1 /** 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 5 * use this file except in compliance with the License. You may obtain a copy 6 * of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 12 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 13 * License for the specific language governing permissions and limitations 14 * under the License. 15 */ 16 17 package com.google.android.googlelogin; 18 19 import android.content.Context; 20 import android.content.pm.PackageInfo; 21 import android.content.pm.PackageManager; 22 import android.content.pm.Signature; 23 import android.content.pm.PackageManager.NameNotFoundException; 24 import android.text.TextUtils; 25 26 /** 27 * Helper class that verifies the installed package for Google Apps package is 28 * infact Google's Google Apps package. 29 * <p> 30 * Before attempting to bind to a service, call 31 * {@link #isServiceAvailable(Context, String)}. After bound, make sure you are 32 * bound to a Google-provided service by calling {@link #isGoogleAppsVerified(Context)}. 33 */ 34 class GoogleAppsVerifier { 35 36 /* 37 * Magic signature strings. One is from the emulator in the SDK, and the 38 * other from a production device. 39 */ 40 private static final String SIGNATURE_1 = "308204a830820390a003020102020900d585b86c7dd34ef5300d06092a864886f70d0101040500308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d301e170d3038303431353233333635365a170d3335303930313233333635365a308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d30820120300d06092a864886f70d01010105000382010d00308201080282010100d6ce2e080abfe2314dd18db3cfd3185cb43d33fa0c74e1bdb6d1db8913f62c5c39df56f846813d65bec0f3ca426b07c5a8ed5a3990c167e76bc999b927894b8f0b22001994a92915e572c56d2a301ba36fc5fc113ad6cb9e7435a16d23ab7dfaeee165e4df1f0a8dbda70a869d516c4e9d051196ca7c0c557f175bc375f948c56aae86089ba44f8aa6a4dd9a7dbf2c0a352282ad06b8cc185eb15579eef86d080b1d6189c0f9af98b1c2ebd107ea45abdb68a3c7838a5e5488c76c53d40b121de7bbd30e620c188ae1aa61dbbc87dd3c645f2f55f3d4c375ec4070a93f7151d83670c16a971abe5ef2d11890e1b8aef3298cf066bf9e6ce144ac9ae86d1c1b0f020103a381fc3081f9301d0603551d0e041604148d1cc5be954c433c61863a15b04cbc03f24fe0b23081c90603551d230481c13081be80148d1cc5be954c433c61863a15b04cbc03f24fe0b2a1819aa48197308194310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e20566965773110300e060355040a1307416e64726f69643110300e060355040b1307416e64726f69643110300e06035504031307416e64726f69643122302006092a864886f70d0109011613616e64726f696440616e64726f69642e636f6d820900d585b86c7dd34ef5300c0603551d13040530030101ff300d06092a864886f70d0101040500038201010019d30cf105fb78923f4c0d7dd223233d40967acfce00081d5bd7c6e9d6ed206b0e11209506416ca244939913d26b4aa0e0f524cad2bb5c6e4ca1016a15916ea1ec5dc95a5e3a010036f49248d5109bbf2e1e618186673a3be56daf0b77b1c229e3c255e3e84c905d2387efba09cbf13b202b4e5a22c93263484a23d2fc29fa9f1939759733afd8aa160f4296c2d0163e8182859c6643e9c1962fa0c18333335bc090ff9a6b22ded1ad444229a539a94eefadabd065ced24b3e51e5dd7b66787bef12fe97fba484c423fb4ff8cc494c02f0f5051612ff6529393e8e46eac5bb21f277c151aa5f2aa627d1e89da70ab6033569de3b9897bfff7ca9da3e1243f60b"; 41 private static final String SIGNATURE_2 = "308204433082032ba003020102020900c2e08746644a308d300d06092a864886f70d01010405003074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964301e170d3038303832313233313333345a170d3336303130373233313333345a3074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f696430820120300d06092a864886f70d01010105000382010d00308201080282010100ab562e00d83ba208ae0a966f124e29da11f2ab56d08f58e2cca91303e9b754d372f640a71b1dcb130967624e4656a7776a92193db2e5bfb724a91e77188b0e6a47a43b33d9609b77183145ccdf7b2e586674c9e1565b1f4c6a5955bff251a63dabf9c55c27222252e875e4f8154a645f897168c0b1bfc612eabf785769bb34aa7984dc7e2ea2764cae8307d8c17154d7ee5f64a51a44a602c249054157dc02cd5f5c0e55fbef8519fbe327f0b1511692c5a06f19d18385f5c4dbc2d6b93f68cc2979c70e18ab93866b3bd5db8999552a0e3b4c99df58fb918bedc182ba35e003c1b4b10dd244a8ee24fffd333872ab5221985