michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0:
michael@0: package org.mozilla.gecko.sync.setup;
michael@0:
michael@0: import java.io.UnsupportedEncodingException;
michael@0: import java.security.NoSuchAlgorithmException;
michael@0:
michael@0: import org.mozilla.gecko.background.common.log.Logger;
michael@0: import org.mozilla.gecko.sync.SyncConstants;
michael@0: import org.mozilla.gecko.sync.Utils;
michael@0: import org.mozilla.gecko.sync.setup.activities.SetupSyncActivity;
michael@0:
michael@0: import android.accounts.AbstractAccountAuthenticator;
michael@0: import android.accounts.Account;
michael@0: import android.accounts.AccountAuthenticatorResponse;
michael@0: import android.accounts.AccountManager;
michael@0: import android.accounts.NetworkErrorException;
michael@0: import android.app.Service;
michael@0: import android.content.Context;
michael@0: import android.content.Intent;
michael@0: import android.os.Bundle;
michael@0: import android.os.IBinder;
michael@0:
michael@0: public class SyncAuthenticatorService extends Service {
michael@0: private static final String LOG_TAG = "SyncAuthService";
michael@0:
michael@0: private SyncAccountAuthenticator sAccountAuthenticator = null;
michael@0:
michael@0: @Override
michael@0: public void onCreate() {
michael@0: Logger.debug(LOG_TAG, "onCreate");
michael@0: sAccountAuthenticator = getAuthenticator();
michael@0: }
michael@0:
michael@0: @Override
michael@0: public IBinder onBind(Intent intent) {
michael@0: if (intent.getAction().equals(android.accounts.AccountManager.ACTION_AUTHENTICATOR_INTENT)) {
michael@0: return getAuthenticator().getIBinder();
michael@0: }
michael@0: return null;
michael@0: }
michael@0:
michael@0: private SyncAccountAuthenticator getAuthenticator() {
michael@0: if (sAccountAuthenticator == null) {
michael@0: sAccountAuthenticator = new SyncAccountAuthenticator(this);
michael@0: }
michael@0: return sAccountAuthenticator;
michael@0: }
michael@0:
michael@0: /**
michael@0: * Generate a "plain" auth token.
michael@0: *
michael@0: * Android caches only the value of the key
michael@0: * AccountManager.KEY_AUTHTOKEN, so if a caller needs the other
michael@0: * keys in this bundle, it needs to invalidate the token (so that the bundle
michael@0: * is re-generated).
michael@0: *
michael@0: * @param context
michael@0: * Android context.
michael@0: * @param account
michael@0: * Android account.
michael@0: * @return a Bundle instance containing a subset of the following
michael@0: * keys: (caller's must check for missing keys)
michael@0: *
michael@0: * AccountManager.KEY_ACCOUNT_TYPE: the Android
michael@0: * Account's typeAccountManager.KEY_ACCOUNT_NAME: the Android
michael@0: * Account's nameAccountManager.KEY_AUTHTOKEN: the Sync account's
michael@0: * password Constants.OPTION_USERNAME: the Sync account's
michael@0: * hashed usernameConstants.OPTION_SERVER: the Sync account's
michael@0: * server Constants.OPTION_SYNCKEY: the Sync account's
michael@0: * sync key
michael@0: * @throws NetworkErrorException
michael@0: */
michael@0: public static Bundle getPlainAuthToken(final Context context, final Account account)
michael@0: throws NetworkErrorException {
michael@0: // Extract the username and password from the Account Manager, and ask
michael@0: // the server for an appropriate AuthToken.
michael@0: final AccountManager am = AccountManager.get(context);
michael@0: final String password = am.getPassword(account);
michael@0: if (password == null) {
michael@0: Logger.warn(LOG_TAG, "Returning null bundle for getPlainAuthToken since Account password is null.");
michael@0: return null;
michael@0: }
michael@0:
michael@0: final Bundle result = new Bundle();
michael@0:
michael@0: // This is a Sync account.
