Skip to content

Most visited

Recently visited

navigation
AsymmetricFingerprintDialog / src / com.example.android.asymmetricfingerprintdialog / server /

StoreBackendImpl.java

1
/*
2
 * Copyright (C) 2015 The Android Open Source Project
3
 *
4
 * Licensed under the Apache License, Version 2.0 (the "License");
5
 * you may not use this file except in compliance with the License.
6
 * You may obtain a copy of the License at
7
 *
8
 *      http://www.apache.org/licenses/LICENSE-2.0
9
 *
10
 * Unless required by applicable law or agreed to in writing, software
11
 * distributed under the License is distributed on an "AS IS" BASIS,
12
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
 * See the License for the specific language governing permissions and
14
 * limitations under the License
15
 */
16
 
17
package com.example.android.asymmetricfingerprintdialog.server;
18
 
19
 
20
import java.security.InvalidKeyException;
21
import java.security.NoSuchAlgorithmException;
22
import java.security.PublicKey;
23
import java.security.Signature;
24
import java.security.SignatureException;
25
import java.util.HashMap;
26
import java.util.HashSet;
27
import java.util.Map;
28
import java.util.Set;
29
 
30
/**
31
 * A fake backend implementation of {@link StoreBackend}.
32
 */
33
public class StoreBackendImpl implements StoreBackend {
34
 
35
    private final Map<String, PublicKey> mPublicKeys = new HashMap<>();
36
    private final Set<Transaction> mReceivedTransactions = new HashSet<>();
37
 
38
    @Override
39
    public boolean verify(Transaction transaction, byte[] transactionSignature) {
40
        try {
41
            if (mReceivedTransactions.contains(transaction)) {
42
                // It verifies the equality of the transaction including the client nonce
43
                // So attackers can't do replay attacks.
44
                return false;
45
            }
46
            mReceivedTransactions.add(transaction);
47
            PublicKey publicKey = mPublicKeys.get(transaction.getUserId());
48
            Signature verificationFunction = Signature.getInstance("SHA256withECDSA");
49
            verificationFunction.initVerify(publicKey);
50
            verificationFunction.update(transaction.toByteArray());
51
            if (verificationFunction.verify(transactionSignature)) {
52
                // Transaction is verified with the public key associated with the user
53
                // Do some post purchase processing in the server
54
                return true;
55
            }
56
        } catch (NoSuchAlgorithmException | InvalidKeyException | SignatureException e) {
57
            // In a real world, better to send some error message to the user
58
        }
59
        return false;
60
    }
61
 
62
    @Override
63
    public boolean verify(Transaction transaction, String password) {
64
        // As this is just a sample, we always assume that the password is right.
65
        return true;
66
    }
67
 
68
    @Override
69
    public boolean enroll(String userId, String password, PublicKey publicKey) {
70
        if (publicKey != null) {
71
            mPublicKeys.put(userId, publicKey);
72
        }
73
        // We just ignore the provided password here, but in real life, it is registered to the
74
        // backend.
75
        return true;
76
    }
77
}
This site uses cookies to store your preferences for site-specific language and display options.

Get the latest Android developer news and tips that will help you find success on Google Play.

* Required Fields

Hooray!

Follow Google Developers on WeChat

Browse this site in ?

You requested a page in , but your language preference for this site is .

Would you like to change your language preference and browse this site in ? If you want to change your language preference later, use the language menu at the bottom of each page.

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.

Take a short survey?
Help us improve the Android developer experience. (Dec 2017 Android Platform & Tools Survey)