wip

Author: rpdome

common/src/main/java/com/microsoft/identity/common/internal/activebrokerdiscovery/BrokerDiscoveryClient.kt

@@ -297,7 +297,7 @@ class BrokerDiscoveryClient(private val brokerCandidates: Set<BrokerData>,
                                         telemetryCallback: IBrokerDiscoveryClientTelemetryCallback?): BrokerData? {
         if (!shouldSkipCache) {
             getActiveBrokerFromInMemoryCache(telemetryCallback)?.let {
-                return it
+                return it.brokerData
             }
         }
 
@@ -307,9 +307,9 @@ class BrokerDiscoveryClient(private val brokerCandidates: Set<BrokerData>,
                 telemetryCallback?.onLockAcquired(System.nanoTime() - totalTimeSpentAcquiringLock)
 
                 if (!shouldSkipCache) {
-                    // Early return if another coroutine has already populated the in-memory cache.
+                    // Early return if another method call has already populated the in-memory cache.
                     getActiveBrokerFromInMemoryCache(telemetryCallback)?.let {
-                        return@runBlocking it
+                        return@runBlocking it.brokerData
                     }
 
                     getActiveBrokerFromStorageCache(telemetryCallback)?.let {
@@ -326,9 +326,16 @@ class BrokerDiscoveryClient(private val brokerCandidates: Set<BrokerData>,
         }
     }
 
+    /**
+     * Loads active broker from in-memory cache.
+     *
+     * @param   telemetryCallback     Callback for telemetry events (for OneAuth).
+     * @return  [BrokerInMemoryCache] object - if null, there's no broker cached.
+     *          If the object isn't null, but it's brokerData is null, there's no valid broker installed.
+     **/
     private fun getActiveBrokerFromInMemoryCache(
         telemetryCallback: IBrokerDiscoveryClientTelemetryCallback?
-    ): BrokerData? {
+    ): BrokerInMemoryCache? {
         val methodTag = "$TAG:getValidBrokerFromInMemoryCache"
 
         // There's no readWriteLock in coroutines library yet... volatile should be sufficient for our use case here.
@@ -339,21 +346,18 @@ class BrokerDiscoveryClient(private val brokerCandidates: Set<BrokerData>,
                     methodTag,
                     "[Cached] No broker app is installed."
                 )
-                return null
+                return it
             }
 
+            // For the majority of the case, broker apps doesn't change - so we can skip other checks.
+            // That said, this "isValidPackageInstalled" check is a security measure,
+            // so i think we should still need to invoke it every time before we reach out to broker.
             val timeStartIsValidBroker = System.nanoTime()
             val isValidBroker = isValidBroker(it.brokerData)
             telemetryCallback?.onFinishCheckingIfValidBroker(System.nanoTime() - timeStartIsValidBroker)
             if (isValidBroker) {
-                return it.brokerData
+                return it
             }
-
-            Logger.info(
-                methodTag,
-                "Clearing cache as the installed app does not have a matching signature hash."
-            )
-            clearCachedData()
         }
 
         // Nothing valid to return.
@@ -370,6 +374,29 @@ class BrokerDiscoveryClient(private val brokerCandidates: Set<BrokerData>,
         cache.setCachedActiveBroker(brokerData)
     }
 
+    /**
+     * Loads active broker from AccountManager, then cache the result.
+     * @param   telemetryCallback     Callback for telemetry events (for OneAuth).
+     * @return  The cached active broker if exists and valid; null otherwise.
+     **/
+    private fun getFromAccountManagerAndCacheResult(
+        telemetryCallback: IBrokerDiscoveryClientTelemetryCallback?): BrokerData? {
+        val methodTag = "$TAG:getFromAccountManagerAndCacheResult"
+
+        telemetryCallback?.onUseAccountManager()
+        val accountManagerResult = getActiveBrokerFromAccountManager()
+        Logger.info(
+            methodTag, "Tried getting active broker from account manager, " +
+                    "get ${accountManagerResult?.packageName}."
+        )
+        return accountManagerResult
+    }
+
+    /**
+     * Loads cached active broker from storage.
+     * @param   telemetryCallback     Callback for telemetry events (for OneAuth).
+     * @return  The cached active broker if exists and valid; null otherwise.
+     **/
     private fun getActiveBrokerFromStorageCache(
         telemetryCallback: IBrokerDiscoveryClientTelemetryCallback?
     ): BrokerData? {
@@ -379,11 +406,7 @@ class BrokerDiscoveryClient(private val brokerCandidates: Set<BrokerData>,
             telemetryCallback?.onReadFromCache(System.nanoTime() - timeStartReadingFromCache)
             if (cache.shouldUseAccountManager()) {
                 telemetryCallback?.onUseAccountManager()
-                val accountManagerBroker = getActiveBrokerFromAccountManager()
-
-                // Only cache in memory, but don't persist accountManager result to cache storage.
-                cachedBroker = BrokerInMemoryCache(accountManagerBroker)
-                return accountManagerBroker
+                return getFromAccountManagerAndCacheResult(telemetryCallback)
             }
 
