• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.statementservice.retriever;
18 
19 import android.util.JsonReader;
20 
21 import org.json.JSONException;
22 
23 import java.io.IOException;
24 import java.io.StringReader;
25 
26 /**
27  * A handle representing the identity and address of some digital asset. An asset is an online
28  * entity that typically provides some service or content. Examples of assets are websites, Android
29  * apps, Twitter feeds, and Plus Pages.
30  *
31  * <p> Asset can be represented by a JSON string. For example, the web site https://www.google.com
32  * can be represented by
33  * <pre>
34  * {"namespace": "web", "site": "https://www.google.com"}
35  * </pre>
36  *
37  * <p> The Android app with package name com.google.test that is signed by a certificate with sha256
38  * fingerprint 11:22:33 can be represented by
39  * <pre>
40  * {"namespace": "android_app",
41  *  "package_name": "com.google.test",
42  *  "sha256_cert_fingerprints": ["11:22:33"]}
43  * </pre>
44  *
45  * <p>Given a signed APK, Java 7's commandline keytool can compute the fingerprint using:
46  * {@code keytool -list -printcert -jarfile signed_app.apk}
47  */
48 public abstract class AbstractAsset {
49 
50     /**
51      * Returns a JSON string representation of this asset. The strings returned by this function are
52      * normalized -- they can be used for equality testing.
53      */
toJson()54     public abstract String toJson();
55 
56     /**
57      * Returns a key that can be used by {@link AbstractAssetMatcher} to lookup the asset.
58      *
59      * <p> An asset will match an {@code AssetMatcher} only if the value of this method is equal to
60      * {@code AssetMatcher.getMatchedLookupKey()}.
61      */
lookupKey()62     public abstract int lookupKey();
63 
64     /**
65      * Creates a new Asset from its JSON string representation.
66      *
67      * @throws AssociationServiceException if the assetJson is not well formatted.
68      */
create(String assetJson)69     public static AbstractAsset create(String assetJson)
70             throws AssociationServiceException {
71         JsonReader reader = new JsonReader(new StringReader(assetJson));
72         reader.setLenient(false);
73         try {
74             return AssetFactory.create(JsonParser.parse(reader));
75         } catch (JSONException | IOException e) {
76             throw new AssociationServiceException(
77                     "Input is not a well formatted asset descriptor.", e);
78         }
79     }
80 
81     /**
82      * If this is the source asset of a statement file, should the retriever follow
83      * any insecure (non-HTTPS) include statements made by the asset.
84      *
85      * TODO(b/171219506): Why would this be allowed? Can it be removed, even for web assets?
86      *  Android doesn't even allow non-secure traffic by default.
87      */
followInsecureInclude()88     public abstract boolean followInsecureInclude();
89 }
90