Add Signal API implementation (Provider)

Change-Id: I5284a17da9791cd64e8d7ea8befe96dd5c770e76

Author: Neelansh Sahai

CredentialProvider/MyVault/app/build.gradle.kts

@@ -17,6 +17,7 @@ plugins {
     alias(libs.plugins.android.application)
     alias(libs.plugins.jetbrains.kotlin.android)
     alias(libs.plugins.devtools.ksp)
+    alias(libs.plugins.compose.compiler)
 }
 
 android {
@@ -77,7 +78,11 @@ dependencies {
     implementation(libs.androidx.ui.graphics)
     implementation(libs.androidx.ui.tooling.preview)
     implementation(libs.androidx.material3)
+
     implementation(libs.androidx.credential.manager)
+    implementation(libs.provider.events)
+    implementation(libs.provider.events.ps)
+
     implementation(libs.androidx.room.ktx)
     implementation(libs.androidx.room.runtime)
     ksp(libs.androidx.room.compiler)

CredentialProvider/MyVault/app/src/main/AndroidManifest.xml

@@ -18,6 +18,7 @@
         xmlns:tools="http://schemas.android.com/tools">
 
     <uses-permission android:name="android.permission.INTERNET" />
+    <uses-permission android:name="android.permission.POST_NOTIFICATIONS"/>
     <application
             android:name="com.example.android.authentication.myvault.MyVaultApplication"
             android:icon="@drawable/android_secure"
@@ -105,5 +106,16 @@
                     android:name="android.credentials.provider"
                     android:resource="@xml/provider" />
         </service>
+
+        <service android:name=".data.CredentialProviderService"
+            android:enabled="true"
+            android:exported="true"
+            android:label="My Credential Provider"
+            android:icon="@drawable/android_secure">
+            <intent-filter>
+                <action android:name="android.credentials.EVENTS_SERVICE_ACTION"/>
+            </intent-filter>
+        </service>
+
     </application>
 </manifest>

CredentialProvider/MyVault/app/src/main/java/com/example/android/authentication/myvault/Constants.kt

@@ -0,0 +1,9 @@
+package com.example.android.authentication.myvault
+
+const val NOTIFICATION_CHANNEL_ID = "channel_id"
+const val NOTIFICATION_ID = 135
+const val CREDENTIAL_ID = "credentialId"
+const val USER_ID = "userId"
+const val ACCEPTED_CREDENTIAL_IDS = "allAcceptedCredentialIds"
+const val NAME = "name"
+const val DISPLAY_NAME = "displayName"

CredentialProvider/MyVault/app/src/main/java/com/example/android/authentication/myvault/NotificationUtils.kt

@@ -0,0 +1,56 @@
+package com.example.android.authentication.myvault
+
+import android.Manifest
+import android.app.NotificationChannel
+import android.app.NotificationManager
+import android.app.PendingIntent
+import android.content.ComponentName
+import android.content.Context
+import android.content.Intent
+import android.content.pm.PackageManager
+import androidx.core.app.ActivityCompat
+import androidx.core.app.NotificationCompat
+import androidx.core.app.NotificationManagerCompat
+import com.example.android.authentication.myvault.ui.MainActivity
+
+fun Context.createNotificationChannel(
+    channelName: String,
+    channelDescription: String,
+) {
+    val channel = NotificationChannel(
+        NOTIFICATION_CHANNEL_ID,
+        channelName,
+        NotificationManager.IMPORTANCE_HIGH
+    ).apply {
+        description = channelDescription
+    }
+    // Register the channel with the system.
+    val notificationManager = getSystemService(Context.NOTIFICATION_SERVICE) as NotificationManager
+    notificationManager.createNotificationChannel(channel)
+}
+
+fun Context.showNotification(
+    title: String,
+    content: String,
+) {
+    val intent = Intent(this, MainActivity::class.java)
+    val pendingIntent: PendingIntent = PendingIntent.getActivity(this, 0, intent, PendingIntent.FLAG_IMMUTABLE)
+
+    val builder = NotificationCompat.Builder(this, NOTIFICATION_CHANNEL_ID)
+        .setSmallIcon(R.drawable.android_secure)
+        .setContentTitle(title)
+        .setContentText(content)
+        .setPriority(NotificationCompat.PRIORITY_MAX)
+        .setContentIntent(pendingIntent)
+        .setAutoCancel(true)
+
+    with(NotificationManagerCompat.from(this)) {
+        if (ActivityCompat.checkSelfPermission(
+                this@showNotification,
+                Manifest.permission.POST_NOTIFICATIONS
+        ) != PackageManager.PERMISSION_GRANTED) {
+            return@with
+        }
+        notify(NOTIFICATION_ID, builder.build())
+    }
+}

CredentialProvider/MyVault/app/src/main/java/com/example/android/authentication/myvault/data/CredentialProviderService.kt

