Merge branch 'dev' into fadi/lab-migrate

Author: fadidurah

changelog.txt

@@ -1,11 +1,14 @@
 vNext
 ----------
+- [MINOR] Add AIDL interface for device registration service.(#2926)
 - [MINOR] Move debugIntuneCE and prodIntuneCE from BrokerData to AppRegistry as App instances (#3012)
 - [MINOR] Remove LruCache from SharedPreferencesFileManager (#2910)
 - [MINOR] Edge TB: Claims (#2925)
 - [PATCH] Update Moshi to 1.15.2 to resolve okio CVE-2023-3635 vulnerability (#3005)
+- [MINOR] Edge TB: PoP support (#3006)
 - [MINOR] Handle target="_blank" links in authorization WebView (#3010)
 - [MINOR] Handle openid-vc urls in webview (#3013)
+- [MINOR] Add WebView file upload support (#3022)
 
 Version 24.0.1
 ----------

common/src/main/aidl/com/microsoft/identity/client/IDeviceRegistrationService.aidl

@@ -0,0 +1,38 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.client;
+
+/**
+* AIDL interface for the device registration bound service exposed by the broker.
+* Client applications (such as Authenticator or CP) call into this service to execute device registration operations
+* when the content provider strategy is not available. The implementation of this service resides in the broker app.
+*/
+interface IDeviceRegistrationService {
+    /**
+     * Executes a device registration protocol with the broker.
+     *
+     * @param protocolParams Bundle containing device registration protocol parameters
+     * @return Bundle containing the protocol response from the broker
+     */
+    Bundle executeDeviceRegistrationProtocol(in Bundle protocolParams);
+}

common/src/main/java/com/microsoft/identity/common/internal/broker/BoundServiceClient.java

@@ -67,14 +67,14 @@ public abstract class BoundServiceClient<T extends IInterface> {
     /**
      * Perform the given operation with the given .aidl {@link IInterface}
      */
-    abstract @Nullable Bundle performOperationInternal(@NonNull final BrokerOperationBundle inputBundle,
-                                                       @NonNull final T aidlInterface) throws RemoteException, BrokerCommunicationException;
+    protected abstract @Nullable Bundle performOperationInternal(@NonNull final BrokerOperationBundle inputBundle,
+                                                                 @NonNull final T aidlInterface) throws RemoteException, BrokerCommunicationException;
 
     /**
      * Extracts {@link IInterface} from a given {@link IBinder}
      * i.e. T.Stub.asInterface(binder), where T is an .aidl {@link IInterface}.
      */
-    abstract @NonNull T getInterfaceFromIBinder(@NonNull final IBinder binder);
+    protected abstract @NonNull T getInterfaceFromIBinder(@NonNull final IBinder binder);
 
     /**
      * BoundServiceClient's constructor.

common/src/main/java/com/microsoft/identity/common/internal/broker/MicrosoftAuthClient.java

@@ -75,7 +75,8 @@ public MicrosoftAuthClient(@NonNull final Context context,
     }
 
     @Override
-    @Nullable Bundle performOperationInternal(@NonNull final BrokerOperationBundle brokerOperationBundle,
+    @Nullable
+    protected Bundle performOperationInternal(@NonNull final BrokerOperationBundle brokerOperationBundle,
                                               @NonNull final IMicrosoftAuthService microsoftAuthService)
             throws RemoteException, BrokerCommunicationException {
 
@@ -129,7 +130,7 @@ public MicrosoftAuthClient(@NonNull final Context context,
     }
 
     @Override
-    @NonNull IMicrosoftAuthService getInterfaceFromIBinder(@NonNull IBinder binder) {
+    @NonNull protected IMicrosoftAuthService getInterfaceFromIBinder(@NonNull IBinder binder) {
         final IMicrosoftAuthService service = IMicrosoftAuthService.Stub.asInterface(binder);
         if (service == null) {
             throw new IllegalStateException("Failed to extract IMicrosoftAuthService from IBinder.", null);

common/src/main/java/com/microsoft/identity/common/internal/broker/ipc/DeviceRegistrationServiceClient.kt

