| // Copyright 2015 The Vanadium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style |
| // license that can be found in the LICENSE file. |
| |
| package io.v.android.impl.google.services.blessing; |
| |
| import android.Manifest; |
| import android.accounts.Account; |
| import android.accounts.AccountManager; |
| import android.accounts.AccountManagerCallback; |
| import android.accounts.AccountManagerFuture; |
| import android.accounts.AuthenticatorException; |
| import android.accounts.OperationCanceledException; |
| import android.app.Activity; |
| import android.app.ProgressDialog; |
| import android.content.Intent; |
| import android.content.SharedPreferences; |
| import android.content.pm.PackageManager; |
| import android.os.AsyncTask; |
| import android.os.Bundle; |
| import android.os.Handler; |
| import android.os.Message; |
| import android.preference.PreferenceManager; |
| import android.support.v4.app.ActivityCompat; |
| import android.support.v4.content.ContextCompat; |
| import android.util.Base64; |
| import android.util.Log; |
| |
| import com.google.common.base.Preconditions; |
| import com.google.common.io.ByteStreams; |
| |
| import java.io.IOException; |
| import java.net.MalformedURLException; |
| import java.net.URL; |
| import java.security.interfaces.ECPublicKey; |
| |
| import io.v.android.v23.V; |
| import io.v.v23.context.VContext; |
| import io.v.v23.security.Caveat; |
| import io.v.v23.verror.VException; |
| import io.v.v23.vom.VomUtil; |
| |
| /** |
| * Mints a new Vanadium blessing given the email address and the public key. |
| * <p> |
| * The provided email address must be already present on the phone. |
| */ |
| public class BlessingActivity extends Activity |
| implements ActivityCompat.OnRequestPermissionsResultCallback { |
| public static final String TAG = "BlessingActivity"; |
| |
| private static final int REQUEST_CODE_USER_APPROVAL = 1000; |
| private static final int REQUEST_CODE_PICK_ACCOUNT = 1001; |
| |
| private static final String STATE_GOOGLE_ACCOUNT = "STATE_GOOGLE_ACCOUNT"; |
| private static final String STATE_PUBLIC_KEY = "STATE_PUBLIC_KEY"; |
| private static final String STATE_PREF_KEY = "STATE_PREF_KEY"; |
| |
| private static final String OAUTH_PROFILE = "https://www.googleapis.com/auth/userinfo.email"; |
| private static final String OAUTH_SCOPE = "oauth2:" + OAUTH_PROFILE; |
| |
| private static final int BASE64_FLAGS = Base64.URL_SAFE | Base64.NO_WRAP; |
| |
| /** |
| * Serialized {@link ECPublicKey} of the invoking activity. |
| */ |
| public static final String EXTRA_PUBLIC_KEY = "PUBLIC_KEY"; |
| /** |
| * If non-{@code null} and non-empty in the invoking intent, the activity will generate |
| * blessings based on the provided account, instead of prompting the user to choose |
| * an account. |
| */ |
| public static final String EXTRA_GOOGLE_ACCOUNT = "GOOGLE_ACCOUNT"; |
| |
| /** |
| * If non-{@code null} and non-empty in the invoking intent, this activity will store the |
| * generated blessings in default {@link SharedPreferences} under this key. |
| */ |
| public static final String EXTRA_PREF_KEY = "PREF_KEY"; |
| |
| /** |
| * If successful, VOM-encoded blessings will be stored (in byte array format) in the returned |
| * intent under the given key. |
| */ |
| public static final String EXTRA_REPLY = "REPLY"; |
| |
| /** |
| * If an error is encountered, the error string will be stored in the returned intent |
| * under the given key. |
| */ |
| public static final String EXTRA_ERROR = "ERROR"; |
| |
| private VContext mBaseContext; |
| private String mGoogleAccount = ""; |
| private ECPublicKey mPublicKey = null; |
| private String mPrefKey = ""; |
| |
| @Override |
| protected void onCreate(Bundle savedInstanceState) { |
| super.onCreate(savedInstanceState); |
| mBaseContext = V.init(this); |
| setFinishOnTouchOutside(false); |
| if (savedInstanceState != null) { |
