Skip to content

Restrict Firebase API key to Android app package name. #690

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 54 commits into from
Aug 6, 2019
Merged

Restrict Firebase API key to Android app package name. #690

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
54 commits
Select commit Hold shift + click to select a range
8881325
Implement Firebase segmentation SDK device local cache
diwu-arete Jun 13, 2019
864748f
[Firebase Segmentation] Add custom installation id cache layer and te…
diwu-arete Jun 14, 2019
0a3ebf6
Add test for updating cache
diwu-arete Jun 14, 2019
2d158ed
Switch to use SQLiteOpenHelper
diwu-arete Jun 15, 2019
f118d39
Switch to use SharedPreferences from SQLite.
diwu-arete Jun 17, 2019
4da5d31
Change the cache class to be singleton
diwu-arete Jun 18, 2019
d1ff0ec
Wrap shared pref commit in a async task.
diwu-arete Jun 18, 2019
2c5102c
Merge branch 'master' of github.com:firebase/firebase-android-sdk int…
diwu-arete Jun 18, 2019
41fbfee
Address comments
diwu-arete Jun 18, 2019
5fd2fa0
Google format fix
diwu-arete Jun 18, 2019
e950003
Merge branch 'master' of github.com:firebase/firebase-android-sdk int…
diwu-arete Jun 18, 2019
dba0c0e
Replace some deprecated code.
diwu-arete Jun 18, 2019
dc37bf8
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jun 18, 2019
ebdd626
Merge branch 'master' of github.com:firebase/firebase-android-sdk int…
diwu-arete Jun 18, 2019
f26741e
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jun 18, 2019
38c403f
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jun 18, 2019
a9a43a4
Package refactor
diwu-arete Jun 18, 2019
ca6dacf
nit
diwu-arete Jun 18, 2019
e7fff81
nit
diwu-arete Jun 18, 2019
bb8bf45
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jun 18, 2019
b381889
Add the state machine of updating custom installation id in the local
diwu-arete Jun 19, 2019
a72cf60
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jun 19, 2019
1adcfbd
minor format fix
diwu-arete Jun 20, 2019
6091f82
Address comments #1
diwu-arete Jun 20, 2019
ada5577
Merge branch 'master' of github.com:firebase/firebase-android-sdk int…
diwu-arete Jun 20, 2019
af5bcd1
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jun 20, 2019
de6fb6d
Merge branch 'master' of github.com:firebase/firebase-android-sdk int…
diwu-arete Jun 24, 2019
75e523b
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jun 24, 2019
134f06e
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jun 24, 2019
6a0f502
Http client in Firebase Segmentation SDK to call backend service.
diwu-arete Jun 26, 2019
4ac7db5
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jun 26, 2019
7f40978
Revert unintentional change
diwu-arete Jun 26, 2019
b2fc302
Fix connected device test
diwu-arete Jun 26, 2019
1f2ab34
Fix connected device test
diwu-arete Jun 26, 2019
402d8b6
Merge branch 'arete-floc' of github.com:firebase/firebase-android-sdk…
diwu-arete Jun 26, 2019
ce698cf
Merge branch 'master' of github.com:firebase/firebase-android-sdk int…
diwu-arete Jul 8, 2019
0e0278e
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jul 8, 2019
9880624
1. Add a few annotations to make java code Kotlin friendly
diwu-arete Jul 8, 2019
8ffb5bb
Fix java format
diwu-arete Jul 8, 2019
daf4698
Fix API version
diwu-arete Jul 8, 2019
7985e14
Change the segmentation API implementation to synchronous and put the
diwu-arete Jul 9, 2019
9f36d35
Fix a async getResult race issue.
diwu-arete Jul 9, 2019
047c0af
OkHttpClient -> HttpsUrlConnection
diwu-arete Jul 10, 2019
8b39c31
Use gzip for compressing content and fix ourput stream memory leak risk.
diwu-arete Jul 18, 2019
dc1a63c
Addressed a few comments
diwu-arete Jul 22, 2019
b401d31
Merge branch 'master' of github.com:firebase/firebase-android-sdk int…
diwu-arete Jul 22, 2019
8ba1c9b
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jul 22, 2019
143ed74
FirebaseSegmentation SDK
diwu-arete Jul 30, 2019
e5f0cd3
Merge branch 'master' of github.com:firebase/firebase-android-sdk int…
diwu-arete Jul 30, 2019
a5250c1
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Jul 30, 2019
6daae2a
Merge branch 'master' of github.com:firebase/firebase-android-sdk int…
diwu-arete Aug 5, 2019
4d5b2de
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Aug 6, 2019
78ce7cd
Merge branch 'floc-master' of github.com:firebase/firebase-android-sd…
diwu-arete Aug 6, 2019
d467379
Restrict Firebase API key to Android app package name.
diwu-arete Aug 6, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion ...ase-segmentation/src/main/java/com/google/firebase/segmentation/FirebaseSegmentation.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@
/** Entry point of Firebase Segmentation SDK. */
public class FirebaseSegmentation {

