From aebca911a0caba92f86db7db967b00bcba116e10 Mon Sep 17 00:00:00 2001 From: Richard Newman Date: Thu, 16 Jan 2014 18:35:08 -0800 Subject: [PATCH] Bug 956844 - Part 2: rework FxA state machine. r=rnewman --- mobile/android/base/android-services.mozbuild | 1 + .../base/background/fxa/FxAccountClient.java | 642 +----------------- .../background/fxa/FxAccountClient20.java | 2 +- .../base/fxa/FxAccountConstants.java.in | 12 + .../fxa/authenticator/AbstractFxAccount.java | 16 +- .../fxa/authenticator/AndroidFxAccount.java | 101 ++- .../authenticator/FxAccountLoginPolicy.java | 560 ++++++++++----- .../base/fxa/sync/FxAccountGlobalSession.java | 4 +- .../base/fxa/sync/FxAccountSyncAdapter.java | 67 +- .../resources/values/fxaccount_styles.xml | 8 - 10 files changed, 590 insertions(+), 823 deletions(-) delete mode 100644 mobile/android/base/resources/values/fxaccount_styles.xml diff --git a/mobile/android/base/android-services.mozbuild b/mobile/android/base/android-services.mozbuild index c74bea63556..49a198a2119 100644 --- a/mobile/android/base/android-services.mozbuild +++ b/mobile/android/base/android-services.mozbuild @@ -503,6 +503,7 @@ sync_java_files = [ 'background/fxa/FxAccount10CreateDelegate.java', 'background/fxa/FxAccount20CreateDelegate.java', 'background/fxa/FxAccount20LoginDelegate.java', + 'background/fxa/FxAccountClient.java', 'background/fxa/FxAccountClient10.java', 'background/fxa/FxAccountClient20.java', 'background/fxa/FxAccountClientException.java', diff --git a/mobile/android/base/background/fxa/FxAccountClient.java b/mobile/android/base/background/fxa/FxAccountClient.java index 3f3e287f5b9..635b6a9d611 100644 --- a/mobile/android/base/background/fxa/FxAccountClient.java +++ b/mobile/android/base/background/fxa/FxAccountClient.java @@ -4,639 +4,15 @@ package org.mozilla.gecko.background.fxa; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.URI; -import java.net.URISyntaxException; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.util.Arrays; -import java.util.concurrent.Executor; - -import javax.crypto.Mac; - -import org.json.simple.JSONObject; +import org.mozilla.gecko.background.fxa.FxAccountClient10.RequestDelegate; +import org.mozilla.gecko.background.fxa.FxAccountClient10.StatusResponse; +import org.mozilla.gecko.background.fxa.FxAccountClient10.TwoKeys; +import org.mozilla.gecko.background.fxa.FxAccountClient20.LoginResponse; import org.mozilla.gecko.sync.ExtendedJSONObject; -import org.mozilla.gecko.sync.Utils; -import org.mozilla.gecko.sync.crypto.HKDF; -import org.mozilla.gecko.sync.net.AuthHeaderProvider; -import org.mozilla.gecko.sync.net.BaseResource; -import org.mozilla.gecko.sync.net.BaseResourceDelegate; -import org.mozilla.gecko.sync.net.HawkAuthHeaderProvider; -import org.mozilla.gecko.sync.net.Resource; -import org.mozilla.gecko.sync.net.SyncResponse; -import ch.boye.httpclientandroidlib.HttpEntity; -import ch.boye.httpclientandroidlib.HttpResponse; -import ch.boye.httpclientandroidlib.client.ClientProtocolException; - -/** - * An HTTP client for talking to an FxAccount server. - *

- * The reference server is developed at - * https://github.com/mozilla/picl-idp. - * This implementation was developed against - * https://github.com/mozilla/picl-idp/commit/c7a02a0cbbb43f332058dc060bd84a21e56ec208. - *

- * The delegate structure used is a little different from the rest of the code - * base. We add a RequestDelegate layer that processes a typed - * value extracted from the body of a successful response. - *

- * Further, we add internal CreateDelegate and - * AuthDelegate delegates to make it easier to modify the request - * bodies sent to the /create and /auth endpoints. - */ -public class FxAccountClient { - protected static final String LOG_TAG = FxAccountClient.class.getSimpleName(); - - protected static final String VERSION_FRAGMENT = "v1/"; - - public static final String JSON_KEY_EMAIL = "email"; - public static final String JSON_KEY_KEYFETCHTOKEN = "keyFetchToken"; - public static final String JSON_KEY_SESSIONTOKEN = "sessionToken"; - public static final String JSON_KEY_UID = "uid"; - public static final String JSON_KEY_VERIFIED = "verified"; - - protected final String serverURI; - protected final Executor executor; - - public FxAccountClient(String serverURI, Executor executor) { - if (serverURI == null) { - throw new IllegalArgumentException("Must provide a server URI."); - } - if (executor == null) { - throw new IllegalArgumentException("Must provide a non-null executor."); - } - this.serverURI = (serverURI.endsWith("/") ? serverURI : serverURI + "/") + VERSION_FRAGMENT; - this.executor = executor; - } - - /** - * Process a typed value extracted from a successful response (in an - * endpoint-dependent way). - */ - public interface RequestDelegate { - public void handleError(Exception e); - public void handleFailure(int status, HttpResponse response); - public void handleSuccess(T result); - } - - /** - * A CreateDelegate produces the body of a /create request. - */ - public interface CreateDelegate { - public JSONObject getCreateBody() throws FxAccountClientException; - } - - /** - * A AuthDelegate produces the bodies of an /auth/{start,finish} - * request pair and exposes state generated by a successful response. - */ - public interface AuthDelegate { - public JSONObject getAuthStartBody() throws FxAccountClientException; - public void onAuthStartResponse(ExtendedJSONObject body) throws FxAccountClientException; - public JSONObject getAuthFinishBody() throws FxAccountClientException; - - public byte[] getSharedBytes() throws FxAccountClientException; - } - - /** - * Thin container for two access tokens. - */ - public static class TwoTokens { - public final byte[] keyFetchToken; - public final byte[] sessionToken; - public TwoTokens(byte[] keyFetchToken, byte[] sessionToken) { - this.keyFetchToken = keyFetchToken; - this.sessionToken = sessionToken; - } - } - - /** - * Thin container for two cryptographic keys. - */ - public static class TwoKeys { - public final byte[] kA; - public final byte[] wrapkB; - public TwoKeys(byte[] kA, byte[] wrapkB) { - this.kA = kA; - this.wrapkB = wrapkB; - } - } - - protected void invokeHandleError(final RequestDelegate delegate, final Exception e) { - executor.execute(new Runnable() { - @Override - public void run() { - delegate.handleError(e); - } - }); - } - - /** - * Translate resource callbacks into request callbacks invoked on the provided - * executor. - *

- * Override handleSuccess to parse the body of the resource - * request and call the request callback. handleSuccess is - * invoked via the executor, so you don't need to delegate further. - */ - protected abstract class ResourceDelegate extends BaseResourceDelegate { - protected abstract void handleSuccess(final int status, HttpResponse response, final ExtendedJSONObject body); - - protected final RequestDelegate delegate; - - protected final byte[] tokenId; - protected final byte[] reqHMACKey; - protected final boolean payload; - - /** - * Create a delegate for an un-authenticated resource. - */ - public ResourceDelegate(final Resource resource, final RequestDelegate delegate) { - this(resource, delegate, null, null, false); - } - - /** - * Create a delegate for a Hawk-authenticated resource. - */ - public ResourceDelegate(final Resource resource, final RequestDelegate delegate, final byte[] tokenId, final byte[] reqHMACKey, final boolean authenticatePayload) { - super(resource); - this.delegate = delegate; - this.reqHMACKey = reqHMACKey; - this.tokenId = tokenId; - this.payload = authenticatePayload; - } - - @Override - public AuthHeaderProvider getAuthHeaderProvider() { - if (tokenId != null && reqHMACKey != null) { - return new HawkAuthHeaderProvider(Utils.byte2Hex(tokenId), reqHMACKey, payload); - } - return super.getAuthHeaderProvider(); - } - - @Override - public void handleHttpResponse(HttpResponse response) { - final int status = response.getStatusLine().getStatusCode(); - switch (status) { - case 200: - invokeHandleSuccess(status, response); - return; - default: - invokeHandleFailure(status, response); - return; - } - } - - protected void invokeHandleFailure(final int status, final HttpResponse response) { - executor.execute(new Runnable() { - @Override - public void run() { - delegate.handleFailure(status, response); - } - }); - } - - protected void invokeHandleSuccess(final int status, final HttpResponse response) { - executor.execute(new Runnable() { - @Override - public void run() { - try { - ExtendedJSONObject body = new SyncResponse(response).jsonObjectBody(); - ResourceDelegate.this.handleSuccess(status, response, body); - } catch (Exception e) { - delegate.handleError(e); - } - } - }); - } - - @Override - public void handleHttpProtocolException(final ClientProtocolException e) { - invokeHandleError(delegate, e); - } - - @Override - public void handleHttpIOException(IOException e) { - invokeHandleError(delegate, e); - } - - @Override - public void handleTransportException(GeneralSecurityException e) { - invokeHandleError(delegate, e); - } - } - - protected void post(BaseResource resource, final JSONObject requestBody, final RequestDelegate delegate) { - try { - if (requestBody == null) { - resource.post((HttpEntity) null); - } else { - resource.post(requestBody); - } - } catch (UnsupportedEncodingException e) { - invokeHandleError(delegate, e); - return; - } - } - - public void createAccount(final String email, final byte[] stretchedPWBytes, - final String srpSalt, final String mainSalt, - final RequestDelegate delegate) { - try { - createAccount(new FxAccount10CreateDelegate(email, stretchedPWBytes, srpSalt, mainSalt), delegate); - } catch (final Exception e) { - invokeHandleError(delegate, e); - return; - } - } - - protected void createAccount(final CreateDelegate createDelegate, final RequestDelegate delegate) { - JSONObject body = null; - try { - body = createDelegate.getCreateBody(); - } catch (FxAccountClientException e) { - invokeHandleError(delegate, e); - return; - } - - BaseResource resource; - try { - resource = new BaseResource(new URI(serverURI + "account/create")); - } catch (URISyntaxException e) { - invokeHandleError(delegate, e); - return; - } - - resource.delegate = new ResourceDelegate(resource, delegate) { - @Override - public void handleSuccess(int status, HttpResponse response, ExtendedJSONObject body) { - String uid = body.getString("uid"); - if (uid == null) { - delegate.handleError(new FxAccountClientException("uid must be a non-null string")); - return; - } - delegate.handleSuccess(uid); - } - }; - post(resource, body, delegate); - } - - protected void authStart(final AuthDelegate authDelegate, final RequestDelegate delegate) { - JSONObject body; - try { - body = authDelegate.getAuthStartBody(); - } catch (FxAccountClientException e) { - invokeHandleError(delegate, e); - return; - } - - BaseResource resource; - try { - resource = new BaseResource(new URI(serverURI + "auth/start")); - } catch (URISyntaxException e) { - invokeHandleError(delegate, e); - return; - } - - resource.delegate = new ResourceDelegate(resource, delegate) { - @Override - public void handleSuccess(int status, HttpResponse response, ExtendedJSONObject body) { - try { - authDelegate.onAuthStartResponse(body); - delegate.handleSuccess(authDelegate); - } catch (Exception e) { - delegate.handleError(e); - return; - } - } - }; - post(resource, body, delegate); - } - - protected void authFinish(final AuthDelegate authDelegate, RequestDelegate delegate) { - JSONObject body; - try { - body = authDelegate.getAuthFinishBody(); - } catch (FxAccountClientException e) { - invokeHandleError(delegate, e); - return; - } - - BaseResource resource; - try { - resource = new BaseResource(new URI(serverURI + "auth/finish")); - } catch (URISyntaxException e) { - invokeHandleError(delegate, e); - return; - } - - resource.delegate = new ResourceDelegate(resource, delegate) { - @Override - public void handleSuccess(int status, HttpResponse response, ExtendedJSONObject body) { - try { - byte[] authToken = new byte[32]; - unbundleBody(body, authDelegate.getSharedBytes(), FxAccountUtils.KW("auth/finish"), authToken); - delegate.handleSuccess(authToken); - } catch (Exception e) { - delegate.handleError(e); - return; - } - } - }; - post(resource, body, delegate); - } - - public void login(final String email, final byte[] stretchedPWBytes, final RequestDelegate delegate) { - login(new FxAccount10AuthDelegate(email, stretchedPWBytes), delegate); - } - - protected void login(final AuthDelegate authDelegate, final RequestDelegate delegate) { - authStart(authDelegate, new RequestDelegate() { - @Override - public void handleSuccess(AuthDelegate srpSession) { - authFinish(srpSession, delegate); - } - - @Override - public void handleError(final Exception e) { - invokeHandleError(delegate, e); - return; - } - - @Override - public void handleFailure(final int status, final HttpResponse response) { - executor.execute(new Runnable() { - @Override - public void run() { - delegate.handleFailure(status, response); - } - }); - } - }); - } - - public void sessionCreate(byte[] authToken, final RequestDelegate delegate) { - final byte[] tokenId = new byte[32]; - final byte[] reqHMACKey = new byte[32]; - final byte[] requestKey = new byte[32]; - try { - HKDF.deriveMany(authToken, new byte[0], FxAccountUtils.KW("authToken"), tokenId, reqHMACKey, requestKey); - } catch (Exception e) { - invokeHandleError(delegate, e); - return; - } - - BaseResource resource; - try { - resource = new BaseResource(new URI(serverURI + "session/create")); - } catch (URISyntaxException e) { - invokeHandleError(delegate, e); - return; - } - - resource.delegate = new ResourceDelegate(resource, delegate, tokenId, reqHMACKey, false) { - @Override - public void handleSuccess(int status, HttpResponse response, ExtendedJSONObject body) { - try { - byte[] keyFetchToken = new byte[32]; - byte[] sessionToken = new byte[32]; - unbundleBody(body, requestKey, FxAccountUtils.KW("session/create"), keyFetchToken, sessionToken); - delegate.handleSuccess(new TwoTokens(keyFetchToken, sessionToken)); - return; - } catch (Exception e) { - delegate.handleError(e); - return; - } - } - }; - post(resource, null, delegate); - } - - public void sessionDestroy(byte[] sessionToken, final RequestDelegate delegate) { - final byte[] tokenId = new byte[32]; - final byte[] reqHMACKey = new byte[32]; - try { - HKDF.deriveMany(sessionToken, new byte[0], FxAccountUtils.KW("sessionToken"), tokenId, reqHMACKey); - } catch (Exception e) { - invokeHandleError(delegate, e); - return; - } - - BaseResource resource; - try { - resource = new BaseResource(new URI(serverURI + "session/destroy")); - } catch (URISyntaxException e) { - invokeHandleError(delegate, e); - return; - } - - resource.delegate = new ResourceDelegate(resource, delegate, tokenId, reqHMACKey, false) { - @Override - public void handleSuccess(int status, HttpResponse response, ExtendedJSONObject body) { - delegate.handleSuccess(null); - } - }; - post(resource, null, delegate); - } - - /** - * Don't call this directly. Use unbundleBody instead. - */ - protected void unbundleBytes(byte[] bundleBytes, byte[] respHMACKey, byte[] respXORKey, byte[]... rest) - throws InvalidKeyException, NoSuchAlgorithmException, FxAccountClientException { - if (bundleBytes.length < 32) { - throw new IllegalArgumentException("input bundle must include HMAC"); - } - int len = respXORKey.length; - if (bundleBytes.length != len + 32) { - throw new IllegalArgumentException("input bundle and XOR key with HMAC have different lengths"); - } - int left = len; - for (byte[] array : rest) { - left -= array.length; - } - if (left != 0) { - throw new IllegalArgumentException("XOR key and total output arrays have different lengths"); - } - - byte[] ciphertext = new byte[len]; - byte[] HMAC = new byte[32]; - System.arraycopy(bundleBytes, 0, ciphertext, 0, len); - System.arraycopy(bundleBytes, len, HMAC, 0, 32); - - Mac hmacHasher = HKDF.makeHMACHasher(respHMACKey); - byte[] computedHMAC = hmacHasher.doFinal(ciphertext); - if (!Arrays.equals(computedHMAC, HMAC)) { - throw new FxAccountClientException("Bad message HMAC"); - } - - int offset = 0; - for (byte[] array : rest) { - for (int i = 0; i < array.length; i++) { - array[i] = (byte) (respXORKey[offset + i] ^ ciphertext[offset + i]); - } - offset += array.length; - } - } - - protected void unbundleBody(ExtendedJSONObject body, byte[] requestKey, byte[] ctxInfo, byte[]... rest) throws Exception { - int length = 0; - for (byte[] array : rest) { - length += array.length; - } - - if (body == null) { - throw new FxAccountClientException("body must be non-null"); - } - String bundle = body.getString("bundle"); - if (bundle == null) { - throw new FxAccountClientException("bundle must be a non-null string"); - } - byte[] bundleBytes = Utils.hex2Byte(bundle); - - final byte[] respHMACKey = new byte[32]; - final byte[] respXORKey = new byte[length]; - HKDF.deriveMany(requestKey, new byte[0], ctxInfo, respHMACKey, respXORKey); - unbundleBytes(bundleBytes, respHMACKey, respXORKey, rest); - } - - public void keys(byte[] keyFetchToken, final RequestDelegate delegate) { - final byte[] tokenId = new byte[32]; - final byte[] reqHMACKey = new byte[32]; - final byte[] requestKey = new byte[32]; - try { - HKDF.deriveMany(keyFetchToken, new byte[0], FxAccountUtils.KW("keyFetchToken"), tokenId, reqHMACKey, requestKey); - } catch (Exception e) { - invokeHandleError(delegate, e); - return; - } - - BaseResource resource; - try { - resource = new BaseResource(new URI(serverURI + "account/keys")); - } catch (URISyntaxException e) { - invokeHandleError(delegate, e); - return; - } - - resource.delegate = new ResourceDelegate(resource, delegate, tokenId, reqHMACKey, false) { - @Override - public void handleSuccess(int status, HttpResponse response, ExtendedJSONObject body) { - try { - byte[] kA = new byte[32]; - byte[] wrapkB = new byte[32]; - unbundleBody(body, requestKey, FxAccountUtils.KW("account/keys"), kA, wrapkB); - delegate.handleSuccess(new TwoKeys(kA, wrapkB)); - return; - } catch (Exception e) { - delegate.handleError(e); - return; - } - } - }; - resource.get(); - } - - /** - * Thin container for status response. - */ - public static class StatusResponse { - public final String email; - public final boolean verified; - public StatusResponse(String email, boolean verified) { - this.email = email; - this.verified = verified; - } - } - - /** - * Query the status of an account given a valid session token. - *

- * This API is a little odd: the auth server returns the email and - * verification state of the account that corresponds to the (opaque) session - * token. It might fail if the session token is unknown (or invalid, or - * revoked). - * - * @param sessionToken - * to query. - * @param delegate - * to invoke callbacks. - */ - public void status(byte[] sessionToken, final RequestDelegate delegate) { - final byte[] tokenId = new byte[32]; - final byte[] reqHMACKey = new byte[32]; - final byte[] requestKey = new byte[32]; - try { - HKDF.deriveMany(sessionToken, new byte[0], FxAccountUtils.KW("sessionToken"), tokenId, reqHMACKey, requestKey); - } catch (Exception e) { - invokeHandleError(delegate, e); - return; - } - - BaseResource resource; - try { - resource = new BaseResource(new URI(serverURI + "recovery_email/status")); - } catch (URISyntaxException e) { - invokeHandleError(delegate, e); - return; - } - - resource.delegate = new ResourceDelegate(resource, delegate, tokenId, reqHMACKey, false) { - @Override - public void handleSuccess(int status, HttpResponse response, ExtendedJSONObject body) { - try { - String[] requiredStringFields = new String[] { JSON_KEY_EMAIL }; - body.throwIfFieldsMissingOrMisTyped(requiredStringFields, String.class); - String email = body.getString(JSON_KEY_EMAIL); - Boolean verified = body.getBoolean(JSON_KEY_VERIFIED); - delegate.handleSuccess(new StatusResponse(email, verified)); - return; - } catch (Exception e) { - delegate.handleError(e); - return; - } - } - }; - resource.get(); - } - - @SuppressWarnings("unchecked") - public void sign(final byte[] sessionToken, final ExtendedJSONObject publicKey, long durationInSeconds, final RequestDelegate delegate) { - final JSONObject body = new JSONObject(); - body.put("publicKey", publicKey); - body.put("duration", durationInSeconds); - - final byte[] tokenId = new byte[32]; - final byte[] reqHMACKey = new byte[32]; - try { - HKDF.deriveMany(sessionToken, new byte[0], FxAccountUtils.KW("sessionToken"), tokenId, reqHMACKey); - } catch (Exception e) { - invokeHandleError(delegate, e); - return; - } - - BaseResource resource; - try { - resource = new BaseResource(new URI(serverURI + "certificate/sign")); - } catch (URISyntaxException e) { - invokeHandleError(delegate, e); - return; - } - - resource.delegate = new ResourceDelegate(resource, delegate, tokenId, reqHMACKey, true) { - @Override - public void handleSuccess(int status, HttpResponse response, ExtendedJSONObject body) { - String cert = body.getString("cert"); - if (cert == null) { - delegate.handleError(new FxAccountClientException("cert must be a non-null string")); - return; - } - delegate.handleSuccess(cert); - } - }; - post(resource, body, delegate); - } +public interface FxAccountClient { + public void loginAndGetKeys(final byte[] emailUTF8, final byte[] quickStretchedPW, final RequestDelegate requestDelegate); + public void status(byte[] sessionToken, RequestDelegate requestDelegate); + public void keys(byte[] keyFetchToken, RequestDelegate requestDelegate); + public void sign(byte[] sessionToken, ExtendedJSONObject publicKey, long certificateDurationInMilliseconds, RequestDelegate requestDelegate); } diff --git a/mobile/android/base/background/fxa/FxAccountClient20.java b/mobile/android/base/background/fxa/FxAccountClient20.java index 2c24fda2a0a..c805fbfa616 100644 --- a/mobile/android/base/background/fxa/FxAccountClient20.java +++ b/mobile/android/base/background/fxa/FxAccountClient20.java @@ -14,7 +14,7 @@ import org.mozilla.gecko.sync.net.BaseResource; import ch.boye.httpclientandroidlib.HttpResponse; -public class FxAccountClient20 extends FxAccountClient10 { +public class FxAccountClient20 extends FxAccountClient10 implements FxAccountClient { protected static final String[] LOGIN_RESPONSE_REQUIRED_STRING_FIELDS = new String[] { JSON_KEY_UID, JSON_KEY_SESSIONTOKEN }; protected static final String[] LOGIN_RESPONSE_REQUIRED_STRING_FIELDS_KEYS = new String[] { JSON_KEY_UID, JSON_KEY_SESSIONTOKEN, JSON_KEY_KEYFETCHTOKEN, }; protected static final String[] LOGIN_RESPONSE_REQUIRED_BOOLEAN_FIELDS = new String[] { JSON_KEY_VERIFIED }; diff --git a/mobile/android/base/fxa/FxAccountConstants.java.in b/mobile/android/base/fxa/FxAccountConstants.java.in index 41173353231..bd7cbd6d1b9 100644 --- a/mobile/android/base/fxa/FxAccountConstants.java.in +++ b/mobile/android/base/fxa/FxAccountConstants.java.in @@ -5,6 +5,8 @@ package org.mozilla.gecko.fxa; +import org.mozilla.gecko.background.common.log.Logger; + public class FxAccountConstants { public static final String GLOBAL_LOG_TAG = "FxAccounts"; public static final String ACCOUNT_TYPE = "@MOZ_ANDROID_SHARED_FXACCOUNT_TYPE@"; @@ -13,4 +15,14 @@ public class FxAccountConstants { public static final String DEFAULT_AUTH_ENDPOINT = "http://auth.oldsync.dev.lcip.org"; public static final String PREFS_PATH = "fxa.v1"; + + // For extra debugging. Not final so it can be changed from Fennec, or from + // an add-on. + public static boolean LOG_PERSONAL_INFORMATION = true; + + public static void pii(String tag, String message) { + if (LOG_PERSONAL_INFORMATION) { + Logger.info(tag, "$$FxA PII$$: " + message); + } + } } diff --git a/mobile/android/base/fxa/authenticator/AbstractFxAccount.java b/mobile/android/base/fxa/authenticator/AbstractFxAccount.java index e9abcbe39be..e2c06fb5406 100644 --- a/mobile/android/base/fxa/authenticator/AbstractFxAccount.java +++ b/mobile/android/base/fxa/authenticator/AbstractFxAccount.java @@ -40,11 +40,14 @@ public interface AbstractFxAccount { */ public String getServerURI(); + public boolean isValid(); + public void setInvalid(); + public byte[] getSessionToken(); public byte[] getKeyFetchToken(); - public void invalidateSessionToken(); - public void invalidateKeyFetchToken(); + public void setSessionToken(byte[] token); + public void setKeyFetchToken(byte[] token); /** * Return true if and only if this account is guaranteed to be verified. This @@ -77,4 +80,13 @@ public interface AbstractFxAccount { public void setWrappedKb(byte[] wrappedKb); BrowserIDKeyPair getAssertionKeyPair() throws GeneralSecurityException; + + public String getCertificate(); + public void setCertificate(String certificate); + + public String getAssertion(); + public void setAssertion(String assertion); + + public byte[] getEmailUTF8(); + public byte[] getQuickStretchedPW(); } diff --git a/mobile/android/base/fxa/authenticator/AndroidFxAccount.java b/mobile/android/base/fxa/authenticator/AndroidFxAccount.java index 619d53f0adf..88a7c899cd0 100644 --- a/mobile/android/base/fxa/authenticator/AndroidFxAccount.java +++ b/mobile/android/base/fxa/authenticator/AndroidFxAccount.java @@ -6,6 +6,8 @@ package org.mozilla.gecko.fxa.authenticator; import java.io.UnsupportedEncodingException; import java.security.GeneralSecurityException; +import java.util.ArrayList; +import java.util.Collections; import org.mozilla.gecko.background.common.log.Logger; import org.mozilla.gecko.background.fxa.FxAccountUtils; @@ -31,6 +33,9 @@ import android.os.Bundle; public class AndroidFxAccount implements AbstractFxAccount { protected static final String LOG_TAG = AndroidFxAccount.class.getSimpleName(); + public static final String ACCOUNT_KEY_ASSERTION = "assertion"; + public static final String ACCOUNT_KEY_CERTIFICATE = "certificate"; + public static final String ACCOUNT_KEY_INVALID = "invalid"; public static final String ACCOUNT_KEY_SERVERURI = "serverURI"; public static final String ACCOUNT_KEY_SESSION_TOKEN = "sessionToken"; public static final String ACCOUNT_KEY_KEY_FETCH_TOKEN = "keyFetchToken"; @@ -66,6 +71,21 @@ public class AndroidFxAccount implements AbstractFxAccount { this.accountManager = AccountManager.get(this.context); } + @Override + public byte[] getEmailUTF8() { + try { + return account.name.getBytes("UTF-8"); + } catch (UnsupportedEncodingException e) { + // Ignore. + return null; + } + } + + @Override + public byte[] getQuickStretchedPW() { + return Utils.hex2Byte(accountManager.getPassword(account)); + } + @Override public String getServerURI() { return accountManager.getUserData(account, ACCOUNT_KEY_SERVERURI); @@ -90,13 +110,13 @@ public class AndroidFxAccount implements AbstractFxAccount { } @Override - public void invalidateSessionToken() { - accountManager.setUserData(account, ACCOUNT_KEY_SESSION_TOKEN, null); + public void setSessionToken(byte[] sessionToken) { + accountManager.setUserData(account, ACCOUNT_KEY_SESSION_TOKEN, sessionToken == null ? null : Utils.byte2Hex(sessionToken)); } @Override - public void invalidateKeyFetchToken() { - accountManager.setUserData(account, ACCOUNT_KEY_KEY_FETCH_TOKEN, null); + public void setKeyFetchToken(byte[] keyFetchToken) { + accountManager.setUserData(account, ACCOUNT_KEY_KEY_FETCH_TOKEN, keyFetchToken == null ? null : Utils.byte2Hex(keyFetchToken)); } @Override @@ -155,6 +175,26 @@ public class AndroidFxAccount implements AbstractFxAccount { return keyPair; } + @Override + public String getCertificate() { + return accountManager.getUserData(account, ACCOUNT_KEY_CERTIFICATE); + } + + @Override + public void setCertificate(String certificate) { + accountManager.setUserData(account, ACCOUNT_KEY_CERTIFICATE, certificate); + } + + @Override + public String getAssertion() { + return accountManager.getUserData(account, ACCOUNT_KEY_ASSERTION); + } + + @Override + public void setAssertion(String assertion) { + accountManager.setUserData(account, ACCOUNT_KEY_ASSERTION, assertion); + } + /** * Extract a JSON dictionary of the string values associated to this account. *

@@ -167,16 +207,27 @@ public class AndroidFxAccount implements AbstractFxAccount { public ExtendedJSONObject toJSONObject() { ExtendedJSONObject o = new ExtendedJSONObject(); for (String key : new String[] { + ACCOUNT_KEY_ASSERTION, + ACCOUNT_KEY_CERTIFICATE, ACCOUNT_KEY_SERVERURI, ACCOUNT_KEY_SESSION_TOKEN, + ACCOUNT_KEY_INVALID, ACCOUNT_KEY_KEY_FETCH_TOKEN, ACCOUNT_KEY_VERIFIED, ACCOUNT_KEY_KA, ACCOUNT_KEY_KB, ACCOUNT_KEY_UNWRAPKB, - ACCOUNT_KEY_ASSERTION_KEY_PAIR }) { + ACCOUNT_KEY_ASSERTION_KEY_PAIR, + }) { o.put(key, accountManager.getUserData(account, key)); } + o.put("email", account.name); + try { + o.put("emailUTF8", Utils.byte2Hex(account.name.getBytes("UTF-8"))); + } catch (UnsupportedEncodingException e) { + // Ignore. + } + o.put("quickStretchedPW", accountManager.getPassword(account)); return o; } @@ -208,8 +259,8 @@ public class AndroidFxAccount implements AbstractFxAccount { Bundle userdata = new Bundle(); userdata.putString(AndroidFxAccount.ACCOUNT_KEY_SERVERURI, serverURI); - userdata.putString(AndroidFxAccount.ACCOUNT_KEY_SESSION_TOKEN, Utils.byte2Hex(sessionToken)); - userdata.putString(AndroidFxAccount.ACCOUNT_KEY_KEY_FETCH_TOKEN, Utils.byte2Hex(keyFetchToken)); + userdata.putString(AndroidFxAccount.ACCOUNT_KEY_SESSION_TOKEN, sessionToken == null ? null : Utils.byte2Hex(sessionToken)); + userdata.putString(AndroidFxAccount.ACCOUNT_KEY_KEY_FETCH_TOKEN, keyFetchToken == null ? null : Utils.byte2Hex(keyFetchToken)); userdata.putString(AndroidFxAccount.ACCOUNT_KEY_VERIFIED, Boolean.valueOf(verified).toString()); userdata.putString(AndroidFxAccount.ACCOUNT_KEY_UNWRAPKB, Utils.byte2Hex(unwrapBkey)); @@ -222,4 +273,40 @@ public class AndroidFxAccount implements AbstractFxAccount { FxAccountAuthenticator.enableSyncing(context, account); return account; } + + @Override + public boolean isValid() { + // Boolean.valueOf only returns true for the string "true"; this errors in + // the direction of marking accounts valid. + boolean invalid = Boolean.valueOf(accountManager.getUserData(account, ACCOUNT_KEY_INVALID)).booleanValue(); + return !invalid; + } + + @Override + public void setInvalid() { + accountManager.setUserData(account, ACCOUNT_KEY_INVALID, Boolean.valueOf(true).toString()); + } + + /** + * For debugging only! + */ + public void dump() { + if (!FxAccountConstants.LOG_PERSONAL_INFORMATION) { + return; + } + ExtendedJSONObject o = toJSONObject(); + ArrayList list = new ArrayList(o.keySet()); + Collections.sort(list); + for (String key : list) { + FxAccountConstants.pii(LOG_TAG, key + ": " + o.getString(key)); + } + } + + /** + * For debugging only! + */ + public void resetAccountTokens() { + accountManager.setUserData(account, ACCOUNT_KEY_SESSION_TOKEN, null); + accountManager.setUserData(account, ACCOUNT_KEY_KEY_FETCH_TOKEN, null); + } } diff --git a/mobile/android/base/fxa/authenticator/FxAccountLoginPolicy.java b/mobile/android/base/fxa/authenticator/FxAccountLoginPolicy.java index 431db429e0d..364b3983aa6 100644 --- a/mobile/android/base/fxa/authenticator/FxAccountLoginPolicy.java +++ b/mobile/android/base/fxa/authenticator/FxAccountLoginPolicy.java @@ -4,23 +4,25 @@ package org.mozilla.gecko.fxa.authenticator; -import java.security.GeneralSecurityException; import java.util.LinkedList; import java.util.concurrent.Executor; import org.mozilla.gecko.background.common.log.Logger; +import org.mozilla.gecko.background.fxa.FxAccountClient; import org.mozilla.gecko.background.fxa.FxAccountClient10; import org.mozilla.gecko.background.fxa.FxAccountClient10.RequestDelegate; import org.mozilla.gecko.background.fxa.FxAccountClient10.StatusResponse; import org.mozilla.gecko.background.fxa.FxAccountClient10.TwoKeys; import org.mozilla.gecko.background.fxa.FxAccountClient20; +import org.mozilla.gecko.background.fxa.FxAccountClient20.LoginResponse; import org.mozilla.gecko.browserid.BrowserIDKeyPair; import org.mozilla.gecko.browserid.JSONWebTokenUtils; -import org.mozilla.gecko.browserid.SigningPrivateKey; import org.mozilla.gecko.browserid.VerifyingPublicKey; +import org.mozilla.gecko.fxa.FxAccountConstants; import org.mozilla.gecko.fxa.authenticator.FxAccountLoginException.FxAccountLoginAccountNotVerifiedException; import org.mozilla.gecko.fxa.authenticator.FxAccountLoginException.FxAccountLoginBadPasswordException; import org.mozilla.gecko.sync.HTTPFailureException; +import org.mozilla.gecko.sync.Utils; import org.mozilla.gecko.sync.net.SyncStorageResponse; import android.content.Context; @@ -39,13 +41,130 @@ public class FxAccountLoginPolicy { this.executor = executor; } - protected void invokeHandleHardFailure(final FxAccountLoginDelegate delegate, final FxAccountLoginException e) { - executor.execute(new Runnable() { - @Override - public void run() { - delegate.handleError(e); - } - }); + public long certificateDurationInMilliseconds = JSONWebTokenUtils.DEFAULT_CERTIFICATE_DURATION_IN_MILLISECONDS; + public long assertionDurationInMilliseconds = JSONWebTokenUtils.DEFAULT_ASSERTION_DURATION_IN_MILLISECONDS; + + public long getCertificateDurationInMilliseconds() { + return certificateDurationInMilliseconds; + } + + public long getAssertionDurationInMilliseconds() { + return assertionDurationInMilliseconds; + } + + protected FxAccountClient makeFxAccountClient() { + String serverURI = fxAccount.getServerURI(); + return new FxAccountClient20(serverURI, executor); + } + + /** + * Check if this certificate is not worth generating an assertion from: for + * example, because it is not well-formed, or it is already expired. + * + * @param certificate + * to check. + * @return if it is definitely not worth generating an assertion from this + * certificate. + */ + protected boolean isInvalidCertificate(String certificate) { + return false; + } + + /** + * Check if this assertion is not worth presenting to the token server: for + * example, because it is not well-formed, or it is already expired. + * + * @param assertion + * to check. + * @return if assertion is definitely not worth presenting to the token + * server. + */ + protected boolean isInvalidAssertion(String assertion) { + return false; + } + + public enum AccountState { + Invalid, + NeedsSessionToken, + NeedsVerification, + NeedsKeys, + NeedsCertificate, + NeedsAssertion, + Valid, + }; + + public AccountState getAccountState(AbstractFxAccount fxAccount) { + String serverURI = fxAccount.getServerURI(); + byte[] emailUTF8 = fxAccount.getEmailUTF8(); + byte[] quickStretchedPW = fxAccount.getQuickStretchedPW(); + if (!fxAccount.isValid() || serverURI == null || emailUTF8 == null || quickStretchedPW == null) { + return AccountState.Invalid; + } + + byte[] sessionToken = fxAccount.getSessionToken(); + if (sessionToken == null) { + return AccountState.NeedsSessionToken; + } + + if (!fxAccount.isVerified()) { + return AccountState.NeedsVerification; + } + + // Verify against server? Tricky. + if (fxAccount.getKa() == null || fxAccount.getKb() == null) { + return AccountState.NeedsKeys; + } + + String certificate = fxAccount.getCertificate(); + if (certificate == null || isInvalidCertificate(certificate)) { + return AccountState.NeedsCertificate; + } + + String assertion = fxAccount.getAssertion(); + if (assertion == null || isInvalidAssertion(assertion)) { + return AccountState.NeedsAssertion; + } + + return AccountState.Valid; + } + + protected interface LoginStage { + public void execute(LoginStageDelegate delegate) throws Exception; + } + + protected LinkedList getStages(AccountState state) { + final LinkedList stages = new LinkedList(); + if (state == AccountState.Invalid) { + stages.addFirst(new FailStage()); + return stages; + } + + stages.addFirst(new SuccessStage()); + if (state == AccountState.Valid) { + return stages; + } + stages.addFirst(new EnsureAssertionStage()); + if (state == AccountState.NeedsAssertion) { + return stages; + } + stages.addFirst(new EnsureCertificateStage()); + if (state == AccountState.NeedsCertificate) { + return stages; + } + stages.addFirst(new EnsureKeysStage()); + stages.addFirst(new EnsureKeyFetchTokenStage()); + if (state == AccountState.NeedsKeys) { + return stages; + } + stages.addFirst(new EnsureVerificationStage()); + if (state == AccountState.NeedsVerification) { + return stages; + } + stages.addFirst(new EnsureSessionTokenStage()); + if (state == AccountState.NeedsSessionToken) { + return stages; + } + return stages; } /** @@ -58,121 +177,97 @@ public class FxAccountLoginPolicy { * @param delegate providing callbacks to invoke. */ public void login(final String audience, final FxAccountLoginDelegate delegate) { - final LinkedList stages = new LinkedList(); - stages.add(new CheckPreconditionsLoginStage()); - stages.add(new CheckVerifiedLoginStage()); - stages.add(new EnsureDerivedKeysLoginStage()); - stages.add(new FetchCertificateLoginStage()); + final AccountState initialState = getAccountState(fxAccount); + Logger.info(LOG_TAG, "Logging in account from initial state " + initialState + "."); - advance(audience, stages, delegate); + final LinkedList stages = getStages(initialState); + final LinkedList stageNames = new LinkedList(); + for (LoginStage stage : stages) { + stageNames.add(stage.getClass().getSimpleName()); + } + Logger.info(LOG_TAG, "Executing stages: [" + Utils.toCommaSeparatedString(stageNames) + "]"); + + LoginStageDelegate loginStageDelegate = new LoginStageDelegate(stages, audience, delegate); + loginStageDelegate.advance(); } - protected interface LoginStageDelegate { - public String getAssertionAudience(); - public void handleError(FxAccountLoginException e); - public void handleStageSuccess(); - public void handleLoginSuccess(String assertion); - } + protected class LoginStageDelegate { + public final LinkedList stages; + public final String audience; + public final FxAccountLoginDelegate delegate; + public final FxAccountClient client; - protected interface LoginStage { - public void execute(LoginStageDelegate delegate); - } + protected LoginStage currentStage = null; - /** - * Pop the next stage off stages and execute it. - *

