Skip to content

Commit

Permalink
feat: add cert pinning config
Browse files Browse the repository at this point in the history
  • Loading branch information
MohamadJaara committed Aug 21, 2023
1 parent 65457e5 commit ee78448
Show file tree
Hide file tree
Showing 6 changed files with 59 additions and 39 deletions.
43 changes: 21 additions & 22 deletions app/src/main/kotlin/com/wire/android/di/KaliumConfigsModule.kt
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ import dagger.hilt.InstallIn
import dagger.hilt.components.SingletonComponent
import kotlinx.coroutines.flow.first
import kotlinx.coroutines.runBlocking
import java.util.HashMap

@Module
@InstallIn(SingletonComponent::class)
Expand All @@ -48,28 +49,26 @@ class KaliumConfigsModule {
BuildFileRestrictionState.NoRestriction
}

return KaliumConfigs(
isChangeEmailEnabled = BuildConfig.ALLOW_CHANGE_OF_EMAIL,
isLoggingEnabled = BuildConfig.LOGGING_ENABLED,
blacklistHost = BuildConfig.DEFAULT_BACKEND_URL_BLACKLIST,
fileRestrictionState = fileRestriction,
forceConstantBitrateCalls = BuildConfig.FORCE_CONSTANT_BITRATE_CALLS,
developerFeaturesEnabled = BuildConfig.DEVELOPER_FEATURES_ENABLED,
enableBlacklist = BuildConfig.ENABLE_BLACKLIST,
maxAccount = BuildConfig.MAX_ACCOUNTS,
return object : KaliumConfigs() {

override val fileRestrictionState = fileRestriction

override val forceConstantBitrateCalls = BuildConfig.FORCE_CONSTANT_BITRATE_CALLS

// we use upsert, available from SQL3.24, which is supported from Android API30, so for older APIs we have to use SQLCipher
shouldEncryptData = !BuildConfig.DEBUG || Build.VERSION.SDK_INT < Build.VERSION_CODES.R,
lowerKeyPackageLimits = BuildConfig.PRIVATE_BUILD,
lowerKeyingMaterialsUpdateThreshold = BuildConfig.PRIVATE_BUILD,
isMLSSupportEnabled = BuildConfig.MLS_SUPPORT_ENABLED,
developmentApiEnabled = BuildConfig.DEVELOPMENT_API_ENABLED,
encryptProteusStorage = runBlocking { globalDataStore.isEncryptedProteusStorageEnabled().first() },
guestRoomLink = BuildConfig.ENABLE_GUEST_ROOM_LINK,
selfDeletingMessages = BuildConfig.SELF_DELETING_MESSAGES,
wipeOnCookieInvalid = BuildConfig.WIPE_ON_COOKIE_INVALID,
wipeOnDeviceRemoval = BuildConfig.WIPE_ON_DEVICE_REMOVAL,
wipeOnRootedDevice = BuildConfig.WIPE_ON_ROOTED_DEVICE,
isWebSocketEnabledByDefault = isWebsocketEnabledByDefault(context)
)
override val shouldEncryptData = !BuildConfig.DEBUG || Build.VERSION.SDK_INT < Build.VERSION_CODES.R
override val lowerKeyPackageLimits = BuildConfig.PRIVATE_BUILD
override val lowerKeyingMaterialsUpdateThreshold = BuildConfig.PRIVATE_BUILD
override var isMLSSupportEnabled = BuildConfig.MLS_SUPPORT_ENABLED
override val developmentApiEnabled = BuildConfig.DEVELOPMENT_API_ENABLED
override val encryptProteusStorage = runBlocking { globalDataStore.isEncryptedProteusStorageEnabled().first() }
override val guestRoomLink = BuildConfig.ENABLE_GUEST_ROOM_LINK
override val selfDeletingMessages = BuildConfig.SELF_DELETING_MESSAGES
override val wipeOnCookieInvalid = BuildConfig.WIPE_ON_COOKIE_INVALID
override val wipeOnDeviceRemoval = BuildConfig.WIPE_ON_DEVICE_REMOVAL
override val wipeOnRootedDevice = BuildConfig.WIPE_ON_ROOTED_DEVICE
override val isWebSocketEnabledByDefault = isWebsocketEnabledByDefault(context)
override fun certPinningConfig(): Map<String, List<String>> = BuildConfig.CERTIFICATE_PINNING_CONFIG
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import androidx.compose.runtime.mutableStateOf
import androidx.compose.runtime.setValue
import androidx.lifecycle.ViewModel
import androidx.lifecycle.viewModelScope
import com.wire.android.BuildConfig
import com.wire.android.appLogger
import com.wire.android.datastore.UserDataStore
import com.wire.android.di.AuthServerConfigProvider
Expand Down Expand Up @@ -85,7 +86,6 @@ class SelfUserProfileViewModel @Inject constructor(
private val wireSessionImageLoader: WireSessionImageLoader,
private val authServerConfigProvider: AuthServerConfigProvider,
private val selfServerLinks: SelfServerConfigUseCase,
private val kaliumConfigs: KaliumConfigs,
private val otherAccountMapper: OtherAccountMapper,
private val observeEstablishedCalls: ObserveEstablishedCallsUseCase,
private val accountSwitch: AccountSwitchUseCase,
Expand Down Expand Up @@ -228,7 +228,7 @@ class SelfUserProfileViewModel @Inject constructor(
fun tryToInitAddingAccount(onSucceeded: () -> Unit) {
viewModelScope.launch {
// the total number of accounts is otherAccounts + 1 for the current account
val canAddNewAccounts: Boolean = (userProfileState.otherAccounts.size + 1) < kaliumConfigs.maxAccount
val canAddNewAccounts: Boolean = (userProfileState.otherAccounts.size + 1) < BuildConfig.MAX_ACCOUNTS

