitlementServerAddress; mEntitlementVersion = entitlementVersion; @@ -188,7 +169,8 @@ public class Ts43AuthenticationLibrary extends Handler { * TS.43 Service Entitlement Configuration section 2.8.1. * * @param configs The configurations that should be applied to this authentication request. - * The keys of the bundle must be one of the {@link ConfigurationKey}s. + * The keys of the bundle must be one {@link #KEY_ALLOWED_CERTIFICATES_STRING_ARRAY} or + * {@link #KEY_APPEND_SHA_TO_APP_NAME_BOOL}. * @param packageName The package name for the calling application, used to validate the * identity of the calling application. This will be sent as-is as the {@code app_name} * in the HTTP GET request to the entitlement server unless @@ -210,11 +192,9 @@ public class Ts43AuthenticationLibrary extends Handler { * If the authentication fails, {@link OutcomeReceiver#onError(Throwable)} will return an * {@link AuthenticationException} with the failure details. */ - public void requestEapAkaAuthentication(@NonNull PersistableBundle configs, - @NonNull String packageName, @Nullable String appVersion, int slotIndex, - @NonNull URL entitlementServerAddress, @Nullable String entitlementVersion, - @NonNull String appId, @NonNull @CallbackExecutor Executor executor, - @NonNull OutcomeReceiver< + public void requestEapAkaAuthentication(PersistableBundle configs, String packageName, + String appVersion, int slotIndex, URL entitlementServerAddress, + String entitlementVersion, String appId, Executor executor, OutcomeReceiver< Ts43Authentication.Ts43AuthToken, AuthenticationException> callback) { String[] allowedPackageInfo = configs.getStringArray(KEY_ALLOWED_CERTIFICATES_STRING_ARRAY); String certificate = getMatchingCertificate(allowedPackageInfo, packageName); @@ -224,9 +204,9 @@ public class Ts43AuthenticationLibrary extends Handler { entitlementServerAddress, entitlementVersion, appId, executor, callback)) .sendToTarget(); } else { - executor.execute(() -> Binder.withCleanCallingIdentity(() -> callback.onError( - new AuthenticationException(AuthenticationException.ERROR_INVALID_APP_NAME, - "Failed to verify the identity of the calling application")))); + executor.execute(() -> callback.onError(new AuthenticationException( + AuthenticationException.ERROR_INVALID_APP_NAME, + "Failed to verify the identity of the calling application"))); } } @@ -240,7 +220,8 @@ public class Ts43AuthenticationLibrary extends Handler { * authentication token. * * @param configs The configurations that should be applied to this authentication request. - * The keys of the bundle must be one of the {@link ConfigurationKey}s. + * The keys of the bundle must be one of {@link #KEY_ALLOWED_CERTIFICATES_STRING_ARRAY} + * or {@link #KEY_APPEND_SHA_TO_APP_NAME_BOOL}. * @param packageName The package name for the calling application, used to validate the * identity of the calling application. This will be sent as-is as the {@code app_name} * in the HTTP GET request to the entitlement server unless @@ -264,11 +245,11 @@ public class Ts43AuthenticationLibrary extends Handler { * If the authentication fails, {@link OutcomeReceiver#onError(Throwable)} will return an * {@link AuthenticationException} with the failure details. */ - public void requestOidcAuthenticationServer(@NonNull PersistableBundle configs, - @NonNull String packageName, @Nullable String appVersion, int slotIndex, - @NonNull URL entitlementServerAddress, @Nullable String entitlementVersion, - @NonNull String appId, @NonNull @CallbackExecutor Executor executor, - @NonNull OutcomeReceiver<URL, AuthenticationException> callback) { + public void requestOidcAuthenticationServer(PersistableBundle configs, + String packageName, String appVersion, int slotIndex, + URL entitlementServerAddress, String entitlementVersion, + String appId, Executor executor, + OutcomeReceiver<URL, AuthenticationException> callback) { String[] allowedPackageInfo = configs.getStringArray(KEY_ALLOWED_CERTIFICATES_STRING_ARRAY); String certificate = getMatchingCertificate(allowedPackageInfo, packageName); if (isCallingPackageAllowed(allowedPackageInfo, packageName, certificate)) { @@ -278,9 +259,9 @@ public class Ts43AuthenticationLibrary extends Handler { entitlementServerAddress, entitlementVersion, appId, executor, callback)).sendToTarget(); } else { - executor.execute(() -> Binder.withCleanCallingIdentity(() -> callback.onError( - new AuthenticationException(AuthenticationException.ERROR_INVALID_APP_NAME, - "Failed to verify the identity of the calling application")))); + executor.execute(() -> callback.onError(new AuthenticationException( + AuthenticationException.ERROR_INVALID_APP_NAME, + "Failed to verify the identity of the calling application"))); } } @@ -289,7 +270,8 @@ public class Ts43AuthenticationLibrary extends Handler { * TS.43 Service Entitlement Configuration section 2.8.2. * * @param configs The configurations that should be applied to this authentication request. - * The keys of the bundle must be one of the {@link ConfigurationKey}s. + * The keys of the bundle must be one of {@link #KEY_ALLOWED_CERTIFICATES_STRING_ARRAY} + * or {@link #KEY_APPEND_SHA_TO_APP_NAME_BOOL}. * @param packageName The package name for the calling application, used to validate the * identity of the calling application. * @param entitlementServerAddress The entitlement server address. @@ -304,11 +286,11 @@ public class Ts43AuthenticationLibrary extends Handler { * If the authentication fails, {@link OutcomeReceiver#onError(Throwable)} will return an * {@link AuthenticationException} with the failure details. */ - public void requestOidcAuthentication(@NonNull PersistableBundle configs, - @NonNull String packageName, @NonNull URL entitlementServerAddress, - @Nullable String entitlementVersion, @NonNull URL aesUrl, - @NonNull @CallbackExecutor Executor executor, - @NonNull OutcomeReceiver< + public void requestOidcAuthentication(PersistableBundle configs, + String packageName, URL entitlementServerAddress, + String entitlementVersion, URL aesUrl, + Executor executor, + OutcomeReceiver< Ts43Authentication.Ts43AuthToken, AuthenticationException> callback) { String[] allowedPackageInfo = configs.getStringArray(KEY_ALLOWED_CERTIFICATES_STRING_ARRAY); String certificate = getMatchingCertificate(allowedPackageInfo, packageName); @@ -317,14 +299,13 @@ public class Ts43AuthenticationLibrary extends Handler { entitlementServerAddress, entitlementVersion, aesUrl, executor, callback)) .sendToTarget(); } else { - executor.execute(() -> Binder.withCleanCallingIdentity(() -> callback.onError( - new AuthenticationException(AuthenticationException.ERROR_INVALID_APP_NAME, - "Failed to verify the identity of the calling application")))); + executor.execute(() -> callback.onError(new AuthenticationException( + AuthenticationException.ERROR_INVALID_APP_NAME, + "Failed to verify the identity of the calling application"))); } } - @Nullable private String getMatchingCertificate(@Nullable String[] allowedPackageInfo, - @NonNull String packageName) { + private String getMatchingCertificate(String[] allowedPackageInfo, String packageName) { if (allowedPackageInfo == null || allowedPackageInfo.length == 0) { // No need to find a matching certificates if the allowlist is empty. Log.d(TAG, "No need to find a matching certificate because the allowlist is empty"); @@ -372,8 +353,8 @@ public class Ts43AuthenticationLibrary extends Handler { return null; } - @NonNull private ArrayList<String> getAllowedCertificatesForPackage( - @NonNull String[] allowedPackageInfo, @NonNull String packageName) { + private ArrayList<String> getAllowedCertificatesForPackage(String[] allowedPackageInfo, + String packageName) { ArrayList<String> allowedCertificates = new ArrayList<>(); for (String packageInfo : allowedPackageInfo) { // packageInfo format: 1) "SHA256" or 2) "SHA256:package1,package2,package3..." @@ -397,7 +378,7 @@ public class Ts43AuthenticationLibrary extends Handler { return allowedCertificates; } - @Nullable private Signature getMainPackageSignature(@NonNull String packageName) { + private Signature getMainPackageSignature(String packageName) { PackageInfo packageInfo; try { packageInfo = mPackageManager.getPackageInfo( @@ -432,8 +413,8 @@ public class Ts43AuthenticationLibrary extends Handler { } } - private boolean isCallingPackageAllowed(@Nullable String[] allowedPackageInfo, - @NonNull String packageName, @Nullable String certificate) { + private boolean isCallingPackageAllowed(String[] allowedPackageInfo, String packageName, + String certificate) { // Check that the