Merge branch 'gradleVersionChange2' of https://github.com/AzureAD/mic…

…rosoft-authentication-library-common-for-android into gradleVersionChange2 Pulling from msal\common to align with remote common repo
AzureAD · Feb 5, 2025 · 68e963e · 68e963e
2 parents ae351b9 + 47633e2
commit 68e963e
Show file tree

Hide file tree

Showing 107 changed files with 3,033 additions and 587 deletions.
diff --git a/README.md b/README.md
@@ -21,4 +21,4 @@ For more information see the [Code of Conduct FAQ](https://opensource.microsoft.
 contact [[email protected]](mailto:[email protected]) with any additional questions or comments.
 
 ### Android Studio Build Requirement
-Please note that this project uses [Lombok](https://projectlombok.org/) internally and while using Android Studio you will need to install [Lobmok Plugin](https://plugins.jetbrains.com/plugin/6317-lombok) to get the project to build successfully within Android Studio.
+Please note that this project uses [Lombok](https://projectlombok.org/) internally and while using Android Studio you will need to install [Lombok Plugin](https://plugins.jetbrains.com/plugin/6317-lombok) to get the project to build successfully within Android Studio.
diff --git a/azure-pipelines/pull-request-validation/build-consumers.yml b/azure-pipelines/pull-request-validation/build-consumers.yml
@@ -125,15 +125,15 @@ stages:
       displayName: Assemble msal
       inputs:
         jdkArchitecture: x64
-        jdkVersionOption: "1.11"
+        jdkVersionOption: "1.17"
         tasks: clean msal:assembleLocal
     - template: ../templates/steps/automation-cert.yml
     - task: Gradle@3
       displayName: Run msal Unit tests
       inputs:
         tasks: msal:testLocalDebugUnitTest -Plabtest -PlabSecret=$(LabVaultAppCert) -ProbolectricSdkVersion=${{variables.robolectricSdkVersion}} -PmockApiUrl=$(MOCK_API_URL)
         jdkArchitecture: x64
-        jdkVersionOption: "1.11"
+        jdkVersionOption: "1.17"
   # broker
   - job: brokerValidation
     displayName: Broker
@@ -169,13 +169,13 @@ stages:
         tasks: AADAuthenticator:clean AADAuthenticator:assembleLocal --build-cache --info
         publishJUnitResults: false
         jdkArchitecture: x64
-        jdkVersionOption: "1.11"
+        jdkVersionOption: "1.17"
     - task: Gradle@3
       displayName: Run broker Unit tests
       inputs:
         tasks: AADAuthenticator:localDebugAADAuthenticatorUnitTestCoverageReport --build-cache --info -Plabtest -PlabSecret=$(LabVaultAppCert) -ProbolectricSdkVersion=${{variables.robolectricSdkVersion}} -PpowerLiftApiKey=$(powerliftApiKey) -PcodeCoverageEnabled=true ${{variables.shouldSkipLongRunningTest}}
         jdkArchitecture: x64
-        jdkVersionOption: "1.11"
+        jdkVersionOption: "1.17"
   # Linux broker
   - job: linuxBrokerValidation
     displayName: Linux Broker
@@ -211,7 +211,7 @@ stages:
           tasks: LinuxBroker:clean LinuxBroker:assemble --build-cache --info
           publishJUnitResults: false
           jdkArchitecture: x64
-          jdkVersionOption: "1.11"
+          jdkVersionOption: "1.17"
       - task: Bash@3
         retryCountOnTaskFailure: 3
         displayName: Execute tests
@@ -264,10 +264,10 @@ stages:
       inputs:
         tasks: clean adal:assembleLocal
         jdkArchitecture: x64
-        jdkVersionOption: "1.11"
+        jdkVersionOption: "1.17"
     - task: Gradle@3
       displayName: Run adal Unit tests
       inputs:
         tasks: adal:testLocalDebugUnitTest -Plabtest -ProbolectricSdkVersion=${{variables.robolectricSdkVersion}} -PlabSecret=$(LabVaultAppCert)
         jdkArchitecture: x64
-        jdkVersionOption: "1.11"
+        jdkVersionOption: "1.17"
diff --git a/azure-pipelines/pull-request-validation/common.yml b/azure-pipelines/pull-request-validation/common.yml
@@ -38,7 +38,7 @@ jobs:
     displayName: Assemble Local
     inputs:
       javaHomeSelection: JDKVersion
-      jdkVersionOption: "1.11"
+      jdkVersionOption: "1.17"
       tasks: clean common:assembleLocal
       publishJUnitResults: false
       jdkArchitecture: x64
@@ -48,14 +48,14 @@ jobs:
     displayName: Run Unit tests
     inputs:
       javaHomeSelection: JDKVersion
-      jdkVersionOption: "1.11"
+      jdkVersionOption: "1.17"
       tasks: common:testLocalDebugUnitTest -PlabSecret=$(LabVaultAppCert) -PmockApiUrl=$(MOCK_API_URL) 
   - task: Gradle@3
     displayName: Check Dependencies size
     condition: eq(variables['system.pullRequest.targetBranch'], 'dev')
     inputs:
       tasks: common:dependenciesSizeCheck -PdependenciesSizeCheckConfig=distReleaseRuntimeClasspath
-      jdkVersionOption: "1.11"
+      jdkVersionOption: "1.17"
 
