Example 6 with AccountAuthenticatorResponse
use of android.accounts.AccountAuthenticatorResponse in project android_frameworks_base by AOSPA.
the class AccountManagerService method getAuthToken.
@Override
public void getAuthToken(IAccountManagerResponse response, final Account account, final String authTokenType, final boolean notifyOnAuthFailure, final boolean expectActivityLaunch, final Bundle loginOptions) {
Bundle.setDefusable(loginOptions, true);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "getAuthToken: " + account + ", response " + response + ", authTokenType " + authTokenType + ", notifyOnAuthFailure " + notifyOnAuthFailure + ", expectActivityLaunch " + expectActivityLaunch + ", caller's uid " + Binder.getCallingUid() + ", pid " + Binder.getCallingPid());
}
if (response == null)
throw new IllegalArgumentException("response is null");
try {
if (account == null) {
Slog.w(TAG, "getAuthToken called with null account");
response.onError(AccountManager.ERROR_CODE_BAD_ARGUMENTS, "account is null");
return;
}
if (authTokenType == null) {
Slog.w(TAG, "getAuthToken called with null authTokenType");
response.onError(AccountManager.ERROR_CODE_BAD_ARGUMENTS, "authTokenType is null");
return;
}
} catch (RemoteException e) {
Slog.w(TAG, "Failed to report error back to the client." + e);
return;
}
int userId = UserHandle.getCallingUserId();
long ident = Binder.clearCallingIdentity();
final UserAccounts accounts;
final RegisteredServicesCache.ServiceInfo<AuthenticatorDescription> authenticatorInfo;
try {
accounts = getUserAccounts(userId);
authenticatorInfo = mAuthenticatorCache.getServiceInfo(AuthenticatorDescription.newKey(account.type), accounts.userId);
} finally {
Binder.restoreCallingIdentity(ident);
}
final boolean customTokens = authenticatorInfo != null && authenticatorInfo.type.customTokens;
// skip the check if customTokens
final int callerUid = Binder.getCallingUid();
final boolean permissionGranted = customTokens || permissionIsGranted(account, authTokenType, callerUid, userId);
// Get the calling package. We will use it for the purpose of caching.
final String callerPkg = loginOptions.getString(AccountManager.KEY_ANDROID_PACKAGE_NAME);
List<String> callerOwnedPackageNames;
ident = Binder.clearCallingIdentity();
try {
callerOwnedPackageNames = Arrays.asList(mPackageManager.getPackagesForUid(callerUid));
} finally {
Binder.restoreCallingIdentity(ident);
}
if (callerPkg == null || !callerOwnedPackageNames.contains(callerPkg)) {
String msg = String.format("Uid %s is attempting to illegally masquerade as package %s!", callerUid, callerPkg);
throw new SecurityException(msg);
}
// let authenticator know the identity of the caller
loginOptions.putInt(AccountManager.KEY_CALLER_UID, callerUid);
loginOptions.putInt(AccountManager.KEY_CALLER_PID, Binder.getCallingPid());
if (notifyOnAuthFailure) {
loginOptions.putBoolean(AccountManager.KEY_NOTIFY_ON_FAILURE, true);
}
long identityToken = clearCallingIdentity();
try {
// Distill the caller's package signatures into a single digest.
final byte[] callerPkgSigDigest = calculatePackageSignatureDigest(callerPkg);
// route of starting a Session
if (!customTokens && permissionGranted) {
String authToken = readAuthTokenInternal(accounts, account, authTokenType);
if (authToken != null) {
Bundle result = new Bundle();
result.putString(AccountManager.KEY_AUTHTOKEN, authToken);
result.putString(AccountManager.KEY_ACCOUNT_NAME, account.name);
result.putString(AccountManager.KEY_ACCOUNT_TYPE, account.type);
onResult(response, result);
return;
}
}
if (customTokens) {
/*
* Look up tokens in the new cache only if the loginOptions don't have parameters
* outside of those expected to be injected by the AccountManager, e.g.
* ANDORID_PACKAGE_NAME.
