Provide interface for Signed Variables (#457)

* Add varsJson and varsSignature

* Changes in naming and javadoc. Add unit tests.

* fixes

Author: hborisoff

AndroidSDKCore/src/main/java/com/leanplum/Leanplum.java

@@ -25,6 +25,7 @@
 import android.location.Location;
 import android.text.TextUtils;
 
+import androidx.annotation.Nullable;
 import com.leanplum.ActionContext.ContextualValues;
 import com.leanplum.callbacks.ActionCallback;
 import com.leanplum.callbacks.MessageDisplayedCallback;
@@ -551,7 +552,9 @@ static synchronized void start(final Context context, final String userId,
             new HashMap<>(),
             new HashMap<>(),
             new ArrayList<>(),
-            new HashMap<>());
+            new HashMap<>(),
+            "",
+            "");
         LeanplumInbox.getInstance().update(new HashMap<>(), 0, false);
         return;
       }
@@ -956,13 +959,23 @@ private static void applyContentInResponse(JSONObject response, boolean alwaysAp
         response.optJSONArray(Constants.Keys.VARIANTS));
     Map<String, Object> variantDebugInfo = JsonConverter.mapFromJsonOrDefault(
             response.optJSONObject(Constants.Keys.VARIANT_DEBUG_INFO));
+    JSONObject varsJsonObj = response.optJSONObject(Constants.Keys.VARS);
+    String varsJson = (varsJsonObj != null) ? varsJsonObj.toString() : null;
+    String varsSignature = response.optString(Constants.Keys.VARS_SIGNATURE);
 
     if (alwaysApply
         || !values.equals(VarCache.getDiffs())
         || !messages.equals(VarCache.getMessageDiffs())
         || !variants.equals(VarCache.variants())
         || !regions.equals(VarCache.regions())) {
-      VarCache.applyVariableDiffs(values, messages, regions, variants, variantDebugInfo);
+      VarCache.applyVariableDiffs(
+          values,
+          messages,
+          regions,
+          variants,
+          variantDebugInfo,
+          varsJson,
+          varsSignature);
     }
   }
 
@@ -2157,6 +2170,18 @@ public static List<Map<String, Object>> variants() {
     return variants;
   }
 
+  /**
+   * Returns the last received signed variables. If signature was not provided from server the
+   * result of this method will be null.
+   *
+   * @return {@link SecuredVars} instance containing variable's JSON and signature. If signature
+   * wasn't downloaded from server it will return null.
+   */
+  @Nullable
+  public static SecuredVars securedVars() {
+    return VarCache.getSecuredVars();
+  }
+
   /**
    * Returns metadata for all active in-app messages. Recommended only for debugging purposes and
    * advanced use cases.

AndroidSDKCore/src/main/java/com/leanplum/SecuredVars.java

@@ -0,0 +1,36 @@
+package com.leanplum;
+
+import androidx.annotation.NonNull;
+
+/**
+ * Represents the variables in JSON format, cryptographically signed from Leanplum server.
+ */
+public class SecuredVars {
+  private String json;
+  private String signature;
+
+  public SecuredVars(@NonNull String json, @NonNull String signature) {
+    this.json = json;
+    this.signature = signature;
+  }
+
+  /**
+   * Get JSON of the variables.
+   *
+   * @return The JSON representation of the variables as received from Leanplum server.
+   */
+  @NonNull
+  public String getJson() {
+    return json;
+  }
+
+  /**
+   * Get the cryptographic signature of the variables.
+   *
+   * @return The signature of the variables.
+   */
+  @NonNull
+  public String getSignature() {
+    return signature;
+  }
+}

AndroidSDKCore/src/main/java/com/leanplum/internal/Constants.java

@@ -73,6 +73,8 @@ public static class Defaults {
     public static final String ITEM_KEY = "__leanplum_unsynced_%d";
     public static final String UUID_KEY = "__leanplum_uuid";
     public static final String VARIABLES_KEY = "__leanplum_variables";
+    public static final String VARIABLES_JSON_KEY = "__leanplum_variables_json";
+    public static final String VARIABLES_SIGN_KEY = "__leanplum_variables_signature";
     public static final String ATTRIBUTES_KEY = "__leanplum_attributes";
     public static final String TOKEN_KEY = "__leanplum_token";
     public static final String MESSAGES_KEY = "__leanplum_messages";
@@ -210,6 +212,7 @@ public static class Keys {
     public static final String TOKEN = "token";
     public static final String VARIANTS = "variants";
     public static final String VARS = "vars";
+    public static final String VARS_SIGNATURE = "varsSignature";
     public static final String VARS_FROM_CODE = "varsFromCode";
     public static final String NOTIFICATION_CHANNELS = "notificationChannels";
     public static final String DEFAULT_NOTIFICATION_CHANNEL = "defaultNotificationChannel";