             val timeStartIsPackageInstalled = System.nanoTime()
@@ -431,10 +454,15 @@ class BrokerDiscoveryClient(private val brokerCandidates: Set<BrokerData>,
         return null
     }
 
+    /**
+     * Query the installed broker apps to get active broker, then cache it.
+     *
+     * @param   telemetryCallback     Callback for telemetry events (for OneAuth).
+     * @return  The cached active broker (if installed).
+     **/
     private suspend fun getActiveBrokerFromBrokerApp(
             telemetryCallback: IBrokerDiscoveryClientTelemetryCallback?
         ): BrokerData? {
-        val methodTag = "$TAG:getActiveBrokerFromBrokerApp"
         val timeStartQueryFromBroker = System.nanoTime()
         val brokerData = queryFromBroker(
             brokerCandidates = brokerCandidates,
@@ -449,21 +477,13 @@ class BrokerDiscoveryClient(private val brokerCandidates: Set<BrokerData>,
             return brokerData
         }
 
+        // Fall back to AccountManager (for older brokers).
         cache.setShouldUseAccountManagerForTheNextMilliseconds(
             TimeUnit.MINUTES.toMillis(
                 60
             )
         )
 
-        telemetryCallback?.onUseAccountManager()
-        val accountManagerResult = getActiveBrokerFromAccountManager()
-        Logger.info(
-            methodTag, "Tried getting active broker from account manager, " +
-                    "get ${accountManagerResult?.packageName}."
-        )
-
-        // Only cache in memory, but don't persist accountManager result to cache storage.
-        cachedBroker = BrokerInMemoryCache(accountManagerResult)
-        return accountManagerResult
+        return getFromAccountManagerAndCacheResult(telemetryCallback)
     }
 }

common/src/main/java/com/microsoft/identity/common/internal/cache/ActiveBrokerCacheUpdater.kt

@@ -24,9 +24,13 @@ package com.microsoft.identity.common.internal.cache
 
 import android.content.Context
 import android.os.Bundle
+import com.microsoft.identity.common.internal.activebrokerdiscovery.BrokerDiscoveryClient
 import com.microsoft.identity.common.internal.broker.BrokerData
 import com.microsoft.identity.common.internal.broker.BrokerValidator
 import com.microsoft.identity.common.logging.Logger
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.async
 import java.util.concurrent.TimeUnit
 
 /**
@@ -109,12 +113,26 @@ class ActiveBrokerCacheUpdater(
      *
      * @param bundle    The result bundle. could be null (for backward compatibility).
      */
-    fun updateCachedActiveBrokerFromResultBundle(bundle: Bundle?) {
-        val methodTag = "$TAG:updateCachedActiveBrokerFromResultBundle"
+    fun updateCachedActiveBrokerFromResultBundleAsync(bundle: Bundle?) {
         if (bundle == null) {
             return
         }
 
+        CoroutineScope(Dispatchers.IO).async {
+            updateCachedActiveBrokerFromResultBundle(bundle)
+        }
+    }
+
+
+    /**
+     * If the active broker is returned with the result bundle, update [IActiveBrokerCache] with it.
+     * If the active broker indicates that the broker discovery is disabled, wipe [IActiveBrokerCache].
+     *
+     * @param bundle    The result bundle. could be null (for backward compatibility).
+     */
+    fun updateCachedActiveBrokerFromResultBundle(bundle: Bundle) {
+        val methodTag = "$TAG:updateCachedActiveBrokerFromResultBundle"
+
         val shouldWipeCachedActiveBroker = bundle.getBoolean(BROKER_DISCOVERY_DISABLED_KEY, false)
         if (shouldWipeCachedActiveBroker) {
             Logger.info(methodTag, "Got a response indicating that the broker discovery is disabled." +

common/src/main/java/com/microsoft/identity/common/internal/controllers/BrokerOperationExecutor.java

