ThingsLoaderThunk.java

/***
 Copyright (c) 2016 CommonsWare, LLC
 Licensed under the Apache License, Version 2.0 (the "License"); you may not
 use this file except in compliance with the License. You may obtain a copy
 of the License at http://www.apache.org/licenses/LICENSE-2.0. Unless required
 by applicable law or agreed to in writing, software distributed under the
 License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
 OF ANY KIND, either express or implied. See the License for the specific
 language governing permissions and limitations under the License.

 Covered in detail in the book _The Busy Coder's Guide to Android Development_
 https://commonsware.com/Android
 */

package com.commonsware.android.dyncode;

import android.content.Context;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.net.Uri;
import android.os.Build;
import com.commonsware.android.dyncode.api.Thing;
import com.commonsware.android.dyncode.api.ThingsLoader;
import com.commonsware.cwac.netsecurity.TrustManagerBuilder;
import com.commonsware.cwac.security.ZipUtils;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import dalvik.system.DexClassLoader;

class ThingsLoaderThunk implements ThingsLoader {
  interface Callback {
    void onError(String message, Exception e);
  }

  final private Executor executor=Executors.newSingleThreadExecutor();
  final private File apkPath;
  final private File cachePath;
  final private String classname;
  final private Callback cb;
  final private TrustManagerBuilder tmb;
  final private URL url;
  final private List<Signature> ownSigs;
  final private PackageManager pm;
  private ThingsLoader extImpl;

  ThingsLoaderThunk(Context ctxt, String url,
                    String classname, Callback cb)
    throws MalformedURLException,
    PackageManager.NameNotFoundException {
    this.classname=classname;
    this.cb=cb;

    pm=ctxt.getPackageManager();
    ownSigs=
      Arrays.asList(pm
        .getPackageInfo(ctxt.getPackageName(), PackageManager.GET_SIGNATURES)
        .signatures);

    this.url=new URL(BuildConfig.EXTENSION_URL);

    tmb=new TrustManagerBuilder().withConfig(ctxt,
      R.xml.extension_server);

    String basename=Uri.parse(url).getLastPathSegment();

    apkPath=new File(ctxt.getCacheDir(), basename);
    cachePath=new File(ctxt.getCacheDir(),
      UUID.randomUUID().toString());

    cachePath.mkdirs();
  }

  @Override
  public void startAsyncLoad() {
    if (extImpl==null) {
      executor.execute(new Runnable() {
        @Override
        public void run() {
          if (!apkPath.exists()) {
            try {
              downloadExtension();
            }
            catch (Exception e) {
              reset();

              if (cb!=null) {
                cb.onError("exception in HTTP", e);
              }
            }
          }

          try {
            loadThunk();
            extImpl.startAsyncLoad();
          }
          catch (Exception e) {
            reset();

            if (cb!=null) {
              cb.onError("exception in loadThunk()/startAsyncLoad()",
                e);
            }
          }
        }
      });
    }
    else {
      extImpl.startAsyncLoad();
    }
  }

  @Override
  public List<Thing> getThings() {
    if (extImpl==null) {
      return(null);
    }

    return(extImpl.getThings());
  }

  void reset() {
    extImpl=null;
    ZipUtils.delete(apkPath);
    ZipUtils.delete(cachePath);
  }

  private void loadThunk()
    throws ClassNotFoundException, IllegalAccessException,
    InstantiationException {
    DexClassLoader dcl=
      new DexClassLoader(apkPath.getAbsolutePath(),
        cachePath.getAbsolutePath(), null,
        getClass().getClassLoader());
    Class<ThingsLoader> clazz=
      (Class<ThingsLoader>)dcl.loadClass(classname);

    extImpl=clazz.newInstance();
  }

  private void downloadExtension() throws Exception {
    HttpURLConnection c=
      (HttpURLConnection)url.openConnection();

    tmb.applyTo(c);

    FileOutputStream fos=
      new FileOutputStream(apkPath.getPath());
    BufferedOutputStream out=new BufferedOutputStream(fos);

    try {
      InputStream in=c.getInputStream();
      byte[] buffer=new byte[8192];
      int len;

      while ((len=in.read(buffer))>=0) {
        out.write(buffer, 0, len);
      }

      out.flush();
    }
    finally {
      try {
        fos.getFD().sync();
        out.close();
      }
      finally {
        c.disconnect();
      }
    }

    validateApk(apkPath);
  }

  private void validateApk(File apkPath) {
    if (Build.VERSION.SDK_INT>=Build.VERSION_CODES.LOLLIPOP) {
      try {
        Signature[] fileSigs=getApkSignatures(apkPath);

        if (fileSigs.length!=ownSigs.size()) {
          throw new IllegalStateException(
            "Extension signatures do not match APK signatures");
        }

        for (Signature sig : fileSigs) {
          if (!ownSigs.contains(sig)) {
            throw new IllegalStateException(
              "Extension signatures do not match APK signatures");
          }
        }
      }
      catch (Exception e) {
        throw new IllegalStateException(
          "Could not validate extension APK", e);
      }
    }
  }

  private Signature[] getApkSignatures(File apkPath) {
    PackageInfo info=
      pm.getPackageArchiveInfo(apkPath.getAbsolutePath(),
        PackageManager.GET_SIGNATURES);

    if (info==null) {
      throw new IllegalStateException("Extension APK could not be parsed");
    }

    return(info.signatures);
  }
}