diff options
author | Felipe Leme <felipeal@google.com> | 2017-09-25 16:38:09 -0700 |
---|---|---|
committer | Felipe Leme <felipeal@google.com> | 2017-09-25 16:38:38 -0700 |
commit | 1a7021ee349d79391591941ce246f0cb6482c4fb (patch) | |
tree | d0a67ff6719057dd2c97d54d4c6347f535139497 /input/autofill/AutofillFramework | |
parent | 096f7d8cd0295dda1a2f63f250ca9227caa07bc0 (diff) | |
download | android-1a7021ee349d79391591941ce246f0cb6482c4fb.tar.gz |
Uses canonical web domain when validating DAL.
Test: manual verification
Bug: 66900717
Change-Id: Id90d758c59d7997747af8a4ddc4b501e29e44704
Diffstat (limited to 'input/autofill/AutofillFramework')
-rw-r--r-- | input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java b/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java index 3d13b6d3..795d3699 100644 --- a/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java +++ b/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java @@ -22,6 +22,8 @@ import android.content.pm.Signature; import android.os.AsyncTask; import android.util.Log; +import com.google.common.net.InternetDomainName; + import org.json.JSONObject; import java.io.BufferedReader; @@ -115,17 +117,25 @@ public final class SecurityHelper { return isValid; } + public static String getCanonicalDomain(String domain) { + InternetDomainName idn = InternetDomainName.from(domain); + while (idn != null && !idn.isTopPrivateDomain()) { + idn = idn.parent(); + } + return idn == null ? null : idn.toString(); + } public static boolean isValid(String webDomain, String packageName, String fingerprint) { - if (DEBUG) Log.d(TAG, "validating domain " + webDomain + " for pkg " + packageName - + " and fingerprint " + fingerprint ); + String canonicalDomain = getCanonicalDomain(webDomain); + if (DEBUG) Log.d(TAG, "validating domain " + canonicalDomain + " (" + webDomain + + ") for pkg " + packageName + " and fingerprint " + fingerprint ); final String fullDomain; if (!webDomain.startsWith("http:") && !webDomain.startsWith("https:") ) { // Unfortunately AssistStructure.ViewNode does not tell what the domain is, so let's // assume it's https - fullDomain = "https://" + webDomain; + fullDomain = "https://" + canonicalDomain; } else { - fullDomain = webDomain; + fullDomain = canonicalDomain; } // TODO: use the DAL Java API or a better REST alternative like Volley |