if (!canAddNewAccounts) {
userProfileState = userProfileState.copy(maxAccountsReached = true)
Expand Down
4 changes: 3 additions & 1 deletion buildSrc/src/main/kotlin/customization/FeatureConfigs.kt
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ enum class ConfigType(val type: String) {
STRING("String"),
BOOLEAN("Boolean"),
INT("int"),
MapOfStringToListOfStrings("java.util.HashMap<String, java.util.List<String>>")
}

enum class FeatureConfigs(val value: String, val configType: ConfigType) {
Expand Down Expand Up @@ -88,6 +89,7 @@ enum class FeatureConfigs(val value: String, val configType: ConfigType) {
DEFAULT_BACKEND_URL_BLACKLIST("default_backend_url_blacklist", ConfigType.STRING),
DEFAULT_BACKEND_URL_WEBSITE("default_backend_url_website", ConfigType.STRING),
DEFAULT_BACKEND_TITLE("default_backend_title", ConfigType.STRING),
// TODO: Add support for default proxy configs

CERTIFICATE_PINNING_CONFIG("cert_pinning_config", ConfigType.MapOfStringToListOfStrings),
// TODO: Add support for default proxy configs
}
22 changes: 19 additions & 3 deletions buildSrc/src/main/kotlin/scripts/variants.gradle.kts
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ package scripts
import com.android.build.api.dsl.ApplicationProductFlavor
import com.android.build.api.dsl.ProductFlavor
import customization.ConfigType
import customization.Customization
import customization.Customization.getBuildtimeConfiguration
import customization.FeatureConfigs
import customization.FeatureFlags
Expand Down Expand Up @@ -175,7 +174,8 @@ android {
}

FeatureConfigs.values().forEach { configs ->
when (configs.configType) {
val imports = mutableListOf<String>()
val generatedConfig = when (configs.configType) {
ConfigType.STRING -> {
buildStringConfig(
flavor,
Expand All @@ -185,14 +185,30 @@ android {
)
}