*/
String token = readCachedTokenInternal(accounts, account, authTokenType, callerPkg, callerPkgSigDigest);
if (token != null) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "getAuthToken: cache hit ofr custom token authenticator.");
}
Bundle result = new Bundle();
result.putString(AccountManager.KEY_AUTHTOKEN, token);
result.putString(AccountManager.KEY_ACCOUNT_NAME, account.name);
result.putString(AccountManager.KEY_ACCOUNT_TYPE, account.type);
onResult(response, result);
return;
}
}
new Session(accounts, response, account.type, expectActivityLaunch, false, /* stripAuthTokenFromResult */
account.name, false) {
/* authDetailsRequired */
@Override
protected String toDebugString(long now) {
if (loginOptions != null)
loginOptions.keySet();
return super.toDebugString(now) + ", getAuthToken" + ", " + account + ", authTokenType " + authTokenType + ", loginOptions " + loginOptions + ", notifyOnAuthFailure " + notifyOnAuthFailure;
}
@Override
public void run() throws RemoteException {
// "grant permission" intent instead of the "getAuthToken" intent.
if (!permissionGranted) {
mAuthenticator.getAuthTokenLabel(this, authTokenType);
} else {
mAuthenticator.getAuthToken(this, account, authTokenType, loginOptions);
}
}
@Override
public void onResult(Bundle result) {
Bundle.setDefusable(result, true);
if (result != null) {
if (result.containsKey(AccountManager.KEY_AUTH_TOKEN_LABEL)) {
Intent intent = newGrantCredentialsPermissionIntent(account, null, callerUid, new AccountAuthenticatorResponse(this), authTokenType, true);
Bundle bundle = new Bundle();
bundle.putParcelable(AccountManager.KEY_INTENT, intent);
onResult(bundle);
return;
}
String authToken = result.getString(AccountManager.KEY_AUTHTOKEN);
if (authToken != null) {
String name = result.getString(AccountManager.KEY_ACCOUNT_NAME);
String type = result.getString(AccountManager.KEY_ACCOUNT_TYPE);
if (TextUtils.isEmpty(type) || TextUtils.isEmpty(name)) {
onError(AccountManager.ERROR_CODE_INVALID_RESPONSE, "the type and name should not be empty");
return;
}
Account resultAccount = new Account(name, type);
if (!customTokens) {
saveAuthTokenToDatabase(mAccounts, resultAccount, authTokenType, authToken);
}
long expiryMillis = result.getLong(AbstractAccountAuthenticator.KEY_CUSTOM_TOKEN_EXPIRY, 0L);
if (customTokens && expiryMillis > System.currentTimeMillis()) {
saveCachedToken(mAccounts, account, callerPkg, callerPkgSigDigest, authTokenType, authToken, expiryMillis);
}
}
Intent intent = result.getParcelable(AccountManager.KEY_INTENT);
if (intent != null && notifyOnAuthFailure && !customTokens) {
/*
* Make sure that the supplied intent is owned by the authenticator
* giving it to the system. Otherwise a malicious authenticator could
* have users launching arbitrary activities by tricking users to
* interact with malicious notifications.
*/
checkKeyIntent(Binder.getCallingUid(), intent);
doNotification(mAccounts, account, result.getString(AccountManager.KEY_AUTH_FAILED_MESSAGE), intent, "android", accounts.userId);
}
}
super.onResult(result);
}
}.bind();
} finally {
restoreCallingIdentity(identityToken);
}
}
Also used :
Account(android.accounts.Account)
Bundle(android.os.Bundle)
IAccountAuthenticatorResponse(android.accounts.IAccountAuthenticatorResponse)
AccountAuthenticatorResponse(android.accounts.AccountAuthenticatorResponse)
GeneralSecurityException(java.security.GeneralSecurityException)
PendingIntent(android.app.PendingIntent)
Intent(android.content.Intent)
AuthenticatorDescription(android.accounts.AuthenticatorDescription)
RemoteException(android.os.RemoteException)
RegisteredServicesCache(android.content.pm.RegisteredServicesCache)
Example 7 with AccountAuthenticatorResponse
use of android.accounts.AccountAuthenticatorResponse in project ETSMobile-Android2 by ApplETS.
the class ETSMobileAuthenticator method getAuthToken.