@@ -0,0 +1,71 @@
+// Copyright (c) Microsoft Corporation.
+// All rights reserved.
+//
+// This code is licensed under the MIT License.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files(the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions :
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+// THE SOFTWARE.
+package com.microsoft.identity.common.internal.broker.ipc
+
+import android.content.Context
+import android.os.Bundle
+import android.os.IBinder
+import com.microsoft.identity.client.IDeviceRegistrationService
+import com.microsoft.identity.common.internal.broker.BoundServiceClient
+
+/**
+ * A client for communicating with the DeviceRegistrationService via IPC.
+ * This client binds to the service and allows executing device registration protocol operations with the broker.
+ *
+ * @param context the application context used to bind to the service.
+ */
+class DeviceRegistrationServiceClient(context: Context) :
+    BoundServiceClient<IDeviceRegistrationService>(
+        context,
+        SERVICE_CLASS_NAME,
+        SERVICE_INTENT_FILTER
+    ) {
+    companion object {
+        /** The fully qualified class name of the DeviceRegistrationService to bind to. */
+        private const val SERVICE_CLASS_NAME = "com.microsoft.identity.client.DeviceRegistrationService"
+
+        /** The intent filter used to identify the DeviceRegistrationService. */
+        private const val SERVICE_INTENT_FILTER = "com.microsoft.identity.client.DeviceRegistration"
+    }
+
+    /**
+     * Extracts the [IDeviceRegistrationService] AIDL interface from the given [IBinder].
+     *
+     * @param binder the [IBinder] returned by the service connection.
+     * @return the [IDeviceRegistrationService] interface for communicating with the service.
+     */
+    protected override fun getInterfaceFromIBinder(binder: IBinder): IDeviceRegistrationService =
+        IDeviceRegistrationService.Stub.asInterface(binder)
+
+    /**
+     * Executes the device registration protocol operation by delegating to the AIDL interface.
+     *
+     * @param inputBundle the [BrokerOperationBundle] containing the operation parameters.
+     * @param aidlInterface the [IDeviceRegistrationService] AIDL interface bound to the service.
+     * @return a [Bundle] containing the result of the device registration protocol, or null if no result.
+     */
+    protected override fun performOperationInternal(
+        inputBundle: BrokerOperationBundle,
+        aidlInterface: IDeviceRegistrationService
+    ): Bundle? = aidlInterface.executeDeviceRegistrationProtocol(inputBundle.bundle)
+}

common/src/main/java/com/microsoft/identity/common/internal/providers/oauth2/WebViewAuthorizationFragment.java

@@ -46,6 +46,7 @@
 import android.view.View;
 import android.view.ViewGroup;
 import android.webkit.PermissionRequest;
+import android.webkit.ValueCallback;
 import android.webkit.WebChromeClient;
 import android.webkit.WebResourceRequest;
 import android.webkit.WebSettings;
@@ -54,6 +55,7 @@
 import android.widget.ProgressBar;
 
 import androidx.activity.result.ActivityResultLauncher;
+import androidx.activity.result.contract.ActivityResultContracts;
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 import androidx.annotation.VisibleForTesting;
@@ -139,6 +141,19 @@ public class WebViewAuthorizationFragment extends AuthorizationFragment {
 
     private final CameraPermissionRequestHandler mCameraPermissionRequestHandler = new CameraPermissionRequestHandler(this);
 
+    /**
+     * Callback for file chooser requests from the WebView.
+     * This is set when {@link WebChromeClient#onShowFileChooser} is invoked and
+     * must be called back with the selected file URI(s) or null if cancelled.
+     */
+    private ValueCallback<Uri[]> mFileUploadCallback;
+
+    /**
+     * Launcher for the file chooser activity, registered in {@link #onCreate}.
+     * Handles the result of the file selection and passes it back to the WebView.
+     */
+    private ActivityResultLauncher<Intent> mFileChooserLauncher;
+
     // This is used by LegacyFido2ApiManager to launch a PendingIntent received by the legacy API.
     private ActivityResultLauncher<LegacyFido2ApiObject> mFidoLauncher;
     // This is used by the switch browser protocol to handle the resume of the flow.
@@ -158,6 +173,39 @@ public void onCreate(@Nullable Bundle savedInstanceState) {
             WebViewUtil.setDataDirectorySuffix(activity.getApplicationContext());
         }
 
