編寫(xiě):craftsmanBai - http://z1ng.net - 原文: http://developer.android.com/training/articles/security-gms-provider.html
安卓依靠security provider保障網(wǎng)絡(luò)通信安全�����。然而有時(shí)默認(rèn)的security provider存在安全漏洞�。為了防止這些漏洞被利用���,Google Play services 提供了一個(gè)自動(dòng)更新設(shè)備的security provider的方法來(lái)對(duì)抗已知的漏洞��。通過(guò)調(diào)用Google Play services方法�����,可以確保你的應(yīng)用運(yùn)行在可以抵抗已知漏洞的設(shè)備上����。
舉個(gè)例子,OpenSSL的漏洞(CVE-2014-0224)會(huì)導(dǎo)致中間人攻擊��,在通信雙方不知情的情況下解密流量��。Google Play services 5.0提供了一個(gè)補(bǔ)丁���,但是必須確保應(yīng)用安裝了這個(gè)補(bǔ)丁����。通過(guò)調(diào)用Google Play services方法����,可以確保你的應(yīng)用運(yùn)行在可抵抗攻擊的安全設(shè)備上。
注意:更新設(shè)備的security provider不是更新android.net.SSLCertificateSocketFactory.比起使用這個(gè)類(lèi)���,我們更鼓勵(lì)應(yīng)用開(kāi)發(fā)者使用融入密碼學(xué)的高級(jí)方法��。大多數(shù)應(yīng)用可以使用類(lèi)似HttpsURLConnection�����,HttpClient�,AndroidHttpClient這樣的API�,而不必去設(shè)置TrustManager或者創(chuàng)建一個(gè)SSLCertificateSocketFactory。
使用ProviderInstaller給Security Provider打補(bǔ)丁
使用providerinstaller類(lèi)來(lái)更新設(shè)備的security provider���。你可以通過(guò)調(diào)用該類(lèi)的方法[installIfNeeded()]()(或者[ installifneededasync]())來(lái)驗(yàn)證security provider是否為最新的(必要的話(huà)更新它)����。
當(dāng)你調(diào)用[installifneeded]()時(shí)�,[providerinstaller]()會(huì)做以下事情:
-
如果設(shè)備的Provider成功更新(或已經(jīng)是最新的),該方法返回正常�����。
-
如果設(shè)備的Google Play services 庫(kù)已經(jīng)過(guò)時(shí)了��,這個(gè)方法拋出[googleplayservicesrepairableexception]()異常表明無(wú)法更新Provider�����。應(yīng)用程序可以捕獲這個(gè)異常并向用戶(hù)彈出合適的對(duì)話(huà)框提示更新Google Play services�����。
- 如果產(chǎn)生了不可恢復(fù)的錯(cuò)誤,該方法拋出
[googleplayservicesnotavailableexception]()表示它無(wú)法更新[Provider]()�����。應(yīng)用程序可以捕獲異常并選擇合適的行動(dòng)����,如顯示標(biāo)準(zhǔn)問(wèn)題解決流程圖。
[installifneededasync]()方法類(lèi)似��,但它不拋出異常��,而是通過(guò)相應(yīng)的回調(diào)方法�����,以提示成功或失敗�����。
如果[installifneeded]()需要安裝一個(gè)新的[Provider]()�����,可能耗費(fèi)30-50毫秒(較新的設(shè)備)到350毫秒(舊設(shè)備)。如果security provider已經(jīng)是最新的��,該方法需要的時(shí)間量可以忽略不計(jì)�。為了避免影響用戶(hù)體驗(yàn):
警告:如果[providerinstaller]()無(wú)法安裝更新Provider,您的設(shè)備security provider會(huì)容易受到已知漏洞的攻擊��。你的程序等同于所有HTTP通信未被加密�。
一旦[Provider]()更新,所有安全API(包括SSL API)的調(diào)用會(huì)經(jīng)過(guò)它(但這并不適用于[android.net.sslcertificatesocketfactory]()����,面對(duì)[cve-2014-0224]()這種漏洞仍然是脆弱的)。
同步修補(bǔ)
修補(bǔ)security provider最簡(jiǎn)單的方法就是調(diào)用同步方法[installIfNeeded()](http://developer.android.com/reference/com/google/android/gms/security/ProviderInstaller.html##installIfNeeded(android.content.Context).如果用戶(hù)體驗(yàn)不會(huì)被線程阻塞影響的話(huà)��,這種方法很合適�����。
舉個(gè)例子��,這里有一個(gè)sync adapter會(huì)更新security provider�����。由于它運(yùn)行在后臺(tái)�,因此在等待security provider更新的時(shí)候線程阻塞是可以的。sync adapter調(diào)用installifneeded()更新security provider����。如果返回正常�,sync adapter可以確保security provider是最新的��。如果返回異常��,sync adapter可以采取適當(dāng)?shù)男袆?dòng)(如提示用戶(hù)更新Google Play services)��。
/**
* Sample sync adapter using {@link ProviderInstaller}.
*/
public class SyncAdapter extends AbstractThreadedSyncAdapter {
...