@Override
public Bundle getAuthToken(AccountAuthenticatorResponse response, Account account, String authTokenType, Bundle options) throws NetworkErrorException {
// Extract the username and password from the Account Manager, and ask
// the server for an appropriate AuthToken.
final AccountManager am = AccountManager.get(mContext);
String authToken = am.peekAuthToken(account, authTokenType);
SecurePreferences securePreferences = new SecurePreferences(mContext);
Date expirationDate = Utility.getDate(securePreferences, Constants.EXP_DATE_COOKIE, new Date());
Date now = new Date();
// Lets give another try to authenticate the user
if (TextUtils.isEmpty(authToken) || expirationDate.before(now)) {
final String password = am.getPassword(account);
final String username = account.name;
if (password != null) {
OkHttpClient client = new OkHttpClient();
MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n \"Username\": \"" + username + "\",\n \"Password\": \"" + password + "\"\n}");
Request request = new Request.Builder().url(mContext.getString(R.string.portail_api_authentification_url)).post(body).addHeader("content-type", "application/json").addHeader("cache-control", "no-cache").build();
Response httpResponse = null;
try {
httpResponse = client.newCall(request).execute();
if (httpResponse.code() == 200) {
authToken = httpResponse.header("Set-Cookie");
Utility.saveCookieExpirationDate(authToken, securePreferences);
JSONObject jsonResponse = new JSONObject(httpResponse.body().string());
int typeUsagerId = jsonResponse.getInt("TypeUsagerId");
String domaine = jsonResponse.getString("Domaine");
securePreferences.edit().putInt(Constants.TYPE_USAGER_ID, typeUsagerId).commit();
securePreferences.edit().putString(Constants.DOMAINE, domaine).commit();
ApplicationManager.domaine = domaine;
ApplicationManager.typeUsagerId = typeUsagerId;
SharedPreferences sharedPreferences = PreferenceManager.getDefaultSharedPreferences(mContext);
boolean isTokenSent = sharedPreferences.getBoolean(Constants.IS_GCM_TOKEN_SENT_TO_SERVER, false);
if (!isTokenSent) {
Intent intent = new Intent(mContext, RegistrationIntentService.class);
mContext.startService(intent);
}
} else {
Log.e("Erreur Portail", httpResponse.toString());
}
} catch (IOException e) {
e.printStackTrace();
} catch (JSONException e) {
e.printStackTrace();
}
}
}
// If we get an authToken - we return it
if (!TextUtils.isEmpty(authToken)) {
final Bundle result = new Bundle();
result.putString(AccountManager.KEY_ACCOUNT_NAME, account.name);
result.putString(AccountManager.KEY_ACCOUNT_TYPE, account.type);
result.putString(AccountManager.KEY_AUTHTOKEN, authToken);
return result;
} else {
final Bundle result = new Bundle();
result.putString(AccountManager.KEY_ACCOUNT_NAME, account.name);
result.putString(AccountManager.KEY_ACCOUNT_TYPE, account.type);
result.putString(AccountManager.KEY_AUTHTOKEN, null);
return result;
}
// If we get here, then we couldn't access the user's password - so we
// need to re-prompt them for their credentials. We do that by creating
// an intent to display our AuthenticatorActivity.
/*
final Intent intent = new Intent(mContext, LoginActivity.class);
intent.putExtra(AccountManager.KEY_ACCOUNT_AUTHENTICATOR_RESPONSE, response);
intent.putExtra(AccountManager.KEY_ACCOUNT_TYPE, account.type);
intent.putExtra(Constants.KEY_AUTH_TYPE, authTokenType);
final Bundle bundle = new Bundle();
bundle.putParcelable(AccountManager.KEY_INTENT, intent);
return bundle;
*/
}
Also used :
OkHttpClient(com.squareup.okhttp.OkHttpClient)
SharedPreferences(android.content.SharedPreferences)
Bundle(android.os.Bundle)
Request(com.squareup.okhttp.Request)
JSONException(org.json.JSONException)
Intent(android.content.Intent)
IOException(java.io.IOException)
Date(java.util.Date)
AccountAuthenticatorResponse(android.accounts.AccountAuthenticatorResponse)
Response(com.squareup.okhttp.Response)
JSONObject(org.json.JSONObject)
MediaType(com.squareup.okhttp.MediaType)
AccountManager(android.accounts.AccountManager)
RequestBody(com.squareup.okhttp.RequestBody)
Example 8 with AccountAuthenticatorResponse
use of android.accounts.AccountAuthenticatorResponse in project android_frameworks_base by DirtyUnicorns.