AndroidSDKCore/src/main/java/com/leanplum/internal/Socket.java

@@ -300,7 +300,7 @@ static void handleApplyVarsEvent(JSONArray args) {
         return;
       }
       VarCache.applyVariableDiffs(
-          JsonConverter.mapFromJson(object), null, null, null, null);
+          JsonConverter.mapFromJson(object), null, null, null, null, null, null);
     } catch (JSONException e) {
       Log.e("Couldn't applyVars for preview.", e);
     } catch (Throwable e) {

AndroidSDKCore/src/main/java/com/leanplum/internal/VarCache.java

@@ -24,8 +24,11 @@
 import android.content.Context;
 import android.content.SharedPreferences;
 
+import android.text.TextUtils;
+import androidx.annotation.Nullable;
 import com.leanplum.ActionContext;
 import com.leanplum.CacheUpdateBlock;
+import com.leanplum.SecuredVars;
 import com.leanplum.Leanplum;
 import com.leanplum.LocationManager;
 import com.leanplum.Var;
@@ -60,6 +63,8 @@ public class VarCache {
   private static final Map<String, Var<?>> vars = new ConcurrentHashMap<>();
   private static final Map<String, Object> fileAttributes = new HashMap<>();
   private static final Map<String, StreamProvider> fileStreams = new HashMap<>();
+  private static volatile String varsJson;
+  private static volatile String varsSignature;
 
   /**
    * The default values set by the client. This is not thread-safe so traversals should be
@@ -391,7 +396,9 @@ public static void loadDiffs() {
           new HashMap<String, Object>(),
           new HashMap<String, Object>(),
           new ArrayList<Map<String, Object>>(),
-          new HashMap<String, Object>());
+          new HashMap<String, Object>(),
+          "",
+          "");
       return;
     }
     try {
@@ -404,12 +411,16 @@ public static void loadDiffs() {
       String regions = aesContext.decodePreference(defaults, Constants.Defaults.REGIONS_KEY, "{}");
       String variants = aesContext.decodePreference(defaults, Constants.Keys.VARIANTS, "[]");
       String variantDebugInfo = aesContext.decodePreference(defaults, Constants.Keys.VARIANT_DEBUG_INFO, "{}");
+      String varsJson = aesContext.decodePreference(defaults, Constants.Defaults.VARIABLES_JSON_KEY, "{}");
+      String varsSignature = aesContext.decodePreference(defaults, Constants.Defaults.VARIABLES_SIGN_KEY, null);
       applyVariableDiffs(
           JsonConverter.fromJson(variables),
           JsonConverter.fromJson(messages),
           JsonConverter.fromJson(regions),
           JsonConverter.<Map<String, Object>>listFromJson(new JSONArray(variants)),
-          JsonConverter.fromJson(variantDebugInfo));
+          JsonConverter.fromJson(variantDebugInfo),
+          varsJson,
+          varsSignature);
       String deviceId = aesContext.decodePreference(defaults, Constants.Params.DEVICE_ID, null);
       if (deviceId != null) {
         if (Util.isValidDeviceId(deviceId)) {
@@ -475,6 +486,9 @@ public static void saveDiffs() {
           aesContext.encrypt(JsonConverter.toJson(variantDebugInfo)));
     }
 
+    editor.putString(Constants.Defaults.VARIABLES_JSON_KEY, aesContext.encrypt(varsJson));
+    editor.putString(Constants.Defaults.VARIABLES_SIGN_KEY, aesContext.encrypt(varsSignature));
+
     editor.putString(Constants.Params.DEVICE_ID, aesContext.encrypt(APIConfig.getInstance().deviceId()));
     editor.putString(Constants.Params.USER_ID, aesContext.encrypt(APIConfig.getInstance().userId()));
     editor.putString(Constants.Keys.LOGGING_ENABLED,
@@ -529,7 +543,9 @@ public static void applyVariableDiffs(
       Map<String, Object> messages,
       Map<String, Object> regions,
       List<Map<String, Object>> variants,
-      Map<String, Object> variantDebugInfo) {
+      Map<String, Object> variantDebugInfo,
+      String varsJson,
+      String varsSignature) {
     if (diffs != null) {
       VarCache.diffs = diffs;
       computeMergedDictionary();
@@ -600,6 +616,11 @@ public static void applyVariableDiffs(
       VarCache.setVariantDebugInfo(variantDebugInfo);
     }
 
+    if (varsJson != null) {
+      VarCache.varsJson = varsJson;
+      VarCache.varsSignature = varsSignature;
+    }
+
     contentVersion++;
 
     if (!silent) {
@@ -872,10 +893,20 @@ public static void saveUserAttributes() {
     SharedPreferencesUtil.commitChanges(editor);
   }
 
+  @Nullable
+  public static SecuredVars getSecuredVars() {
+    if (TextUtils.isEmpty(varsJson) || TextUtils.isEmpty(varsSignature)) {
+      return null;
+    }
+    return new SecuredVars(varsJson, varsSignature);
+  }
+
   public static void clearUserContent() {
     vars.clear();
     variants = new ArrayList<>();
     variantDebugInfo.clear();
+    varsJson = null;
+    varsSignature = null;
 
     diffs.clear();
     messageDiffs.clear();
@@ -913,5 +944,7 @@ public static void reset() {
     silent = false;
     contentVersion = 0;
     userAttributes = null;
+    varsJson = null;
+    varsSignature = null;
   }
 }