// This is called each time a sync is attempted; this is okay, since the
// overhead is negligible if the security provider is up-to-date.
@Override
public void onPerformSync(Account account, Bundle extras, String authority,
ContentProviderClient provider, SyncResult syncResult) {
try {
ProviderInstaller.installIfNeeded(getContext());
} catch (GooglePlayServicesRepairableException e) {
// Indicates that Google Play services is out of date, disabled, etc.
// Prompt the user to install/update/enable Google Play services.
GooglePlayServicesUtil.showErrorNotification(
e.getConnectionStatusCode(), getContext());
// Notify the SyncManager that a soft error occurred.
syncResult.stats.numIOExceptions++;
return;
} catch (GooglePlayServicesNotAvailableException e) {
// Indicates a non-recoverable error; the ProviderInstaller is not able
// to install an up-to-date Provider.
// Notify the SyncManager that a hard error occurred.
syncResult.stats.numAuthExceptions++;
return;
}
// If this is reached, you know that the provider was already up-to-date,
// or was successfully updated.
}
}
異步修補(bǔ)
更新security provider可能耗費(fèi)350毫秒(舊設(shè)備)�。如果在一個(gè)會(huì)直接影響用戶(hù)體驗(yàn)的線程中更新,如UI線程���,那么你不會(huì)希望進(jìn)行同步更新,因?yàn)檫@可能導(dǎo)致應(yīng)用程序或設(shè)備凍結(jié)直到操作完成��。因此你應(yīng)該使用異步方法[installifneededasync()](http://developer.android.com/reference/com/google/android/gms/security/ProviderInstaller.html#installIfNeededAsync(android.content.Context, com.google.android.gms.security.ProviderInstaller.ProviderInstallListener)��。方法通過(guò)調(diào)用回調(diào)函數(shù)來(lái)反饋其成功或失敗���。
例如��,下面是一些關(guān)于更新security provider在UI線程中的活動(dòng)的代碼����。調(diào)用installifneededasync()來(lái)更新security provider,并指定自己為監(jiān)聽(tīng)器接收成功或失敗的通知�。如果security provider是最新的或更新成功,會(huì)調(diào)用[onproviderinstalled()](http://developer.android.com/reference/com/google/android/gms/security/ProviderInstaller.ProviderInstallListener.html#onProviderInstalled()方法�,并且知道通信是安全的。如果security provider無(wú)法更新����,會(huì)調(diào)用[onproviderinstallfailed()](http://developer.android.com/reference/com/google/android/gms/security/ProviderInstaller.ProviderInstallListener.html#onProviderInstallFailed(int, android.content.Intent)方法,并采取適當(dāng)?shù)男袆?dòng)(如提示用戶(hù)更新Google Play services)
/**
* Sample activity using {@link ProviderInstaller}.
*/
public class MainActivity extends Activity
implements ProviderInstaller.ProviderInstallListener {
private static final int ERROR_DIALOG_REQUEST_CODE = 1;
private boolean mRetryProviderInstall;
//Update the security provider when the activity is created.
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
ProviderInstaller.installIfNeededAsync(this, this);
}
/**
* This method is only called if the provider is successfully updated
* (or is already up-to-date).
*/
@Override
protected void onProviderInstalled() {
// Provider is up-to-date, app can make secure network calls.
}
/**
* This method is called if updating fails; the error code indicates
* whether the error is recoverable.
*/
@Override
protected void onProviderInstallFailed(int errorCode, Intent recoveryIntent) {
if (GooglePlayServicesUtil.isUserRecoverableError(errorCode)) {
// Recoverable error. Show a dialog prompting the user to
// install/update/enable Google Play services.
GooglePlayServicesUtil.showErrorDialogFragment(
errorCode,
this,
ERROR_DIALOG_REQUEST_CODE,
new DialogInterface.OnCancelListener() {
@Override
public void onCancel(DialogInterface dialog) {
// The user chose not to take the recovery action
onProviderInstallerNotAvailable();
}
});
} else {
// Google Play services is not available.
onProviderInstallerNotAvailable();
}
}
@Override
protected void onActivityResult(int requestCode, int resultCode,
Intent data) {
super.onActivityResult(requestCode, resultCode, data);
if (requestCode == ERROR_DIALOG_REQUEST_CODE) {
// Adding a fragment via GooglePlayServicesUtil.showErrorDialogFragment
// before the instance state is restored throws an error. So instead,
// set a flag here, which will cause the fragment to delay until
// onPostResume.
mRetryProviderInstall = true;
}
}
/**
* On resume, check to see if we flagged that we need to reinstall the
* provider.
*/
@Override
protected void onPostResume() {
super.onPostResult();
if (mRetryProviderInstall) {
// We can now safely retry installation.
ProviderInstall.installIfNeededAsync(this, this);
}
mRetryProviderInstall = false;
}
private void onProviderInstallerNotAvailable() {
// This is reached if the provider cannot be updated for some reason.
// App should consider all HTTP communication to be vulnerable, and take
// appropriate action.
}
}
