SDKS-2631 Android App Integrity Implementation

ForgeRock · Nov 27, 2023 · b545968 · b545968
1 parent cc4ad4b
commit b545968
Show file tree

Hide file tree

Showing 37 changed files with 1,336 additions and 330 deletions.
diff --git a/forgerock-auth/build.gradle b/forgerock-auth/build.gradle
@@ -70,6 +70,10 @@ android {
         viewBinding true
     }
 
+    kotlinOptions {
+        freeCompilerArgs = ['-Xjvm-default=all']
+    }
+
 }
 
 apply from: '../config/logger.gradle'
@@ -124,6 +128,9 @@ dependencies {
     compileOnly 'com.google.android.gms:play-services-auth:20.6.0'
     compileOnly 'com.facebook.android:facebook-login:16.0.0'
 
+    //For App integrity
+    compileOnly 'com.google.android.play:integrity:1.3.0'
+
     androidTestImplementation 'androidx.test.ext:junit:1.1.5'
     androidTestImplementation 'androidx.test.espresso:espresso-core:3.5.1'
     androidTestImplementation 'com.squareup.okhttp:mockwebserver:2.7.5'
@@ -164,6 +171,10 @@ dependencies {
     //Application Pin
     testImplementation 'com.madgag.spongycastle:bcpkix-jdk15on:1.58.0.0'
     testImplementation 'androidx.security:security-crypto:1.1.0-alpha06'
+
+    //App Integrity
+    testImplementation 'com.google.android.play:integrity:1.3.0'
+
     testImplementation 'org.jetbrains.kotlinx:kotlinx-coroutines-test:1.7.2'
 
     testImplementation 'org.mockito:mockito-core:4.8.1'

diff --git a/forgerock-auth/src/main/java/org/forgerock/android/auth/Node.java b/forgerock-auth/src/main/java/org/forgerock/android/auth/Node.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019 ForgeRock. All rights reserved.
+ * Copyright (c) 2019 - 2023 ForgeRock. All rights reserved.
  *
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
@@ -9,6 +9,8 @@
 
 import android.content.Context;
 
+import androidx.annotation.VisibleForTesting;
+
 import org.forgerock.android.auth.callback.Callback;
 import org.json.JSONArray;
 import org.json.JSONException;
@@ -18,11 +20,6 @@
 import java.io.Serializable;
 import java.util.List;
 
-import lombok.Getter;
-import lombok.RequiredArgsConstructor;
-
-@RequiredArgsConstructor
-@Getter
 public class Node implements Serializable {
 
     public static final String AUTH_ID = "authId";
@@ -38,6 +35,16 @@ public class Node implements Serializable {
     private final String authServiceId;
     private final List<Callback> callbacks;
 
+    @VisibleForTesting
+    public Node(String authId, String stage, String header, String description, String authServiceId, List<Callback> callbacks) {
+        this.authId = authId;
+        this.stage = stage;
+        this.header = header;
+        this.description = description;
+        this.authServiceId = authServiceId;
+        this.callbacks = callbacks;
+    }
+
     /**
      * Returns {@link JSONObject} mapping of the object
      *
@@ -76,6 +83,11 @@ public <T> T getCallback(Class<T> clazz) {
         return null;
     }
 
