Merge pull request #18 from nevissecurity/feature/NEVISACCESSAPP-6057-…

…Introduce-authenticator-allow-list

NEVISACCESSAPP-6057: Introduce authenticator allow list

app/src/main/java/ch/nevis/exampleapp/common/configuration/ConfigurationProvider.kt

@@ -24,5 +24,10 @@ interface ConfigurationProvider {
      * The [Configuration] object related to the environment.
      */
     val configuration: Configuration
+
+    /**
+     * The list of allowed authenticators.
+     */
+    val authenticatorAllowlist: List<String>
     //endregion
-}
+}

app/src/main/java/ch/nevis/exampleapp/common/configuration/ConfigurationProviderImpl.kt

@@ -9,9 +9,10 @@ package ch.nevis.exampleapp.common.configuration
 import ch.nevis.mobile.sdk.api.Configuration
 
 /**
- * Default implementation of [ConfigurationProvider] abstract class.
+ * Default implementation of [ConfigurationProvider] interface.
  */
 class ConfigurationProviderImpl(
     override val environment: Environment,
-    override val configuration: Configuration
-) : ConfigurationProvider
+    override val configuration: Configuration,
+    override val authenticatorAllowlist: List<String>
+) : ConfigurationProvider

app/src/main/java/ch/nevis/exampleapp/dagger/ApplicationModule.kt

@@ -23,12 +23,19 @@ import ch.nevis.exampleapp.domain.deviceInformation.DeviceInformationFactoryImpl
 import ch.nevis.exampleapp.domain.interaction.*
 import ch.nevis.exampleapp.domain.log.SdkLogger
 import ch.nevis.exampleapp.domain.log.SdkLoggerImpl
+import ch.nevis.exampleapp.domain.validation.AuthenticatorValidator
+import ch.nevis.exampleapp.domain.validation.AuthenticatorValidatorImpl
 import ch.nevis.exampleapp.ui.navigation.NavigationDispatcher
 import ch.nevis.exampleapp.ui.navigation.NavigationDispatcherImpl
 import ch.nevis.mobile.sdk.api.Configuration
+import ch.nevis.mobile.sdk.api.localdata.Authenticator.BIOMETRIC_AUTHENTICATOR_AAID
+import ch.nevis.mobile.sdk.api.localdata.Authenticator.DEVICE_PASSCODE_AUTHENTICATOR_AAID
+import ch.nevis.mobile.sdk.api.localdata.Authenticator.FINGERPRINT_AUTHENTICATOR_AAID
+import ch.nevis.mobile.sdk.api.localdata.Authenticator.PIN_AUTHENTICATOR_AAID
 import ch.nevis.mobile.sdk.api.operation.pin.PinChanger
 import ch.nevis.mobile.sdk.api.operation.pin.PinEnroller
 import ch.nevis.mobile.sdk.api.operation.selection.AccountSelector
+import ch.nevis.mobile.sdk.api.operation.selection.AuthenticatorSelector
 import ch.nevis.mobile.sdk.api.operation.userverification.BiometricUserVerifier
 import ch.nevis.mobile.sdk.api.operation.userverification.DevicePasscodeUserVerifier
 import ch.nevis.mobile.sdk.api.operation.userverification.FingerprintUserVerifier
@@ -41,6 +48,7 @@ import dagger.hilt.components.SingletonComponent
 import retrofit2.Retrofit
 import retrofit2.converter.gson.GsonConverterFactory
 import java.net.URI
+import javax.inject.Named
 import javax.inject.Singleton
 
 /**
@@ -50,6 +58,20 @@ import javax.inject.Singleton
 @InstallIn(SingletonComponent::class)
 class ApplicationModule {
 
+    //region Constants
+    companion object {
+        /**
+         * The unique name of authenticator selector implementation for Registration operation.
+         */
+        const val REGISTRATION_AUTHENTICATOR_SELECTOR = "REGISTRATION_AUTHENTICATOR_SELECTOR"
+
+        /**
+         * The unique name of authenticator selector implementation for Authentication operation.
+         */
+        const val AUTHENTICATION_AUTHENTICATOR_SELECTOR = "AUTHENTICATION_AUTHENTICATOR_SELECTOR"
+    }
+    //endregion
+
     //region Configuration
     @Suppress("DEPRECATION")
     @SuppressLint("PackageManagerGetSignatures")
@@ -90,12 +112,21 @@ class ApplicationModule {
             .build()
     }
 
+    @Provides
+    fun provideAuthenticatorAllowlist(): List<String> = listOf(
+        PIN_AUTHENTICATOR_AAID,
+        FINGERPRINT_AUTHENTICATOR_AAID,
+        BIOMETRIC_AUTHENTICATOR_AAID,
+        DEVICE_PASSCODE_AUTHENTICATOR_AAID
+    )
+
     @Provides
     @Singleton
     fun provideConfigurationProvider(application: Application): ConfigurationProvider =
         ConfigurationProviderImpl(
             Environment.AUTHENTICATION_CLOUD,
-            provideAuthenticationCloudConfiguration(application)
+            provideAuthenticationCloudConfiguration(application),
+            provideAuthenticatorAllowlist()
         )
     //endregion
 
