Android AppCheck providers implementation (#1194)

* rough draft debug provider

* Initial implementation of debug provider

* cleaning up code and formatting

* only exclude unsupported tests on android as desktop should now support more methods

* Add safety net and play integrity providers following same pattern as debug

* autoformat

* resolving lint warnings and cleaning up todos

* Remove SafetyNet provider. this is deprecated by android SDK

* format

* additional lint warnings resolved

* also exclude safetynet in the release gradle file

* review feedback

* fix a couple comments

Author: AlmostMatt

Android/firebase_dependencies.gradle

@@ -17,6 +17,9 @@ import org.gradle.util.ConfigureUtil;
 // A map of library to the dependencies that need to be added for it.
 def firebaseDependenciesMap = [
   'app' : ['com.google.firebase:firebase-analytics'],
+  'app_check' : ['com.google.firebase:firebase-appcheck',
+                 'com.google.firebase:firebase-appcheck-debug',
+                 'com.google.firebase:firebase-appcheck-playintegrity'],
   'play_services' : ['com.google.android.gms:play-services-base:18.1.0'],
   'admob' : ['com.google.firebase:firebase-ads:19.8.0',
              'com.google.firebase:firebase-analytics'],

app/CMakeLists.txt

@@ -500,8 +500,7 @@ if (IOS)
     ${FIREBASE_SOURCE_DIR}/app_check/src/include/firebase/app_check/app_attest_provider.h
     ${FIREBASE_SOURCE_DIR}/app_check/src/include/firebase/app_check/debug_provider.h
     ${FIREBASE_SOURCE_DIR}/app_check/src/include/firebase/app_check/device_check_provider.h
-    ${FIREBASE_SOURCE_DIR}/app_check/src/include/firebase/app_check/play_integrity_provider.h
-    ${FIREBASE_SOURCE_DIR}/app_check/src/include/firebase/app_check/safety_net_provider.h)
+    ${FIREBASE_SOURCE_DIR}/app_check/src/include/firebase/app_check/play_integrity_provider.h)
   set(auth_HDRS
     ${FIREBASE_SOURCE_DIR}/auth/src/include/firebase/auth.h
     ${FIREBASE_SOURCE_DIR}/auth/src/include/firebase/auth/credential.h

app_check/CMakeLists.txt

@@ -22,7 +22,6 @@ set(common_SRCS
   src/include/firebase/app_check.h
   src/include/firebase/app_check/debug_provider.h
   src/include/firebase/app_check/play_integrity_provider.h
-  src/include/firebase/app_check/safety_net_provider.h
   src/include/firebase/app_check/device_check_provider.h
   src/include/firebase/app_check/app_attest_provider.h
 )
@@ -31,11 +30,13 @@ set(common_SRCS
 set(android_SRCS
   src/android/app_check_android.cc
   src/android/app_check_android.h
+  src/android/common_android.cc
+  src/android/common_android.h
   # Supported providers
   src/android/debug_provider_android.cc
   src/android/debug_provider_android.h
   src/android/play_integrity_provider_android.cc
-  src/android/safety_net_provider_android.cc
+  src/android/play_integrity_provider_android.h
   # Unsupported providers
   src/stub/app_attest_provider_stub.cc
   src/stub/device_check_provider_stub.cc
@@ -54,7 +55,6 @@ set(ios_SRCS
   src/ios/device_check_provider_ios.mm
   # Unsupported providers
   src/stub/play_integrity_provider_stub.cc
-  src/stub/safety_net_provider_stub.cc
 )
 
