Skip to content

Adding release and debug signature hash as valid broker host. #1976

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

Adding release and debug signature hash as valid broker host. #1976

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
15742d2
Adding release and debug signature hash as valid broker host.
mohitSinglaMS Feb 17, 2023
7cdaa0d
Update test cases per LTW signature
mohitSinglaMS Mar 1, 2023
3dae237
Merge branch 'dev' into user/mohit/addLTWSignatureIntoBroker
cikelengfeng Mar 23, 2023
b9cabdb
Add LTW secret key
Mar 29, 2023
ca34787
Expect three secret keys
Mar 29, 2023
cf86392
Merge branch 'dev' into user/mohit/addLTWSignatureIntoBroker
cikelengfeng Apr 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions common/src/main/AndroidManifest.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
<!--https://developer.android.com/training/basics/intents/package-visibility-use-cases-->
<queries>
<package android:name="com.azure.authenticator" />
<package android:name="com.microsoft.appmanager" />
<package android:name="com.microsoft.identity.testuserapp" />
<package android:name="com.microsoft.windowsintune.companyportal" />
<!-- Required for API Level 30 to make sure we can detect browsers
Expand Down
14 changes: 14 additions & 0 deletions ...on/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1017,6 +1017,11 @@ public static String computeMaxHostBrokerProtocol() {
*/
public static final String COMPANY_PORTAL_APP_PACKAGE_NAME = "com.microsoft.windowsintune.companyportal";

/**
* LTW (Link To Windows) app package name.
*/
public static final String LTW_APP_PACKAGE_NAME = "com.microsoft.appmanager";

/**
* Signature info for Intune Company portal app that installs authenticator
* component.
Expand All @@ -1041,6 +1046,15 @@ public static String computeMaxHostBrokerProtocol() {
*/
public static final String BROKER_HOST_APP_SIGNATURE = "1wIqXSqBj7w+h11ZifsnqwgyKrY=";

/**
* Signature info for LTW release
*/
public static final String LTW_APP_RELEASE_SIGNATURE = "r7XE90wdLmd4th42y2Om6AWdKB0=";

/**
* Signature info for LTW debug
*/
public static final String LTW_APP_DEBUG_SIGNATURE = "9XEEFdgYfvrXod8PFQR8QiiGSGk=";

/**
* Teams IP Phones (Sakurai devices) is supported by Intune, but does not have a back button nor browser.
Expand Down
4 changes: 2 additions & 2 deletions common/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationSettings.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -155,8 +155,8 @@ public void setBrokerSecretKeys(final Map<String, byte[]> secretKeys) {
throw new IllegalArgumentException("The passed in secret key map is null.");
}

if (secretKeys.size() != 2) {
throw new IllegalArgumentException("Expect two keys are passed in.");
if (secretKeys.size() != 3) {
throw new IllegalArgumentException("Expect three keys are passed in.");
}

for (Map.Entry<String, byte[]> entry : secretKeys.entrySet()) {
Expand Down
17 changes: 17 additions & 0 deletions ...main/java/com/microsoft/identity/common/crypto/AndroidBrokerStorageEncryptionManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME;
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_HOST_APP_PACKAGE_NAME;
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.COMPANY_PORTAL_APP_PACKAGE_NAME;
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.LTW_APP_PACKAGE_NAME;

/**
* Key Encryption Manager for Broker.
Expand All @@ -65,11 +66,13 @@ public class AndroidBrokerStorageEncryptionManager extends StorageEncryptionMana

protected final String LEGACY_AUTHENTICATOR_APP_KEY_ALIAS = "LEGACY_AUTHENTICATOR_APP_KEY";
protected final String LEGACY_COMPANY_PORTAL_KEY_ALIAS = "LEGACY_COMPANY_PORTAL_KEY";
protected final String LINK_TO_WINDOWS_KEY_ALIAS = "LINK_TO_WINDOWS_KEY";

private final Context mContext;
private final ITelemetryCallback mTelemetryCallback;
private final PredefinedKeyLoader mLegacyAuthAppKeyLoader;
private final PredefinedKeyLoader mLegacyCPKeyLoader;
private final PredefinedKeyLoader mLTWKeyLoader;
private final AndroidWrappedKeyLoader mKeyStoreKeyLoader;

public AndroidBrokerStorageEncryptionManager(@NonNull final Context context,
Expand All @@ -83,6 +86,9 @@ public AndroidBrokerStorageEncryptionManager(@NonNull final Context context,
mLegacyCPKeyLoader = new PredefinedKeyLoader(LEGACY_COMPANY_PORTAL_KEY_ALIAS,
AuthenticationSettings.INSTANCE.getBrokerSecretKeys().get(COMPANY_PORTAL_APP_PACKAGE_NAME));

mLTWKeyLoader = new PredefinedKeyLoader(LINK_TO_WINDOWS_KEY_ALIAS,
AuthenticationSettings.INSTANCE.getBrokerSecretKeys().get(LTW_APP_PACKAGE_NAME));

mKeyStoreKeyLoader = new AndroidWrappedKeyLoader(KEY_STORE_ALIAS, context, telemetryCallback);
}