edab0fc0d0b145b6aa192858e79020103a381d93081d6301d0603551d0e04160414c77d8cc2211756259a7fd382df6be398e4d786a53081a60603551d2304819e30819b8014c77d8cc2211756259a7fd382df6be398e4d786a5a178a4763074310b3009060355040613025553311330110603550408130a43616c69666f726e6961311630140603550407130d4d6f756e7461696e205669657731143012060355040a130b476f6f676c6520496e632e3110300e060355040b1307416e64726f69643110300e06035504031307416e64726f6964820900c2e08746644a308d300c0603551d13040530030101ff300d06092a864886f70d010104050003820101006dd252ceef85302c360aaace939bcff2cca904bb5d7a1661f8ae46b2994204d0ff4a68c7ed1a531ec4595a623ce60763b167297a7ae35712c407f208f0cb109429124d7b106219c084ca3eb3f9ad5fb871ef92269a8be28bf16d44c8d9a08e6cb2f005bb3fe2cb96447e868e731076ad45b33f6009ea19c161e62641aa99271dfd5228c5c587875ddb7f452758d661f6cc0cccb7352e424cc4365c523532f7325137593c4ae341f4db41edda0d0b1071a7c440f0fe9ea01cb627ca674369d084bd2fd911ff06cdbf2cfa10dc0f893ae35762919048c7efc64c7144178342f70581c9de573af55b390dd7fdb9418631895d5f759f30112687ff621410c069308a"; 42 43 private static final String GOOGLEAPPS_PACKAGE_NAME = 44 GoogleLoginServiceConstants.SERVICE_PACKAGE_NAME; 45 46 /** 47 * The possible signatures for the Google Apps package. 48 */ 49 private static final Signature[] GOOGLEAPPS_PACKAGE_SIGNATURES = new Signature[] { 50 new Signature(SIGNATURE_1), new Signature(SIGNATURE_2) 51 }; 52 53 /** 54 * Checks whether the given service name is available in the Google Apps 55 * package. 56 * <p> 57 * NOTE: This does *not* do any signature checking to ensure the 58 * "Google Apps package" is infact from Google. After you bind to the 59 * service, call {@link #isGoogleAppsVerified(Context)}. 60 * 61 * @param context The context. 62 * @param serviceName The service name as in the Google Apps manifest. 63 * @return Whether it is available on the current system. 64 */ 65 public static boolean isServiceAvailable(Context context, String serviceName) { 66 67 try { 68 PackageManager packageManager = context.getPackageManager(); 69 PackageInfo packageInfo = packageManager.getPackageInfo(GOOGLEAPPS_PACKAGE_NAME, 70 PackageManager.GET_SERVICES); 71 72 if (packageInfo.services == null) { 73 return false; 74 } 75 76 int numServices = packageInfo.services.length; 77 for (int i = 0; i < numServices; i++) { 78 String name = packageInfo.services[i].name; 79 if (!TextUtils.isEmpty(name) && name.equals(serviceName)) { 80 return true; 81 } 82 } 83 84 } catch (NameNotFoundException e) { 85 // Fallthrough to returning false 86 } catch (UnsupportedOperationException e) { 87 // A mock implementation of context may throw this, so fallthrough 88 // to returning false 89 } 90 91 return false; 92 } 93 94 /** 95 * Verifies that the installed Google Apps package is infact the one 96 * provided by Google (and not someone spoofing us). 97 * <p> 98 * NOTE: It is important this is called *after* you are bound to the 99 * service. Otherwise, it is possible that between the time you call this 100 * (returns true) and the time you bind, that the Google Apps package was 101 * swapped to a fake one. Rare, but possible. 102 * 103 * @param context The context. 104 * @return Whether the Google Apps package is provided by Google. 105 */ 106 public static boolean isGoogleAppsVerified(Context context) { 107 108 try { 109 PackageManager packageManager = context.getPackageManager(); 110 PackageInfo packageInfo = packageManager.getPackageInfo(GOOGLEAPPS_PACKAGE_NAME, 111 PackageManager.GET_SIGNATURES); 112 113 if (packageInfo.signatures == null) { 114 return false; 115 } 116 117 int numGoogleSignatures = GOOGLEAPPS_PACKAGE_SIGNATURES.length; 118 int numSignatures = packageInfo.signatures.length; 119 for (int i = 0; i < numSignatures; i++) { 120 for (int j = 0; j < numGoogleSignatures; j++) { 121 if (GOOGLEAPPS_PACKAGE_SIGNATURES[j].equals(packageInfo.signatures[i])) { 122 return true; 123 } 124 } 125 } 126 127 } catch (NameNotFoundException e) { 128 } 129 130 return false; 131 } 132 } 133
