Adding headers for Chemist to check API key restriction. (#821)

ankitaj224 · web-flow · commit aa73d957b9f7 · 2019-09-18T15:27:42.000-07:00
diff --git a/firebase-installations/api.txt b/firebase-installations/api.txt
@@ -67,7 +67,7 @@ package com.google.firebase.installations.local {
 package com.google.firebase.installations.remote {
 
   public class FirebaseInstallationServiceClient {
-    ctor public FirebaseInstallationServiceClient();
+    ctor public FirebaseInstallationServiceClient(@NonNull Context);
     method @NonNull public com.google.firebase.installations.remote.InstallationResponse createFirebaseInstallation(@NonNull String, @NonNull String, @NonNull String, @NonNull String) throws com.google.firebase.installations.remote.FirebaseInstallationServiceException;
     method @NonNull public void deleteFirebaseInstallation(@NonNull String, @NonNull String, @NonNull String, @NonNull String) throws com.google.firebase.installations.remote.FirebaseInstallationServiceException;
     method @NonNull public InstallationTokenResult generateAuthToken(@NonNull String, @NonNull String, @NonNull String, @NonNull String) throws com.google.firebase.installations.remote.FirebaseInstallationServiceException;
diff --git a/firebase-installations/src/main/java/com/google/firebase/installations/FirebaseInstallations.java b/firebase-installations/src/main/java/com/google/firebase/installations/FirebaseInstallations.java
@@ -63,7 +63,7 @@ public class FirebaseInstallations implements FirebaseInstallationsApi {
         DefaultClock.getInstance(),
         new ThreadPoolExecutor(0, 1, 30L, TimeUnit.SECONDS, new LinkedBlockingQueue<>()),
         firebaseApp,
-        new FirebaseInstallationServiceClient(),
+        new FirebaseInstallationServiceClient(firebaseApp.getApplicationContext()),
         new PersistedFid(firebaseApp),
         new Utils());
   }
diff --git a/firebase-installations/src/main/java/com/google/firebase/installations/remote/FirebaseInstallationServiceClient.java b/firebase-installations/src/main/java/com/google/firebase/installations/remote/FirebaseInstallationServiceClient.java
@@ -14,8 +14,15 @@
 
 package com.google.firebase.installations.remote;
 
+import static android.content.ContentValues.TAG;
+
+import android.content.Context;
+import android.content.pm.PackageManager;
 import android.util.JsonReader;
+import android.util.Log;
 import androidx.annotation.NonNull;
+import com.google.android.gms.common.util.AndroidUtilsLight;
+import com.google.android.gms.common.util.Hex;
 import com.google.firebase.installations.InstallationTokenResult;
 import java.io.IOException;
 import java.io.InputStreamReader;
@@ -49,6 +56,15 @@ public class FirebaseInstallationServiceClient {
   private static final String INTERNAL_SERVER_ERROR_MESSAGE = "There was an internal server error.";
   private static final String NETWORK_ERROR_MESSAGE = "The server returned an unexpected error:";
 
+  private static final String X_ANDROID_PACKAGE_HEADER_KEY = "X-Android-Package";
+  private static final String X_ANDROID_CERT_HEADER_KEY = "X-Android-Cert";
+
+  private final Context context;
+
+  public FirebaseInstallationServiceClient(@NonNull Context context) {
+    this.context = context;
+  }
+
   /**
    * Creates a FID on the FIS Servers by calling FirebaseInstallations API create method.
    *
@@ -79,6 +95,10 @@ public InstallationResponse createFirebaseInstallation(
       httpsURLConnection.addRequestProperty(CONTENT_TYPE_HEADER_KEY, JSON_CONTENT_TYPE);
       httpsURLConnection.addRequestProperty(ACCEPT_HEADER_KEY, JSON_CONTENT_TYPE);
       httpsURLConnection.addRequestProperty(CONTENT_ENCODING_HEADER_KEY, GZIP_CONTENT_ENCODING);
+      httpsURLConnection.addRequestProperty(X_ANDROID_PACKAGE_HEADER_KEY, context.getPackageName());
+      httpsURLConnection.addRequestProperty(
+          X_ANDROID_CERT_HEADER_KEY, getFingerprintHashForPackage());
+
       GZIPOutputStream gzipOutputStream =
           new GZIPOutputStream(httpsURLConnection.getOutputStream());
       try {
@@ -282,4 +302,23 @@ private InstallationTokenResult readGenerateAuthTokenResponse(HttpsURLConnection
 
     return builder.build();
   }
+
+  /** Gets the Android package's SHA-1 fingerprint. */
+  private String getFingerprintHashForPackage() {
+    byte[] hash;
+
+    try {
+      hash = AndroidUtilsLight.getPackageCertificateHashBytes(context, context.getPackageName());
+
+      if (hash == null) {
+        Log.e(TAG, "Could not get fingerprint hash for package: " + context.getPackageName());
+        return null;
+      } else {
+        return Hex.bytesToStringUppercase(hash, /* zeroTerminated= */ false);
+      }
+    } catch (PackageManager.NameNotFoundException e) {
+      Log.e(TAG, "No such package: " + context.getPackageName(), e);
+      return null;
+    }
+  }
 }

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ public class FirebaseInstallations implements FirebaseInstallationsApi {`
`63`	`63`	`DefaultClock.getInstance(),`
`64`	`64`	`new ThreadPoolExecutor(0, 1, 30L, TimeUnit.SECONDS, new LinkedBlockingQueue<>()),`
`65`	`65`	`firebaseApp,`
`66`		`- new FirebaseInstallationServiceClient(),`
	`66`	`+ new FirebaseInstallationServiceClient(firebaseApp.getApplicationContext()),`
`67`	`67`	`new PersistedFid(firebaseApp),`
`68`	`68`	`new Utils());`
`69`	`69`	`}`