@@ -131,6 +162,12 @@ class ApplicationModule {
     fun provideSettings(@ApplicationContext context: Context): Settings = SettingsImpl(context)
     //endregion
 
+    //region Validation
+    @Provides
+    @Singleton
+    fun provideAuthenticatorValidator(): AuthenticatorValidator = AuthenticatorValidatorImpl()
+    //endregion
+
     //region Interaction
     @Provides
     fun provideBiometricUserVerifier(navigationDispatcher: NavigationDispatcher): BiometricUserVerifier =
@@ -152,23 +189,35 @@ class ApplicationModule {
         AccountSelectorImpl(navigationDispatcher, errorHandler)
 
     @Provides
-    fun provideAuthenticationAuthenticatorSelector(
+    @Named(REGISTRATION_AUTHENTICATOR_SELECTOR)
+    fun provideRegistrationAuthenticatorSelector(
+        configurationProvider: ConfigurationProvider,
         navigationDispatcher: NavigationDispatcher,
+        authenticatorValidator: AuthenticatorValidator,
         settings: Settings
-    ): AuthenticationAuthenticatorSelector =
-        AuthenticationAuthenticatorSelectorImpl(
+    ): AuthenticatorSelector =
+        AuthenticatorSelectorImpl(
+            configurationProvider,
             navigationDispatcher,
-            settings
+            authenticatorValidator,
+            settings,
+            AuthenticatorSelectorOperation.REGISTRATION
         )
 
     @Provides
-    fun provideRegistrationAuthenticatorSelector(
+    @Named(AUTHENTICATION_AUTHENTICATOR_SELECTOR)
+    fun provideAuthenticationAuthenticatorSelector(
+        configurationProvider: ConfigurationProvider,
         navigationDispatcher: NavigationDispatcher,
+        authenticatorValidator: AuthenticatorValidator,
         settings: Settings
-    ): RegistrationAuthenticatorSelector =
-        RegistrationAuthenticatorSelectorImpl(
+    ): AuthenticatorSelector =
+        AuthenticatorSelectorImpl(
+            configurationProvider,
             navigationDispatcher,
-            settings
+            authenticatorValidator,
+            settings,
+            AuthenticatorSelectorOperation.AUTHENTICATION
         )
 
     @Provides

app/src/main/java/ch/nevis/exampleapp/domain/interaction/AccountSelectorImpl.kt

@@ -21,10 +21,10 @@ import ch.nevis.mobile.sdk.api.operation.selection.AccountSelector
 import timber.log.Timber
 
 /**
- * Default implementation of [AccountSelector] interface. It checks the <Account> set and
- * transaction confirmation data in received [AccountSelectionContext] object and decides
+ * Default implementation of [AccountSelector] interface. It checks the [Account] set and
+ * transaction confirmation data received in the [AccountSelectionContext] object and decides
  * if the next step is transaction confirmation or account selection. As an addition it also showcases
- * how to skip account selection if the received account list set only one element.
+ * how to skip account selection if the received account list set has only one element.
  */
 class AccountSelectorImpl(
 
@@ -42,43 +42,43 @@ class AccountSelectorImpl(
 
     //region AccountSelector
     override fun selectAccount(
-        accountSelectionContext: AccountSelectionContext,
-        accountSelectionHandler: AccountSelectionHandler
+        context: AccountSelectionContext,
+        handler: AccountSelectionHandler
     ) {
         Timber.asTree()
             .sdk("Please select one of the received available accounts!")
         try {
-            val accounts = validAccounts(accountSelectionContext)
+            val accounts = validAccounts(context)
             if (accounts.isEmpty()) {
                 throw BusinessException.accountsNotFound()
             }
 
             val transactionConfirmationData =
-                accountSelectionContext.transactionConfirmationData().orElse(null)
+                context.transactionConfirmationData().orElse(null)
 
             transactionConfirmationData?.also {
                 navigationDispatcher.requestNavigation(
                     NavigationGraphDirections.actionGlobalTransactionConfirmationFragment(
                         TransactionConfirmationNavigationParameter(
                             Operation.OUT_OF_BAND_AUTHENTICATION,
-                            accountSelectionContext.accounts(),
+                            context.accounts(),
                             it.decodeToString(),
-                            accountSelectionHandler
+                            handler
                         )
                     )
                 )
             } ?: run {
                 if (accounts.size == 1) {
                     Timber.asTree()
                         .sdk("One account found, performing automatic selection!")
-                    accountSelectionHandler.username(accounts.first().username())
+                    handler.username(accounts.first().username())
                 } else {
                     navigationDispatcher.requestNavigation(
                         NavigationGraphDirections.actionGlobalSelectAccountFragment(
                             SelectAccountNavigationParameter(
                                 Operation.OUT_OF_BAND_AUTHENTICATION,
-                                accountSelectionContext.accounts(),
-                                accountSelectionHandler
+                                context.accounts(),
+                                handler
                             )
                         )
                     )