- * This trades stack efficiency for implementation simplicity. - * - * @param delegate - * @param stages - */ - protected void advance(final String audience, final LinkedList stages, final FxAccountLoginDelegate delegate) { - LoginStage stage = stages.poll(); - if (stage == null) { - // No more stages. But we haven't seen an assertion. Failure! - Logger.info(LOG_TAG, "No more stages: login failed?"); - invokeHandleHardFailure(delegate, new FxAccountLoginException("No more stages, but no assertion: login failed?")); + public LoginStageDelegate(LinkedList stages, String audience, FxAccountLoginDelegate delegate) { + this.stages = stages; + this.audience = audience; + this.delegate = delegate; + this.client = makeFxAccountClient(); + } + + protected void invokeHandleHardFailure(final FxAccountLoginDelegate delegate, final FxAccountLoginException e) { + executor.execute(new Runnable() { + @Override + public void run() { + delegate.handleError(e); + } + }); + } + + public void advance() { + currentStage = stages.poll(); + if (currentStage == null) { + // No more stages. But we haven't seen an assertion. Failure! + Logger.info(LOG_TAG, "No more stages: login failed?"); + invokeHandleHardFailure(delegate, new FxAccountLoginException("No more stages, but no assertion: login failed?")); + return; + } + + try { + Logger.info(LOG_TAG, "Executing stage: " + currentStage.getClass().getSimpleName()); + currentStage.execute(this); + } catch (Exception e) { + Logger.info(LOG_TAG, "Got exception during stage.", e); + invokeHandleHardFailure(delegate, new FxAccountLoginException(e)); + return; + } + } + + public void handleStageSuccess() { + Logger.info(LOG_TAG, "Stage succeeded: " + currentStage.getClass().getSimpleName()); + advance(); + } + + public void handleLoginSuccess(final String assertion) { + Logger.info(LOG_TAG, "Login succeeded."); + executor.execute(new Runnable() { + @Override + public void run() { + delegate.handleSuccess(assertion); + } + }); return; } - stage.execute(new LoginStageDelegate() { - @Override - public void handleStageSuccess() { - Logger.info(LOG_TAG, "Stage succeeded."); - advance(audience, stages, delegate); - } - - @Override - public void handleLoginSuccess(final String assertion) { - Logger.info(LOG_TAG, "Login succeeded."); - executor.execute(new Runnable() { - @Override - public void run() { - delegate.handleSuccess(assertion); - } - }); - return; - } - - @Override - public void handleError(FxAccountLoginException e) { - invokeHandleHardFailure(delegate, e); - } - - @Override - public String getAssertionAudience() { - return audience; - } - }); - } - - /** - * Verify we have a valid server URI, session token, etc. If not, we have to - * prompt for credentials. - */ - public class CheckPreconditionsLoginStage implements LoginStage { - @Override - public void execute(final LoginStageDelegate delegate) { - final String audience = delegate.getAssertionAudience(); - if (audience == null) { - delegate.handleError(new FxAccountLoginException("Account has no audience.")); - return; - } - - String serverURI = fxAccount.getServerURI(); - if (serverURI == null) { - delegate.handleError(new FxAccountLoginException("Account has no server URI.")); - return; - } - - byte[] sessionToken = fxAccount.getSessionToken(); - if (sessionToken == null) { - delegate.handleError(new FxAccountLoginBadPasswordException("Account has no session token.")); - return; - } - - delegate.handleStageSuccess(); + public void handleError(FxAccountLoginException e) { + invokeHandleHardFailure(delegate, e); } } - /** - * Now that we have a server to talk to and a session token, we can use them - * to check that the account is verified. - */ - public class CheckVerifiedLoginStage implements LoginStage { + public class EnsureSessionTokenStage implements LoginStage { @Override - public void execute(final LoginStageDelegate delegate) { - if (fxAccount.isVerified()) { - Logger.info(LOG_TAG, "Account is already marked verified. Skipping remote status check."); - delegate.handleStageSuccess(); - return; + public void execute(final LoginStageDelegate delegate) throws Exception { + byte[] emailUTF8 = fxAccount.getEmailUTF8(); + if (emailUTF8 == null) { + throw new IllegalStateException("emailUTF8 must not be null"); + } + byte[] quickStretchedPW = fxAccount.getQuickStretchedPW(); + if (quickStretchedPW == null) { + throw new IllegalStateException("quickStretchedPW must not be null"); } - String serverURI = fxAccount.getServerURI(); - byte[] sessionToken = fxAccount.getSessionToken(); - final FxAccountClient20 client = new FxAccountClient20(serverURI, executor); - - client.status(sessionToken, new RequestDelegate() { + delegate.client.loginAndGetKeys(emailUTF8, quickStretchedPW, new RequestDelegate() { @Override public void handleError(Exception e) { delegate.handleError(new FxAccountLoginException(e)); @@ -184,6 +279,53 @@ public class FxAccountLoginPolicy { delegate.handleError(new FxAccountLoginException(new HTTPFailureException(new SyncStorageResponse(response)))); return; } + // We just got denied for a sessionToken. That's a problem with + // our email or password. Only thing to do is mark the account + // invalid and ask for user intervention. + fxAccount.setInvalid(); + delegate.handleError(new FxAccountLoginBadPasswordException("Auth server rejected email/password while fetching sessionToken.")); + } + + @Override + public void handleSuccess(LoginResponse result) { + fxAccount.setSessionToken(result.sessionToken); + fxAccount.setKeyFetchToken(result.keyFetchToken); + if (FxAccountConstants.LOG_PERSONAL_INFORMATION) { + FxAccountConstants.pii(LOG_TAG, "Fetched sessionToken : " + Utils.byte2Hex(result.sessionToken)); + FxAccountConstants.pii(LOG_TAG, "Fetched keyFetchToken: " + Utils.byte2Hex(result.keyFetchToken)); + } + delegate.handleStageSuccess(); + } + }); + } + } + + /** + * Now that we have a server to talk to and a session token, we can use them + * to check that the account is verified. + */ + public class EnsureVerificationStage implements LoginStage { + @Override + public void execute(final LoginStageDelegate delegate) { + byte[] sessionToken = fxAccount.getSessionToken(); + if (sessionToken == null) { + throw new IllegalArgumentException("sessionToken must not be null"); + } + + delegate.client.status(sessionToken, new RequestDelegate() { + @Override + public void handleError(Exception e) { + delegate.handleError(new FxAccountLoginException(e)); + } + + @Override + public void handleFailure(int status, HttpResponse response) { + if (status != 401) { + delegate.handleError(new FxAccountLoginException(new HTTPFailureException(new SyncStorageResponse(response)))); + return; + } + // We just got denied due to our sessionToken. Invalidate it. + fxAccount.setSessionToken(null); delegate.handleError(new FxAccountLoginBadPasswordException("Auth server rejected session token while fetching status.")); } @@ -202,31 +344,81 @@ public class FxAccountLoginPolicy { } } - /** - * Now we have a verified account, we can make sure that our local keys are - * consistent with the account's keys. - */ - public class EnsureDerivedKeysLoginStage implements LoginStage { + public static int[] DUMMY = null; + + public class EnsureKeyFetchTokenStage implements LoginStage { @Override - public void execute(final LoginStageDelegate delegate) { - byte[] kA = fxAccount.getKa(); - byte[] kB = fxAccount.getKb(); - if (kA != null && kB != null) { - Logger.info(LOG_TAG, "Account already has kA and kB. Skipping key derivation stage."); + public void execute(final LoginStageDelegate delegate) throws Exception { + byte[] emailUTF8 = fxAccount.getEmailUTF8(); + if (emailUTF8 == null) { + throw new IllegalStateException("emailUTF8 must not be null"); + } + byte[] quickStretchedPW = fxAccount.getQuickStretchedPW(); + if (quickStretchedPW == null) { + throw new IllegalStateException("quickStretchedPW must not be null"); + } + + boolean verified = fxAccount.isVerified(); + if (!verified) { + throw new IllegalStateException("must be verified"); + } + + // We might already have a valid keyFetchToken. If so, try it. If it's not + // valid, we'll invalidate it in EnsureKeysStage. + if (fxAccount.getKeyFetchToken() != null) { + Logger.info(LOG_TAG, "Using existing keyFetchToken."); delegate.handleStageSuccess(); return; } + delegate.client.loginAndGetKeys(emailUTF8, quickStretchedPW, new RequestDelegate() { + @Override + public void handleError(Exception e) { + delegate.handleError(new FxAccountLoginException(e)); + } + + @Override + public void handleFailure(int status, HttpResponse response) { + if (status != 401) { + delegate.handleError(new FxAccountLoginException(new HTTPFailureException(new SyncStorageResponse(response)))); + return; + } + // We just got denied for a keyFetchToken. That's a problem with + // our email or password. Only thing to do is mark the account + // invalid and ask for user intervention. + fxAccount.setInvalid(); + delegate.handleError(new FxAccountLoginBadPasswordException("Auth server rejected email/password while fetching keyFetchToken.")); + } + + @Override + public void handleSuccess(LoginResponse result) { + fxAccount.setKeyFetchToken(result.keyFetchToken); + if (FxAccountConstants.LOG_PERSONAL_INFORMATION) { + FxAccountConstants.pii(LOG_TAG, "Fetched keyFetchToken: " + Utils.byte2Hex(result.keyFetchToken)); + } + delegate.handleStageSuccess(); + } + }); + } + } + + /** + * Now we have a verified account, we can make sure that our local keys are + * consistent with the account's keys. + */ + public class EnsureKeysStage implements LoginStage { + @Override + public void execute(final LoginStageDelegate delegate) throws Exception { byte[] keyFetchToken = fxAccount.getKeyFetchToken(); if (keyFetchToken == null) { - // XXX this might mean something else? - delegate.handleError(new FxAccountLoginBadPasswordException("Account has no key fetch token.")); - return; + throw new IllegalStateException("keyFetchToken must not be null"); } - String serverURI = fxAccount.getServerURI(); - final FxAccountClient20 client = new FxAccountClient20(serverURI, executor); - client.keys(keyFetchToken, new RequestDelegate() { + // Make sure we don't use a keyFetchToken twice. This conveniently + // invalidates any invalid keyFetchToken we might try, too. + fxAccount.setKeyFetchToken(null); + + delegate.client.keys(keyFetchToken, new RequestDelegate() { @Override public void handleError(Exception e) { delegate.handleError(new FxAccountLoginException(e)); @@ -245,39 +437,35 @@ public class FxAccountLoginPolicy { public void handleSuccess(TwoKeys result) { fxAccount.setKa(result.kA); fxAccount.setWrappedKb(result.wrapkB); + if (FxAccountConstants.LOG_PERSONAL_INFORMATION) { + FxAccountConstants.pii(LOG_TAG, "Fetched kA: " + Utils.byte2Hex(result.kA)); + FxAccountConstants.pii(LOG_TAG, "And wrapkB: " + Utils.byte2Hex(result.wrapkB)); + FxAccountConstants.pii(LOG_TAG, "Giving kB : " + Utils.byte2Hex(fxAccount.getKb())); + } delegate.handleStageSuccess(); } }); } } - public class FetchCertificateLoginStage implements LoginStage { + public class EnsureCertificateStage implements LoginStage { @Override - public void execute(final LoginStageDelegate delegate) { - BrowserIDKeyPair keyPair; - try { - keyPair = fxAccount.getAssertionKeyPair(); - if (keyPair == null) { - Logger.info(LOG_TAG, "Account has no key pair."); - delegate.handleError(new FxAccountLoginException("Account has no key pair.")); - return; - } - } catch (GeneralSecurityException e) { - delegate.handleError(new FxAccountLoginException(e)); - return; + public void execute(final LoginStageDelegate delegate) throws Exception{ + byte[] sessionToken = fxAccount.getSessionToken(); + if (sessionToken == null) { + throw new IllegalStateException("keyPair must not be null"); + } + BrowserIDKeyPair keyPair = fxAccount.getAssertionKeyPair(); + if (keyPair == null) { + // If we can't fetch a keypair, we probably have some crypto + // configuration error on device, which we are never going to recover + // from. Mark the account invalid. + fxAccount.setInvalid(); + throw new IllegalStateException("keyPair must not be null"); } - - final SigningPrivateKey privateKey = keyPair.getPrivate(); final VerifyingPublicKey publicKey = keyPair.getPublic(); - byte[] sessionToken = fxAccount.getSessionToken(); - String serverURI = fxAccount.getServerURI(); - final FxAccountClient20 client = new FxAccountClient20(serverURI, executor); - - // TODO Make this duration configurable (that is, part of the policy). - long certificateDurationInMilliseconds = JSONWebTokenUtils.DEFAULT_CERTIFICATE_DURATION_IN_MILLISECONDS; - - client.sign(sessionToken, publicKey.toJSONObject(), certificateDurationInMilliseconds, new RequestDelegate() { + delegate.client.sign(sessionToken, publicKey.toJSONObject(), getCertificateDurationInMilliseconds(), new RequestDelegate() { @Override public void handleError(Exception e) { delegate.handleError(new FxAccountLoginException(e)); @@ -289,24 +477,78 @@ public class FxAccountLoginPolicy { delegate.handleError(new FxAccountLoginException(new HTTPFailureException(new SyncStorageResponse(response)))); return; } + // Our sessionToken was just rejected; we should get a new + // sessionToken. TODO: Make sure the exception below is fine + // enough grained. + // Since this is the place we'll see the majority of lifecylcle + // auth problems, we should be much more aggressive bumping the + // state machine out of this state when we don't get success. + fxAccount.setSessionToken(null); delegate.handleError(new FxAccountLoginBadPasswordException("Auth server rejected session token while fetching status.")); } @Override public void handleSuccess(String certificate) { - try { - String assertion = JSONWebTokenUtils.createAssertion(privateKey, certificate, delegate.getAssertionAudience()); - if (Logger.LOG_PERSONAL_INFORMATION) { - Logger.pii(LOG_TAG, "Generated assertion " + assertion); - JSONWebTokenUtils.dumpAssertion(assertion); - } - delegate.handleLoginSuccess(assertion); - } catch (Exception e) { - delegate.handleError(new FxAccountLoginException(e)); - return; + fxAccount.setCertificate(certificate); + if (FxAccountConstants.LOG_PERSONAL_INFORMATION) { + FxAccountConstants.pii(LOG_TAG, "Fetched certificate: " + certificate); + JSONWebTokenUtils.dumpCertificate(certificate); } + delegate.handleStageSuccess(); } }); } } + + public class EnsureAssertionStage implements LoginStage { + @Override + public void execute(final LoginStageDelegate delegate) throws Exception { + BrowserIDKeyPair keyPair = fxAccount.getAssertionKeyPair(); + if (keyPair == null) { + throw new IllegalStateException("keyPair must not be null"); + } + String certificate = fxAccount.getCertificate(); + if (certificate == null) { + throw new IllegalStateException("certificate must not be null"); + } + String assertion; + try { + long now = System.currentTimeMillis(); + assertion = JSONWebTokenUtils.createAssertion(keyPair.getPrivate(), certificate, delegate.audience, + JSONWebTokenUtils.DEFAULT_ASSERTION_ISSUER, now, getAssertionDurationInMilliseconds()); + } catch (Exception e) { + // If we can't sign an assertion, we probably have some crypto + // configuration error on device, which we are never going to recover + // from. Mark the account invalid before raising the exception. + fxAccount.setInvalid(); + throw e; + } + fxAccount.setAssertion(assertion); + if (FxAccountConstants.LOG_PERSONAL_INFORMATION) { + FxAccountConstants.pii(LOG_TAG, "Generated