| /* |
| * Copyright (C) 2015 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package com.android.statementservice; |
| |
| import android.content.BroadcastReceiver; |
| import android.content.Context; |
| import android.content.Intent; |
| import android.content.pm.PackageManager; |
| import android.content.pm.PackageManager.NameNotFoundException; |
| import android.os.Bundle; |
| import android.os.Handler; |
| import android.os.ResultReceiver; |
| import android.text.TextUtils; |
| import android.util.Log; |
| import android.util.Patterns; |
| |
| import com.android.statementservice.retriever.Utils; |
| |
| import java.net.MalformedURLException; |
| import java.net.URL; |
| import java.util.ArrayList; |
| import java.util.Collections; |
| import java.util.List; |
| import java.util.regex.Pattern; |
| |
| /** |
| * Receives {@link Intent#ACTION_INTENT_FILTER_NEEDS_VERIFICATION} broadcast and calls |
| * {@link DirectStatementService} to verify the request. Calls |
| * {@link PackageManager#verifyIntentFilter} to notify {@link PackageManager} the result of the |
| * verification. |
| * |
| * This implementation of the API will send a HTTP request for each host specified in the query. |
| * To avoid overwhelming the network at app install time, {@code MAX_HOSTS_PER_REQUEST} limits |
| * the maximum number of hosts in a query. If a query contains more than |
| * {@code MAX_HOSTS_PER_REQUEST} hosts, it will fail immediately without making any HTTP request |
| * and call {@link PackageManager#verifyIntentFilter} with |
| * {@link PackageManager#INTENT_FILTER_VERIFICATION_FAILURE}. |
| */ |
| public final class IntentFilterVerificationReceiver extends BroadcastReceiver { |
| private static final String TAG = IntentFilterVerificationReceiver.class.getSimpleName(); |
| |
| private static final Integer MAX_HOSTS_PER_REQUEST = 10; |
| |
| private static final String HANDLE_ALL_URLS_RELATION |
| = "delegate_permission/common.handle_all_urls"; |
| |
| private static final String ANDROID_ASSET_FORMAT = "{\"namespace\": \"android_app\", " |
| + "\"package_name\": \"%s\", \"sha256_cert_fingerprints\": [\"%s\"]}"; |
| private static final String WEB_ASSET_FORMAT = "{\"namespace\": \"web\", \"site\": \"%s\"}"; |
| private static final Pattern ANDROID_PACKAGE_NAME_PATTERN = |
| Pattern.compile("^[a-zA-Z_][a-zA-Z0-9_]*(\\.[a-zA-Z_][a-zA-Z0-9_]*)*$"); |
| private static final String TOO_MANY_HOSTS_FORMAT = |
| "Request contains %d hosts which is more than the allowed %d."; |
| |
| private static void sendErrorToPackageManager(PackageManager packageManager, |
| int verificationId) { |
| packageManager.verifyIntentFilter(verificationId, |
| PackageManager.INTENT_FILTER_VERIFICATION_FAILURE, |
| Collections.<String>emptyList()); |
| } |
| |
| @Override |
| public void onReceive(Context context, Intent intent) { |
| final String action = intent.getAction(); |
| if (Intent.ACTION_INTENT_FILTER_NEEDS_VERIFICATION.equals(action)) { |
| Bundle inputExtras = intent.getExtras(); |
| if (inputExtras != null) { |
| Intent serviceIntent = new Intent(context, DirectStatementService.class); |
| serviceIntent.setAction(DirectStatementService.CHECK_ALL_ACTION); |
| |
| int verificationId = inputExtras.getInt( |
| PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_ID); |
| String scheme = inputExtras.getString( |
| PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_URI_SCHEME); |
| String hosts = inputExtras.getString( |
| PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_HOSTS); |
| String packageName = inputExtras.getString( |
| PackageManager.EXTRA_INTENT_FILTER_VERIFICATION_PACKAGE_NAME); |
| |
| Bundle extras = new Bundle(); |
| extras.putString(DirectStatementService.EXTRA_RELATION, HANDLE_ALL_URLS_RELATION); |
| |
| String[] hostList = hosts.split(" "); |
| if (hostList.length > MAX_HOSTS_PER_REQUEST) { |
| Log.w(TAG, String.format(TOO_MANY_HOSTS_FORMAT, |
| hostList.length, MAX_HOSTS_PER_REQUEST)); |
| sendErrorToPackageManager(context.getPackageManager(), verificationId); |
| return; |
| } |
| |
| ArrayList<String> finalHosts = new ArrayList<String>(hostList.length); |
| try { |
| ArrayList<String> sourceAssets = new ArrayList<String>(); |