ConfigType.INT, ConfigType.BOOLEAN -> {
ConfigType.INT,
ConfigType.BOOLEAN -> {
buildNonStringConfig(
flavor,
configs.configType.type,
configs.name,
flavorMap[flavor.name]?.get(configs.value).toString()
)
}

ConfigType.MapOfStringToListOfStrings -> {
val map = flavorMap[flavor.name]?.get(configs.value) as? Map<*, *>
val mapString = map?.map { (key, value) ->
"\"$key\", java.util.Arrays.asList(${(value as? List<*>)?.joinToString { "\"$it\"" } ?: ""})".let {
"put($it);"
}
}?.joinToString(",\n") ?: ""
buildNonStringConfig(
flavor,
configs.configType.type,
configs.name,
"new java.util.HashMap<String, java.util.List<String>>() {{\n$mapString\n}}"
)
}
}
}
}
Expand Down
23 changes: 13 additions & 10 deletions default.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,18 @@
"prod": {
"application_id": "com.wire",
"developer_features_enabled": false,
"logging_enabled": false,
"logging_enabled": true,
"application_is_private_build": false,
"development_api_enabled": false,
"mls_support_enabled": false
"mls_support_enabled": false,
"cert_pinning_config": {
"sha256/fnBeCwh0imI9t46Onid49IwvsB5vcf7RCvafRRdCyRE=": [
"**.prod-nginz-https.wire.com",
"**.prod-nginz-ssl.wire.com",
"**.prod-assets.wire.com",
"clientblacklist.wire.com"
]
}
},
"dev": {
"application_id": "com.waz.zclient.dev",
Expand Down Expand Up @@ -65,40 +73,35 @@
},
"application_name": "Wire",
"allow_sso_authentication_option": true,

"url_support": "https://support.wire.com",
"allow_account_creation" : true,
"allow_account_creation": true,
"max_accounts": 3,
"enable_blacklist": true,
"allow_email_change": true,
"enable_guest_room_link": true,
"file_restriction_enabled": false,
"file_restriction_list": "3gpp, aac, amr, avi, bmp, css, csv, dib, doc, docx, eml, flac, gif, html, ico, jfif, jpeg, jpg, jpg-large, key, m4a, m4v, md, midi, mkv, mov, mp3, mp4, mpeg, mpeg3, mpg, msg, ods, odt, ogg, pdf, pjp, pjpeg, png, pps, ppt, pptx, psd, pst, rtf, sql, svg, tex, tiff, txt, vcf, vid, wav, webm, webp, wmv, xls, xlsx, xml",
"force_constant_bitrate_calls": false,

"mls_support_enabled": true,
"encrypt_proteus_storage": false,
"self_deleting_messages": true,
"wipe_on_cookie_invalid": false,
"wipe_on_device_removal": false,
"wipe_on_rooted_device": false,
"websocket_enabled_by_default": false,

"firebase_push_sender_id": "782078216207",
"firebase_app_id": "1:782078216207:android:d3db2443512d2055",
"google_api_key": "AIzaSyBXtNKuX6GCKv2jDtsFImUaxCRL21DTLEQ",
"fcm_project_id": "w966768976",

