/**
* Verifies the broker related app and AD-Authenticator in Account Manager ADAL directs call to
* AccountManager if component is valid and present. It does not direct call if the caller is from
* Authenticator itself.
*/
@Override
public boolean canSwitchToBroker() {
String packageName = mContext.getPackageName();
// ADAL switches broker for following conditions:
// 1- app is not skipping the broker
// 2- permissions are set in the manifest,
// 3- if package is not broker itself for both company portal and azure
// authenticator
// 4- signature of the broker is valid
// 5- account exists
return !AuthenticationSettings.INSTANCE.getSkipBroker()
&& verifyManifestPermissions()
&& checkAccount(mAcctManager, "", "")
&& !packageName.equalsIgnoreCase(AuthenticationSettings.INSTANCE.getBrokerPackageName())
&& !packageName.equalsIgnoreCase(
AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME)
&& verifyAuthenticator(mAcctManager);
}
private boolean checkAccount(final AccountManager am, String username, String uniqueId) {
AuthenticatorDescription[] authenticators = am.getAuthenticatorTypes();
for (AuthenticatorDescription authenticator : authenticators) {
if (authenticator.type.equals(AuthenticationConstants.Broker.BROKER_ACCOUNT_TYPE)) {
Account[] accountList =
mAcctManager.getAccountsByType(AuthenticationConstants.Broker.BROKER_ACCOUNT_TYPE);
// Authenticator installed from Company portal
// This supports only one account
if (authenticator.packageName.equalsIgnoreCase(
AuthenticationConstants.Broker.PACKAGE_NAME)) {
// Adal should not connect if given username does not match
if (accountList != null && accountList.length > 0) {
return verifyAccount(accountList, username, uniqueId);
}
return false;
// Check azure authenticator and allow calls for test
// versions
} else if (authenticator.packageName.equalsIgnoreCase(
AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME)
|| authenticator.packageName.equalsIgnoreCase(
AuthenticationSettings.INSTANCE.getBrokerPackageName())) {
// Existing broker logic only connects to broker for token
// requests if account exists. New version can allow to
// add accounts through Adal.
if (hasSupportToAddUserThroughBroker()) {
Logger.v(TAG, "Broker supports to add user through app");
return true;
} else if (accountList != null && accountList.length > 0) {
return verifyAccount(accountList, username, uniqueId);
}
}
}
}
return false;
}
public BrokerProxy(final Context ctx) {
mContext = ctx;
mAcctManager = AccountManager.get(mContext);
mHandler = new Handler(mContext.getMainLooper());
mBrokerTag = AuthenticationSettings.INSTANCE.getBrokerSignature();
}
public BrokerProxy() {
mBrokerTag = AuthenticationSettings.INSTANCE.getBrokerSignature();
}
