/* * Copyright 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.credentials; import static android.Manifest.permission.CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS; import static java.util.Objects.requireNonNull; import android.annotation.NonNull; import android.annotation.SuppressLint; import android.content.ComponentName; import android.os.Bundle; import android.os.Parcel; import android.os.Parcelable; import android.util.ArraySet; import androidx.annotation.RequiresPermission; import com.android.internal.util.AnnotationValidations; import com.android.internal.util.Preconditions; import java.util.Set; /** * Information about a specific type of credential to be requested during a {@link * CredentialManager#getCredential} operation. */ public final class CredentialOption implements Parcelable { /** * Bundle key to the list of elements keys supported/requested. Framework will use this key * to determine which types of Credentials will utilize Credential Registry when filtering * Credential Providers to ping. */ public static final String SUPPORTED_ELEMENT_KEYS = "android.credentials" + ".GetCredentialOption.SUPPORTED_ELEMENT_KEYS"; /** * The requested credential type. */ @NonNull private final String mType; /** * The full request data. */ @NonNull private final Bundle mCredentialRetrievalData; /** * The partial request data that will be sent to the provider during the initial credential * candidate query stage. */ @NonNull private final Bundle mCandidateQueryData; /** * Determines whether the request must only be fulfilled by a system provider. */ private final boolean mIsSystemProviderRequired; /** * A list of {@link ComponentName}s corresponding to the providers that this option must be * queried against. */ @NonNull private final ArraySet mAllowedProviders; /** * Returns the requested credential type. */ @NonNull public String getType() { return mType; } /** * Returns the full request data. */ @NonNull public Bundle getCredentialRetrievalData() { return mCredentialRetrievalData; } /** * Returns the partial request data that will be sent to the provider during the initial * credential candidate query stage. * * For security reason, a provider will receive the request data in two stages. First it gets * this partial request that do not contain sensitive user information; it uses this * information to provide credential candidates that the [@code CredentialManager] will show to * the user. Next, the full request data, {@link #getCredentialRetrievalData()}, will be sent to * a provider only if the user further grants the consent by choosing a candidate from the * provider. */ @NonNull public Bundle getCandidateQueryData() { return mCandidateQueryData; } /** * Returns true if the request must only be fulfilled by a system provider, and false * otherwise. */ public boolean isSystemProviderRequired() { return mIsSystemProviderRequired; } /** * Returns the set of {@link ComponentName} corresponding to providers that must receive * this option. */ @NonNull public Set getAllowedProviders() { return mAllowedProviders; } @Override public void writeToParcel(@NonNull Parcel dest, int flags) { dest.writeString8(mType); dest.writeBundle(mCredentialRetrievalData); dest.writeBundle(mCandidateQueryData); dest.writeBoolean(mIsSystemProviderRequired); dest.writeArraySet(mAllowedProviders); } @Override public int describeContents() { return 0; } @Override public String toString() { return "CredentialOption {" + "type=" + mType + ", requestData=" + mCredentialRetrievalData + ", candidateQueryData=" + mCandidateQueryData + ", isSystemProviderRequired=" + mIsSystemProviderRequired + ", allowedProviders=" + mAllowedProviders + "}"; } /** * Constructs a {@link CredentialOption}. * * @param type the requested credential type * @param credentialRetrievalData the request data * @param candidateQueryData the partial request data that will be sent to the provider * during the initial credential candidate query stage * @param isSystemProviderRequired whether the request must only be fulfilled by a system * provider * @throws IllegalArgumentException If type is empty. */ private CredentialOption( @NonNull String type, @NonNull Bundle credentialRetrievalData, @NonNull Bundle candidateQueryData, boolean isSystemProviderRequired, @NonNull ArraySet allowedProviders) { mType = Preconditions.checkStringNotEmpty(type, "type must not be empty"); mCredentialRetrievalData = requireNonNull(credentialRetrievalData, "requestData must not be null"); mCandidateQueryData = requireNonNull(candidateQueryData, "candidateQueryData must not be null"); mIsSystemProviderRequired = isSystemProviderRequired; mAllowedProviders = requireNonNull(allowedProviders, "providerFilterSer must" + "not be empty"); } /** * Constructs a {@link CredentialOption}. * * @param type the requested credential type * @param credentialRetrievalData the request data * @param candidateQueryData the partial request data that will be sent to the provider * during the initial credential candidate query stage * @param isSystemProviderRequired whether the request