| mGoogleAccount = savedInstanceState.getString(STATE_GOOGLE_ACCOUNT); |
| mPublicKey = (ECPublicKey) savedInstanceState.getSerializable(STATE_PUBLIC_KEY); |
| mPrefKey = savedInstanceState.getString(STATE_PREF_KEY); |
| return; |
| } |
| |
| Intent intent = getIntent(); |
| if (intent == null) { |
| replyWithError("Intent not found."); |
| return; |
| } |
| // Get the public key of the application invoking this activity. |
| mPublicKey = (ECPublicKey) intent.getSerializableExtra(EXTRA_PUBLIC_KEY); |
| if (mPublicKey == null) { |
| replyWithError("Empty blesee public key."); |
| return; |
| } |
| // Get the SharedPreferences key where the blessings are to be stored. If empty, blessings |
| // aren't stored in preferences. |
| if (intent.hasExtra(EXTRA_PREF_KEY)) { |
| mPrefKey = intent.getStringExtra(EXTRA_PREF_KEY); |
| } |
| // Get the google email address (if any). |
| mGoogleAccount = intent.getStringExtra(EXTRA_GOOGLE_ACCOUNT); |
| if (mGoogleAccount == null || mGoogleAccount.isEmpty()) { |
| // Prompt the user to choose the google account to use (if more than one). |
| Intent accountIntent = AccountManager.newChooseAccountIntent( |
| null, null, new String[]{"com.google"}, false, null, null, null, null); |
| startActivityForResult(accountIntent, REQUEST_CODE_PICK_ACCOUNT); |
| return; |
| } |
| getBlessing(); |
| } |
| |
| @Override |
| protected void onDestroy() { |
| super.onDestroy(); |
| mBaseContext.cancel(); |
| } |
| |
| @Override |
| public void onSaveInstanceState(Bundle savedInstanceState) { |
| savedInstanceState.putString(STATE_GOOGLE_ACCOUNT, mGoogleAccount); |
| savedInstanceState.putSerializable(STATE_PUBLIC_KEY, mPublicKey); |
| savedInstanceState.putString(STATE_PREF_KEY, mPrefKey); |
| super.onSaveInstanceState(savedInstanceState); |
| } |
| |
| @Override |
| protected void onActivityResult(int requestCode, int resultCode, Intent data) { |
| switch (requestCode) { |
| case REQUEST_CODE_PICK_ACCOUNT: |
| if (resultCode != RESULT_OK) { |
| replyWithError("User didn't pick account."); |
| return; |
| } |
| mGoogleAccount = data.getStringExtra(AccountManager.KEY_ACCOUNT_NAME); |
| if (mGoogleAccount == null || mGoogleAccount.isEmpty()) { |
| replyWithError("Empty Google email."); |
| return; |
| } |
| getBlessing(); |
| break; |
| case REQUEST_CODE_USER_APPROVAL: |
| if (resultCode != RESULT_OK) { |
| replyWithError("User didn't give proposed permissions."); |
| return; |
| } |
| getBlessing(); |
| break; |
| default: |
| super.onActivityResult(requestCode, resultCode, data); |
| } |
| } |
| |
| @Override |
| public void onRequestPermissionsResult(int requestCode, String permission[], int[] grantResults) { |
| switch (requestCode) { |
| case REQUEST_CODE_USER_APPROVAL: |
| if (grantResults.length > 0 && grantResults[0] == PackageManager.PERMISSION_GRANTED) { |
| getBlessing(); |
| return; |
| } |
| replyWithError("User didn't give proposed permissions."); |
| break; |
| } |
| } |
| |
| private void getBlessing() { |
| int permissionCheck = ContextCompat.checkSelfPermission( |
| this, Manifest.permission.GET_ACCOUNTS); |
| if (permissionCheck == PackageManager.PERMISSION_DENIED) { |
| ActivityCompat.requestPermissions(this, |
| new String[]{Manifest.permission.GET_ACCOUNTS}, REQUEST_CODE_USER_APPROVAL); |
| return; |
| } |
| Account[] accounts = AccountManager.get(this).getAccountsByType("com.google"); |
| Account account = null; |
| for (int i = 0; i < accounts.length; i++) { |
| if (accounts[i].name.equals(mGoogleAccount)) { |
| account = accounts[i]; |
| } |
| } |
| if (account == null) { |
| replyWithError("Couldn't find Google account with name: " + mGoogleAccount); |
| return; |
| } |
| AccountManager.get(this).getAuthToken( |
| account, |
| OAUTH_SCOPE, |
| new Bundle(), |
| false, |
| new OnTokenAcquired(), |
| new Handler(new Handler.Callback() { |
| @Override |
| public boolean handleMessage(Message msg) { |
| replyWithError("Error getting auth token: " + msg.toString()); |
