2015-02-03 23:08:55 +01:00
|
|
|
/*
|
|
|
|
* Copyright 2013-2015 µg Project Team
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
|
|
|
package org.microg.gms.auth;
|
|
|
|
|
|
|
|
import android.accounts.Account;
|
|
|
|
import android.accounts.AccountManager;
|
|
|
|
import android.content.Context;
|
2015-02-10 03:33:30 +01:00
|
|
|
import android.content.pm.PackageManager;
|
2015-03-10 00:06:49 +01:00
|
|
|
import android.preference.PreferenceManager;
|
2015-02-03 23:08:55 +01:00
|
|
|
import android.util.Log;
|
|
|
|
|
2015-03-06 20:08:47 +01:00
|
|
|
import org.microg.gms.common.PackageUtils;
|
2015-02-09 23:16:37 +01:00
|
|
|
|
2015-03-10 00:06:49 +01:00
|
|
|
import java.io.IOException;
|
|
|
|
|
|
|
|
import static android.content.pm.ApplicationInfo.FLAG_SYSTEM;
|
|
|
|
import static android.content.pm.ApplicationInfo.FLAG_UPDATED_SYSTEM_APP;
|
|
|
|
|
2015-02-03 23:08:55 +01:00
|
|
|
public class AuthManager {
|
|
|
|
|
|
|
|
private static final String TAG = "GmsAuthManager";
|
2015-02-10 03:33:30 +01:00
|
|
|
public static final String PERMISSION_TREE_BASE = "com.google.android.googleapps.permission.GOOGLE_AUTH.";
|
2015-03-10 00:06:49 +01:00
|
|
|
private static final String PREF_KEY_TRUST_GOOGLE = "auth_manager_trust_google";
|
2015-02-03 23:08:55 +01:00
|
|
|
|
2015-03-10 00:06:49 +01:00
|
|
|
private final Context context;
|
|
|
|
private final String accountName;
|
|
|
|
private final String packageName;
|
|
|
|
private final String service;
|
|
|
|
private AccountManager accountManager;
|
|
|
|
private Account account;
|
|
|
|
private String packageSignature;
|
|
|
|
|
|
|
|
public AuthManager(Context context, String accountName, String packageName, String service) {
|
|
|
|
this.context = context;
|
|
|
|
this.accountName = accountName;
|
|
|
|
this.packageName = packageName;
|
|
|
|
this.service = service;
|
2015-02-03 23:08:55 +01:00
|
|
|
}
|
|
|
|
|
2015-03-10 00:06:49 +01:00
|
|
|
public AccountManager getAccountManager() {
|
|
|
|
if (accountManager == null)
|
|
|
|
accountManager = AccountManager.get(context);
|
|
|
|
return accountManager;
|
|
|
|
}
|
|
|
|
|
|
|
|
public Account getAccount() {
|
|
|
|
if (account == null)
|
|
|
|
account = new Account(accountName, "com.google");
|
|
|
|
return account;
|
|
|
|
}
|
|
|
|
|
|
|
|
public String getPackageSignature() {
|
|
|
|
if (packageSignature == null)
|
|
|
|
packageSignature = PackageUtils.firstSignatureDigest(context, packageName);
|
|
|
|
return packageSignature;
|
|
|
|
}
|
|
|
|
|
|
|
|
public String buildTokenKey(String service) {
|
|
|
|
return packageName + ":" + getPackageSignature() + ":" + service;
|
|
|
|
}
|
|
|
|
|
|
|
|
public String buildTokenKey() {
|
|
|
|
return buildTokenKey(service);
|
|
|
|
}
|
|
|
|
|
|
|
|
public String buildPermKey() {
|
|
|
|
return "perm." + buildTokenKey();
|
|
|
|
}
|
|
|
|
|
|
|
|
public void setPermitted(boolean value) {
|
|
|
|
setUserData(buildPermKey(), value ? "1" : "0");
|
|
|
|
}
|
|
|
|
|
|
|
|
public boolean isPermitted() {
|
|
|
|
if (!service.startsWith("oauth")) {
|
2015-02-10 03:33:30 +01:00
|
|
|
if (context.getPackageManager().checkPermission(PERMISSION_TREE_BASE + service, packageName) == PackageManager.PERMISSION_GRANTED) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
}
|
2015-03-10 00:06:49 +01:00
|
|
|
String perm = getUserData(buildPermKey());
|
2015-02-10 03:33:30 +01:00
|
|
|
if (!"1".equals(perm)) {
|
2015-02-03 23:08:55 +01:00
|
|
|
return false;
|
2015-02-10 03:33:30 +01:00
|
|
|
}
|
2015-02-03 23:08:55 +01:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2015-03-10 00:06:49 +01:00
|
|
|
public void setExpiry(long expiry) {
|
|
|
|
setUserData(buildExpireKey(), Long.toString(expiry));
|
2015-02-09 23:16:37 +01:00
|
|
|
}
|
|
|
|
|
2015-03-10 00:06:49 +01:00
|
|
|
public String getUserData(String key) {
|
|
|
|
