Uses canonical web domain when validating DAL.

Test: manual verification Bug: 66900717 Change-Id: Id90d758c59d7997747af8a4ddc4b501e29e44704
author: Felipe Leme <felipeal@google.com> 2017-09-25 16:38:09 -0700
committer: Felipe Leme <felipeal@google.com> 2017-09-25 16:38:38 -0700
commit: 1a7021ee349d79391591941ce246f0cb6482c4fb (patch)
tree: d0a67ff6719057dd2c97d54d4c6347f535139497 /input/autofill/AutofillFramework
parent: 096f7d8cd0295dda1a2f63f250ca9227caa07bc0 (diff)
download: android-1a7021ee349d79391591941ce246f0cb6482c4fb.tar.gz
1 files changed, 14 insertions, 4 deletions
diff --git a/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java b/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java
index 3d13b6d3..795d3699 100644
--- a/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java
+++ b/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java
@@ -22,6 +22,8 @@ import android.content.pm.Signature;
 import android.os.AsyncTask;
 import android.util.Log;
 
+import com.google.common.net.InternetDomainName;
+
 import org.json.JSONObject;
 
 import java.io.BufferedReader;
@@ -115,17 +117,25 @@ public final class SecurityHelper {
         return isValid;
     }
 
+    public static String getCanonicalDomain(String domain) {
+        InternetDomainName idn = InternetDomainName.from(domain);
+        while (idn != null && !idn.isTopPrivateDomain()) {
+            idn = idn.parent();
+        }
+        return idn == null ? null : idn.toString();
+    }
 
     public static boolean isValid(String webDomain, String packageName, String fingerprint) {
-        if (DEBUG) Log.d(TAG, "validating domain " + webDomain + " for pkg " + packageName
-                + " and fingerprint " + fingerprint );
+        String canonicalDomain = getCanonicalDomain(webDomain);
+        if (DEBUG) Log.d(TAG, "validating domain " + canonicalDomain + " (" + webDomain
+                + ") for pkg " + packageName + " and fingerprint " + fingerprint );
         final String fullDomain;
         if (!webDomain.startsWith("http:") && !webDomain.startsWith("https:") ) {
             // Unfortunately AssistStructure.ViewNode does not tell what the domain is, so let's
             // assume it's https
-            fullDomain = "https://" + webDomain;
+            fullDomain = "https://" + canonicalDomain;
         } else {
-            fullDomain = webDomain;
+            fullDomain = canonicalDomain;
         }
 
         // TODO: use the DAL Java API or a better REST alternative like Volley
author	Felipe Leme <felipeal@google.com>	2017-09-25 16:38:09 -0700
committer	Felipe Leme <felipeal@google.com>	2017-09-25 16:38:38 -0700
commit	1a7021ee349d79391591941ce246f0cb6482c4fb (patch)
tree	d0a67ff6719057dd2c97d54d4c6347f535139497 /input/autofill/AutofillFramework
parent	096f7d8cd0295dda1a2f63f250ca9227caa07bc0 (diff)
download	android-1a7021ee349d79391591941ce246f0cb6482c4fb.tar.gz