+        // Register file chooser launcher for WebView file upload support.
+        if (CommonFlightsManager.INSTANCE.getFlightsProvider().isFlightEnabled(CommonFlight.ENABLE_WEBVIEW_FILE_UPLOAD)) {
+            mFileChooserLauncher = registerForActivityResult(
+                    new ActivityResultContracts.StartActivityForResult(),
+                    result -> {
+                        if (mFileUploadCallback == null) {
+                            Logger.warn(methodTag, "File upload callback is null, ignoring result.");
+                            return;
+                        }
+                        Uri[] resultUris = null;
+                        if (result.getResultCode() == FragmentActivity.RESULT_OK && result.getData() != null) {
+                            final Intent data = result.getData();
+                            if (data.getClipData() != null) {
+                                // Multiple files selected
+                                final int count = data.getClipData().getItemCount();
+                                resultUris = new Uri[count];
+                                for (int i = 0; i < count; i++) {
+                                    resultUris[i] = data.getClipData().getItemAt(i).getUri();
+                                }
+                            } else if (data.getData() != null) {
+                                // Single file selected
+                                resultUris = new Uri[]{data.getData()};
+                            }
+                            Logger.info(methodTag, "File chooser returned "
+                                    + (resultUris != null ? resultUris.length : 0) + " file(s).");
+                        } else {
+                            Logger.info(methodTag, "File chooser cancelled or returned no data.");
+                        }
+                        mFileUploadCallback.onReceiveValue(resultUris);
+                        mFileUploadCallback = null;
+                    }
+            );
+        }
         if (CommonFlightsManager.INSTANCE.getFlightsProvider().isFlightEnabled(CommonFlight.ENABLE_LEGACY_FIDO_SECURITY_KEY_LOGIC)
                 && Build.VERSION.SDK_INT < Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
             mFidoLauncher = registerForActivityResult(
@@ -387,6 +435,17 @@ public void onPermissionRequest(final PermissionRequest request) {
                 });
             }
 
+            @Override
+            public boolean onShowFileChooser(
+                    final WebView webView,
+                    final ValueCallback<Uri[]> filePathCallback,
+                    final FileChooserParams fileChooserParams) {
+                final FragmentActivity host = getActivity();
+                final SpanContext parentSpanContext = host instanceof AuthorizationActivity
+                        ? ((AuthorizationActivity) host).getSpanContext() : null;
+                return handleFileUploadRequest(filePathCallback, fileChooserParams, parentSpanContext);
+            }
+
             @Override
             public Bitmap getDefaultVideoPoster() {
                 // When not playing, video elements are represented by a 'poster' image.
@@ -515,6 +574,87 @@ boolean isTlrUrl(@Nullable final String url) {
                 && lowerUrl.contains(AuthenticationConstants.Broker.TLR_START_PATH);
     }
 
