keystore/java/android/security/AppUriAuthenticationPolicy.java - LeafOS-Project/android_frameworks_base - Gitiles

 /*
  * Copyright (C) 2020 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.security;

 import android.annotation.NonNull;
 import android.annotation.Nullable;
 import android.app.Activity;
 import android.net.Uri;
 import android.os.Parcel;
 import android.os.Parcelable;

 import org.xmlpull.v1.XmlPullParser;
 import org.xmlpull.v1.XmlPullParserException;
 import org.xmlpull.v1.XmlSerializer;

 import java.io.IOException;
 import java.security.Principal;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;

 /**
  * The app-URI authentication policy is set by the credential management app. This policy determines
  * which alias for a private key and certificate pair should be used for authentication.
  * <p>
  * The authentication policy should be added as a parameter when calling
  * {@link KeyChain#createManageCredentialsIntent}.
  * <p>
  * Example:
  * <pre>{@code
  *     AppUriAuthenticationPolicy authenticationPolicy = new AppUriAuthenticationPolicy.Builder()
  *              .addAppAndUriMapping("com.test.pkg", testUri, "testAlias")
  *              .addAppAndUriMapping("com.test2.pkg", testUri1, "testAlias2")
  *              .addAppAndUriMapping("com.test2.pkg", testUri2, "testAlias2")
  *              .build();
  *     Intent requestIntent = KeyChain.createManageCredentialsIntent(authenticationPolicy);
  * }</pre>
  * <p>
  */
 public final class AppUriAuthenticationPolicy implements Parcelable {

     private static final String KEY_AUTHENTICATION_POLICY_APP_TO_URIS =
             "authentication_policy_app_to_uris";
     private static final String KEY_AUTHENTICATION_POLICY_APP = "policy_app";

     /**
      * The mappings from an app and list of URIs to a list of aliases, which will be used for
      * authentication.
      * <p>
      * appPackageName -> uri -> alias
      */
     @NonNull
     private final Map<String, UrisToAliases> mAppToUris;

     private AppUriAuthenticationPolicy(@NonNull Map<String, UrisToAliases> appToUris) {
         Objects.requireNonNull(appToUris);
         this.mAppToUris = appToUris;
     }

     /**
      * Builder class for {@link AppUriAuthenticationPolicy} objects.
      */
     public static final class Builder {
         private Map<String, UrisToAliases> mPackageNameToUris;

         /**
          * Initialize a new Builder to construct an {@link AppUriAuthenticationPolicy}.
          */
         public Builder() {
             mPackageNameToUris = new HashMap<>();
         }

         /**
          * Adds mappings from an app and URI to an alias, which will be used for authentication.
          * <p>
          * If this method is called with a package name and URI that was previously added, the
          * previous alias will be overwritten.
          * <p>
          * When the system tries to determine which alias to return to a requesting app calling
          * {@code KeyChain.choosePrivateKeyAlias}, it will choose the alias whose associated URI
          * exactly matches the URI provided in {@link KeyChain#choosePrivateKeyAlias(
          * Activity, KeyChainAliasCallback, String[], Principal[], Uri, String)} or the URI
          * built from the host and port provided in {@link KeyChain#choosePrivateKeyAlias(
          * Activity, KeyChainAliasCallback, String[], Principal[], String, int, String)}.
          *
          * @param appPackageName The app's package name to authenticate the user to.
          * @param uri            The URI to authenticate the user to.
          * @param alias          The alias which will be used for authentication.
          *
          * @return the same Builder instance.
          */
         @NonNull
         public Builder addAppAndUriMapping(@NonNull String appPackageName, @NonNull Uri uri,
                 @NonNull String alias) {
             Objects.requireNonNull(appPackageName);
             Objects.requireNonNull(uri);
             Objects.requireNonNull(alias);
             UrisToAliases urisToAliases =
                     mPackageNameToUris.getOrDefault(appPackageName, new UrisToAliases());
             urisToAliases.addUriToAlias(uri, alias);
             mPackageNameToUris.put(appPackageName, urisToAliases);
             return this;
         }

         /**
          * Adds mappings from an app and list of URIs to a list of aliases, which will be used for
          * authentication.
          * <p>
          * appPackageName -> uri -> alias
          *
          * @hide
          */
         @NonNull
         public Builder addAppAndUriMapping(@NonNull String appPackageName,
                 @NonNull UrisToAliases urisToAliases) {
             Objects.requireNonNull(appPackageName);
             Objects.requireNonNull(urisToAliases);
             mPackageNameToUris.put(appPackageName, urisToAliases);
             return this;
         }