@@ -235,7 +235,7 @@ private <T> T performStrategy(@NonNull final IIpcStrategy strategy,
             final BrokerOperationBundle brokerOperationBundle = operation.getBundle();
             final Bundle resultBundle = strategy.communicateToBroker(brokerOperationBundle);
 
-            mCacheUpdaterManager.updateCachedActiveBrokerFromResultBundle(resultBundle);
+            mCacheUpdaterManager.updateCachedActiveBrokerFromResultBundleAsync(resultBundle);
 
             span.setStatus(StatusCode.OK);
             return operation.extractResultBundle(resultBundle);

common/src/test/java/com/microsoft/identity/common/internal/activebrokerdiscovery/BrokerDiscoveryClientTests.kt

@@ -24,6 +24,7 @@ package com.microsoft.identity.common.internal.activebrokerdiscovery
 
 import android.os.Bundle
 import com.microsoft.identity.common.exception.BrokerCommunicationException
+import com.microsoft.identity.common.internal.broker.BrokerData
 import com.microsoft.identity.common.internal.broker.BrokerData.Companion.prodCompanyPortal
 import com.microsoft.identity.common.internal.broker.BrokerData.Companion.prodLTW
 import com.microsoft.identity.common.internal.broker.BrokerData.Companion.prodMicrosoftAuthenticator
@@ -633,7 +634,6 @@ class BrokerDiscoveryClientTests {
         )
     }
 
-
     /**
      * Test if authapp does not support broker discovery, but cp does.
      * */
@@ -688,4 +688,131 @@ class BrokerDiscoveryClientTests {
         Assert.assertFalse(cache.shouldUseAccountManager())
     }
 
