kumi/Android-Password-Store
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(build): implement certificate pinning

Browse source
This commit is contained in:
Harsh Shandilya 2023-04-27 15:57:23 +05:30
parent 3e67280f65
commit 0542963ae0
No known key found for this signature in database
3 changed files with 36 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
build-logic/src/main/kotlin/app/passwordstore/gradle/OkHttp.kt Normal file
View file

@ -0,0 +1,31 @@
package app.passwordstore.gradle
import java.util.concurrent.TimeUnit
import okhttp3.CertificatePinner
import okhttp3.OkHttpClient
object OkHttp {
private val certificatePinner =
CertificatePinner.Builder()
.add(
"api.crowdin.com",
"sha256/qKpGqFXXIteblI82BcMyRX0eC2o7lpL9XVInWKIG7rc=",
"sha256/DxH4tt40L+eduF6szpY6TONlxhZhBd+pJ9wbHlQ2fuw=",
"sha256/++MBgDH5WGvL9Bcn5Be30cRcL0f5O+NyoXuWtQdX1aI=",
)
.add(
"publicsuffix.org",
"sha256/GHmZgxELzHuqpSexbC20wv6kqtrqS6BFdKs0z5pciGw=",
"sha256/cXjPgKdVe6iojP8s0YQJ3rtmDFHTnYZxcYvmYGFiYME=",
"sha256/hxqRlPTu1bMS/0DITB1SSu0vd4u/8l8TjPgfaAp63Gc=",
)
.build()
val CLIENT =
OkHttpClient.Builder()
.connectTimeout(5, TimeUnit.MINUTES)
.writeTimeout(5, TimeUnit.MINUTES)
.readTimeout(5, TimeUnit.MINUTES)
.callTimeout(10, TimeUnit.MINUTES)
.certificatePinner(certificatePinner)
.build()
}

14
build-logic/src/main/kotlin/app/passwordstore/gradle/crowdin/BuildOnApiTask.kt
View file

@ -1,11 +1,10 @@
package app.passwordstore.gradle.crowdin
import app.passwordstore.gradle.OkHttp
import app.passwordstore.gradle.crowdin.api.ListProjects
import com.squareup.moshi.Moshi
import com.squareup.moshi.kotlin.reflect.KotlinJsonAdapterFactory
import java.util.concurrent.TimeUnit
import okhttp3.MediaType.Companion.toMediaType
import okhttp3.OkHttpClient
import okhttp3.Request
import okhttp3.RequestBody.Companion.toRequestBody
import org.gradle.api.DefaultTask
@ -24,13 +23,6 @@ abstract class BuildOnApiTask : DefaultTask() {
@TaskAction
fun doWork() {
val client =
OkHttpClient.Builder()
.connectTimeout(5, TimeUnit.MINUTES)
.writeTimeout(5, TimeUnit.MINUTES)
.readTimeout(5, TimeUnit.MINUTES)
.callTimeout(10, TimeUnit.MINUTES)
.build()
val moshi = Moshi.Builder().add(KotlinJsonAdapterFactory()).build()
val projectAdapter = moshi.adapter(ListProjects::class.java)
val projectRequest =
@ -39,7 +31,7 @@ abstract class BuildOnApiTask : DefaultTask() {
.header("Authorization", "Bearer ${crowdinKey.get()}")
.get()
.build()
client.newCall(projectRequest).execute().use { response ->
OkHttp.CLIENT.newCall(projectRequest).execute().use { response ->
val projects = projectAdapter.fromJson(response.body!!.source())
if (projects != null) {
val identifier =
@ -54,7 +46,7 @@ abstract class BuildOnApiTask : DefaultTask() {
.header("Authorization", "Bearer ${crowdinKey.get()}")
.post("{}".toRequestBody("application/json".toMediaType()))
.build()
client.newCall(buildRequest).execute().close()
OkHttp.CLIENT.newCall(buildRequest).execute().close()
}
}
}

6
build-logic/src/main/kotlin/app/passwordstore/gradle/psl/PSLUpdateTask.kt
View file

@ -5,8 +5,8 @@
package app.passwordstore.gradle.psl
import app.passwordstore.gradle.OkHttp
import java.util.TreeSet
import okhttp3.OkHttpClient
import okhttp3.Request
import okio.ByteString
import okio.ByteString.Companion.encodeUtf8
@ -32,12 +32,10 @@ abstract class PSLUpdateTask : DefaultTask() {
}
private fun fetchPublicSuffixList(): PublicSuffixListData {
val client = OkHttpClient.Builder().build()
val request =
Request.Builder().url("https://publicsuffix.org/list/public_suffix_list.dat").build()
client.newCall(request).execute().use { response ->
OkHttp.CLIENT.newCall(request).execute().use { response ->
val source = requireNotNull(response.body).source()
val data = PublicSuffixListData()