 - job: spotbugs
   displayName: SpotBugs
@@ -68,6 +68,7 @@ jobs:
   - template: ../templates/steps/spotbugs.yml
     parameters:
       project: common
+
 - job: lint
   displayName: Lint
   cancelTimeoutInMinutes: 1
@@ -87,5 +88,5 @@ jobs:
       tasks: clean common:lintLocalDebug
       publishJUnitResults: false
       javaHomeSelection: JDKVersion
-      jdkVersionOption: "1.11"
+      jdkVersionOption: "1.17"
 ...
diff --git a/azure-pipelines/templates/steps/spotbugs.yml b/azure-pipelines/templates/steps/spotbugs.yml
@@ -16,7 +16,7 @@ steps:
   displayName: 'Run Spotbugs'
   inputs:
     javaHomeSelection: JDKVersion
-    jdkVersionOption: "1.11"
+    jdkVersionOption: "1.17"
     jdkArchitecture: x64
     cwd: ${{ parameters.cwd }}
     tasks: ${{ parameters.project }}:${{ parameters.spotbugsCommand }}

diff --git a/changelog.txt b/changelog.txt
@@ -1,9 +1,33 @@
 vNext
 ----------
-- [MINOR] Add suberror for network errors (#2537)
+- [MINOR] changed AGP version from 7.4.2 to 8.1.1 (#2584)
+- [PATCH] Fix Sign in Async method for sign in with google (#2583)
+- [MINOR] Add server client id to SignInWithGoogleParameters (#2581)
+- [MAJOR] Pass google id token to broker for enabling Sign in with Google (#2573)
+- [MINOR] Organize browser selection classes and change signature for get AuthorizationStrategy (#2564)
+- [MINOR] Add support for OneBox Environment (#2559)
+- [MINOR] Add support for claims requests for native authentication (#2572)
+- [MINOR] Removing unnecessary attributes from keystore wrap operation (#2578)
+
+Version 19.0.1
+----------
+(common4j 16.0.1)
+- [PATCH] Span name added for corruption exception (#2574)
+
+Version 19.0.0
+----------
+(common4j 16.0.0)
+- [MINOR] Add Sign in With Google component for MSA federation (#2551)
+- [MINOR] Add SDMBroadcastReceiver for applications to register callbacks for SDM broadcasts (#2547)
+- [MINOR] Add switch_browser toMicrosoftStsAuthorizationRequest (#2550)
+- [MAJOR] Add suberror for network errors (#2537)
 - [PATCH] Translate MFA token error to UIRequiredException instead of ServiceException (#2538)
 - [MINOR] Add Child Spans for Interactive Span (#2516)
 - [MINOR] For MSAL CPP flows, match exact claims when deleting AT with intersecting scopes (#2548)
+- [MINOR] Replace Deprecated Keystore API for Android 28+ (#2558)
+- [MINOR] Managed profile Android util method (#2561)
+- [PATCH] Make userHandle response field optional (#2560)
+- [MINOR] Nonce redirect changes (#2552)
 