public static final String TAG = "FirebaseSegmentation";

private final FirebaseApp firebaseApp;
private final FirebaseInstanceId firebaseInstanceId;
private final CustomInstallationIdCache localCache;
Expand All @@ -46,7 +48,7 @@ public class FirebaseSegmentation {
firebaseApp,
FirebaseInstanceId.getInstance(firebaseApp),
new CustomInstallationIdCache(firebaseApp),
new SegmentationServiceClient());
new SegmentationServiceClient(firebaseApp.getApplicationContext()));
}

FirebaseSegmentation(
Expand Down
41 changes: 41 additions & 0 deletions ...tion/src/main/java/com/google/firebase/segmentation/remote/SegmentationServiceClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,14 @@

package com.google.firebase.segmentation.remote;

import static com.google.firebase.segmentation.FirebaseSegmentation.TAG;

import android.content.Context;
import android.content.pm.PackageManager;
import android.util.Log;
import androidx.annotation.NonNull;
import com.google.android.gms.common.util.AndroidUtilsLight;
import com.google.android.gms.common.util.Hex;
import java.io.IOException;
import java.net.URL;
import java.util.zip.GZIPOutputStream;
Expand All @@ -37,6 +44,14 @@ public class SegmentationServiceClient {
private static final String JSON_CONTENT_TYPE = "application/json";
private static final String CONTENT_ENCODING_HEADER_KEY = "Content-Encoding";
private static final String GZIP_CONTENT_ENCODING = "gzip";
private static final String X_ANDROID_PACKAGE_HEADER_KEY = "X-Android-Package";
private static final String X_ANDROID_CERT_HEADER_KEY = "X-Android-Cert";

private final Context context;

public SegmentationServiceClient(@NonNull Context context) {
this.context = context;
}

public enum Code {
OK,
Expand Down Expand Up @@ -78,6 +93,9 @@ public Code updateCustomInstallationId(
"Authorization", "FIREBASE_INSTALLATIONS_AUTH " + firebaseInstanceIdToken);
httpsURLConnection.addRequestProperty(CONTENT_TYPE_HEADER_KEY, JSON_CONTENT_TYPE);
httpsURLConnection.addRequestProperty(CONTENT_ENCODING_HEADER_KEY, GZIP_CONTENT_ENCODING);
httpsURLConnection.addRequestProperty(X_ANDROID_PACKAGE_HEADER_KEY, context.getPackageName());
httpsURLConnection.addRequestProperty(
X_ANDROID_CERT_HEADER_KEY, getFingerprintHashForPackage());
GZIPOutputStream gzipOutputStream =
new GZIPOutputStream(httpsURLConnection.getOutputStream());
try {
Expand Down Expand Up @@ -143,6 +161,9 @@ public Code clearCustomInstallationId(
"Authorization", "FIREBASE_INSTALLATIONS_AUTH " + firebaseInstanceIdToken);
httpsURLConnection.addRequestProperty(CONTENT_TYPE_HEADER_KEY, JSON_CONTENT_TYPE);
httpsURLConnection.addRequestProperty(CONTENT_ENCODING_HEADER_KEY, GZIP_CONTENT_ENCODING);
httpsURLConnection.addRequestProperty(X_ANDROID_PACKAGE_HEADER_KEY, context.getPackageName());
httpsURLConnection.addRequestProperty(
X_ANDROID_CERT_HEADER_KEY, getFingerprintHashForPackage());
GZIPOutputStream gzipOutputStream =
new GZIPOutputStream(httpsURLConnection.getOutputStream());
try {
Expand Down Expand Up @@ -175,4 +196,24 @@ private static JSONObject buildClearCustomSegmentationDataRequestBody(String res
throws JSONException {
return new JSONObject().put("name", resourceName);
}

/** Gets the Android package's SHA-1 fingerprint. */
private String getFingerprintHashForPackage() {
byte[] hash;

try {
hash = AndroidUtilsLight.getPackageCertificateHashBytes(context, context.getPackageName());

if (hash == null) {
Log.e(TAG, "Could not get fingerprint hash for package: " + context.getPackageName());
return null;
} else {
String cert = Hex.bytesToStringUppercase(hash, /* zeroTerminated= */ false);
return Hex.bytesToStringUppercase(hash, /* zeroTerminated= */ false);
}
} catch (PackageManager.NameNotFoundException e) {
Log.e(TAG, "No such package: " + context.getPackageName(), e);
return null;
}
}
}