michael@0: result.putString(AccountManager.KEY_ACCOUNT_TYPE, SyncConstants.ACCOUNTTYPE_SYNC);
michael@0:
michael@0: // Server.
michael@0: String serverURL = am.getUserData(account, Constants.OPTION_SERVER);
michael@0: result.putString(Constants.OPTION_SERVER, serverURL);
michael@0:
michael@0: // Full username, before hashing.
michael@0: result.putString(AccountManager.KEY_ACCOUNT_NAME, account.name);
michael@0:
michael@0: // Username after hashing.
michael@0: try {
michael@0: String username = Utils.usernameFromAccount(account.name);
michael@0: Logger.pii(LOG_TAG, "Account " + account.name + " hashes to " + username + ".");
michael@0: Logger.debug(LOG_TAG, "Setting username. Null? " + (username == null));
michael@0: result.putString(Constants.OPTION_USERNAME, username);
michael@0: } catch (NoSuchAlgorithmException e) {
michael@0: // Do nothing. Calling code must check for missing value.
michael@0: Logger.debug(LOG_TAG, "Exception in account lookup: " + e);
michael@0: } catch (UnsupportedEncodingException e) {
michael@0: // Do nothing. Calling code must check for missing value.
michael@0: Logger.debug(LOG_TAG, "Exception in account lookup: " + e);
michael@0: }
michael@0:
michael@0: // Sync key.
michael@0: final String syncKey = am.getUserData(account, Constants.OPTION_SYNCKEY);
michael@0: Logger.debug(LOG_TAG, "Setting sync key. Null? " + (syncKey == null));
michael@0: result.putString(Constants.OPTION_SYNCKEY, syncKey);
michael@0:
michael@0: // Password.
michael@0: result.putString(AccountManager.KEY_AUTHTOKEN, password);
michael@0: return result;
michael@0: }
michael@0:
michael@0: private static class SyncAccountAuthenticator extends AbstractAccountAuthenticator {
michael@0: private Context mContext;
michael@0: public SyncAccountAuthenticator(Context context) {
michael@0: super(context);
michael@0: mContext = context;
michael@0: }
michael@0:
michael@0: @Override
michael@0: public Bundle addAccount(AccountAuthenticatorResponse response,
michael@0: String accountType, String authTokenType, String[] requiredFeatures,
michael@0: Bundle options) throws NetworkErrorException {
michael@0: Logger.debug(LOG_TAG, "addAccount()");
michael@0: final Intent intent = new Intent(mContext, SetupSyncActivity.class);
michael@0: intent.putExtra(AccountManager.KEY_ACCOUNT_AUTHENTICATOR_RESPONSE,
michael@0: response);
michael@0: intent.putExtra("accountType", SyncConstants.ACCOUNTTYPE_SYNC);
michael@0: intent.putExtra(Constants.INTENT_EXTRA_IS_SETUP, true);
michael@0:
michael@0: final Bundle result = new Bundle();
michael@0: result.putParcelable(AccountManager.KEY_INTENT, intent);
michael@0:
michael@0: return result;
michael@0: }
michael@0:
michael@0: @Override
michael@0: public Bundle confirmCredentials(AccountAuthenticatorResponse response,
michael@0: Account account,
michael@0: Bundle options) throws NetworkErrorException {
michael@0: Logger.debug(LOG_TAG, "confirmCredentials()");
michael@0: return null;
michael@0: }
michael@0:
michael@0: @Override
michael@0: public Bundle editProperties(AccountAuthenticatorResponse response,
michael@0: String accountType) {
michael@0: Logger.debug(LOG_TAG, "editProperties");
michael@0: return null;
michael@0: }
michael@0:
michael@0: @Override
michael@0: public Bundle getAuthToken(AccountAuthenticatorResponse response,
michael@0: Account account, String authTokenType, Bundle options)
michael@0: throws NetworkErrorException {
michael@0: Logger.debug(LOG_TAG, "getAuthToken()");
michael@0:
michael@0: if (Constants.AUTHTOKEN_TYPE_PLAIN.equals(authTokenType)) {
michael@0: return getPlainAuthToken(mContext, account);
michael@0: }
michael@0:
michael@0: final Bundle result = new Bundle();
michael@0: result.putString(AccountManager.KEY_ERROR_MESSAGE, "invalid authTokenType");
michael@0: return result;
michael@0: }
michael@0:
michael@0: @Override
michael@0: public String getAuthTokenLabel(String authTokenType) {
michael@0: Logger.debug(LOG_TAG, "getAuthTokenLabel()");
michael@0: return null;
michael@0: }
michael@0:
michael@0: @Override
michael@0: public Bundle hasFeatures(AccountAuthenticatorResponse response,
michael@0: Account account, String[] features) throws NetworkErrorException {
michael@0: Logger.debug(LOG_TAG, "hasFeatures()");
michael@0: return null;
michael@0: }
michael@0:
michael@0: @Override
michael@0: public Bundle updateCredentials(AccountAuthenticatorResponse response,
michael@0: Account account, String authTokenType, Bundle options)
michael@0: throws NetworkErrorException {
michael@0: Logger.debug(LOG_TAG, "updateCredentials()");
michael@0: return null;
michael@0: }
michael@0:
michael@0: /**
michael@0: * Bug 769745: persist pickled Sync account settings so that we can unpickle
michael@0: * after Fennec is moved to the SD card.
michael@0: *
michael@0: * This is not called when an Android Account is blown away due to
michael@0: * the SD card being unmounted.
michael@0: *
michael@0: * Broadcasting a Firefox intent to version sharing this Android Account is
michael@0: * a terrible hack, but it's better than the catching the generic
michael@0: * "accounts changed" broadcast intent and trying to figure out whether our
michael@0: * Account disappeared.
michael@0: */
michael@0: @Override
michael@0: public Bundle getAccountRemovalAllowed(final AccountAuthenticatorResponse response, Account account)
michael@0: throws NetworkErrorException {
michael@0: Bundle result = super.getAccountRemovalAllowed(response, account);
michael@0:
michael@0: if (result == null ||
michael@0: !result.containsKey(AccountManager.KEY_BOOLEAN_RESULT) ||
michael@0: result.containsKey(AccountManager.KEY_INTENT)) {
michael@0: return result;
michael@0: }
michael@0:
michael@0: final boolean removalAllowed = result.getBoolean(AccountManager.KEY_BOOLEAN_RESULT);
michael@0: if (!removalAllowed) {
michael@0: return result;
michael@0: }
michael@0:
michael@0: // Bug 790931: Broadcast a message to all Firefox versions sharing this
michael@0: // Android Account type telling that this Sync Account has been deleted.
michael@0: //
michael@0: // We would really prefer to receive Android's
michael@0: // LOGIN_ACCOUNTS_CHANGED_ACTION broadcast, but that
michael@0: // doesn't include enough information about which Accounts changed to
michael@0: // correctly identify whether a Sync account has been removed (when some
michael@0: // Firefox versions are installed on the SD card).
michael@0: //
michael@0: // Broadcast intents protected with permissions are secure, so it's okay
michael@0: // to include password and sync key, etc.
michael@0: final Intent intent = SyncAccounts.makeSyncAccountDeletedIntent(mContext, AccountManager.get(mContext), account);
michael@0: Logger.info(LOG_TAG, "Account named " + account.name + " being removed; " +
michael@0: "broadcasting secure intent " + intent.getAction() + ".");
michael@0: mContext.sendBroadcast(intent, SyncConstants.PER_ACCOUNT_TYPE_PERMISSION);
michael@0:
michael@0: return result;
michael@0: }
michael@0: }
michael@0: }