 Version 18.2.2
 ----------

diff --git a/common-java-root/gradle.properties b/common-java-root/gradle.properties
@@ -10,7 +10,8 @@ org.gradle.daemon=true
 
 # See https://stackoverflow.com/questions/56075455/expiring-daemon-because-jvm-heap-space-is-exhausted
 # we must make sure that the total size is <7G, as that's the RAM size of VM on the build pipeline.
-org.gradle.jvmargs=-Xmx2048m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError
+#org.gradle.jvmargs=-Xmx2048m -XX:MaxPermSize=512m -XX:+HeapDumpOnOutOfMemoryError
+org.gradle.jvmargs=-Xmx2048m -XX:MaxMetaspaceSize=512m -XX:+HeapDumpOnOutOfMemoryError
 
 # This the TSL versionName...
 versionName=1.5.9

diff --git a/common-java-root/gradle/wrapper/gradle-wrapper.properties b/common-java-root/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,7 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-bin.zip
+#distributionUrl=https\://services.gradle.org/distributions/gradle-7.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.1-all.zip
+
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/common/build.gradle b/common/build.gradle
@@ -61,7 +61,10 @@ android {
         buildConfigField("boolean", "trustDebugBrokerFlag", "$trustDebugBrokerFlag")
         buildConfigField("boolean", "bypassRedirectUriCheck", "$bypassRedirectUriCheck")
     }
-
+    buildFeatures {
+        buildConfig = true
+        aidl = true
+    }
     buildTypes {
         debug {
             testCoverageEnabled enableCodeCoverage
@@ -118,6 +121,7 @@ android {
     sourceSets {
         main {
             manifest.srcFile 'src/main/AndroidManifest.xml'
+            aidl.srcDirs = ['src/main/aidl']
 
             // Also load source from common-java
             java.srcDirs = ['src/main/java', 'src/main/kotlin']
@@ -170,6 +174,7 @@ dependencies {
     //needed for credentials support from play services, for devices running
     implementation "androidx.credentials:credentials-play-services-auth:$rootProject.ext.AndroidCredentialsVersion"
     implementation "com.google.android.gms:play-services-fido:$rootProject.ext.LegacyFidoApiVersion"
+    implementation "com.google.android.libraries.identity.googleid:googleid:$rootProject.ext.GoogleIdVersion"
 
     constraints {
         implementation ("com.squareup.okio:okio:3.4.0") {
@@ -239,15 +244,16 @@ android.libraryVariants.all { variant ->
 // Create tasks to generate javadoc jar
 android.libraryVariants.all { variant ->
     task("${variant.name}JavadocJar", type: Jar, dependsOn: "${variant.name}Javadoc") {
-        classifier 'javadoc'
+        archiveClassifier.set('javadoc')
         from tasks["${variant.name}Javadoc"].destinationDir
     }
 }
 
 
 tasks.register('sourcesJar', Jar) {
     from android.sourceSets.main.java.srcDirs
-    classifier 'sources'
+//    classifier 'sources'
+    archiveClassifier.set('sources')
     destinationDirectory = reporting.file("$project.buildDir/outputs/jar/")
 }
 
