Handle CI injection of secrets, switch to bouncy castle, share App

.gitignore

@@ -42,3 +42,5 @@ thumbs.db
 
 /keystore
 /.babelish.token
+/app/src/prodApi/google-services.json
+/app/src/stageApi/google-services.json

NOTICE.txt

@@ -425,28 +425,28 @@ All rights reserved.
 
 http://www.opensource.org/licenses/bsd-license.php
 
-Redistribution and use in source and binary forms, with or without 
+Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
 
-    * Redistributions of source code must retain the above copyright notice, 
+    * Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright notice, 
-      this list of conditions and the following disclaimer in the documentation 
+    * Redistributions in binary form must reproduce the above copyright notice,
+      this list of conditions and the following disclaimer in the documentation
       and/or other materials provided with the distribution.
-    * Neither the name of the JSR305 expert group nor the names of its 
-      contributors may be used to endorse or promote products derived from 
+    * Neither the name of the JSR305 expert group nor the names of its
+      contributors may be used to endorse or promote products derived from
       this software without specific prior written permission.
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGE.
 
 Copyright 2008, Google Inc.
@@ -2307,8 +2307,8 @@ All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 
-- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 
-- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 
+- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
 - Neither the name of the <ORGANIZATION> nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
 
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
@@ -2574,8 +2574,8 @@ https://developer.android.com/studio/terms.html
    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    See the License for the specific language governing permissions and
    limitations under the License.
-   
-   
+
+
 http://creativecommons.org/publicdomain/zero/1.0/
 http://www.apache.org/licenses/LICENSE-2.0.txt
 http://www.apache.org/licenses/LICENSE-2.0.txt

app/build.gradle

@@ -4,7 +4,7 @@ apply plugin: 'kotlin-android'
 apply plugin: 'kotlin-android-extensions'
 apply plugin: 'kotlin-kapt'
 apply plugin: 'com.google.android.gms.oss-licenses-plugin'
-apply from: "../gradle/base.gradle"
+apply from: "$rootDir/gradle/base.gradle"
 
 def apiVersion = "1.1"
 def minorVersion = "4"
@@ -23,9 +23,6 @@ android {
         versionCode buildCode
         versionName buildName
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
-        manifestPlaceholders = [
-                nearbyApiKey: "insert_google_nearby_api_key",
-        ]
     }
 
     signingConfigs {
@@ -37,23 +34,55 @@ android {
         }
 
         debug {
-            keyAlias "android_debug_key"
-            storeFile file("../keystore/android_debug.keystore")
-            storePassword "android_debug"
-            keyPassword "android_debug"
+            def keyStoreFile = file("../keystore/android_debug.keystore")
+            if (keyStoreFile.exists()) {
+                keyAlias "android_debug_key"
+                storeFile keyStoreFile
+                storePassword "android_debug"
+                keyPassword "android_debug"
+            }
         }
     }
 
     flavorDimensions "default"
 
     productFlavors {
+        dummyApi {
+            /*
+             * Default values provided for CI during merge requests only.
+             *
+             * Always provide real values through local.properties
+             */
+            buildConfigField "String", "HOSTNAME", '"dummy"'
+            buildConfigField "String", "BASE_URL", '"dummy"'
+            buildConfigField "String[]", "CERTIFICATE_CHAIN", '{}'
+            buildConfigField "String", "AUTHORIZATION_VALUE", '"dummy"'
+            buildConfigField "String", "P2P_APPLICATION_KEY", '"dummy"'
+
+            resValue "string", "NEARBY_API_KEY", '"dummy"'
+        }
+
         stageApi {
             applicationIdSuffix ".stage"
             versionName versionString + "." + buildCode.toString() + "-" + getGitDescribe() + "-stageApi"
+
+            buildConfigField "String", "HOSTNAME", resolveProperty("STAGE_HOSTNAME", '"dummy"')
+            buildConfigField "String", "BASE_URL", resolveProperty("STAGE_BASE_URL", '"dummy"')
+            buildConfigField "String[]", "CERTIFICATE_CHAIN", resolveProperty("STAGE_CERTIFICATE_CHAIN", '{}')
+            buildConfigField "String", "AUTHORIZATION_VALUE", resolveProperty("STAGE_AUTHORIZATION_VALUE", '"dummy"')
+            buildConfigField "String", "P2P_APPLICATION_KEY", resolveProperty("STAGE_P2P_APPLICATION_KEY", '"dummy"')
+
+            resValue "string", "NEARBY_API_KEY", resolveProperty("STAGE_NEARBY_API_KEY", '"dummy"')
         }
 
         prodApi {
-            // Add PlayStore specific configurations
+            buildConfigField "String", "HOSTNAME", resolveProperty("PROD_HOSTNAME", '"dummy"')
+            buildConfigField "String", "BASE_URL", resolveProperty("PROD_BASE_URL", '"dummy"')
+            buildConfigField "String[]", "CERTIFICATE_CHAIN", resolveProperty("PROD_CERTIFICATE_CHAIN", '{}')
+            buildConfigField "String", "AUTHORIZATION_VALUE", resolveProperty("PROD_AUTHORIZATION_VALUE", '"dummy"')
+            buildConfigField "String", "P2P_APPLICATION_KEY", resolveProperty("PROD_P2P_APPLICATION_KEY", '"dummy"')
+
+            resValue "string", "NEARBY_API_KEY", resolveProperty("PROD_NEARBY_API_KEY", '"dummy"')
         }
     }
 