         /**
          * Combines all of the attributes that have been set on the {@link Builder}
          *
          * @return a new {@link AppUriAuthenticationPolicy} object.
          */
         @NonNull
         public AppUriAuthenticationPolicy build() {
             return new AppUriAuthenticationPolicy(mPackageNameToUris);
         }
     }

     @Override
     public int describeContents() {
         return 0;
     }

     @Override
     public void writeToParcel(@NonNull Parcel dest, int flags) {
         dest.writeMap(mAppToUris);
     }

     @NonNull
     public static final Parcelable.Creator<AppUriAuthenticationPolicy> CREATOR =
             new Parcelable.Creator<AppUriAuthenticationPolicy>() {
                 @Override
                 public AppUriAuthenticationPolicy createFromParcel(Parcel in) {
                     Map<String, UrisToAliases> appToUris = new HashMap<>();
                     in.readMap(appToUris, UrisToAliases.class.getClassLoader());
                     return new AppUriAuthenticationPolicy(appToUris);
                 }

                 @Override
                 public AppUriAuthenticationPolicy[] newArray(int size) {
                     return new AppUriAuthenticationPolicy[size];
                 }
             };

     @Override
     public String toString() {
         return "AppUriAuthenticationPolicy{"
                 + "mPackageNameToUris=" + mAppToUris
                 + '}';
     }

     /**
      * Return the authentication policy mapping, which determines which alias for a private key
      * and certificate pair should be used for authentication.
      * <p>
      * appPackageName -> uri -> alias
      */
     @NonNull
     public Map<String, Map<Uri, String>> getAppAndUriMappings() {
         Map<String, Map<Uri, String>> appAndUris = new HashMap<>();
         for (Map.Entry<String, UrisToAliases> entry : mAppToUris.entrySet()) {
             appAndUris.put(entry.getKey(), entry.getValue().getUrisToAliases());
         }
         return appAndUris;
     }

     /**
      * Restore a previously saved {@link AppUriAuthenticationPolicy} from XML.
      *
      * @hide
      */
     @Nullable
     public static AppUriAuthenticationPolicy readFromXml(@NonNull XmlPullParser parser)
             throws IOException, XmlPullParserException {
         AppUriAuthenticationPolicy.Builder builder = new AppUriAuthenticationPolicy.Builder();
         int outerDepth = parser.getDepth();
         int type;
         while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
                 && (type != XmlPullParser.END_TAG || parser.getDepth() > outerDepth)) {
             if (type == XmlPullParser.END_TAG || type == XmlPullParser.TEXT) {
                 continue;
             }
             if (!parser.getName().equals(KEY_AUTHENTICATION_POLICY_APP_TO_URIS)) {
                 continue;
             }
             String app = parser.getAttributeValue(null, KEY_AUTHENTICATION_POLICY_APP);
             UrisToAliases urisToAliases = UrisToAliases.readFromXml(parser);
             builder.addAppAndUriMapping(app, urisToAliases);
         }
         return builder.build();
     }

     /**
      * Save the {@link AppUriAuthenticationPolicy} to XML.
      *
      * @hide
      */
     public void writeToXml(@NonNull XmlSerializer out) throws IOException {
         for (Map.Entry<String, UrisToAliases> appsToUris : mAppToUris.entrySet()) {
             out.startTag(null, KEY_AUTHENTICATION_POLICY_APP_TO_URIS);
             out.attribute(null, KEY_AUTHENTICATION_POLICY_APP, appsToUris.getKey());
             appsToUris.getValue().writeToXml(out);
             out.endTag(null, KEY_AUTHENTICATION_POLICY_APP_TO_URIS);
         }
     }

     /**
      * Get the set of aliases found in the policy.
      *
      * @hide
      */
     public Set<String> getAliases() {
         Set<String> aliases = new HashSet<>();
         for (UrisToAliases appsToUris : mAppToUris.values()) {
             aliases.addAll(appsToUris.getUrisToAliases().values());
         }
         return aliases;
     }

     @Override
     public boolean equals(Object obj) {
         if (this == obj) {
             return true;
         }
         if (!(obj instanceof AppUriAuthenticationPolicy)) {
             return false;
         }
         AppUriAuthenticationPolicy other = (AppUriAuthenticationPolicy) obj;
         return Objects.equals(mAppToUris, other.mAppToUris);
     }

     @Override
     public int hashCode() {
         return mAppToUris.hashCode();
     }