@@ -283,8 +289,8 @@ tasks.register('pmd', Pmd) {
     source = fileTree('src/main/java')
 
     reports {
-        xml.enabled = false
-        html.enabled = true
+        xml.required = false
+        html.required = true
     }
 }
 

diff --git a/...oidTest/java/com/microsoft/identity/common/internal/broker/SDMBroadcastReceiverTests.java b/...oidTest/java/com/microsoft/identity/common/internal/broker/SDMBroadcastReceiverTests.java
@@ -0,0 +1,78 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.broker;
+
+import android.content.Intent;
+
+import androidx.test.core.app.ApplicationProvider;
+
+import com.microsoft.identity.common.java.constants.SharedDeviceModeConstants;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
+
+@RunWith(JUnit4.class)
+public class SDMBroadcastReceiverTests {
+
+    String actualCallbackReceived;
+
+    @Before
+    public void setup() {
+        SDMBroadcastReceiver.initialize(ApplicationProvider.getApplicationContext(), new SDMBroadcastReceiver.SharedDeviceModeCallback() {
+            @Override
+            public void onSharedDeviceModeRegistrationStarted() {
+                actualCallbackReceived = SharedDeviceModeConstants.BROADCAST_TYPE_SDM_REGISTRATION_START;
+            }
+
+            @Override
+            public void onSharedDeviceModeRegistered() {
+                actualCallbackReceived = SharedDeviceModeConstants.BROADCAST_TYPE_SDM_REGISTERED;
+            }
+
+            @Override
+            public void onGlobalSignOut() {
+                actualCallbackReceived = SharedDeviceModeConstants.BROADCAST_TYPE_GLOBAL_SIGN_OUT;
+            }
+        });
+    }
+    @Test
+    public void testSDMBroadcast() throws InterruptedException {
+        sendBroadcast(SharedDeviceModeConstants.BROADCAST_TYPE_SDM_REGISTRATION_START);
+        Thread.sleep(100);
+        Assert.assertEquals(SharedDeviceModeConstants.BROADCAST_TYPE_SDM_REGISTRATION_START, actualCallbackReceived);
+
+        sendBroadcast(SharedDeviceModeConstants.BROADCAST_TYPE_GLOBAL_SIGN_OUT);
+        Thread.sleep(100);
+        Assert.assertEquals(SharedDeviceModeConstants.BROADCAST_TYPE_GLOBAL_SIGN_OUT, actualCallbackReceived);
+    }
+
+    private void sendBroadcast(String broadcastType) {
+        final Intent intent = new Intent();
+        intent.setAction(SharedDeviceModeConstants.CURRENT_ACCOUNT_CHANGED_BROADCAST_IDENTIFIER);
+        intent.putExtra(SharedDeviceModeConstants.BROADCAST_TYPE_KEY, broadcastType);
+        ApplicationProvider.getApplicationContext().sendBroadcast(intent);
+    }
+}
diff --git a/...on/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java b/...on/src/main/java/com/microsoft/identity/common/adal/internal/AuthenticationConstants.java
@@ -605,7 +605,7 @@ public static final class Broker {
          *
          * @see <a href="https://identitydivision.visualstudio.com/DevEx/_git/AuthLibrariesApiReview?path=/%5BAndroid%5D%20Broker%20API/broker_protocol_versions.md">Android Auth Broker Protocol Versions</a>
          */
-        public static final String LATEST_MSAL_TO_BROKER_PROTOCOL_VERSION_CODE = "16.0";
+        public static final String LATEST_MSAL_TO_BROKER_PROTOCOL_VERSION_CODE = "17.0";
 
         /**
          * The maximum msal-to-broker protocol version known by clients such as MSAL Android.
@@ -1218,6 +1218,8 @@ public static String computeMaxHostBrokerProtocol() {
          */
         public static final String COMPANY_PORTAL_APP_LAUNCH_ACTIVITY_NAME = Broker.COMPANY_PORTAL_APP_PACKAGE_NAME + ".views.SplashActivity";
 