the class AccountManagerService method newRequestAccountAccessIntent.
private Intent newRequestAccountAccessIntent(Account account, String packageName, int uid, RemoteCallback callback) {
return newGrantCredentialsPermissionIntent(account, packageName, uid, new AccountAuthenticatorResponse(new IAccountAuthenticatorResponse.Stub() {
@Override
public void onResult(Bundle value) throws RemoteException {
handleAuthenticatorResponse(true);
}
@Override
public void onRequestContinued() {
/* ignore */
}
@Override
public void onError(int errorCode, String errorMessage) throws RemoteException {
handleAuthenticatorResponse(false);
}
private void handleAuthenticatorResponse(boolean accessGranted) throws RemoteException {
cancelNotification(getCredentialPermissionNotificationId(account, AccountManager.ACCOUNT_ACCESS_TOKEN_TYPE, uid), packageName, UserHandle.getUserHandleForUid(uid));
if (callback != null) {
Bundle result = new Bundle();
result.putBoolean(AccountManager.KEY_BOOLEAN_RESULT, accessGranted);
callback.sendResult(result);
}
}
}), AccountManager.ACCOUNT_ACCESS_TOKEN_TYPE, false);
}
Also used :
IAccountAuthenticatorResponse(android.accounts.IAccountAuthenticatorResponse)
AccountAuthenticatorResponse(android.accounts.AccountAuthenticatorResponse)
Bundle(android.os.Bundle)
Example 9 with AccountAuthenticatorResponse
use of android.accounts.AccountAuthenticatorResponse in project android_frameworks_base by ResurrectionRemix.
the class AccountManagerService method newRequestAccountAccessIntent.
private Intent newRequestAccountAccessIntent(Account account, String packageName, int uid, RemoteCallback callback) {
return newGrantCredentialsPermissionIntent(account, packageName, uid, new AccountAuthenticatorResponse(new IAccountAuthenticatorResponse.Stub() {
@Override
public void onResult(Bundle value) throws RemoteException {
handleAuthenticatorResponse(true);
}
@Override
public void onRequestContinued() {
/* ignore */
}
@Override
public void onError(int errorCode, String errorMessage) throws RemoteException {
handleAuthenticatorResponse(false);
}
private void handleAuthenticatorResponse(boolean accessGranted) throws RemoteException {
cancelNotification(getCredentialPermissionNotificationId(account, AccountManager.ACCOUNT_ACCESS_TOKEN_TYPE, uid), packageName, UserHandle.getUserHandleForUid(uid));
if (callback != null) {
Bundle result = new Bundle();
result.putBoolean(AccountManager.KEY_BOOLEAN_RESULT, accessGranted);
callback.sendResult(result);
}
}
}), AccountManager.ACCOUNT_ACCESS_TOKEN_TYPE, false);
}
Also used :
IAccountAuthenticatorResponse(android.accounts.IAccountAuthenticatorResponse)
AccountAuthenticatorResponse(android.accounts.AccountAuthenticatorResponse)
Bundle(android.os.Bundle)
Example 10 with AccountAuthenticatorResponse
use of android.accounts.AccountAuthenticatorResponse in project android_frameworks_base by ResurrectionRemix.
the class AccountManagerService method getAuthToken.