 }
	/*
	* Copyright (C) 2020 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.security;

	import android.annotation.NonNull;
	import android.annotation.Nullable;
	import android.app.Activity;
	import android.net.Uri;
	import android.os.Parcel;
	import android.os.Parcelable;

	import org.xmlpull.v1.XmlPullParser;
	import org.xmlpull.v1.XmlPullParserException;
	import org.xmlpull.v1.XmlSerializer;

	import java.io.IOException;
	import java.security.Principal;
	import java.util.HashMap;
	import java.util.HashSet;
	import java.util.Map;
	import java.util.Objects;
	import java.util.Set;

	/**
	* The app-URI authentication policy is set by the credential management app. This policy determines
	* which alias for a private key and certificate pair should be used for authentication.
	* <p>
	* The authentication policy should be added as a parameter when calling
	* {@link KeyChain#createManageCredentialsIntent}.
	* <p>
	* Example:
	* <pre>{@code
	* AppUriAuthenticationPolicy authenticationPolicy = new AppUriAuthenticationPolicy.Builder()
	* .addAppAndUriMapping("com.test.pkg", testUri, "testAlias")
	* .addAppAndUriMapping("com.test2.pkg", testUri1, "testAlias2")
	* .addAppAndUriMapping("com.test2.pkg", testUri2, "testAlias2")
	* .build();
	* Intent requestIntent = KeyChain.createManageCredentialsIntent(authenticationPolicy);
	* }</pre>
	* <p>
	*/
	public final class AppUriAuthenticationPolicy implements Parcelable {

	private static final String KEY_AUTHENTICATION_POLICY_APP_TO_URIS =
	"authentication_policy_app_to_uris";
	private static final String KEY_AUTHENTICATION_POLICY_APP = "policy_app";

	/**
	* The mappings from an app and list of URIs to a list of aliases, which will be used for
	* authentication.
	* <p>
	* appPackageName -> uri -> alias
	*/
	@NonNull
	private final Map<String, UrisToAliases> mAppToUris;

	private AppUriAuthenticationPolicy(@NonNull Map<String, UrisToAliases> appToUris) {
	Objects.requireNonNull(appToUris);
	this.mAppToUris = appToUris;
	}

	/**
	* Builder class for {@link AppUriAuthenticationPolicy} objects.
	*/
	public static final class Builder {
	private Map<String, UrisToAliases> mPackageNameToUris;

	/**
	* Initialize a new Builder to construct an {@link AppUriAuthenticationPolicy}.
	*/
	public Builder() {
	mPackageNameToUris = new HashMap<>();
	}

	/**
	* Adds mappings from an app and URI to an alias, which will be used for authentication.
	* <p>
	* If this method is called with a package name and URI that was previously added, the
	* previous alias will be overwritten.
	* <p>
	* When the system tries to determine which alias to return to a requesting app calling
	* {@code KeyChain.choosePrivateKeyAlias}, it will choose the alias whose associated URI
	* exactly matches the URI provided in {@link KeyChain#choosePrivateKeyAlias(
	* Activity, KeyChainAliasCallback, String[], Principal[], Uri, String)} or the URI
	* built from the host and port provided in {@link KeyChain#choosePrivateKeyAlias(
	* Activity, KeyChainAliasCallback, String[], Principal[], String, int, String)}.
	*
	* @param appPackageName The app's package name to authenticate the user to.
	* @param uri The URI to authenticate the user to.
	* @param alias The alias which will be used for authentication.
	*
	* @return the same Builder instance.
	*/
	@NonNull
	public Builder addAppAndUriMapping(@NonNull String appPackageName, @NonNull Uri uri,
	@NonNull String alias) {
	Objects.requireNonNull(appPackageName);
	Objects.requireNonNull(uri);
	Objects.requireNonNull(alias);
	UrisToAliases urisToAliases =
	mPackageNameToUris.getOrDefault(appPackageName, new UrisToAliases());
	urisToAliases.addUriToAlias(uri, alias);
	mPackageNameToUris.put(appPackageName, urisToAliases);
	return this;
	}

	/**
	* Adds mappings from an app and list of URIs to a list of aliases, which will be used for
	* authentication.
	* <p>
	* appPackageName -> uri -> alias
	*
	* @hide
	*/
	@NonNull
	public Builder addAppAndUriMapping(@NonNull String appPackageName,
	@NonNull UrisToAliases urisToAliases) {
	Objects.requireNonNull(appPackageName);
	Objects.requireNonNull(urisToAliases);
	mPackageNameToUris.put(appPackageName, urisToAliases);
	return this;
	}