+        public static final String SSO_NONCE_PARAMETER = "sso_nonce";
+
         /**
          * PRT nonce.
          */

diff --git a/.../main/java/com/microsoft/identity/common/components/AndroidPlatformComponentsFactory.java b/.../main/java/com/microsoft/identity/common/components/AndroidPlatformComponentsFactory.java
@@ -35,6 +35,7 @@
 import com.microsoft.identity.common.internal.platform.AndroidPlatformUtil;
 import com.microsoft.identity.common.internal.providers.oauth2.AndroidTaskStateGenerator;
 import com.microsoft.identity.common.internal.ui.AndroidAuthorizationStrategyFactory;
+import com.microsoft.identity.common.internal.ui.browser.AndroidBrowserSelector;
 import com.microsoft.identity.common.java.WarningType;
 import com.microsoft.identity.common.java.interfaces.IPlatformComponents;
 import com.microsoft.identity.common.java.interfaces.PlatformComponents;
@@ -127,14 +128,16 @@ public static void fillBuilderWithBasicImplementations(
                 .storageSupplier(new AndroidStorageSupplier(context,
                         new AndroidAuthSdkStorageEncryptionManager(context)))
                 .platformUtil(new AndroidPlatformUtil(context, activity))
-                .httpClientWrapper(new DefaultHttpClientWrapper());
+                .httpClientWrapper(new DefaultHttpClientWrapper())
+                .browserSelector(new AndroidBrowserSelector(context));
 
         if (activity != null){
             builder.authorizationStrategyFactory(
                             AndroidAuthorizationStrategyFactory.builder()
                                     .context(activity.getApplicationContext())
                                     .activity(activity)
                                     .fragment(fragment)
+                                    .browserSelector(new AndroidBrowserSelector(context))
                                     .build())
                     .stateGenerator(new AndroidTaskStateGenerator(activity.getTaskId()));
         }

diff --git a/common/src/main/java/com/microsoft/identity/common/crypto/AndroidWrappedKeyLoader.java b/common/src/main/java/com/microsoft/identity/common/crypto/AndroidWrappedKeyLoader.java
@@ -26,6 +26,8 @@
 import android.content.Context;
 import android.os.Build;
 import android.security.KeyPairGeneratorSpec;
+import android.security.keystore.KeyGenParameterSpec;
+import android.security.keystore.KeyProperties;
 
 import androidx.annotation.RequiresApi;
 
@@ -269,12 +271,13 @@ public void deleteSecretKeyFromStorage() throws ClientException {
     /**
      * Generate a self-signed cert and derive an AlgorithmParameterSpec from that.
      * This is for the key to be generated in {@link KeyStore} via {@link KeyPairGenerator}
+     * Note : This is now only for API level < 28
      *
      * @param context an Android {@link Context} object.
      * @return a {@link AlgorithmParameterSpec} for the keystore key (that we'll use to wrap the secret key).
      */
     @RequiresApi(api = Build.VERSION_CODES.JELLY_BEAN_MR2)
-    private static AlgorithmParameterSpec getSpecForKeyStoreKey(@NonNull final Context context,
+    private static AlgorithmParameterSpec getLegacySpecForKeyStoreKey(@NonNull final Context context,
                                                                 @NonNull final String alias) {
         // Generate a self-signed cert.
         final String certInfo = String.format(Locale.ROOT, "CN=%s, OU=%s",
@@ -295,6 +298,27 @@ private static AlgorithmParameterSpec getSpecForKeyStoreKey(@NonNull final Conte
                 .build();
     }
 
+    /**
+     * Generate a self-signed cert and derive an AlgorithmParameterSpec from that.
+     * This is for the key to be generated in {@link KeyStore} via {@link KeyPairGenerator}
+     *
+     * @param context an Android {@link Context} object.
+     * @return a {@link AlgorithmParameterSpec} for the keystore key (that we'll use to wrap the secret key).
+     */
+    private static AlgorithmParameterSpec getSpecForKeyStoreKey(@NonNull final Context context, @NonNull final String alias) {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.P) {
+            return getLegacySpecForKeyStoreKey(context, alias);
+        } else {
+            int purposes = KeyProperties.PURPOSE_WRAP_KEY  | KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT;
+            return new KeyGenParameterSpec.Builder(alias, purposes)
+                    .setKeySize(2048)
+                    .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
+                    .setBlockModes(KeyProperties.BLOCK_MODE_ECB) // Ensure compatibility with RSA
+                    .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
+                    .build();
+        }
+    }
+
     /**
      * Get the file that stores the wrapped key.
      */