 # Flatbuffer resource files used by desktop
@@ -105,7 +105,6 @@ set(desktop_SRCS
   src/stub/app_attest_provider_stub.cc
   src/stub/device_check_provider_stub.cc
   src/stub/play_integrity_provider_stub.cc
-  src/stub/safety_net_provider_stub.cc
 )
 
 if(ANDROID)

app_check/integration_test/src/integration_test.cc

@@ -33,7 +33,6 @@
 #include "firebase/app_check/debug_provider.h"
 #include "firebase/app_check/device_check_provider.h"
 #include "firebase/app_check/play_integrity_provider.h"
-#include "firebase/app_check/safety_net_provider.h"
 #include "firebase/auth.h"
 #include "firebase/database.h"
 #include "firebase/internal/platform.h"
@@ -150,11 +149,13 @@ void FirebaseAppCheckTest::InitializeAppCheckWithDebug() {
 }
 
 void FirebaseAppCheckTest::TerminateAppCheck() {
-  ::firebase::app_check::AppCheck* app_check =
-      ::firebase::app_check::AppCheck::GetInstance(app_);
-  if (app_check) {
-    LogDebug("Shutdown App Check.");
-    delete app_check;
+  if (app_) {
+    ::firebase::app_check::AppCheck* app_check =
+        ::firebase::app_check::AppCheck::GetInstance(app_);
+    if (app_check) {
+      LogDebug("Shutdown App Check.");
+      delete app_check;
+    }
   }
 }
 
@@ -357,6 +358,8 @@ TEST_F(FirebaseAppCheckTest, TestInitializeAndTerminate) {
   InitializeApp();
 }
 
+// Android does not yet implement the main app check methods
+#if !FIREBASE_PLATFORM_ANDROID
 TEST_F(FirebaseAppCheckTest, TestGetTokenForcingRefresh) {
   InitializeAppCheckWithDebug();
   InitializeApp();
@@ -389,7 +392,10 @@ TEST_F(FirebaseAppCheckTest, TestGetTokenForcingRefresh) {
   EXPECT_NE(future.result()->expire_time_millis,
             future3.result()->expire_time_millis);
 }
+#endif  // !FIREBASE_PLATFORM_ANDROID
 
+// Android does not yet implement the main app check methods
+#if !FIREBASE_PLATFORM_ANDROID
 TEST_F(FirebaseAppCheckTest, TestGetTokenLastResult) {
   InitializeAppCheckWithDebug();
   InitializeApp();
@@ -407,7 +413,10 @@ TEST_F(FirebaseAppCheckTest, TestGetTokenLastResult) {
   EXPECT_EQ(future.result()->expire_time_millis,
             future2.result()->expire_time_millis);
 }
+#endif  // !FIREBASE_PLATFORM_ANDROID
 
+// Android does not yet implement the main app check methods
+#if !FIREBASE_PLATFORM_ANDROID
 TEST_F(FirebaseAppCheckTest, TestAddTokenChangedListener) {
   InitializeAppCheckWithDebug();
   InitializeApp();
@@ -427,7 +436,10 @@ TEST_F(FirebaseAppCheckTest, TestAddTokenChangedListener) {
   ASSERT_EQ(token_changed_listener.num_token_changes_, 1);
   EXPECT_EQ(token_changed_listener.last_token_.token, token.token);
 }
+#endif  // !FIREBASE_PLATFORM_ANDROID
 
+// Android does not yet implement the main app check methods
+#if !FIREBASE_PLATFORM_ANDROID
 TEST_F(FirebaseAppCheckTest, TestRemoveTokenChangedListener) {
   InitializeAppCheckWithDebug();
   InitializeApp();
@@ -446,6 +458,7 @@ TEST_F(FirebaseAppCheckTest, TestRemoveTokenChangedListener) {
 
   ASSERT_EQ(token_changed_listener.num_token_changes_, 0);
 }
+#endif  // !FIREBASE_PLATFORM_ANDROID
 
 TEST_F(FirebaseAppCheckTest, TestSignIn) {
   InitializeAppCheckWithDebug();
@@ -457,9 +470,16 @@ TEST_F(FirebaseAppCheckTest, TestSignIn) {
 TEST_F(FirebaseAppCheckTest, TestDebugProviderValidToken) {
   firebase::app_check::DebugAppCheckProviderFactory* factory =
       firebase::app_check::DebugAppCheckProviderFactory::GetInstance();
-#if FIREBASE_PLATFORM_IOS || FIREBASE_PLATFORM_DESKTOP
   ASSERT_NE(factory, nullptr);
+  InitializeAppCheckWithDebug();
   InitializeApp();
+  // TODO(almostmatt): Once app initialization automatically initializes
+  // AppCheck, this test will no longer need to explicitly get an instance of
+  // AppCheck.
+  ::firebase::app_check::AppCheck* app_check =
+      ::firebase::app_check::AppCheck::GetInstance(app_);
+  ASSERT_NE(app_check, nullptr);
+
   firebase::app_check::AppCheckProvider* provider =
       factory->CreateProvider(app_);
   ASSERT_NE(provider, nullptr);
@@ -477,9 +497,6 @@ TEST_F(FirebaseAppCheckTest, TestDebugProviderValidToken) {
   auto got_token_future = got_token_promise->get_future();
   ASSERT_EQ(std::future_status::ready,
             got_token_future.wait_for(kGetTokenTimeout));
-#else
-  EXPECT_EQ(factory, nullptr);
-#endif
 }
 
 TEST_F(FirebaseAppCheckTest, TestAppAttestProvider) {
@@ -551,20 +568,6 @@ TEST_F(FirebaseAppCheckTest, TestPlayIntegrityProvider) {
 #endif
 }
 
-TEST_F(FirebaseAppCheckTest, TestSafetyNetProvider) {
-  firebase::app_check::SafetyNetProviderFactory* factory =
-      firebase::app_check::SafetyNetProviderFactory::GetInstance();
-#if FIREBASE_PLATFORM_ANDROID
-  ASSERT_NE(factory, nullptr);
-  InitializeApp();
-  firebase::app_check::AppCheckProvider* provider =
-      factory->CreateProvider(app_);
-  EXPECT_NE(provider, nullptr);
-#else
-  EXPECT_EQ(factory, nullptr);
-#endif
-}
-
 // Disabling the database tests for now, since they are crashing or hanging.
 TEST_F(FirebaseAppCheckTest, DISABLED_TestDatabaseFailure) {
   // Don't initialize App Check this time. Database should fail.

app_check/src/android/app_check_android.cc

@@ -14,21 +14,60 @@
 
 #include "app_check/src/android/app_check_android.h"
 
+#include "app/src/util_android.h"
+#include "app_check/src/android/common_android.h"
+#include "app_check/src/android/debug_provider_android.h"
+#include "app_check/src/android/play_integrity_provider_android.h"
 #include "app_check/src/common/common.h"
 
 namespace firebase {
 namespace app_check {
 namespace internal {
 
 static AppCheckProviderFactory* g_provider_factory = nullptr;
+static int g_initialized_count = 0;
+
+// Release cached Java classes.
+static void ReleaseClasses(JNIEnv* env) {
+  ReleaseCommonAndroidClasses(env);
+  ReleaseDebugProviderClasses(env);
+  ReleasePlayIntegrityProviderClasses(env);
+}
 
 AppCheckInternal::AppCheckInternal(App* app) : app_(app) {
   future_manager().AllocFutureApi(this, kAppCheckFnCount);
+
+  // Cache the JNI method ids so we only have to look them up by name once.
+  if (!g_initialized_count) {
+    JNIEnv* env = app->GetJNIEnv();
+    jobject activity = app->activity();
+    if (util::Initialize(env, activity)) {
+      if (!(CacheCommonAndroidMethodIds(env, activity))) {
+        ReleaseClasses(env);
+        util::Terminate(env);
+      } else {
+        // Each provider is optional as a user may or may not use it.
+        CacheDebugProviderMethodIds(env, activity);
+        CachePlayIntegrityProviderMethodIds(env, activity);
+        g_initialized_count++;
+      }
+    }
+  } else {
+    g_initialized_count++;
+  }
 }
 
 AppCheckInternal::~AppCheckInternal() {
   future_manager().ReleaseFutureApi(this);
+  JNIEnv* env = app_->GetJNIEnv();
   app_ = nullptr;
+
+  FIREBASE_ASSERT(g_initialized_count);
+  g_initialized_count--;
+  if (g_initialized_count == 0) {
+    ReleaseClasses(env);
+    util::Terminate(env);
+  }
 }
 
 ::firebase::App* AppCheckInternal::app() const { return app_; }