@@ -0,0 +1,106 @@
+package com.example.android.authentication.myvault.data
+
+import android.annotation.SuppressLint
+import android.util.Log
+import androidx.credentials.SignalAllAcceptedCredentialIdsRequest
+import androidx.credentials.SignalCurrentUserDetailsRequest
+import androidx.credentials.SignalUnknownCredentialRequest
+import androidx.credentials.providerevents.service.CredentialProviderEventsService
+import androidx.credentials.providerevents.signal.ProviderSignalCredentialStateCallback
+import androidx.credentials.providerevents.signal.ProviderSignalCredentialStateRequest
+import com.example.android.authentication.myvault.ACCEPTED_CREDENTIAL_IDS
+import com.example.android.authentication.myvault.AppDependencies
+import com.example.android.authentication.myvault.CREDENTIAL_ID
+import com.example.android.authentication.myvault.DISPLAY_NAME
+import com.example.android.authentication.myvault.NAME
+import com.example.android.authentication.myvault.R
+import com.example.android.authentication.myvault.USER_ID
+import com.example.android.authentication.myvault.showNotification
+import kotlinx.coroutines.runBlocking
+import org.json.JSONArray
+import org.json.JSONObject
+
+class CredentialProviderService: CredentialProviderEventsService() {
+    private val dataSource = AppDependencies.credentialsDataSource
+
+    @SuppressLint("RestrictedApi")
+    override fun onSignalCredentialStateRequest(
+        request: ProviderSignalCredentialStateRequest,
+        callback: ProviderSignalCredentialStateCallback,
+    ) {
+        when (request.callingRequest) {
+            is SignalUnknownCredentialRequest -> {
+                handleUnknownCredentialRequest(request.callingRequest.requestJson)
+                showNotification(
+                    getString(R.string.credential_deletion),
+                    getString(R.string.unknown_signal_message)
+                )
+            }
+
+            is SignalAllAcceptedCredentialIdsRequest -> {
+                handleAcceptedCredentialsRequest(request.callingRequest.requestJson)
+                showNotification(
+                    getString(R.string.credentials_list_updation),
+                    getString(R.string.all_accepted_signal_message)
+                )
+            }
+            is SignalCurrentUserDetailsRequest -> {
+                handleCurrentUserDetailRequest(request.callingRequest.requestJson)
+                showNotification(
+                    getString(R.string.user_details_updation),
+                    getString(R.string.current_user_signal_message)
+                )
+            }
+            else -> { }
+        }
+
+        callback.onSignalConsumed()
+    }
+
+    private fun handleUnknownCredentialRequest(requestJson: String) = runBlocking {
+        val credentialId = JSONObject(requestJson).getString(CREDENTIAL_ID)
+        dataSource.getPasskey(credentialId)?.let {
+            dataSource.hidePasskey(it)
+        }
+    }
+
+    private fun handleAcceptedCredentialsRequest(requestJson: String) = runBlocking {
+        val request = JSONObject(requestJson)
+        val userId = request.getString(USER_ID)
+        val listCurrentPasskeysForUser = dataSource.getPasskeyForUser(userId) ?: emptyList()
+        val listAllAcceptedCredIds = mutableListOf<String>()
+        when (val value = request.get(ACCEPTED_CREDENTIAL_IDS)) {
+            is String -> listAllAcceptedCredIds.add(value)
+            is JSONArray -> {
+                for (i in 0 until value.length()) {
+                    val item = value.get(i)
+                    if (item is String) {
+                        listAllAcceptedCredIds.add(item)
+                    }
+                }
+            }
+            else -> { /*do nothing*/ }
+        }
+
+        for (key in listCurrentPasskeysForUser) {
+            if (listAllAcceptedCredIds.contains(key.credId)) {
+                dataSource.unhidePasskey(key)
+            } else {
+                dataSource.hidePasskey(key)
+            }
+        }
+    }
+
+    private fun handleCurrentUserDetailRequest(requestJson: String) = runBlocking {
+        val request = JSONObject(requestJson)
+        val userId = request.getString(USER_ID)
+        val updatedName = request.getString(NAME)
+        val updatedDisplayName = request.getString(DISPLAY_NAME)
+        val listPasskeys = dataSource.getPasskeyForUser(userId) ?: emptyList()
+        // Update user details for each passkey
+        for (key in listPasskeys) {
+            val newPasskeyItem = key.copy(username = updatedName, displayName = updatedDisplayName)
+            dataSource.updatePasskey(newPasskeyItem)
+        }
+    }
+}

CredentialProvider/MyVault/app/src/main/java/com/example/android/authentication/myvault/data/CredentialsDataSource.kt

@@ -126,6 +126,26 @@ class CredentialsDataSource(
     fun getPasskey(credId: String): PasskeyItem? {
         return myVaultDao.getPasskey(credId)
     }
+
+    fun getPasskeyForUser(userId: String): List<PasskeyItem>? {
+        return myVaultDao.getPasskeysForUser(userId)
+    }
+
+    suspend fun hidePasskey(passkey: PasskeyItem) {
+        myVaultDao.updatePasskey(passkey.copy(hidden = true))
+    }
+
+    suspend fun unhidePasskey(passkey: PasskeyItem) {
+        myVaultDao.updatePasskey(passkey.copy(hidden = false))
+    }
+
+    fun updateListOfPasskeys() {
+
+    }
+
+    fun updateUserDetails() {
+
+    }
 }
 
 data class PasswordMetaData(

CredentialProvider/MyVault/app/src/main/java/com/example/android/authentication/myvault/data/CredentialsRepository.kt