+    /**
+     * Handles a file chooser request from the WebView. Creates a telemetry span,
+     * manages the file upload callback, and launches the system file picker.
+     *
+     * @param filePathCallback  The callback to deliver file selection results to the WebView.
+     * @param fileChooserParams Parameters describing the file chooser request.
+     * @param parentSpanContext The parent span context for telemetry, or null.
+     * @return {@code true} if the file chooser was launched, {@code false} otherwise.
+     */
+    @VisibleForTesting
+    boolean handleFileUploadRequest(
+            @NonNull final ValueCallback<Uri[]> filePathCallback,
+            @NonNull final WebChromeClient.FileChooserParams fileChooserParams,
+            @Nullable final SpanContext parentSpanContext) {
+        final String methodTag = TAG + ":handleFileUploadRequest";
+
+        if (!CommonFlightsManager.INSTANCE.getFlightsProvider()
+                .isFlightEnabled(CommonFlight.ENABLE_WEBVIEW_FILE_UPLOAD)) {
+            Logger.info(methodTag, "ENABLE_WEBVIEW_FILE_UPLOAD flight is disabled.");
+            return false;
+        }
+
+        final Span span = OTelUtility.createSpanFromParent(
+                SpanName.WebViewFileUpload.name(), parentSpanContext);
+
+        try (final Scope scope = SpanExtension.makeCurrentSpan(span)) {
+            // Cancel any existing callback to avoid a dangling reference.
+            if (mFileUploadCallback != null) {
+                mFileUploadCallback.onReceiveValue(null);
+            }
+            // Clear any previous callback reference before handling the new request.
+            mFileUploadCallback = null;
+
+            // Ensure the file chooser launcher is initialized before attempting to launch.
+            if (mFileChooserLauncher == null) {
+                Logger.error(methodTag,
+                        "File chooser launcher is not initialized. Cannot handle file upload request.",
+                        null);
+                // Notify the caller that no file was selected/returned.
+                filePathCallback.onReceiveValue(null);
+                span.setStatus(StatusCode.ERROR);
+                return false;
+            }
+
+            // At this point we have a valid launcher; store the callback for the result.
+            mFileUploadCallback = filePathCallback;
+
+            final Intent intent = fileChooserParams.createIntent();
+            Logger.info(methodTag, "Launching file chooser for WebView file upload.");
+            mFileChooserLauncher.launch(intent);
+            span.setStatus(StatusCode.OK);
+            return true;
+        } catch (final Exception e) {
+            Logger.error(methodTag, "Failed to launch file chooser.", e);
+            span.recordException(e);
+            span.setStatus(StatusCode.ERROR);
+            if (mFileUploadCallback != null) {
+                mFileUploadCallback.onReceiveValue(null);
+                mFileUploadCallback = null;
+            }
+            return false;
+        } finally {
+            span.end();
+        }
+    }
+
+    @VisibleForTesting
+    void setFileUploadCallback(@Nullable final ValueCallback<Uri[]> callback) {
+        mFileUploadCallback = callback;
+    }
+
+    @VisibleForTesting
+    ValueCallback<Uri[]> getFileUploadCallback() {
+        return mFileUploadCallback;
+    }
+
+    @VisibleForTesting
+    void setFileChooserLauncher(@Nullable final ActivityResultLauncher<Intent> launcher) {
+        mFileChooserLauncher = launcher;
+    }
+
     /**
      * Loads starting authorization request url into WebView.
      */
@@ -557,6 +697,14 @@ public void onDestroy() {
             // but we should still have a check here just to be safe.
             mFidoLauncher.unregister();
         }
+        // Clean up file upload callback to prevent memory leaks.
+        if (mFileUploadCallback != null) {
+            mFileUploadCallback.onReceiveValue(null);
+            mFileUploadCallback = null;
+        }
+        if (mFileChooserLauncher != null) {
+            mFileChooserLauncher.unregister();
+        }
     }
 
     /**

common/src/main/java/com/microsoft/identity/common/internal/request/AuthenticationSchemeTypeAdapter.java

@@ -26,6 +26,7 @@
 import static com.microsoft.identity.common.java.authscheme.BearerAuthenticationSchemeInternal.SCHEME_BEARER;
 import static com.microsoft.identity.common.java.authscheme.PopAuthenticationSchemeInternal.SCHEME_POP;
 import static com.microsoft.identity.common.java.authscheme.PopAuthenticationSchemeWithClientKeyInternal.SCHEME_POP_WITH_CLIENT_KEY;
+import static com.microsoft.identity.common.java.authscheme.WebAppsPopAuthenticationSchemeInternal.SCHEME_POP_PREGENERATED;
 
 import androidx.annotation.NonNull;
 
@@ -42,6 +43,7 @@
 import com.microsoft.identity.common.java.authscheme.BearerAuthenticationSchemeInternal;
 import com.microsoft.identity.common.java.authscheme.PopAuthenticationSchemeInternal;
 import com.microsoft.identity.common.java.authscheme.PopAuthenticationSchemeWithClientKeyInternal;
+import com.microsoft.identity.common.java.authscheme.WebAppsPopAuthenticationSchemeInternal;
 import com.microsoft.identity.common.logging.Logger;
 
 import java.lang.reflect.Type;
@@ -85,6 +87,9 @@ public AbstractAuthenticationScheme deserialize(@NonNull final JsonElement json,
             case SCHEME_POP_WITH_CLIENT_KEY:
                 return context.deserialize(json, PopAuthenticationSchemeWithClientKeyInternal.class);
 
+            case SCHEME_POP_PREGENERATED:
+                return context.deserialize(json, WebAppsPopAuthenticationSchemeInternal.class);
+
             default:
                 Logger.warn(
                         methodTag,
@@ -111,6 +116,9 @@ public JsonElement serialize(@NonNull final AbstractAuthenticationScheme src,
             case SCHEME_POP_WITH_CLIENT_KEY:
                 return context.serialize(src, PopAuthenticationSchemeWithClientKeyInternal.class);
 
+            case SCHEME_POP_PREGENERATED:
+                return context.serialize(src, WebAppsPopAuthenticationSchemeInternal.class);
+
             default:
                 Logger.warn(
                         methodTag,