@Override
public void getAuthToken(IAccountManagerResponse response, final Account account, final String authTokenType, final boolean notifyOnAuthFailure, final boolean expectActivityLaunch, final Bundle loginOptions) {
Bundle.setDefusable(loginOptions, true);
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "getAuthToken: " + account + ", response " + response + ", authTokenType " + authTokenType + ", notifyOnAuthFailure " + notifyOnAuthFailure + ", expectActivityLaunch " + expectActivityLaunch + ", caller's uid " + Binder.getCallingUid() + ", pid " + Binder.getCallingPid());
}
if (response == null)
throw new IllegalArgumentException("response is null");
try {
if (account == null) {
Slog.w(TAG, "getAuthToken called with null account");
response.onError(AccountManager.ERROR_CODE_BAD_ARGUMENTS, "account is null");
return;
}
if (authTokenType == null) {
Slog.w(TAG, "getAuthToken called with null authTokenType");
response.onError(AccountManager.ERROR_CODE_BAD_ARGUMENTS, "authTokenType is null");
return;
}
} catch (RemoteException e) {
Slog.w(TAG, "Failed to report error back to the client." + e);
return;
}
int userId = UserHandle.getCallingUserId();
long ident = Binder.clearCallingIdentity();
final UserAccounts accounts;
final RegisteredServicesCache.ServiceInfo<AuthenticatorDescription> authenticatorInfo;
try {
accounts = getUserAccounts(userId);
authenticatorInfo = mAuthenticatorCache.getServiceInfo(AuthenticatorDescription.newKey(account.type), accounts.userId);
} finally {
Binder.restoreCallingIdentity(ident);
}
final boolean customTokens = authenticatorInfo != null && authenticatorInfo.type.customTokens;
// skip the check if customTokens
final int callerUid = Binder.getCallingUid();
final boolean permissionGranted = customTokens || permissionIsGranted(account, authTokenType, callerUid, userId);
// Get the calling package. We will use it for the purpose of caching.
final String callerPkg = loginOptions.getString(AccountManager.KEY_ANDROID_PACKAGE_NAME);
List<String> callerOwnedPackageNames;
ident = Binder.clearCallingIdentity();
try {
callerOwnedPackageNames = Arrays.asList(mPackageManager.getPackagesForUid(callerUid));
} finally {
Binder.restoreCallingIdentity(ident);
}
if (callerPkg == null || !callerOwnedPackageNames.contains(callerPkg)) {
String msg = String.format("Uid %s is attempting to illegally masquerade as package %s!", callerUid, callerPkg);
throw new SecurityException(msg);
}
// let authenticator know the identity of the caller
loginOptions.putInt(AccountManager.KEY_CALLER_UID, callerUid);
loginOptions.putInt(AccountManager.KEY_CALLER_PID, Binder.getCallingPid());
if (notifyOnAuthFailure) {
loginOptions.putBoolean(AccountManager.KEY_NOTIFY_ON_FAILURE, true);
}
long identityToken = clearCallingIdentity();
try {
// Distill the caller's package signatures into a single digest.
final byte[] callerPkgSigDigest = calculatePackageSignatureDigest(callerPkg);
// route of starting a Session
if (!customTokens && permissionGranted) {
String authToken = readAuthTokenInternal(accounts, account, authTokenType);
if (authToken != null) {
Bundle result = new Bundle();
result.putString(AccountManager.KEY_AUTHTOKEN, authToken);
result.putString(AccountManager.KEY_ACCOUNT_NAME, account.name);
result.putString(AccountManager.KEY_ACCOUNT_TYPE, account.type);
onResult(response, result);
return;
}
}
if (customTokens) {
/*
* Look up tokens in the new cache only if the loginOptions don't have parameters
* outside of those expected to be injected by the AccountManager, e.g.
* ANDORID_PACKAGE_NAME.
*/
String token = readCachedTokenInternal(accounts, account, authTokenType, callerPkg, callerPkgSigDigest);
if (token != null) {
if (Log.isLoggable(TAG, Log.VERBOSE)) {
Log.v(TAG, "getAuthToken: cache hit ofr custom token authenticator.");
}
Bundle result = new Bundle();
result.putString(AccountManager.KEY_AUTHTOKEN, token);
result.putString(AccountManager.KEY_ACCOUNT_NAME, account.name);
result.putString(AccountManager.KEY_ACCOUNT_TYPE, account.type);
onResult(response, result);
return;
}
}
new Session(accounts, response, account.type, expectActivityLaunch, false, /* stripAuthTokenFromResult */
account.name, false) {
/* authDetailsRequired */
@Override
protected String toDebugString(long now) {
if (loginOptions != null)
loginOptions.keySet();
return super.toDebugString(now) + ", getAuthToken" + ", " + account + ", authTokenType " + authTokenType + ", loginOptions " + loginOptions + ", notifyOnAuthFailure " + notifyOnAuthFailure;
}
@Override
public void run() throws RemoteException {
// "grant permission" intent instead of the "getAuthToken" intent.