@@ -229,34 +229,36 @@ class CredentialsRepository(
 
             val passkeys = credentials.passkeys
             for (passkey in passkeys) {
-                val data = Bundle()
-                data.putString("requestJson", option.requestJson)
-                data.putString("credId", passkey.credId)
-
-                // Create a PendingIntent to launch the activity that will handle the passkey retrieval
-                val pendingIntent = createNewPendingIntent(
-                    "",
-                    GET_PASSKEY_INTENT,
-                    data,
-                )
+                if (!passkey.hidden) {
+                    val data = Bundle()
+                    data.putString("requestJson", option.requestJson)
+                    data.putString("credId", passkey.credId)
+
+                    // Create a PendingIntent to launch the activity that will handle the passkey retrieval
+                    val pendingIntent = createNewPendingIntent(
+                        "",
+                        GET_PASSKEY_INTENT,
+                        data,
+                    )
 
-                // Create a PublicKeyCredentialEntry object to represent the passkey
-                val entryBuilder =
-                    configurePublicKeyCredentialEntryBuilder(passkey, pendingIntent, option)
+                    // Create a PublicKeyCredentialEntry object to represent the passkey
+                    val entryBuilder =
+                        configurePublicKeyCredentialEntryBuilder(passkey, pendingIntent, option)
+
+                    // Configure biometric prompt data
+                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.VANILLA_ICE_CREAM) {
+                        entryBuilder.setBiometricPromptData(
+                            BiometricPromptData(
+                                cryptoObject = null,
+                                allowedAuthenticators = allowedAuthenticator,
+                            ),
+                        )
+                    }
 
-                // Configure biometric prompt data
-                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.VANILLA_ICE_CREAM) {
-                    entryBuilder.setBiometricPromptData(
-                        BiometricPromptData(
-                            cryptoObject = null,
-                            allowedAuthenticators = allowedAuthenticator,
-                        ),
-                    )
+                    val entry = entryBuilder.build()
+                    // Add the entry to the response builder.
+                    responseBuilder.addCredentialEntry(entry)
                 }
-
-                val entry = entryBuilder.build()
-                // Add the entry to the response builder.
-                responseBuilder.addCredentialEntry(entry)
             }
         } catch (e: IOException) {
             return false

CredentialProvider/MyVault/app/src/main/java/com/example/android/authentication/myvault/data/PasskeyItem.kt

@@ -31,6 +31,7 @@ import androidx.room.PrimaryKey
  * @property credPrivateKey The private key
  * @property siteId The ID of the site
  * @property lastUsedTimeMs The last time the passkey item was used
+ * @property hidden Whether a passkey is hidden from the end user or not
  */
 @Entity(
     tableName = "passkeys",
@@ -47,4 +48,5 @@ data class PasskeyItem(
     @ColumnInfo(name = "credPrivateKey") val credPrivateKey: String,
     @ColumnInfo(name = "siteId") val siteId: Long,
     @ColumnInfo(name = "lastUsedTimeMs") val lastUsedTimeMs: Long,
+    @ColumnInfo(name = "hidden") val hidden: Boolean = false,
 )

CredentialProvider/MyVault/app/src/main/java/com/example/android/authentication/myvault/data/room/MyVaultDatabase.kt

@@ -34,7 +34,7 @@ import kotlinx.coroutines.flow.Flow
         PasswordItem::class,
         PasskeyItem::class,
     ],
-    version = 7,
+    version = 8,
 )
 abstract class MyVaultDatabase : RoomDatabase() {
     abstract fun myVaultDao(): MyVaultDao
@@ -88,4 +88,7 @@ interface MyVaultDao {
 
     @Query("SELECT * from passkeys WHERE credId = :credId")
     fun getPasskey(credId: String): PasskeyItem?
+
+    @Query("SELECT * from passkeys WHERE uid = :userId and hidden = false")
+    fun getPasskeysForUser(userId: String): List<PasskeyItem>?
 }

CredentialProvider/MyVault/app/src/main/java/com/example/android/authentication/myvault/ui/MainActivity.kt

@@ -20,12 +20,18 @@ import androidx.activity.ComponentActivity
 import androidx.activity.compose.setContent
 import androidx.activity.enableEdgeToEdge
 import androidx.core.view.WindowCompat
+import com.example.android.authentication.myvault.createNotificationChannel
 import com.example.android.authentication.myvault.ui.theme.MyVaultTheme
 
 class MainActivity : ComponentActivity() {
     override fun onCreate(savedInstanceState: Bundle?) {
         enableEdgeToEdge()
         super.onCreate(savedInstanceState)
+        createNotificationChannel(
+            "Signal API notification channel",
+            "Notification channel used for testing Signal APIs. Apps pushes a notification if a Signal from RP is received"
+        )
+
         WindowCompat.setDecorFitsSystemWindows(window, false)
         setContent {
             MyVaultTheme {