[updates] Merge remote-tracking branch 'origin/feature/google-play-in…

…tegrity' into feature/updates # Conflicts: # gradle.properties
dreipol · Jun 19, 2023 · 7d03e1c · 7d03e1c
2 parents d5674f3 + 7c2c772
commit 7d03e1c
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -44,7 +44,8 @@ implementation("ch.dreipol.dreiattest.multiplatform:multiplatform-android:<versi
 The library uses the `AttestationProvider` - interface to wrap the actual google or apple device attestation services.
 
 #### Android
-For android dreiattest is using SafetyNet for your device attestation. To use this service you need to create an api key, which is described [here](https://developer.android.com/training/safetynet/attestation#obtain-api-key).
+For android dreiattest is using Play Integrity API for your device attestation. 
+To use this service you need to activate Integrity API as described [here](https://developer.android.com/google/play/integrity/setup).
 
 ### `DreiAttestService`
 To use the `DreiAttestService` create a new instance and call the `initWith` - function, as follows:

diff --git a/gradle.properties b/gradle.properties
@@ -33,7 +33,7 @@ versions_kermit=1.2.2
 versions_mpf_settings=1.0.0-RC
 
 #android
-versions_safety_net=18.0.1
+versions_play_integrity=1.1.0
 versions_play_services_coroutines=1.6.4
 
 #iOS
diff --git a/multiplatform/build.gradle b/multiplatform/build.gradle
@@ -44,7 +44,7 @@ kotlin {
     }
 
     sourceSets["androidMain"].dependencies {
-        implementation "com.google.android.gms:play-services-safetynet:$versions_safety_net"
+        implementation "com.google.android.play:integrity:$versions_play_integrity"
         implementation "org.jetbrains.kotlinx:kotlinx-coroutines-play-services:$versions_play_services_coroutines"
         implementation("io.ktor:ktor-client-android:$versions_ktor")
     }

diff --git a/...m/src/androidMain/kotlin/ch/dreipol/dreiattest/multiplatform/GoogleAttestationProvider.kt b/...m/src/androidMain/kotlin/ch/dreipol/dreiattest/multiplatform/GoogleAttestationProvider.kt
@@ -1,24 +1,30 @@
 package ch.dreipol.dreiattest.multiplatform
 
 import android.content.Context
+import android.util.Base64
 import ch.dreipol.dreiattest.multiplatform.api.dto.Attestation
 import ch.dreipol.dreiattest.multiplatform.utils.DeviceSystemInfo
 import ch.dreipol.dreiattest.multiplatform.utils.Hash
 import ch.dreipol.dreiattest.multiplatform.utils.SystemInfo
-import com.google.android.gms.common.ConnectionResult
-import com.google.android.gms.common.GoogleApiAvailability
-import com.google.android.gms.safetynet.SafetyNet
+import com.google.android.play.core.integrity.IntegrityManagerFactory
+import com.google.android.play.core.integrity.IntegrityTokenRequest
 import kotlinx.coroutines.tasks.await
 
-internal const val platformDriver = "google"
+internal const val platformDriver = "google_play_integrity_api"
 
-public class GoogleAttestationProvider(private val context: Context, private val apiKey: String) : AttestationProvider {
+class GoogleAttestationProvider(private val context: Context, private val cloudProjectNumber: Long? = null) : AttestationProvider {
+    private val integrityManager by lazy {
+        IntegrityManagerFactory.create(context)
+    }
     override val systemInfo: SystemInfo = DeviceSystemInfo(context)
-    override val isSupported: Boolean =
-        GoogleApiAvailability.getInstance().isGooglePlayServicesAvailable(context) == ConnectionResult.SUCCESS
+    override val isSupported: Boolean = true
+
 
-    public override suspend fun getAttestation(nonce: Hash, publicKey: String): Attestation {
-        val deviceAttestation = SafetyNet.getClient(context).attest(nonce, apiKey).await().jwsResult!!
+    override suspend fun getAttestation(nonce: Hash, publicKey: String): Attestation {
+        val requestBuilder = IntegrityTokenRequest.builder()
+            .setNonce(Base64.encodeToString(nonce, Base64.URL_SAFE or Base64.NO_WRAP))
+        cloudProjectNumber?.let { requestBuilder.setCloudProjectNumber(it) }
+        val deviceAttestation = integrityManager.requestIntegrityToken(requestBuilder.build()).await().token()
         return Attestation(publicKey = publicKey, attestation = deviceAttestation, driver = platformDriver)
     }
 }
diff --git a/multiplatform/src/commonMain/kotlin/ch/dreipol/dreiattest/multiplatform/DreiAttestService.kt b/multiplatform/src/commonMain/kotlin/ch/dreipol/dreiattest/multiplatform/DreiAttestService.kt
@@ -74,8 +74,8 @@ public class DreiAttestService(private val keystore: Keystore = DeviceKeystore()
                 val signatureNonce = middlewareAPI.getNonce(uid).trim('"')
                 val publicKey = CryptoUtils.encodeToBase64(keystore.generateNewKeyPair(uid))
                 val nonce = CryptoUtils.hashSHA256((uid + publicKey + signatureNonce).toByteArray(Charsets.UTF_8))
-                val attestation = sessionConfiguration.deviceAttestationProvider.getAttestation(nonce, publicKey)
                 try {
+                    val attestation = sessionConfiguration.deviceAttestationProvider.getAttestation(nonce, publicKey)
                     middlewareAPI.setKey(attestation, uid, signatureNonce)
                 } catch (t: Throwable) {
                     keystore.deleteKeyPair(uid)