if (!permissionGranted) {
mAuthenticator.getAuthTokenLabel(this, authTokenType);
} else {
mAuthenticator.getAuthToken(this, account, authTokenType, loginOptions);
}
}
@Override
public void onResult(Bundle result) {
Bundle.setDefusable(result, true);
if (result != null) {
if (result.containsKey(AccountManager.KEY_AUTH_TOKEN_LABEL)) {
Intent intent = newGrantCredentialsPermissionIntent(account, null, callerUid, new AccountAuthenticatorResponse(this), authTokenType, true);
Bundle bundle = new Bundle();
bundle.putParcelable(AccountManager.KEY_INTENT, intent);
onResult(bundle);
return;
}
String authToken = result.getString(AccountManager.KEY_AUTHTOKEN);
if (authToken != null) {
String name = result.getString(AccountManager.KEY_ACCOUNT_NAME);
String type = result.getString(AccountManager.KEY_ACCOUNT_TYPE);
if (TextUtils.isEmpty(type) || TextUtils.isEmpty(name)) {
onError(AccountManager.ERROR_CODE_INVALID_RESPONSE, "the type and name should not be empty");
return;
}
Account resultAccount = new Account(name, type);
if (!customTokens) {
saveAuthTokenToDatabase(mAccounts, resultAccount, authTokenType, authToken);
}
long expiryMillis = result.getLong(AbstractAccountAuthenticator.KEY_CUSTOM_TOKEN_EXPIRY, 0L);
if (customTokens && expiryMillis > System.currentTimeMillis()) {
saveCachedToken(mAccounts, account, callerPkg, callerPkgSigDigest, authTokenType, authToken, expiryMillis);
}
}
Intent intent = result.getParcelable(AccountManager.KEY_INTENT);
if (intent != null && notifyOnAuthFailure && !customTokens) {
/*
* Make sure that the supplied intent is owned by the authenticator
* giving it to the system. Otherwise a malicious authenticator could
* have users launching arbitrary activities by tricking users to
* interact with malicious notifications.
*/
checkKeyIntent(Binder.getCallingUid(), intent);
doNotification(mAccounts, account, result.getString(AccountManager.KEY_AUTH_FAILED_MESSAGE), intent, "android", accounts.userId);
}
}
super.onResult(result);
}
}.bind();
} finally {
restoreCallingIdentity(identityToken);
}
}
Also used :
Account(android.accounts.Account)
Bundle(android.os.Bundle)
IAccountAuthenticatorResponse(android.accounts.IAccountAuthenticatorResponse)
AccountAuthenticatorResponse(android.accounts.AccountAuthenticatorResponse)
GeneralSecurityException(java.security.GeneralSecurityException)
PendingIntent(android.app.PendingIntent)
Intent(android.content.Intent)
AuthenticatorDescription(android.accounts.AuthenticatorDescription)
RemoteException(android.os.RemoteException)
RegisteredServicesCache(android.content.pm.RegisteredServicesCache)
Aggregations
AccountAuthenticatorResponse (android.accounts.AccountAuthenticatorResponse)13
Bundle (android.os.Bundle)13
IAccountAuthenticatorResponse (android.accounts.IAccountAuthenticatorResponse)11
Intent (android.content.Intent)7
Account (android.accounts.Account)6
AuthenticatorDescription (android.accounts.AuthenticatorDescription)6
PendingIntent (android.app.PendingIntent)6
RegisteredServicesCache (android.content.pm.RegisteredServicesCache)6
RemoteException (android.os.RemoteException)6
GeneralSecurityException (java.security.GeneralSecurityException)5
AccountManager (android.accounts.AccountManager)1
SharedPreferences (android.content.SharedPreferences)1
MediaType (com.squareup.okhttp.MediaType)1
OkHttpClient (com.squareup.okhttp.OkHttpClient)1
Request (com.squareup.okhttp.Request)1
RequestBody (com.squareup.okhttp.RequestBody)1
Response (com.squareup.okhttp.Response)1
IOException (java.io.IOException)1
Date (java.util.Date)1
JSONException (org.json.JSONException)1