return getAccountManager().getUserData(getAccount(), key);
|
2015-02-07 20:56:49 +01:00
|
|
|
}
|
|
|
|
|
2015-03-10 00:06:49 +01:00
|
|
|
public void setUserData(String key, String value) {
|
|
|
|
getAccountManager().setUserData(getAccount(), key, value);
|
|
|
|
}
|
|
|
|
|
|
|
|
public String peekAuthToken() {
|
|
|
|
return getAccountManager().peekAuthToken(getAccount(), buildTokenKey());
|
|
|
|
}
|
|
|
|
|
|
|
|
public String getAuthToken() {
|
2015-02-10 15:31:13 +01:00
|
|
|
if (service.startsWith("weblogin:")) return null;
|
2015-03-10 00:06:49 +01:00
|
|
|
if (getExpiry() != -1 && getExpiry() < System.currentTimeMillis() / 1000L) {
|
|
|
|
Log.d(TAG, "token present, but expired");
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
return peekAuthToken();
|
|
|
|
}
|
|
|
|
|
|
|
|
public String buildExpireKey() {
|
|
|
|
return "EXP." + buildTokenKey();
|
|
|
|
}
|
|
|
|
|
|
|
|
public long getExpiry() {
|
|
|
|
String exp = getUserData(buildExpireKey());
|
|
|
|
if (exp == null) return -1;
|
|
|
|
return Long.parseLong(exp);
|
2015-02-03 23:08:55 +01:00
|
|
|
}
|
|
|
|
|
2015-03-10 00:06:49 +01:00
|
|
|
public void setAuthToken(String auth) {
|
|
|
|
setAuthToken(service, auth);
|
|
|
|
}
|
|
|
|
|
|
|
|
public void setAuthToken(String service, String auth) {
|
|
|
|
getAccountManager().setAuthToken(getAccount(), buildTokenKey(service), auth);
|
|
|
|
}
|
|
|
|
|
|
|
|
public void storeResponse(AuthResponse response) {
|
|
|
|
if (service.startsWith("weblogin:")) return;
|
|
|
|
if (response.accountId != null)
|
|
|
|
setUserData("GoogleUserId", response.accountId);
|
|
|
|
if (response.Sid != null)
|
|
|
|
setAuthToken("SID", response.Sid);
|
|
|
|
if (response.LSid != null)
|
|
|
|
setAuthToken("LSID", response.LSid);
|
|
|
|
if (response.expiry > 0)
|
|
|
|
setExpiry(response.expiry);
|
2015-03-10 00:35:47 +01:00
|
|
|
if (response.auth != null && (response.expiry != 0 || response.storeConsentRemotely))
|
2015-03-10 00:06:49 +01:00
|
|
|
setAuthToken(response.auth);
|
|
|
|
}
|
|
|
|
|
|
|
|
public static boolean isTrustGooglePermitted(Context context) {
|
|
|
|
return PreferenceManager.getDefaultSharedPreferences(context).getBoolean(PREF_KEY_TRUST_GOOGLE, true);
|
|
|
|
}
|
|
|
|
|
|
|
|
private boolean isSystemApp() {
|
|
|
|
try {
|
|
|
|
int flags = context.getPackageManager().getApplicationInfo(packageName, 0).flags;
|
|
|
|
return (flags & FLAG_SYSTEM) > 0 || (flags & FLAG_UPDATED_SYSTEM_APP) > 0;
|
|
|
|
} catch (PackageManager.NameNotFoundException e) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public AuthResponse requestAuth(boolean legacy) throws IOException {
|
|
|
|
if (isPermitted() || isTrustGooglePermitted(context)) {
|
|
|
|
String token = getAuthToken();
|
|
|
|
if (token != null) {
|
|
|
|
AuthResponse response = new AuthResponse();
|
|
|
|
response.issueAdvice = "stored";
|
|
|
|
response.auth = token;
|
|
|
|
return response;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
AuthRequest request = new AuthRequest().fromContext(context)
|
|
|
|
.app(packageName, getPackageSignature())
|
|
|
|
.email(accountName)
|
|
|
|
.token(getAccountManager().getPassword(account))
|
|
|
|
.service(service);
|
|
|
|
if (isSystemApp()) request.systemPartition();
|
|
|
|
if (isPermitted()) request.hasPermission();
|
|
|
|
if (legacy) {
|
|
|
|
request.callerIsGms().calledFromAccountManager();
|
|
|
|
} else {
|
|
|
|
request.callerIsApp();
|
|
|
|
}
|
|
|
|
AuthResponse response = request.getResponse();
|
|
|
|
if (!isPermitted() && !isTrustGooglePermitted(context)) {
|
|
|
|
response.auth = null;
|
|
|
|
} else {
|
|
|
|
storeResponse(response);
|
|
|
|
}
|
|
|
|
return response;
|
2015-02-03 23:08:55 +01:00
|
|
|
}
|
|
|
|
|
2015-03-10 00:06:49 +01:00
|
|
|
public String getService() {
|
|
|
|
return service;
|
2015-02-03 23:08:55 +01:00
|
|
|
}
|
|
|
|
}
|