+    /**
+     * Making 2 calls, the first one when the broker is not installed.
+     * Then make a request after the broker is installed.
+     * */
+    @Test
+    fun testBrokerAppRecentlyInstalled(){
+        val cache = InMemoryActiveBrokerCache()
+        var installedBrokerApp: BrokerData? = null
+
+        val client = BrokerDiscoveryClient(
+            brokerCandidates = setOf(
+                prodMicrosoftAuthenticator, prodCompanyPortal, prodLTW
+            ),
+            getActiveBrokerFromAccountManager = {
+                return@BrokerDiscoveryClient null
+            },
+            ipcStrategy = object : IIpcStrategy {
+                override fun communicateToBroker(bundle: BrokerOperationBundle): Bundle {
+                    installedBrokerApp?.let {
+                        if (bundle.targetBrokerAppPackageName == it.packageName) {
+                            val returnBundle = Bundle()
+                            returnBundle.putString(
+                                BrokerDiscoveryClient.ACTIVE_BROKER_PACKAGE_NAME_BUNDLE_KEY,
+                                it.packageName
+                            )
+                            returnBundle.putString(
+                                BrokerDiscoveryClient.ACTIVE_BROKER_SIGNING_CERTIFICATE_THUMBPRINT_BUNDLE_KEY,
+                                it.signingCertificateThumbprint
+                            )
+                            return returnBundle
+                        }
+                    }
+
+                    throw IllegalStateException()
+                }
+                override fun isSupportedByTargetedBroker(targetedBrokerPackageName: String): Boolean {
+                    return true
+                }
+                override fun getType(): IIpcStrategy.Type {
+                    return IIpcStrategy.Type.CONTENT_PROVIDER
+                }
+            },
+            cache = cache,
+            isPackageInstalled =  {
+                return@BrokerDiscoveryClient installedBrokerApp != null
+            },
+            isValidBroker = { true }
+        )
+
+        // First call, no broker installed.
+        Assert.assertNull(client.getActiveBroker())
+
+        // Then install Authenticator!
+        installedBrokerApp = prodMicrosoftAuthenticator
+
+        // Second call, Authenticator is installed.
+        Assert.assertEquals(prodMicrosoftAuthenticator, client.getActiveBroker())
+    }
+
+
+    /**
+     * Once getActiveBroker() is invoked, the in-memory value should be used for the object's lifetime.
+     * No IPC or storage read should occur after that.
+     **/
+    @Test
+    fun testCacheVariableUsed(){
+        val cache = object: InMemoryActiveBrokerCache() {
+            // Throw an exception if we try to read the storage-cached value.
+            override fun getCachedActiveBroker(): BrokerData? {
+                if (activeBroker != null) {
+                    throw IllegalStateException()
+                }
+                return null
+            }
+        }
+
+        var shouldThrowErrorFromIpc = false
+
+        val client = BrokerDiscoveryClient(
+            brokerCandidates = setOf(
+                prodLTW
+            ),
+            getActiveBrokerFromAccountManager = {
+                throw IllegalStateException()
+            },
+            ipcStrategy = object : IIpcStrategy {
+                override fun communicateToBroker(bundle: BrokerOperationBundle): Bundle {
+                    if (shouldThrowErrorFromIpc) {
+                        throw IllegalStateException()
+                    }
+
+                    if (bundle.targetBrokerAppPackageName == prodLTW.packageName) {
+                        val returnBundle = Bundle()
+                        returnBundle.putString(
+                            BrokerDiscoveryClient.ACTIVE_BROKER_PACKAGE_NAME_BUNDLE_KEY,
+                            prodLTW.packageName
+                        )
+                        returnBundle.putString(
+                            BrokerDiscoveryClient.ACTIVE_BROKER_SIGNING_CERTIFICATE_THUMBPRINT_BUNDLE_KEY,
+                            prodLTW.signingCertificateThumbprint
+                        )
+                        return returnBundle
+                    }
+
+                    throw IllegalStateException()
+                }
+                override fun isSupportedByTargetedBroker(targetedBrokerPackageName: String): Boolean {
+                    return true
+                }
+                override fun getType(): IIpcStrategy.Type {
+                    return IIpcStrategy.Type.CONTENT_PROVIDER
+                }
+            },
+            cache = cache,
+            isPackageInstalled =  {
+                return@BrokerDiscoveryClient true
+            },
+            isValidBroker = { true }
+        )
+
+        // First call, get LTW.
+        Assert.assertEquals(prodLTW, client.getActiveBroker())
+
+        // Second call, should get LTW from the in-memory variable, not from storage.
+        shouldThrowErrorFromIpc = true
+        Assert.assertEquals(prodLTW, client.getActiveBroker())
+    }
 }

common/src/test/java/com/microsoft/identity/common/internal/activebrokerdiscovery/InMemoryActiveBrokerCache.kt

@@ -30,10 +30,10 @@ import com.microsoft.identity.common.internal.cache.IClientActiveBrokerCache
 /**
  * An [IActiveBrokerCache] which stores values in-memory.
  **/
-class InMemoryActiveBrokerCache: IClientActiveBrokerCache {
+open class InMemoryActiveBrokerCache: IClientActiveBrokerCache {
 
-    private var activeBroker: BrokerData? = null
-    private var shouldUseAccountManagerUntil: Long? = null
+    protected var activeBroker: BrokerData? = null
+    protected var shouldUseAccountManagerUntil: Long? = null
 
     @Synchronized
     override fun getCachedActiveBroker(): BrokerData? {

common/src/test/java/com/microsoft/identity/common/internal/cache/ActiveBrokerCacheUpdaterTest.kt

@@ -57,18 +57,6 @@ class ActiveBrokerCacheUpdaterTest {
             bundle.getString(ACTIVE_BROKER_SIGNING_CERTIFICATE_THUMBPRINT_KEY))
     }
 
-    @Test
-    fun testTryUpdateWithNullBundle(){
-        val cache = InMemoryActiveBrokerCache()
-        val cacheUpdater = ActiveBrokerCacheUpdater (
-            // Bypass the Validation check.
-            { _: BrokerData -> true },
-            cache)
-
-        cacheUpdater.updateCachedActiveBrokerFromResultBundle(null)
-        Assert.assertNull(cache.getCachedActiveBroker())
-    }
-
     @Test
     fun testTryUpdateWithIncompleteBundle(){
         val cache = InMemoryActiveBrokerCache()