add initial support for client token system

This will be used for future error reporting of keystore failures.
GrapheneOS · Oct 1, 2024 · 2ad8880 · 2ad8880
1 parent 2c1e9aa
commit 2ad8880
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/app/src/main/java/app/attestation/auditor/RemoteVerifyJob.java b/app/src/main/java/app/attestation/auditor/RemoteVerifyJob.java
@@ -46,6 +46,7 @@ public class RemoteVerifyJob extends JobService {
     static final String DOMAIN = "attestation.app";
     static final String BASE_URL = "https://" + DOMAIN + "/auditor/";
     private static final String CHALLENGE_URL = BASE_URL + "challenge";
+    private static final String SUBSCRIBE_URL = BASE_URL + "subscribe";
     private static final String VERIFY_URL = BASE_URL + "verify";
     private static final int CONNECT_TIMEOUT = 30000;
     private static final int READ_TIMEOUT = 30000;
@@ -57,6 +58,7 @@ public class RemoteVerifyJob extends JobService {
     static final String STATE_PREFIX = "remote_";
     static final String KEY_USER_ID = "remote_user_id";
     static final String KEY_SUBSCRIBE_KEY = "remote_subscribe_key";
+    private static final String KEY_CLIENT_TOKEN = "remote_client_token";
     static final String KEY_INTERVAL = "remote_interval";
     private static final String KEY_INCREMENTAL = "remote_incremental";
     private static final int NOTIFICATION_ID = 1;
@@ -166,7 +168,11 @@ public boolean onStartJob(final JobParameters params) {
                 final AttestationResult result = AttestationProtocol.generateSerialized(
                         context, challengeMessage, Long.toString(userId), STATE_PREFIX);
 
-                connection = (HttpURLConnection) new URL(VERIFY_URL).openConnection();
+                if (result.pairing()) {
+                    connection = (HttpURLConnection) new URL(SUBSCRIBE_URL).openConnection();
+                } else {
+                    connection = (HttpURLConnection) new URL(VERIFY_URL).openConnection();
+                }
                 connection.setConnectTimeout(CONNECT_TIMEOUT);
                 connection.setReadTimeout(READ_TIMEOUT);
                 connection.setDoOutput(true);
@@ -178,7 +184,12 @@ public boolean onStartJob(final JobParameters params) {
                     }
                     extra = " " + subscribeKey;
                 } else {
-                    extra = "";
+                    final String clientToken = preferences.getString(KEY_CLIENT_TOKEN, null);
+                    if (clientToken == null) {
+                        extra = "";
+                    } else {
+                        extra = " " + clientToken;
+                    }
                 }
                 connection.setRequestProperty("Authorization", "Auditor " + userId + extra);
 
@@ -191,7 +202,11 @@ public boolean onStartJob(final JobParameters params) {
                     try (final InputStream postResponse = connection.getInputStream()) {
                         final JSONObject response = new JSONObject(CharStreams.toString(new InputStreamReader(postResponse)));
                         final int interval = response.getInt("verifyInterval");
-                        preferences.edit().remove(KEY_SUBSCRIBE_KEY).putInt(KEY_INTERVAL, interval).apply();
+                        preferences.edit()
+                                .remove(KEY_SUBSCRIBE_KEY)
+                                .putString(KEY_CLIENT_TOKEN, response.getString("clientToken"))
+                                .putInt(KEY_INTERVAL, interval)
+                                .apply();
                         schedule(context, interval);
                     }
                 } else {