	/**
	* Combines all of the attributes that have been set on the {@link Builder}
	*
	* @return a new {@link AppUriAuthenticationPolicy} object.
	*/
	@NonNull
	public AppUriAuthenticationPolicy build() {
	return new AppUriAuthenticationPolicy(mPackageNameToUris);
	}
	}

	@Override
	public int describeContents() {
	return 0;
	}

	@Override
	public void writeToParcel(@NonNull Parcel dest, int flags) {
	dest.writeMap(mAppToUris);
	}

	@NonNull
	public static final Parcelable.Creator<AppUriAuthenticationPolicy> CREATOR =
	new Parcelable.Creator<AppUriAuthenticationPolicy>() {
	@Override
	public AppUriAuthenticationPolicy createFromParcel(Parcel in) {
	Map<String, UrisToAliases> appToUris = new HashMap<>();
	in.readMap(appToUris, UrisToAliases.class.getClassLoader());
	return new AppUriAuthenticationPolicy(appToUris);
	}

	@Override
	public AppUriAuthenticationPolicy[] newArray(int size) {
	return new AppUriAuthenticationPolicy[size];
	}
	};

	@Override
	public String toString() {
	return "AppUriAuthenticationPolicy{"
	+ "mPackageNameToUris=" + mAppToUris
	+ '}';
	}

	/**
	* Return the authentication policy mapping, which determines which alias for a private key
	* and certificate pair should be used for authentication.
	* <p>
	* appPackageName -> uri -> alias
	*/
	@NonNull
	public Map<String, Map<Uri, String>> getAppAndUriMappings() {
	Map<String, Map<Uri, String>> appAndUris = new HashMap<>();
	for (Map.Entry<String, UrisToAliases> entry : mAppToUris.entrySet()) {
	appAndUris.put(entry.getKey(), entry.getValue().getUrisToAliases());
	}
	return appAndUris;
	}

	/**
	* Restore a previously saved {@link AppUriAuthenticationPolicy} from XML.
	*
	* @hide
	*/
	@Nullable
	public static AppUriAuthenticationPolicy readFromXml(@NonNull XmlPullParser parser)
	throws IOException, XmlPullParserException {
	AppUriAuthenticationPolicy.Builder builder = new AppUriAuthenticationPolicy.Builder();
	int outerDepth = parser.getDepth();
	int type;
	while ((type = parser.next()) != XmlPullParser.END_DOCUMENT
	&& (type != XmlPullParser.END_TAG \|\| parser.getDepth() > outerDepth)) {
	if (type == XmlPullParser.END_TAG \|\| type == XmlPullParser.TEXT) {
	continue;
	}
	if (!parser.getName().equals(KEY_AUTHENTICATION_POLICY_APP_TO_URIS)) {
	continue;
	}
	String app = parser.getAttributeValue(null, KEY_AUTHENTICATION_POLICY_APP);
	UrisToAliases urisToAliases = UrisToAliases.readFromXml(parser);
	builder.addAppAndUriMapping(app, urisToAliases);
	}
	return builder.build();
	}

	/**
	* Save the {@link AppUriAuthenticationPolicy} to XML.
	*
	* @hide
	*/
	public void writeToXml(@NonNull XmlSerializer out) throws IOException {
	for (Map.Entry<String, UrisToAliases> appsToUris : mAppToUris.entrySet()) {
	out.startTag(null, KEY_AUTHENTICATION_POLICY_APP_TO_URIS);
	out.attribute(null, KEY_AUTHENTICATION_POLICY_APP, appsToUris.getKey());
	appsToUris.getValue().writeToXml(out);
	out.endTag(null, KEY_AUTHENTICATION_POLICY_APP_TO_URIS);
	}
	}

	/**
	* Get the set of aliases found in the policy.
	*
	* @hide
	*/
	public Set<String> getAliases() {
	Set<String> aliases = new HashSet<>();
	for (UrisToAliases appsToUris : mAppToUris.values()) {
	aliases.addAll(appsToUris.getUrisToAliases().values());
	}
	return aliases;
	}

	@Override
	public boolean equals(Object obj) {
	if (this == obj) {
	return true;
	}
	if (!(obj instanceof AppUriAuthenticationPolicy)) {
	return false;
	}
	AppUriAuthenticationPolicy other = (AppUriAuthenticationPolicy) obj;
	return Objects.equals(mAppToUris, other.mAppToUris);
	}

	@Override
	public int hashCode() {
	return mAppToUris.hashCode();
	}

	}