"report_bug_menu_item_enabled": true,
"debug_screen_enabled": true,

"update_app_url": "https://wire.com/en/download/",

"default_backend_url_base_api": "https://prod-nginz-https.wire.com",
"default_backend_url_accounts": "https://account.wire.com",
"default_backend_url_base_websocket": "https://prod-nginz-ssl.wire.com",
"default_backend_url_teams": "https://teams.wire.com",
"default_backend_url_blacklist": "https://clientblacklist.wire.com/prod",
"default_backend_url_website": "https://wire.com",
"default_backend_title": "wire-production"
"default_backend_title": "wire-production",
"cert_pinning_config": {}
}
2 changes: 1 addition & 1 deletion kalium
Submodule kalium updated 31 files
+7 βˆ’1 logic/src/commonMain/kotlin/com/wire/kalium/logic/CoreLogic.kt
+4 βˆ’2 logic/src/commonMain/kotlin/com/wire/kalium/logic/GlobalKaliumScope.kt
+4 βˆ’2 logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/UserSessionScope.kt
+10 βˆ’2 logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/appVersioning/ObserveIfAppUpdateRequiredUseCase.kt
+8 βˆ’3 logic/src/commonMain/kotlin/com/wire/kalium/logic/feature/auth/AuthenticationScope.kt
+21 βˆ’23 logic/src/commonMain/kotlin/com/wire/kalium/logic/featureFlags/KaliumConfigs.kt
+3 βˆ’2 logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/auth/LogoutUseCaseTest.kt
+3 βˆ’2 logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/call/usecase/AnswerCallUseCaseTest.kt
+3 βˆ’2 logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/call/usecase/StartCallUseCaseTest.kt
+3 βˆ’2 logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/featureConfig/SyncFeatureConfigsUseCaseTest.kt
+2 βˆ’1 logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/keypackage/KeyPackageLimitsProviderTests.kt
+2 βˆ’1 logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/message/PendingProposalSchedulerTest.kt
+6 βˆ’5 logic/src/commonTest/kotlin/com/wire/kalium/logic/feature/rootDetection/CheckSystemIntegrityUseCaseTest.kt
+2 βˆ’1 logic/src/commonTest/kotlin/com/wire/kalium/logic/sync/receiver/FeatureConfigEventReceiverTest.kt
+44 βˆ’0 logic/src/commonTest/kotlin/com/wire/kalium/logic/util/KaliumConfigStub.kt
+16 βˆ’1 network/src/appleMain/kotlin/com/wire/kalium/network/defaultHttpEngine.kt
+15 βˆ’1 network/src/commonJvmAndroid/kotlin/com/wire/kalium/network/HttpEngine.kt
+3 βˆ’1 network/src/commonMain/kotlin/com/wire/kalium/network/HttpEngine.kt
+7 βˆ’1 ...ain/kotlin/com/wire/kalium/network/api/v0/authenticated/networkContainer/AuthenticatedNetworkContainerV0.kt
+7 βˆ’2 ...kotlin/com/wire/kalium/network/api/v0/unauthenticated/networkContainer/UnauthenticatedNetworkContainerV0.kt
+6 βˆ’1 ...ain/kotlin/com/wire/kalium/network/api/v2/authenticated/networkContainer/AuthenticatedNetworkContainerV2.kt
+7 βˆ’2 ...kotlin/com/wire/kalium/network/api/v2/unauthenticated/networkContainer/UnauthenticatedNetworkContainerV2.kt
+7 βˆ’1 ...ain/kotlin/com/wire/kalium/network/api/v3/authenticated/networkContainer/AuthenticatedNetworkContainerV3.kt
+7 βˆ’2 ...kotlin/com/wire/kalium/network/api/v3/unauthenticated/networkContainer/UnauthenticatedNetworkContainerV3.kt
+5 βˆ’2 ...ain/kotlin/com/wire/kalium/network/api/v4/authenticated/networkContainer/AuthenticatedNetworkContainerV4.kt
+7 βˆ’2 ...kotlin/com/wire/kalium/network/api/v4/unauthenticated/networkContainer/UnauthenticatedNetworkContainerV4.kt
+14 βˆ’7 network/src/commonMain/kotlin/com/wire/kalium/network/networkContainer/AuthenticatedNetworkContainer.kt
+14 βˆ’9 network/src/commonMain/kotlin/com/wire/kalium/network/networkContainer/UnauthenticatedNetworkContainer.kt
+9 βˆ’7 network/src/commonMain/kotlin/com/wire/kalium/network/networkContainer/UnboundNetworkContainer.kt
+6 βˆ’0 network/src/commonMain/kotlin/com/wire/kalium/network/session/SessionManager.kt
+10 βˆ’4 network/src/commonTest/kotlin/com/wire/kalium/api/ApiTest.kt

0 comments on commit ee78448

Please sign in to comment.