must only be fulfilled by a system * provider * @throws IllegalArgumentException If type is empty, or null. * @throws NullPointerException If {@code credentialRetrievalData}, or * {@code candidateQueryData} is null. * * @hide */ public CredentialOption( @NonNull String type, @NonNull Bundle credentialRetrievalData, @NonNull Bundle candidateQueryData, boolean isSystemProviderRequired) { this( type, credentialRetrievalData, candidateQueryData, isSystemProviderRequired, new ArraySet<>() ); } private CredentialOption(@NonNull Parcel in) { String type = in.readString8(); Bundle data = in.readBundle(); Bundle candidateQueryData = in.readBundle(); boolean isSystemProviderRequired = in.readBoolean(); mType = type; AnnotationValidations.validate(NonNull.class, null, mType); mCredentialRetrievalData = data; AnnotationValidations.validate(NonNull.class, null, mCredentialRetrievalData); mCandidateQueryData = candidateQueryData; AnnotationValidations.validate(NonNull.class, null, mCandidateQueryData); mIsSystemProviderRequired = isSystemProviderRequired; mAllowedProviders = (ArraySet) in.readArraySet(null); AnnotationValidations.validate(NonNull.class, null, mAllowedProviders); } @NonNull public static final Parcelable.Creator CREATOR = new Parcelable.Creator<>() { @Override public CredentialOption[] newArray(int size) { return new CredentialOption[size]; } @Override public CredentialOption createFromParcel(@NonNull Parcel in) { return new CredentialOption(in); } }; /** A builder for {@link CredentialOption}. */ public static final class Builder { @NonNull private String mType; @NonNull private Bundle mCredentialRetrievalData; @NonNull private Bundle mCandidateQueryData; private boolean mIsSystemProviderRequired = false; @NonNull private ArraySet mAllowedProviders = new ArraySet<>(); /** * @param type the type of the credential option * @param credentialRetrievalData the full request data * @param candidateQueryData the partial request data that will be sent to the provider * during the initial credential candidate query stage. * @throws IllegalArgumentException If {@code type} is null, or empty * @throws NullPointerException If {@code credentialRetrievalData}, or * {@code candidateQueryData} is null */ public Builder(@NonNull String type, @NonNull Bundle credentialRetrievalData, @NonNull Bundle candidateQueryData) { mType = Preconditions.checkStringNotEmpty(type, "type must not be " + "null, or empty"); mCredentialRetrievalData = requireNonNull(credentialRetrievalData, "credentialRetrievalData must not be null"); mCandidateQueryData = requireNonNull(candidateQueryData, "candidateQueryData must not be null"); } /** * Sets a true/false value corresponding to whether this option must be serviced by * system credentials providers only. */ @SuppressLint("MissingGetterMatchingBuilder") @NonNull public Builder setIsSystemProviderRequired(boolean isSystemProviderRequired) { mIsSystemProviderRequired = isSystemProviderRequired; return this; } /** * Adds a provider {@link ComponentName} to be queried while gathering credentials from * credential providers on the device. * * If no candidate providers are specified, all user configured and system credential * providers will be queried in the candidate query phase. * * If an invalid component name is provided, or a service corresponding to the * component name does not exist on the device, that component name is ignored. * If all component names are invalid, or not present on the device, no providers * are queried and no credentials are retrieved. * * @throws NullPointerException If {@code allowedProvider} is null */ @RequiresPermission(CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS) @NonNull public Builder addAllowedProvider(@NonNull ComponentName allowedProvider) { mAllowedProviders.add(requireNonNull(allowedProvider, "allowedProvider must not be null")); return this; } /** * Sets a set of provider {@link ComponentName} to be queried while gathering credentials * from credential providers on the device. * * If no candidate providers are specified, all user configured and system credential * providers will be queried in the candidate query phase. * * If an invalid component name is provided, or a service corresponding to the * component name does not exist on the device, that component name is ignored. * If all component names are invalid, or not present on the device, no providers * are queried and no credentials are retrieved. * * @throws NullPointerException If {@code allowedProviders} is null, or any of its * elements are null. */ @RequiresPermission(CREDENTIAL_MANAGER_SET_ALLOWED_PROVIDERS) @NonNull public Builder setAllowedProviders(@NonNull Set allowedProviders) { Preconditions.checkCollectionElementsNotNull( allowedProviders, /*valueName=*/ "allowedProviders"); mAllowedProviders = new ArraySet<>(allowedProviders); return this; } /** * Builds a {@link CredentialOption}. */ @NonNull public CredentialOption build() { return new CredentialOption(mType, mCredentialRetrievalData, mCandidateQueryData, mIsSystemProviderRequired, mAllowedProviders); } } }