1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.statementservice.retriever; 18 19 import android.util.JsonReader; 20 21 import org.json.JSONException; 22 23 import java.io.IOException; 24 import java.io.StringReader; 25 26 /** 27 * A handle representing the identity and address of some digital asset. An asset is an online 28 * entity that typically provides some service or content. Examples of assets are websites, Android 29 * apps, Twitter feeds, and Plus Pages. 30 * 31 * <p> Asset can be represented by a JSON string. For example, the web site https://www.google.com 32 * can be represented by 33 * <pre> 34 * {"namespace": "web", "site": "https://www.google.com"} 35 * </pre> 36 * 37 * <p> The Android app with package name com.google.test that is signed by a certificate with sha256 38 * fingerprint 11:22:33 can be represented by 39 * <pre> 40 * {"namespace": "android_app", 41 * "package_name": "com.google.test", 42 * "sha256_cert_fingerprints": ["11:22:33"]} 43 * </pre> 44 * 45 * <p>Given a signed APK, Java 7's commandline keytool can compute the fingerprint using: 46 * {@code keytool -list -printcert -jarfile signed_app.apk} 47 */ 48 public abstract class AbstractAsset { 49 50 /** 51 * Returns a JSON string representation of this asset. The strings returned by this function are 52 * normalized -- they can be used for equality testing. 53 */ toJson()54 public abstract String toJson(); 55 56 /** 57 * Returns a key that can be used by {@link AbstractAssetMatcher} to lookup the asset. 58 * 59 * <p> An asset will match an {@code AssetMatcher} only if the value of this method is equal to 60 * {@code AssetMatcher.getMatchedLookupKey()}. 61 */ lookupKey()62 public abstract int lookupKey(); 63 64 /** 65 * Creates a new Asset from its JSON string representation. 66 * 67 * @throws AssociationServiceException if the assetJson is not well formatted. 68 */ create(String assetJson)69 public static AbstractAsset create(String assetJson) 70 throws AssociationServiceException { 71 JsonReader reader = new JsonReader(new StringReader(assetJson)); 72 reader.setLenient(false); 73 try { 74 return AssetFactory.create(JsonParser.parse(reader)); 75 } catch (JSONException | IOException e) { 76 throw new AssociationServiceException( 77 "Input is not a well formatted asset descriptor.", e); 78 } 79 } 80 81 /** 82 * If this is the source asset of a statement file, should the retriever follow 83 * any insecure (non-HTTPS) include statements made by the asset. 84 * 85 * TODO(b/171219506): Why would this be allowed? Can it be removed, even for web assets? 86 * Android doesn't even allow non-secure traffic by default. 87 */ followInsecureInclude()88 public abstract boolean followInsecureInclude(); 89 } 90