| for (String host : hostList) { |
| // "*.example.tld" is validated via https://example.tld |
| if (host.startsWith("*.")) { |
| host = host.substring(2); |
| } |
| sourceAssets.add(createWebAssetString(scheme, host)); |
| finalHosts.add(host); |
| } |
| extras.putStringArrayList(DirectStatementService.EXTRA_SOURCE_ASSET_DESCRIPTORS, |
| sourceAssets); |
| } catch (MalformedURLException e) { |
| Log.w(TAG, "Error when processing input host: " + e.getMessage()); |
| sendErrorToPackageManager(context.getPackageManager(), verificationId); |
| return; |
| } |
| try { |
| extras.putString(DirectStatementService.EXTRA_TARGET_ASSET_DESCRIPTOR, |
| createAndroidAssetString(context, packageName)); |
| } catch (NameNotFoundException e) { |
| Log.w(TAG, "Error when processing input Android package: " + e.getMessage()); |
| sendErrorToPackageManager(context.getPackageManager(), verificationId); |
| return; |
| } |
| extras.putParcelable(DirectStatementService.EXTRA_RESULT_RECEIVER, |
| new IsAssociatedResultReceiver( |
| new Handler(), context.getPackageManager(), verificationId)); |
| |
| // Required for CTS: log a few details of the validcation operation to be performed |
| logValidationParametersForCTS(verificationId, scheme, finalHosts, packageName); |
| |
| serviceIntent.putExtras(extras); |
| context.startService(serviceIntent); |
| } |
| } else { |
| Log.w(TAG, "Intent action not supported: " + action); |
| } |
| } |
| |
| // CTS requirement: logging of the validation parameters in a specific format |
| private static final String CTS_LOG_FORMAT = |
| "Verifying IntentFilter. verificationId:%d scheme:\"%s\" hosts:\"%s\" package:\"%s\"."; |
| private void logValidationParametersForCTS(int verificationId, String scheme, |
| ArrayList<String> finalHosts, String packageName) { |
| String hostString = TextUtils.join(" ", finalHosts.toArray()); |
| Log.i(TAG, String.format(CTS_LOG_FORMAT, verificationId, scheme, hostString, packageName)); |
| } |
| |
| private String createAndroidAssetString(Context context, String packageName) |
| throws NameNotFoundException { |
| if (!ANDROID_PACKAGE_NAME_PATTERN.matcher(packageName).matches()) { |
| throw new NameNotFoundException("Input package name is not valid."); |
| } |
| |
| List<String> certFingerprints = |
| Utils.getCertFingerprintsFromPackageManager(packageName, context); |
| |
| return String.format(ANDROID_ASSET_FORMAT, packageName, |
| Utils.joinStrings("\", \"", certFingerprints)); |
| } |
| |
| private String createWebAssetString(String scheme, String host) throws MalformedURLException { |
| if (!Patterns.DOMAIN_NAME.matcher(host).matches()) { |
| throw new MalformedURLException("Input host is not valid."); |
| } |
| if (!scheme.equals("http") && !scheme.equals("https")) { |
| throw new MalformedURLException("Input scheme is not valid."); |
| } |
| |
| return String.format(WEB_ASSET_FORMAT, new URL(scheme, host, "").toString()); |
| } |
| |
| /** |
| * Receives the result of {@code StatementService.CHECK_ACTION} from |
| * {@link DirectStatementService} and passes it back to {@link PackageManager}. |
| */ |
| private static class IsAssociatedResultReceiver extends ResultReceiver { |
| |
| private final int mVerificationId; |
| private final PackageManager mPackageManager; |
| |
| public IsAssociatedResultReceiver(Handler handler, PackageManager packageManager, |
| int verificationId) { |
| super(handler); |
| mVerificationId = verificationId; |
| mPackageManager = packageManager; |
| } |
| |
| @Override |
| protected void onReceiveResult(int resultCode, Bundle resultData) { |
| if (resultCode == DirectStatementService.RESULT_SUCCESS) { |
| if (resultData.getBoolean(DirectStatementService.IS_ASSOCIATED)) { |
| mPackageManager.verifyIntentFilter(mVerificationId, |
| PackageManager.INTENT_FILTER_VERIFICATION_SUCCESS, |
| Collections.<String>emptyList()); |
| } else { |
| mPackageManager.verifyIntentFilter(mVerificationId, |
| PackageManager.INTENT_FILTER_VERIFICATION_FAILURE, |
| resultData.getStringArrayList(DirectStatementService.FAILED_SOURCES)); |
| } |
| } else { |
| sendErrorToPackageManager(mPackageManager, mVerificationId); |
| } |
| } |
| } |
| } |