package name matches that of the calling package. if (!isPackageNameValidForCaller(packageName)) { return false; @@ -448,7 +429,7 @@ public class Ts43AuthenticationLibrary extends Handler { } } - private boolean isPackageNameValidForCaller(@NonNull String packageName) { + private boolean isPackageNameValidForCaller(String packageName) { String[] packages = mPackageManager.getPackagesForUid(Binder.getCallingUid()); for (String uidPackage : packages) { if (packageName.equals(uidPackage)) { @@ -459,8 +440,7 @@ public class Ts43AuthenticationLibrary extends Handler { return false; } - @NonNull private String getAppName(@NonNull PersistableBundle configs, - @NonNull String packageName, @Nullable String certificate) { + private String getAppName(PersistableBundle configs, String packageName, String certificate) { if (configs.getBoolean(KEY_APPEND_SHA_TO_APP_NAME_BOOL) && certificate != null) { return certificate + "|" + packageName; } @@ -468,7 +448,7 @@ public class Ts43AuthenticationLibrary extends Handler { } @Override - public void handleMessage(@NonNull Message msg) { + public void handleMessage(Message msg) { switch (msg.what) { case EVENT_REQUEST_EAP_AKA_AUTHENTICATION: onRequestEapAkaAuthentication((EapAkaAuthenticationRequest) msg.obj); @@ -484,25 +464,23 @@ public class Ts43AuthenticationLibrary extends Handler { } } - private void onRequestEapAkaAuthentication(@NonNull EapAkaAuthenticationRequest request) { + private void onRequestEapAkaAuthentication(EapAkaAuthenticationRequest request) { mLock.lock(); try { Ts43Authentication authLibrary = new Ts43Authentication(mContext, request.mEntitlementServerAddress, request.mEntitlementVersion); Ts43Authentication.Ts43AuthToken authToken = authLibrary.getAuthToken( request.mSlotIndex, request.mAppId, request.mAppName, request.mAppVersion); - request.mExecutor.execute(() -> Binder.withCleanCallingIdentity( - () -> request.mCallback.onResult(authToken))); + request.mExecutor.execute(() -> request.mCallback.onResult(authToken)); } catch (ServiceEntitlementException exception) { - request.mExecutor.execute(() -> Binder.withCleanCallingIdentity( - () -> request.mCallback.onError(new AuthenticationException(exception)))); + request.mExecutor.execute(() -> + request.mCallback.onError(new AuthenticationException(exception))); } finally { mLock.unlock(); } } - private void onRequestOidcAuthenticationServer( - @NonNull OidcAuthenticationServerRequest request) { + private void onRequestOidcAuthenticationServer(OidcAuthenticationServerRequest request) { mLock.lock(); try { Ts43Authentication authLibrary = new Ts43Authentication(mContext, @@ -511,28 +489,26 @@ public class Ts43AuthenticationLibrary extends Handler { mContext, request.mSlotIndex, request.mEntitlementServerAddress, request.mEntitlementVersion, request.mAppId, request.mAppName, request.mAppVersion); - request.mExecutor.execute(() -> Binder.withCleanCallingIdentity( - () -> request.mCallback.onResult(url))); + request.mExecutor.execute(() -> request.mCallback.onResult(url)); } catch (ServiceEntitlementException exception) { - request.mExecutor.execute(() -> Binder.withCleanCallingIdentity( - () -> request.mCallback.onError(new AuthenticationException(exception)))); + request.mExecutor.execute(() -> + request.mCallback.onError(new AuthenticationException(exception))); } finally { mLock.unlock(); } } - private void onRequestOidcAuthentication(@NonNull OidcAuthenticationRequest request) { + private void onRequestOidcAuthentication(OidcAuthenticationRequest request) { mLock.lock(); try { Ts43Authentication authLibrary = new Ts43Authentication(mContext, request.mEntitlementServerAddress, request.mEntitlementVersion); Ts43Authentication.Ts43AuthToken authToken = authLibrary.getAuthToken( request.mAesUrl); - request.mExecutor.execute(() -> Binder.withCleanCallingIdentity( - () -> request.mCallback.onResult(authToken))); + request.mExecutor.execute(() -> request.mCallback.onResult(authToken)); } catch (ServiceEntitlementException exception) { - request.mExecutor.execute(() -> Binder.withCleanCallingIdentity( - () -> request.mCallback.onError(new AuthenticationException(exception)))); + request.mExecutor.execute(() -> + request.mCallback.onError(new AuthenticationException(exception))); } finally { mLock.unlock(); } |