@@ -115,10 +144,11 @@ dependencies {
     def nearbyVersion = "17.0.0"
     implementation "com.google.android.gms:play-services-nearby:$nearbyVersion"
 
-    def spongyCastleCoreVersion = "1.58.0.0"
-    implementation "com.madgag.spongycastle:core:$spongyCastleCoreVersion"
-    implementation "com.madgag.spongycastle:prov:$spongyCastleCoreVersion"
-    implementation "com.madgag.spongycastle:bcpkix-jdk15on:$spongyCastleCoreVersion"
+    // When upgrading, please check if `android.jetifier.blacklist=bcprov-jdk15on` in
+    // gradle.properties is still needed
+    def bouncyCastleCoreVersion = "1.65"
+    implementation "org.bouncycastle:bcprov-jdk15on:$bouncyCastleCoreVersion"
+    implementation "org.bouncycastle:bcpkix-jdk15on:$bouncyCastleCoreVersion"
 
     def work_version = "2.3.4"
     implementation "androidx.work:work-runtime-ktx:$work_version"

app/src/debug/java/at/roteskreuz/stopcorona/di/FlavourDependentModule.kt

@@ -6,5 +6,4 @@ import org.koin.dsl.module.module
  * Module for providing flavour dependent dependencies.
  */
 internal val flavourDependentModule = module {
-    // do nothing
 }

app/src/dummyApi/google-services.json

@@ -0,0 +1,34 @@
+{
+  "project_info": {
+    "project_number": "0",
+    "firebase_url": "https://my-app-0.firebaseio.com",
+    "project_id": "my-app-0",
+    "storage_bucket": "my-app-0.appspot.com"
+  },
+  "client": [
+    {
+      "client_info": {
+        "mobilesdk_app_id": "1:0:android:0",
+        "android_client_info": {
+          "package_name": "at.roteskreuz.stopcorona"
+        }
+      },
+      "oauth_client": [
+        {
+          "client_id": "0-none.apps.googleusercontent.com",
+          "client_type": 3
+        }
+      ],
+      "api_key": [
+        {
+          "current_key": "none-none"
+        }
+      ],
+      "services": {
+        "appinvite_service": {
+        }
+      }
+    }
+  ],
+  "configuration_version": "1"
+}

app/src/main/AndroidManifest.xml

@@ -33,7 +33,7 @@
 
         <meta-data
             android:name="com.google.android.nearby.messages.API_KEY"
-            android:value="${nearbyApiKey}" />
+            android:value="@string/NEARBY_API_KEY" />
 
         <activity
             android:name=".screens.routing.RouterActivity"

app/src/main/java/at/roteskreuz/stopcorona/constants/Constants.kt

@@ -1,5 +1,6 @@
 package at.roteskreuz.stopcorona.constants
 
+import at.roteskreuz.stopcorona.BuildConfig
 import at.roteskreuz.stopcorona.BuildConfig.APPLICATION_ID
 import at.roteskreuz.stopcorona.skeleton.core.constants.BaseAppRequest
 import org.threeten.bp.Duration
@@ -9,11 +10,8 @@ import org.threeten.bp.Duration
  */
 object Constants {
 
-    const val EN = "en"
-    const val DE = "de"
-
     /**
-     * Constant useful for debugging.
+     * Constants useful for debugging.
      */
     object Debug {
 
@@ -28,22 +26,23 @@ object Constants {
         /**
          * Minimum time between offline syncs in ms.
          */
-        val OFFLINE_SYNC_INTERVAL = if (isDebug) {
-            5L * 60 * 1000 // 5m
+        val OFFLINE_SYNC_INTERVAL: Duration = if (isDebug) {
+            Duration.ofMinutes(5)
         } else {
-            1L * 60 * 60 * 1000 // 1h
+            Duration.ofHours(1)
         }
 
-        const val SELF_RETEST_NOTIFICATION_PERIOD = 6L * 60 * 60 * 1000 // 6h
+        /**
+         * Minimum delay between self retest notifications.
+         */
+        val SELF_RETEST_NOTIFICATION_INTERVAL: Duration = Duration.ofHours(6)
     }
 