Expand All @@ -102,6 +108,10 @@ protected String getPackageName(){
return mLegacyAuthAppKeyLoader;
}

if (LTW_APP_PACKAGE_NAME.equalsIgnoreCase(packageName)) {
return mLTWKeyLoader;
}

if (COMPANY_PORTAL_APP_PACKAGE_NAME.equalsIgnoreCase(packageName) ||
BROKER_HOST_APP_PACKAGE_NAME.equalsIgnoreCase(packageName)) {
return mLegacyCPKeyLoader;
Expand All @@ -122,8 +132,15 @@ protected String getPackageName(){
BROKER_HOST_APP_PACKAGE_NAME.equalsIgnoreCase(packageName)) {
keyLoaders.add(mLegacyCPKeyLoader);
keyLoaders.add(mLegacyAuthAppKeyLoader);
keyLoaders.add(mLTWKeyLoader);
return keyLoaders;
} else if (AZURE_AUTHENTICATOR_APP_PACKAGE_NAME.equalsIgnoreCase(packageName)) {
keyLoaders.add(mLegacyAuthAppKeyLoader);
keyLoaders.add(mLegacyCPKeyLoader);
keyLoaders.add(mLTWKeyLoader);
return keyLoaders;
} else if (LTW_APP_PACKAGE_NAME.equalsIgnoreCase(packageName)) {
keyLoaders.add(mLTWKeyLoader);
keyLoaders.add(mLegacyAuthAppKeyLoader);
keyLoaders.add(mLegacyCPKeyLoader);
return keyLoaders;
Expand Down
15 changes: 15 additions & 0 deletions common/src/main/java/com/microsoft/identity/common/internal/broker/BrokerData.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,9 @@
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.BROKER_HOST_APP_SIGNATURE;
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.COMPANY_PORTAL_APP_PACKAGE_NAME;
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.COMPANY_PORTAL_APP_RELEASE_SIGNATURE;
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.LTW_APP_DEBUG_SIGNATURE;
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.LTW_APP_PACKAGE_NAME;
import static com.microsoft.identity.common.adal.internal.AuthenticationConstants.Broker.LTW_APP_RELEASE_SIGNATURE;

import lombok.ToString;

Expand Down Expand Up @@ -69,14 +72,26 @@ public class BrokerData {
BROKER_HOST_APP_SIGNATURE
);

public static final BrokerData LTW_DEBUG = new BrokerData(
LTW_APP_PACKAGE_NAME,
LTW_APP_DEBUG_SIGNATURE
);

public static final BrokerData LTW_PROD = new BrokerData(
LTW_APP_PACKAGE_NAME,
LTW_APP_RELEASE_SIGNATURE
);

private static final Set<BrokerData> DEBUG_BROKERS = Collections.unmodifiableSet(new HashSet<BrokerData>() {{
add(MICROSOFT_AUTHENTICATOR_DEBUG);
add(BROKER_HOST);
add(LTW_DEBUG);
}});

private static final Set<BrokerData> PROD_BROKERS = Collections.unmodifiableSet(new HashSet<BrokerData>() {{
add(MICROSOFT_AUTHENTICATOR_PROD);
add(COMPANY_PORTAL);
add(LTW_PROD);
}});

private static final Set<BrokerData> ALL_BROKERS = Collections.unmodifiableSet(new HashSet<BrokerData>() {{
Expand Down
7 changes: 5 additions & 2 deletions common/src/test/java/com/microsoft/identity/common/internal/BrokerValidatorTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,20 +52,23 @@ public void setup() {
public void testGetValidBrokersInDebugMode() {
BrokerValidator.setShouldTrustDebugBrokers(true);
final Set<BrokerData> brokerData = mBrokerValidator.getValidBrokers();
Assert.assertEquals(4, brokerData.size());
Assert.assertEquals(6, brokerData.size());
Assert.assertTrue(brokerData.contains(BrokerData.BROKER_HOST));
Assert.assertTrue(brokerData.contains(BrokerData.COMPANY_PORTAL));
Assert.assertTrue(brokerData.contains(BrokerData.MICROSOFT_AUTHENTICATOR_DEBUG));
Assert.assertTrue(brokerData.contains(BrokerData.MICROSOFT_AUTHENTICATOR_PROD));
Assert.assertTrue(brokerData.contains(BrokerData.LTW_DEBUG));
Assert.assertTrue(brokerData.contains(BrokerData.LTW_PROD));
}

@Test
public void testGetValidBrokersInReleaseMode() {
BrokerValidator.setShouldTrustDebugBrokers(false);
final Set<BrokerData> brokerData = mBrokerValidator.getValidBrokers();
Assert.assertEquals(2, brokerData.size());
Assert.assertEquals(3, brokerData.size());
Assert.assertTrue(brokerData.contains(BrokerData.COMPANY_PORTAL));
Assert.assertTrue(brokerData.contains(BrokerData.MICROSOFT_AUTHENTICATOR_PROD));
Assert.assertTrue(brokerData.contains(BrokerData.LTW_PROD));
}

}