+    /**
+     * Retrieve all the {@link Callback}.
+     *
+     * @return All the {@link Callback} associate with this {@link Node}
+     */
     public List<Callback> getCallbacks() {
         return callbacks;
     }
@@ -85,20 +97,19 @@ public List<Callback> getCallbacks() {
      *
      * @param context  The Application Context
      * @param listener Listener for receiving {@link AuthService} related changes
-     *                    <b> {@link NodeListener#onSuccess(Object)} on success login.
-     *                    <b> {@link NodeListener#onCallbackReceived(Node)} step to the next node, {@link Node} is returned.
-     *                    <b> throws {@link IllegalStateException} when the tree is invalid, e.g the authentication tree has been completed.
-     *                    <b> throws {@link org.forgerock.android.auth.exception.AuthenticationException} when server returns {@link java.net.HttpURLConnection#HTTP_UNAUTHORIZED}
-     *                    <b> throws {@link org.forgerock.android.auth.exception.ApiException} When server return errors.
-     *                    <b> throws {@link javax.security.auth.callback.UnsupportedCallbackException}
-     *                    When {@link org.forgerock.android.auth.callback.Callback} returned from Server is not supported by the SDK.
-     *                    <b> throws {@link org.forgerock.android.auth.exception.SuspendedAuthSessionException} When Suspended ID timeout
-     *                    <b> throws {@link org.forgerock.android.auth.exception.AuthenticationTimeoutException} When Authentication tree timeout
-     *                    <b> throws {@link org.json.JSONException} when failed to parse server response as JSON String.
-     *                    <b> throws {@link IOException } When there is any network error.
-     *                    <b> throws {@link java.net.MalformedURLException} When failed to parse the URL for API request.
-     *                    <b> throws {@link NoSuchMethodException} or {@link SecurityException} When failed to initialize the Callback class.
-
+     *                 <b> {@link NodeListener#onSuccess(Object)} on success login.
+     *                 <b> {@link NodeListener#onCallbackReceived(Node)} step to the next node, {@link Node} is returned.
+     *                 <b> throws {@link IllegalStateException} when the tree is invalid, e.g the authentication tree has been completed.
+     *                 <b> throws {@link org.forgerock.android.auth.exception.AuthenticationException} when server returns {@link java.net.HttpURLConnection#HTTP_UNAUTHORIZED}
+     *                 <b> throws {@link org.forgerock.android.auth.exception.ApiException} When server return errors.
+     *                 <b> throws {@link javax.security.auth.callback.UnsupportedCallbackException}
+     *                 When {@link org.forgerock.android.auth.callback.Callback} returned from Server is not supported by the SDK.
+     *                 <b> throws {@link org.forgerock.android.auth.exception.SuspendedAuthSessionException} When Suspended ID timeout
+     *                 <b> throws {@link org.forgerock.android.auth.exception.AuthenticationTimeoutException} When Authentication tree timeout
+     *                 <b> throws {@link org.json.JSONException} when failed to parse server response as JSON String.
+     *                 <b> throws {@link IOException } When there is any network error.
+     *                 <b> throws {@link java.net.MalformedURLException} When failed to parse the URL for API request.
+     *                 <b> throws {@link NoSuchMethodException} or {@link SecurityException} When failed to initialize the Callback class.
      */
     public void next(Context context, NodeListener<?> listener) {
         AuthService.goToNext(context, this, listener);
@@ -123,4 +134,43 @@ public void setCallback(Callback callback) {
         }
     }
 
+    /**
+     * Retrieve the AuthId.
+     *
+     * @return The AuthId attribute associate with this {@link Node}
+     */
+    public String getAuthId() {
+        return this.authId;
+    }
+
+    /**
+     * Retrieve the Stage.
+     *
+     * @return The Stage attribute associate with this {@link Node}
+     */
+    public String getStage() {
+        return this.stage;
+    }
+
+    /**
+     * Retrieve the Header.
+     *
+     * @return The Header attribute associate with this {@link Node}
+     */
+    public String getHeader() {
+        return this.header;
+    }
+
+    /**
+     * Retrieve the Description.
+     *
+     * @return The Description attribute associate with this {@link Node}
+     */
+    public String getDescription() {
+        return this.description;
+    }
+
+    String getAuthServiceId() {
+        return this.authServiceId;
+    }
 }
diff --git a/forgerock-auth/src/main/java/org/forgerock/android/auth/NodeInterceptorHandler.java b/forgerock-auth/src/main/java/org/forgerock/android/auth/NodeInterceptorHandler.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019 ForgeRock. All rights reserved.
+ * Copyright (c) 2019 - 2023 ForgeRock. All rights reserved.
  *
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
@@ -9,6 +9,8 @@
 
 import android.content.Context;
 
+import androidx.annotation.NonNull;
+
 import java.util.List;
 
 /**
@@ -22,7 +24,7 @@ class NodeInterceptorHandler extends InterceptorHandler implements NodeListener<
     }
 
     @Override
-    public void onCallbackReceived(Node node) {
+    public void onCallbackReceived(@NonNull Node node) {
         ((NodeListener<?>)getListener()).onCallbackReceived(node);
     }
 
@@ -32,9 +34,7 @@ public void onSuccess(SSOToken result) {
     }
 
     @Override
-    public void onException(Exception e) {
+    public void onException(@NonNull Exception e) {
         getListener().onException(e);
     }
-
-
 }
diff --git a/forgerock-auth/src/main/java/org/forgerock/android/auth/NodeListener.java b/forgerock-auth/src/main/java/org/forgerock/android/auth/NodeListener.java