     /**
      * Constants related to the domain.
      */
     object Domain {
 
-        const val QUARANTINE_STAY_DURATION = 14 // days
-
         /**
          * Array of weights to calculate the risk of being in a proximity class for one minute.
          *
@@ -54,7 +53,7 @@ object Constants {
         /**
          * Interval (sliding window) of time to consider when detecting intensive contacts.
          */
-        val INTENSIVE_CONTACT_DETECTION_INTERVAL = Duration.ofHours(1)
+        val INTENSIVE_CONTACT_DETECTION_INTERVAL: Duration = Duration.ofHours(1)
 
         /**
          * Score from which a contact is considered an intensive contact.
@@ -84,21 +83,35 @@ object Constants {
         const val PREFERENCES_MIGRATION_MANAGER_PREFIX = PREFIX + "preferences_migration_manager_"
     }
 
+    /**
+     * Constants related to network interaction.
+     */
     object API {
-        const val BASE_URL = FlavorConstants.API.BASE_URL
+
+        const val HOSTNAME = BuildConfig.HOSTNAME
+        const val BASE_URL = BuildConfig.BASE_URL
+        val CERTIFICATE_CHAIN: Array<String> = BuildConfig.CERTIFICATE_CHAIN
 
         const val HTTP_CACHE_SIZE = 64L * 1024L * 1024L // 64 MB
 
         object Header {
             const val AUTHORIZATION_KEY = "AuthorizationKey"
-            const val AUTHORIZATION_VALUE = FlavorConstants.API.Header.AUTHORIZATION_VALUE
+            const val AUTHORIZATION_VALUE = BuildConfig.AUTHORIZATION_VALUE
             const val APP_ID_KEY = "X-AppId"
             const val APP_ID_VALUE = APPLICATION_ID
         }
     }
 
     /**
-     * Constant related to database.
+     * Constants related to P2Pkit.
+     */
+    object P2PDiscovery {
+
+        const val APPLICATION_KEY = BuildConfig.P2P_APPLICATION_KEY
+    }
+
+    /**
+     * Constants related to database.
      */
     object DB {
 
@@ -121,6 +134,9 @@ object Constants {
         const val AUTOMATIC_DETECTION_NOTIFICATION_ID = APP_BASE_REQUEST + (2 shl OFFSET)
     }
 
+    /**
+     * Constants related to security.
+     */
     object Security {
 
         const val KEYSTORE = "AndroidKeyStore"
@@ -136,6 +152,9 @@ object Constants {
         const val ADDRESS_PREFIX_LENGTH = 8
     }
 
+    /**
+     * Constants related to Google nearby.
+     */
     object Nearby {
 
         /**
@@ -163,12 +182,6 @@ object Constants {
         const val PUBLIC_KEY_LOOKUP_THRESHOLD_MINUTES = 15L
     }
 
-    object Misc {
-        const val EMPTY_STRING = ""
-        const val SPACE = " "
-        const val UTF_8 = "utf-8"
-    }
-
     /**
      * Ids of the notification channels the app is notifying through.
      */
@@ -181,6 +194,9 @@ object Constants {
         const val CHANNEL_AUTOMATIC_DETECTION = "channel_automatic_detection"
     }
 
+    /**
+     * Country codes for questionnaires.
+     */
     object Questionnaire {
 
         const val COUNTRY_CODE_CZ = "cz"
@@ -190,4 +206,13 @@ object Constants {
         const val COUNTRY_CODE_HU = "hu"
         const val COUNTRY_CODE_SK = "sk"
     }
+
+    /**
+     * Other constants without some relation.
+     */
+    object Misc {
+
+        const val EMPTY_STRING = ""
+        const val SPACE = " "
+    }
 }

app/src/main/java/at/roteskreuz/stopcorona/di/ContextDependentModule.kt

@@ -25,7 +25,7 @@ internal val contextDependentModule = module {
 
     single<ContextInteractor> {
         ContextInteractorImpl(
-            context = get()
+            context = androidContext()
         )
     }
 

app/src/main/java/at/roteskreuz/stopcorona/di/RemoteModule.kt

@@ -2,9 +2,9 @@ package at.roteskreuz.stopcorona.di
 
 import android.content.Context
 import at.roteskreuz.stopcorona.constants.Constants
+import at.roteskreuz.stopcorona.constants.Constants.API.CERTIFICATE_CHAIN
+import at.roteskreuz.stopcorona.constants.Constants.API.HOSTNAME
 import at.roteskreuz.stopcorona.constants.Constants.API.Header
-import at.roteskreuz.stopcorona.constants.FlavorConstants.API.CERTIFICATE_CHAIN
-import at.roteskreuz.stopcorona.constants.FlavorConstants.API.HOSTNAME
 import at.roteskreuz.stopcorona.constants.isBeta
 import at.roteskreuz.stopcorona.constants.isDebug
 import at.roteskreuz.stopcorona.model.api.ApiDescription