AndroidSDKPush/src/main/java/com/leanplum/LeanplumPushService.java

@@ -192,15 +192,29 @@ public void response(JSONObject response) {
                         response.optJSONObject(Constants.Keys.REGIONS));
                     List<Map<String, Object>> variants = JsonConverter.listFromJson(
                         response.optJSONArray(Constants.Keys.VARIANTS));
+
+                    JSONObject varsJsonObj = response.optJSONObject(Constants.Keys.VARS);
+                    String varsJson = (varsJsonObj != null) ? varsJsonObj.toString() : null;
+                    String varsSignature = response.optString(Constants.Keys.VARS_SIGNATURE);
+
                     if (!Constants.canDownloadContentMidSessionInProduction ||
                         VarCache.getDiffs().equals(values)) {
                       values = null;
+                      varsJson = null;
+                      varsSignature = null;
                     }
                     if (VarCache.getMessageDiffs().equals(messages)) {
                       messages = null;
                     }
                     if (values != null || messages != null) {
-                      VarCache.applyVariableDiffs(values, messages, regions, variants, null);
+                      VarCache.applyVariableDiffs(
+                          values,
+                          messages,
+                          regions,
+                          variants,
+                          null,
+                          varsJson,
+                          varsSignature);
                     }
                   }
                   onComplete.variablesChanged();

AndroidSDKTests/src/test/java/com/leanplum/LeanplumActionContextTest.java

@@ -308,7 +308,7 @@ public void testPrefetchingChainedMessage() {
         // Add chained message to VarCache.
         VarCache.applyVariableDiffs(null, new HashMap<>(
                 ImmutableMap.<String, Object>of(Long.toString(chainedMessageId),
-                ImmutableMap.<String, Object>of())), null, null, null);
+                ImmutableMap.<String, Object>of())), null, null, null, null, null);
         // Since it now exists locally, we should return false for forceContentUpdate.
         Assert.assertFalse(ActionContext.shouldForceContentUpdateForChainedMessage(
                 JsonConverter.fromJson(jsonData)));

AndroidSDKTests/src/test/java/com/leanplum/LeanplumTest.java

@@ -528,7 +528,7 @@ public void testMetadata() {
       }});
     }};
 
-    VarCache.applyVariableDiffs(null, messages, null, variants, null);
+    VarCache.applyVariableDiffs(null, messages, null, variants, null, null, null);
     assertEquals(variants, Leanplum.variants());
     assertEquals(messages, Leanplum.messageMetadata());
   }

AndroidSDKTests/src/test/java/com/leanplum/SecuredVarsTest.java

@@ -0,0 +1,51 @@
+package com.leanplum;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+
+import com.leanplum.__setup.AbstractTest;
+import com.leanplum._whitebox.utilities.ResponseHelper;
+import com.leanplum.internal.VarCache;
+import org.junit.Test;
+
+public class SecuredVarsTest extends AbstractTest {
+
+  @Test
+  public void testVarsAndSignature() {
+    ResponseHelper.seedResponse("/responses/secured_vars_response.json");
+
+    Leanplum.start(mContext);
+    assertTrue(Leanplum.hasStarted());
+
+    SecuredVars securedVars = VarCache.getSecuredVars();
+
+    assertTrue(securedVars.getJson().contains("intVariable"));
+    assertTrue(securedVars.getJson().contains("stringVariable"));
+
+    assertEquals(securedVars.getSignature(), "sign_of_vars");
+  }
+
+  @Test
+  public void testVarsNoSignature() {
+    ResponseHelper.seedResponse("/responses/secured_vars_no_sign_response.json");
+
+    Leanplum.start(mContext);
+    assertTrue(Leanplum.hasStarted());
+
+    SecuredVars securedVars = VarCache.getSecuredVars();
+    assertNull(securedVars);
+  }
+
+  @Test
+  public void testEmptyVarsNoSignature() {
+    ResponseHelper.seedResponse("/responses/secured_vars_empty_response.json");
+
+    Leanplum.start(mContext);
+    assertTrue(Leanplum.hasStarted());
+
+    SecuredVars securedVars = VarCache.getSecuredVars();
+    assertNull(securedVars);
+  }
+
+}

AndroidSDKTests/src/test/resources/responses/secured_vars_empty_response.json

@@ -0,0 +1,13 @@
+{
+  "response": [
+    {
+      "regions": {},
+      "fileAttributes": {},
+      "success": true,
+      "messages": {},
+      "vars": {},
+      "variants": [],
+      "token": "c2q5to0cTdiZWE2bdkKUQsTs0cQRVkfHkSGoPeqrQWc"
+    }
+  ]
+}