| return true; |
| } |
| })); |
| } |
| |
| class OnTokenAcquired implements AccountManagerCallback<Bundle> { |
| @Override |
| public void run(AccountManagerFuture<Bundle> result) { |
| try { |
| Bundle bundle = result.getResult(); |
| Intent launch = (Intent) bundle.get(AccountManager.KEY_INTENT); |
| if (launch != null) { // Needs user approval. |
| // NOTE(spetrovic): The returned intent has the wrong flag value |
| // FLAG_ACTIVITY_NEW_TASK set, which results in the launched intent replying |
| // immediately with RESULT_CANCELED. Hence, we clear the flag here. |
| launch.setFlags(0); |
| startActivityForResult(launch, REQUEST_CODE_USER_APPROVAL); |
| return; |
| } |
| String token = bundle.getString(AccountManager.KEY_AUTHTOKEN); |
| (new BlessingFetcher()).execute(token); |
| } catch (AuthenticatorException e) { |
| replyWithError("Couldn't authorize: " + e.getMessage()); |
| return; |
| } catch (OperationCanceledException e) { |
| replyWithError("Authorization cancelled: " + e.getMessage()); |
| return; |
| } catch (IOException e) { |
| replyWithError("Unexpected error: " + e.getMessage()); |
| return; |
| } |
| } |
| } |
| |
| private class BlessingFetcher extends AsyncTask<String, Void, byte[]> { |
| ProgressDialog progressDialog = new ProgressDialog(BlessingActivity.this); |
| String errorMsg = null; |
| |
| @Override |
| protected void onPreExecute() { |
| progressDialog.setMessage("Fetching Vanadium Blessing..."); |
| progressDialog.show(); |
| } |
| |
| @Override |
| protected byte[] doInBackground(String... tokens) { |
| if (tokens.length != 1) { |
| errorMsg = "Empty OAuth token."; |
| return null; |
| } |
| try { |
| String publicKey = Base64.encodeToString(mPublicKey.getEncoded(), BASE64_FLAGS); |
| String token = tokens[0]; |
| String caveats = Base64.encodeToString( |
| VomUtil.encode(new Caveat[]{}, Caveat[].class), BASE64_FLAGS); |
| String outputFormat = "base64vom"; |
| URL url = new URL("https://dev.v.io/auth/google/bless" + |
| "?token=" + token + |
| "&public_key=" + publicKey + |
| "&caveats=" + caveats + |
| "&output_format=" + outputFormat); |
| byte[] base64EncodedBlessingVom = ByteStreams.toByteArray( |
| url.openConnection().getInputStream()); |
| return Base64.decode(base64EncodedBlessingVom, BASE64_FLAGS); |
| } catch (MalformedURLException e) { |
| errorMsg = e.getMessage(); |
| return null; |
| } catch (IOException e) { |
| errorMsg = e.getMessage(); |
| return null; |
| } catch (VException e) { |
| errorMsg = e.getMessage(); |
| return null; |
| } |
| } |
| |
| @Override |
| protected void onPostExecute(byte[] blessingVom) { |
| progressDialog.dismiss(); |
| if (blessingVom == null || blessingVom.length == 0) { |
| replyWithError("Couldn't get identity from Vanadium identity servers: " + errorMsg); |
| return; |
| } |
| replyWithSuccess(blessingVom); |
| } |
| } |
| |
| private void updatePrefs(String key, String value) { |
| SharedPreferences.Editor editor = |
| PreferenceManager.getDefaultSharedPreferences(this).edit(); |
| editor.putString(key, value); |
| editor.commit(); |
| } |
| |
| private void replyWithError(String error) { |
| Preconditions.checkArgument(error != null && !error.isEmpty()); |
| Log.e(TAG, "Error while blessing: " + error); |
| Intent intent = new Intent(); |
| intent.putExtra(EXTRA_ERROR, error); |
| setResult(RESULT_CANCELED, intent); |
| finish(); |
| } |
| |
| private void replyWithSuccess(byte[] blessingVom) { |
| Preconditions.checkArgument(blessingVom != null && blessingVom.length > 0); |
| // Store the result in preferences, if the caller asked for it. |
| if (!mPrefKey.isEmpty()) { |
| String hexBlessingsVom = VomUtil.bytesToHexString(blessingVom); |
| updatePrefs(mPrefKey, hexBlessingsVom); |
| } |
| // Prepare the return intent. |
| Intent intent = new Intent(); |
| intent.putExtra(EXTRA_REPLY, blessingVom); |
| setResult(RESULT_OK, intent); |
| finish(); |
| } |
| } |
