Google Git
Sign in
android / platform / developers / samples / android / 1a7021e^! / .
commit1a7021ee349d79391591941ce246f0cb6482c4fb[log] [tgz]
authorFelipe Leme <felipeal@google.com>Mon Sep 25 16:38:09 2017 -0700
committerFelipe Leme <felipeal@google.com>Mon Sep 25 16:38:38 2017 -0700
treed0a67ff6719057dd2c97d54d4c6347f535139497
parent096f7d8cd0295dda1a2f63f250ca9227caa07bc0 [diff]
Uses canonical web domain when validating DAL.

Test: manual verification
Bug: 66900717

Change-Id: Id90d758c59d7997747af8a4ddc4b501e29e44704

diff --git a/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java b/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java
index 3d13b6d..795d369 100644
--- a/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java
+++ b/input/autofill/AutofillFramework/Application/src/main/java/com/example/android/autofillframework/multidatasetservice/SecurityHelper.java

@@ -22,6 +22,8 @@
 import android.os.AsyncTask;
 import android.util.Log;
 
+import com.google.common.net.InternetDomainName;
+
 import org.json.JSONObject;
 
 import java.io.BufferedReader;
@@ -115,17 +117,25 @@
         return isValid;
     }
 
+    public static String getCanonicalDomain(String domain) {
+        InternetDomainName idn = InternetDomainName.from(domain);
+        while (idn != null && !idn.isTopPrivateDomain()) {
+            idn = idn.parent();
+        }
+        return idn == null ? null : idn.toString();
+    }
 
     public static boolean isValid(String webDomain, String packageName, String fingerprint) {
-        if (DEBUG) Log.d(TAG, "validating domain " + webDomain + " for pkg " + packageName
-                + " and fingerprint " + fingerprint );
+        String canonicalDomain = getCanonicalDomain(webDomain);
+        if (DEBUG) Log.d(TAG, "validating domain " + canonicalDomain + " (" + webDomain
+                + ") for pkg " + packageName + " and fingerprint " + fingerprint );
         final String fullDomain;
         if (!webDomain.startsWith("http:") && !webDomain.startsWith("https:") ) {
             // Unfortunately AssistStructure.ViewNode does not tell what the domain is, so let's
             // assume it's https
-            fullDomain = "https://" + webDomain;
+            fullDomain = "https://" + canonicalDomain;
         } else {
-            fullDomain = webDomain;
+            fullDomain = canonicalDomain;
         }
 
         // TODO: use the DAL Java API or a better REST alternative like Volley