assertion: " + assertion); + JSONWebTokenUtils.dumpAssertion(assertion); + } + delegate.handleStageSuccess(); + } + } + + public class SuccessStage implements LoginStage { + @Override + public void execute(final LoginStageDelegate delegate) throws Exception { + String assertion = fxAccount.getAssertion(); + if (assertion == null) { + throw new IllegalStateException("assertion must not be null"); + } + delegate.handleLoginSuccess(assertion); + } + } + + public class FailStage implements LoginStage { + @Override + public void execute(final LoginStageDelegate delegate) { + AccountState finalState = getAccountState(fxAccount); + Logger.info(LOG_TAG, "Failed to login account; final state is " + finalState + "."); + delegate.handleError(new FxAccountLoginException("Failed to login.")); + } + } } diff --git a/mobile/android/base/fxa/sync/FxAccountGlobalSession.java b/mobile/android/base/fxa/sync/FxAccountGlobalSession.java index 5fb7850674f..d75c544a2ac 100644 --- a/mobile/android/base/fxa/sync/FxAccountGlobalSession.java +++ b/mobile/android/base/fxa/sync/FxAccountGlobalSession.java @@ -11,7 +11,7 @@ import java.util.Collections; import java.util.HashMap; import org.json.simple.parser.ParseException; -import org.mozilla.gecko.background.common.log.Logger; +import org.mozilla.gecko.fxa.FxAccountConstants; import org.mozilla.gecko.sync.GlobalSession; import org.mozilla.gecko.sync.NonObjectJSONException; import org.mozilla.gecko.sync.SyncConfigurationException; @@ -39,7 +39,7 @@ public class FxAccountGlobalSession extends GlobalSession { callback, context, extras, clientsDelegate, null); URI uri = new URI(storageEndpoint); this.config.clusterURL = new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), uri.getPort(), "/", null, null); - Logger.warn(LOG_TAG, "storageEndpoint is " + uri + " and clusterURL is " + config.clusterURL); + FxAccountConstants.pii(LOG_TAG, "storageEndpoint is " + uri + " and clusterURL is " + config.clusterURL); } @Override diff --git a/mobile/android/base/fxa/sync/FxAccountSyncAdapter.java b/mobile/android/base/fxa/sync/FxAccountSyncAdapter.java index 63d3ac1c977..532867dc690 100644 --- a/mobile/android/base/fxa/sync/FxAccountSyncAdapter.java +++ b/mobile/android/base/fxa/sync/FxAccountSyncAdapter.java @@ -5,14 +5,14 @@ package org.mozilla.gecko.fxa.sync; import java.net.URI; -import java.util.ArrayList; -import java.util.Collections; import java.util.concurrent.CountDownLatch; import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import org.mozilla.gecko.background.common.log.Logger; import org.mozilla.gecko.background.fxa.FxAccountUtils; +import org.mozilla.gecko.browserid.verifier.BrowserIDRemoteVerifierClient; +import org.mozilla.gecko.browserid.verifier.BrowserIDVerifierDelegate; import org.mozilla.gecko.fxa.FxAccountConstants; import org.mozilla.gecko.fxa.authenticator.AndroidFxAccount; import org.mozilla.gecko.fxa.authenticator.FxAccountAuthenticator; @@ -129,16 +129,16 @@ public class FxAccountSyncAdapter extends AbstractThreadedSyncAdapter { final AndroidFxAccount fxAccount = new AndroidFxAccount(getContext(), account); - if (Logger.LOG_PERSONAL_INFORMATION) { - ExtendedJSONObject o = new AndroidFxAccount(getContext(), account).toJSONObject(); - ArrayList list = new ArrayList(o.keySet()); - Collections.sort(list); - for (String key : list) { - Logger.pii(LOG_TAG, key + ": " + o.getString(key)); - } + if (FxAccountConstants.LOG_PERSONAL_INFORMATION) { + fxAccount.dump(); } + final SharedPreferences sharedPrefs = getContext().getSharedPreferences(FxAccountConstants.PREFS_PATH, Context.MODE_PRIVATE); // TODO Ensure preferences are per-Account. + final FxAccountLoginPolicy loginPolicy = new FxAccountLoginPolicy(getContext(), fxAccount, executor); + loginPolicy.certificateDurationInMilliseconds = 20 * 60 * 1000; + loginPolicy.assertionDurationInMilliseconds = 15 * 60 * 1000; + Logger.info(LOG_TAG, "Asking for certificates to expire after 20 minutes and assertions to expire after 15 minutes."); loginPolicy.login(authEndpoint, new FxAccountLoginDelegate() { @Override @@ -147,12 +147,12 @@ public class FxAccountSyncAdapter extends AbstractThreadedSyncAdapter { tokenServerclient.getTokenFromBrowserIDAssertion(assertion, true, new TokenServerClientDelegate() { @Override public void handleSuccess(final TokenServerToken token) { - Logger.pii(LOG_TAG, "Got token! uid is " + token.uid + " and endpoint is " + token.endpoint + "."); + FxAccountConstants.pii(LOG_TAG, "Got token! uid is " + token.uid + " and endpoint is " + token.endpoint + "."); + sharedPrefs.edit().putLong("tokenFailures", 0).commit(); final BaseGlobalSessionCallback callback = new SessionCallback(latch); FxAccountGlobalSession globalSession = null; try { - SharedPreferences sharedPrefs = getContext().getSharedPreferences(FxAccountConstants.PREFS_PATH, Context.MODE_PRIVATE); ClientsDataDelegate clientsDataDelegate = new SharedPreferencesClientsDataDelegate(sharedPrefs); final KeyBundle syncKeyBundle = FxAccountUtils.generateSyncKeyBundle(fxAccount.getKb()); // TODO Document this choice for deriving from kB. AuthHeaderProvider authHeaderProvider = new HawkAuthHeaderProvider(token.id, token.key.getBytes("UTF-8"), false); @@ -166,6 +166,21 @@ public class FxAccountSyncAdapter extends AbstractThreadedSyncAdapter { @Override public void handleFailure(TokenServerException e) { + // This is tricky since the token server fairly + // consistently rejects a token the first time it sees it + // before accepting it for the rest of its lifetime. + long MAX_TOKEN_FAILURES_PER_TOKEN = 2; + long tokenFailures = 1 + sharedPrefs.getLong("tokenFailures", 0); + if (tokenFailures > MAX_TOKEN_FAILURES_PER_TOKEN) { + fxAccount.setCertificate(null); + tokenFailures = 0; + Logger.warn(LOG_TAG, "Seen too many failures with this token; resetting: " + tokenFailures); + Logger.warn(LOG_TAG, "To aid debugging, synchronously sending assertion to remote verifier for second look."); + debugAssertion(tokenServerEndpoint, assertion); + } else { + Logger.info(LOG_TAG, "Seen " + tokenFailures + " failures with this token so far."); + } + sharedPrefs.edit().putLong("tokenFailures", tokenFailures).commit(); handleError(e); } @@ -190,4 +205,34 @@ public class FxAccountSyncAdapter extends AbstractThreadedSyncAdapter { latch.countDown(); } } + + protected void debugAssertion(String audience, String assertion) { + final CountDownLatch verifierLatch = new CountDownLatch(1); + BrowserIDRemoteVerifierClient client = new BrowserIDRemoteVerifierClient(URI.create(BrowserIDRemoteVerifierClient.DEFAULT_VERIFIER_URL)); + client.verify(audience, assertion, new BrowserIDVerifierDelegate() { + @Override + public void handleSuccess(ExtendedJSONObject response) { + Logger.info(LOG_TAG, "Remote verifier returned success: " + response.toJSONString()); + verifierLatch.countDown(); + } + + @Override + public void handleFailure(ExtendedJSONObject response) { + Logger.warn(LOG_TAG, "Remote verifier returned failure: " + response.toJSONString()); + verifierLatch.countDown(); + } + + @Override + public void handleError(Exception e) { + Logger.error(LOG_TAG, "Remote verifier returned error.", e); + verifierLatch.countDown(); + } + }); + + try { + verifierLatch.await(); + } catch (InterruptedException e) { + Logger.error(LOG_TAG, "Got error.", e); + } + } } diff --git a/mobile/android/base/resources/values/fxaccount_styles.xml b/mobile/android/base/resources/values/fxaccount_styles.xml deleted file mode 100644 index c73f4bee04e..00000000000 --- a/mobile/android/base/resources/values/fxaccount_styles.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - -