[WIP][POC] Attestation module and usage in Connections.

financial-connections/build.gradle

@@ -23,6 +23,7 @@ dependencies {
     api project(":stripe-core")
     api project(":stripe-ui-core")
     api project(":payments-model")
+    api project(":stripe-attestation")
 
     implementation libs.androidx.activity
     implementation libs.androidx.annotation

financial-connections/src/main/java/com/stripe/android/financialconnections/di/FinancialConnectionsSheetModule.kt

@@ -5,6 +5,7 @@ import com.stripe.android.core.networking.ApiRequest
 import com.stripe.android.financialconnections.network.FinancialConnectionsRequestExecutor
 import com.stripe.android.financialconnections.repository.FinancialConnectionsManifestRepository
 import com.stripe.android.financialconnections.repository.api.ProvideApiRequestOptions
+import com.stripe.attestation.IntegrityStandardRequestManager
 import dagger.Module
 import dagger.Provides
 import java.util.Locale
@@ -27,6 +28,7 @@ internal object FinancialConnectionsSheetModule {
     fun providesFinancialConnectionsManifestRepository(
         requestExecutor: FinancialConnectionsRequestExecutor,
         apiRequestFactory: ApiRequest.Factory,
+        standardRequestManager: IntegrityStandardRequestManager,
         provideApiRequestOptions: ProvideApiRequestOptions,
         locale: Locale?,
         logger: Logger
@@ -36,6 +38,7 @@ internal object FinancialConnectionsSheetModule {
         provideApiRequestOptions = provideApiRequestOptions,
         logger = logger,
         locale = locale ?: Locale.getDefault(),
+        standardRequestManager = standardRequestManager,
         initialSync = null
     )
 }

financial-connections/src/main/java/com/stripe/android/financialconnections/di/FinancialConnectionsSheetNativeModule.kt

@@ -37,6 +37,7 @@ import com.stripe.android.financialconnections.repository.api.RealProvideApiRequ
 import com.stripe.android.repository.ConsumersApiService
 import com.stripe.android.repository.ConsumersApiServiceImpl
 import com.stripe.android.uicore.image.StripeImageLoader
+import com.stripe.attestation.IntegrityStandardRequestManager
 import dagger.Binds
 import dagger.Module
 import dagger.Provides
@@ -103,6 +104,7 @@ internal interface FinancialConnectionsSheetNativeModule {
         fun providesFinancialConnectionsManifestRepository(
             requestExecutor: FinancialConnectionsRequestExecutor,
             apiRequestFactory: ApiRequest.Factory,
+            standardRequestManager: IntegrityStandardRequestManager,
             provideApiRequestOptions: ProvideApiRequestOptions,
             locale: Locale?,
             logger: Logger,
@@ -113,6 +115,7 @@ internal interface FinancialConnectionsSheetNativeModule {
             provideApiRequestOptions = provideApiRequestOptions,
             locale = locale ?: Locale.getDefault(),
             logger = logger,
+            standardRequestManager = standardRequestManager,
             initialSync = initialSynchronizeSessionResponse
         )
 

financial-connections/src/main/java/com/stripe/android/financialconnections/di/FinancialConnectionsSheetSharedModule.kt

@@ -35,6 +35,8 @@ import com.stripe.android.financialconnections.repository.FinancialConnectionsRe
 import com.stripe.android.financialconnections.repository.FinancialConnectionsRepositoryImpl
 import com.stripe.android.financialconnections.repository.RealConsumerSessionRepository
 import com.stripe.android.financialconnections.utils.DefaultFraudDetectionDataRepository
+import com.stripe.attestation.IntegrityStandardRequestManager
+import com.stripe.attestation.RealStandardIntegrityManagerFactory
 import dagger.Binds
 import dagger.Module
 import dagger.Provides
@@ -86,6 +88,17 @@ internal interface FinancialConnectionsSheetSharedModule {
 
     companion object {
 
+        @Singleton
+        @Provides
+        fun providesIntegrityStandardRequestManager(
+            context: Application,
+            logger: Logger
+        ): IntegrityStandardRequestManager = IntegrityStandardRequestManager(
+            cloudProjectNumber = 527113280969, //stripe-financial-connections
+            logError = { message, error -> logger.error(message, error) },
+            factory = RealStandardIntegrityManagerFactory(context)
+        )
+
         @Provides
         @Singleton
         internal fun providesApiOptions(

financial-connections/src/main/java/com/stripe/android/financialconnections/domain/PollAttachPaymentAccount.kt

@@ -28,7 +28,6 @@ internal class PollAttachPaymentAccount @Inject constructor(
         sync: SynchronizeSessionResponse,
         // null, when attaching via manual entry.
         activeInstitution: FinancialConnectionsInstitution?,
-
         params: PaymentAccountParams
     ): LinkAccountSessionPaymentAccount {
         return retryOnException(

financial-connections/src/main/java/com/stripe/android/financialconnections/features/consent/ConsentViewModel.kt

@@ -5,11 +5,8 @@ import androidx.lifecycle.viewModelScope
 import androidx.lifecycle.viewmodel.initializer
 import androidx.lifecycle.viewmodel.viewModelFactory
 import com.stripe.android.core.Logger
-import com.stripe.android.financialconnections.FinancialConnections
-import com.stripe.android.financialconnections.analytics.FinancialConnectionsAnalyticsEvent.ConsentAgree
 import com.stripe.android.financialconnections.analytics.FinancialConnectionsAnalyticsEvent.PaneLoaded
 import com.stripe.android.financialconnections.analytics.FinancialConnectionsAnalyticsTracker
-import com.stripe.android.financialconnections.analytics.FinancialConnectionsEvent.Name
 import com.stripe.android.financialconnections.analytics.logError
 import com.stripe.android.financialconnections.di.FinancialConnectionsSheetNativeComponent
 import com.stripe.android.financialconnections.domain.AcceptConsent
@@ -26,14 +23,14 @@ import com.stripe.android.financialconnections.navigation.Destination.Companion.
 import com.stripe.android.financialconnections.navigation.Destination.ManualEntry
 import com.stripe.android.financialconnections.navigation.Destination.NetworkingLinkLoginWarmup
 import com.stripe.android.financialconnections.navigation.NavigationManager
-import com.stripe.android.financialconnections.navigation.destination
 import com.stripe.android.financialconnections.navigation.topappbar.TopAppBarStateUpdate
 import com.stripe.android.financialconnections.presentation.FinancialConnectionsViewModel
 import com.stripe.android.financialconnections.ui.HandleClickableUrl
 import com.stripe.android.financialconnections.utils.Experiment.CONNECTIONS_CONSENT_COMBINED_LOGO
 import com.stripe.android.financialconnections.utils.error
 import com.stripe.android.financialconnections.utils.experimentAssignment
 import com.stripe.android.financialconnections.utils.trackExposure
+import com.stripe.attestation.IntegrityStandardRequestManager
 import dagger.assisted.Assisted
 import dagger.assisted.AssistedFactory
 import dagger.assisted.AssistedInject
@@ -48,6 +45,7 @@ internal class ConsentViewModel @AssistedInject constructor(
     private val navigationManager: NavigationManager,
     private val eventTracker: FinancialConnectionsAnalyticsTracker,
     private val handleClickableUrl: HandleClickableUrl,
+    private val standardRequestManager: IntegrityStandardRequestManager,
     private val logger: Logger,
     private val presentSheet: PresentSheet,
 ) : FinancialConnectionsViewModel<ConsentState>(initialState, nativeAuthFlowCoordinator) {
@@ -95,13 +93,25 @@ internal class ConsentViewModel @AssistedInject constructor(
     }
 
     fun onContinueClick() {
-        suspend {
-            eventTracker.track(ConsentAgree)
-            val updatedManifest: FinancialConnectionsSessionManifest = acceptConsent()
-            FinancialConnections.emitEvent(Name.CONSENT_ACQUIRED)
-            navigationManager.tryNavigateTo(updatedManifest.nextPane.destination(referrer = Pane.CONSENT))
-            updatedManifest
-        }.execute { copy(acceptConsent = it) }
+        viewModelScope.launch {
+            val token: Result<String> = standardRequestManager.requestToken("random_token")
+            logger.debug("Token: $token")
+            runCatching {
+                // verifyIntegrity(token.getOrThrow(), "com.random")
+            }.onFailure {
+                logger.error("Error verifying integrity", it)
+            }.onSuccess {
+                logger.info("Integrity verified successfully")
+            }
+        }
+
+//        suspend {
+//            eventTracker.track(ConsentAgree)
+//            val updatedManifest: FinancialConnectionsSessionManifest = acceptConsent()
+//            FinancialConnections.emitEvent(Name.CONSENT_ACQUIRED)
+//            navigationManager.tryNavigateTo(updatedManifest.nextPane.destination(referrer = Pane.CONSENT))
+//            updatedManifest
+//        }.execute { copy(acceptConsent = it) }
     }
 
     fun onClickableTextClick(uri: String) = viewModelScope.launch {

financial-connections/src/main/java/com/stripe/android/financialconnections/features/consent/verifyIntegrity.kt

@@ -0,0 +1,51 @@
+package com.stripe.android.financialconnections.features.consent
+
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.withContext
+import java.io.OutputStreamWriter
+import java.net.HttpURLConnection
+import java.net.URL
+import java.net.URLEncoder
+
+
+suspend fun verifyIntegrity(integrityToken: String, packageName: String) = withContext(Dispatchers.IO) {
+    val url = URL("https://attestation-android.glitch.me/verify-integrity")
+    val connection = url.openConnection() as HttpURLConnection
+    connection.requestMethod = "POST"
+    connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded; charset=UTF-8")
+    connection.setRequestProperty("Accept", "application/json")
+    connection.doOutput = true
+    connection.connectTimeout = 15000
+    connection.readTimeout = 15000
+
+    // Constructing URL-encoded form data
+    val requestBody = "integrityToken=${URLEncoder.encode(integrityToken, "UTF-8")}" +
+        "&packageName=${URLEncoder.encode(packageName, "UTF-8")}"
+
+    println("Request Payload: $requestBody") // Log the URL-encoded form data
+
+    connection.outputStream.use { os ->
+        OutputStreamWriter(os, "UTF-8").use { writer ->
+            writer.write(requestBody)
+            writer.flush()
+        }
+    }
+
+    val responseCode = connection.responseCode
+    val responseMessage: String
+
+    if (responseCode == HttpURLConnection.HTTP_OK) {
+        responseMessage = connection.inputStream.bufferedReader().use { it.readText() }
+    } else {
+        responseMessage = connection.errorStream?.bufferedReader()?.use {
+            it.readText()
+        } ?: "Error occurred with response code: $responseCode"
+        println("Error response code: $responseCode - $responseMessage")
+    }
+
+    connection.disconnect()
+
+    println("Response Message: $responseMessage")
+
+    responseMessage
+}

financial-connections/src/main/java/com/stripe/android/financialconnections/presentation/FinancialConnectionsSheetNativeViewModel.kt

@@ -62,6 +62,9 @@ import com.stripe.android.financialconnections.ui.toLocalTheme
 import com.stripe.android.financialconnections.utils.UriUtils
 import com.stripe.android.financialconnections.utils.get
 import com.stripe.android.financialconnections.utils.updateWithNewEntry
+import com.stripe.attestation.IntegrityStandardRequestManager
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.GlobalScope
 import kotlinx.coroutines.flow.MutableStateFlow
 import kotlinx.coroutines.flow.SharingStarted
 import kotlinx.coroutines.flow.StateFlow
@@ -87,6 +90,7 @@ internal class FinancialConnectionsSheetNativeViewModel @Inject constructor(
     private val completeFinancialConnectionsSession: CompleteFinancialConnectionsSession,
     private val createInstantDebitsResult: CreateInstantDebitsResult,
     private val eventTracker: FinancialConnectionsAnalyticsTracker,
+    private val integrityStandardRequestManager: IntegrityStandardRequestManager,
     private val logger: Logger,
     private val navigationManager: NavigationManager,
     @Named(APPLICATION_ID) private val applicationId: String,
@@ -143,6 +147,22 @@ internal class FinancialConnectionsSheetNativeViewModel @Inject constructor(
                 }
             }
         }
+        viewModelScope.launch {
+            initializeIntegrity()
+        }
+    }
+
+    // TODO use an app initializer alternatively to prepare Integrity.
+    private fun initializeIntegrity() {
+        GlobalScope.launch(Dispatchers.IO) {
+            val result = integrityStandardRequestManager.prepare()
+            result.onSuccess {
+                logger.info("Integrity prepared successfully")
+            }
+            result.onFailure {
+                logger.error("Failed to prepare Integrity", it)
+            }
+        }
     }
 
     private fun SavedStateHandle.registerSavedStateProvider() {

financial-connections/src/main/java/com/stripe/android/financialconnections/repository/FinancialConnectionsManifestRepository.kt

@@ -16,6 +16,7 @@ import com.stripe.android.financialconnections.network.NetworkConstants
 import com.stripe.android.financialconnections.network.NetworkConstants.PARAM_SELECTED_ACCOUNTS
 import com.stripe.android.financialconnections.repository.api.ProvideApiRequestOptions
 import com.stripe.android.financialconnections.utils.filterNotNullValues
+import com.stripe.attestation.IntegrityStandardRequestManager
 import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import java.util.Date
@@ -171,18 +172,20 @@ internal interface FinancialConnectionsManifestRepository {
         operator fun invoke(
             requestExecutor: FinancialConnectionsRequestExecutor,
             apiRequestFactory: ApiRequest.Factory,
+            standardRequestManager: IntegrityStandardRequestManager,
             provideApiRequestOptions: ProvideApiRequestOptions,
             logger: Logger,
             locale: Locale,
             initialSync: SynchronizeSessionResponse?
         ): FinancialConnectionsManifestRepository =
             FinancialConnectionsManifestRepositoryImpl(
-                requestExecutor,
-                apiRequestFactory,
-                provideApiRequestOptions,
-                locale,
-                logger,
-                initialSync
+                requestExecutor = requestExecutor,
+                apiRequestFactory = apiRequestFactory,
+                provideApiRequestOptions = provideApiRequestOptions,
+                standardRequestManager = standardRequestManager,
+                locale = locale,
+                logger = logger,
+                initialSync = initialSync
             )
     }
 }
@@ -191,6 +194,7 @@ private class FinancialConnectionsManifestRepositoryImpl(
     val requestExecutor: FinancialConnectionsRequestExecutor,
     val apiRequestFactory: ApiRequest.Factory,
     val provideApiRequestOptions: ProvideApiRequestOptions,
+    val standardRequestManager: IntegrityStandardRequestManager,
     val locale: Locale,
     val logger: Logger,
     initialSync: SynchronizeSessionResponse?
@@ -247,6 +251,9 @@ private class FinancialConnectionsManifestRepositoryImpl(
                 NetworkConstants.PARAMS_CLIENT_SECRET to clientSecret
             )
         )
+
+//        val token: Result<String> = standardRequestManager.requestToken(financialConnectionsRequest)
+
         return requestExecutor.execute(
             financialConnectionsRequest,
             FinancialConnectionsSessionManifest.serializer()