chore: optimization of db and rest calls on App start #8947

[duttarnab]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #8947

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

• I confirm that there is no impact on the docs due to the code changes in this PR.

[dryrunsecurity]

DryRun Security Summary

The provided code changes cover a wide range of functionality in the "Jans Chip" Android application, including the handling of OIDC client configurations, FIDO configurations, app integrity verification, authentication and authorization, and various UI-related components, all of which generally follow best practices and do not introduce any obvious security vulnerabilities.

Expand for full summary

Summary:

The provided code changes cover a wide range of functionality in the "Jans Chip" Android application, including the handling of OIDC client configurations, FIDO configurations, app integrity verification, authentication and authorization, and various UI-related components.

From a security perspective, the changes generally follow best practices and do not introduce any obvious security vulnerabilities. The code demonstrates a strong focus on secure implementation, with the use of DPoP access tokens, FIDO2 authentication, app integrity checks, and proper error handling. The refactoring and reorganization of the codebase also contribute to improving the overall security and maintainability of the application.

However, it's important to continue reviewing the implementation details and the broader context of the application to ensure that all security-sensitive components are properly secured and that there are no underlying vulnerabilities. Aspects such as input validation, secure storage of sensitive data, and thorough testing of the authentication and authorization flows should be carefully examined.

Files Changed:

1. OIDCClient.kt: The changes in this file focus on improving the error handling and consistency of the OIDCClient data class, which is likely used to manage the OIDC client configuration.
2. OPConfiguration.kt: The changes in this file involve improving the error handling and consistency of the OPConfiguration data class, which is used to store the OpenID Provider configuration.
3. README.md: The changes in this file provide an overview of the security features implemented in the Android application, including the use of the Play Integrity API, attested DCR, FIDO2 authentication, and DPoP access tokens.
4. MainActivity.kt: The changes in this file focus on refactoring the loading and initialization of the application, including the fetching of OIDC and FIDO configurations, OIDC client registration, and app integrity checks.
5. UserInfoResponse.kt: The changes in this file involve modifying the default state of the UserInfoResponse class, which may have implications for how the application handles and presents errors related to user information retrieval.
6. AppIntegrityResponse.kt: The changes in this file involve modifying the default state of the AppIntegrityResponse class, which is used to handle the response from app and device integrity checks.
7. FidoConfiguration.kt: The changes in this file involve the addition of isSuccessful and errorMessage properties to the FidoConfiguration data class, which suggests improvements in the handling of FIDO configuration-related operations.
8. DCRRepository.kt: The changes in this file focus on improving the handling of OIDC client registration, including the use of DPoP tokens and the storage of client information in the local database.
9. OPConfigurationRepository.kt: The changes in this file involve improvements to the fetching and caching of the OpenID Provider configuration, including the use of DPoP proof to retrieve the issuer information.
10. FidoConfigurationRepository.kt: The changes in this file focus on improving the handling of FIDO configuration management, including the fetching, storing, and deleting of the FIDO configuration data.
11. LoginResponseRepository.kt: The changes in this file involve a simple renaming of a function, without any apparent security implications.
12. PlayIntegrityRepository.kt: The changes in this file involve a minor refactoring of the getAppIntegrityEntityInDatabase() function, which does not introduce any security concerns.
13. Color.kt and Theme.kt: The changes in these files are related to the reorganization of the application's color and theme-related code, without any direct security implications.
14. APIInterface.kt: The changes in this file involve the refactoring of the API interface, including the removal of commented-out code and the streamlining of the available API methods.
15. DashboardScreen.kt: The changes in this file focus on improving the handling of user authentication, authorization, and logout functionality in the dashboard screen.
16. LoginViewModel.kt and LoginScreen.kt: The changes in these files are related to the implementation of the login functionality, including the use of biometric authentication.
17. RegistrationScreen.kt: The changes in this file focus on the implementation of the FIDO-based registration process, including the use of biometric authentication.
18. MainState.kt: The changes in this file involve the refactoring of the application's state management, which is an important aspect of the overall security architecture.
    19

Code Analysis

We ran 7 analyzers against 30 files and 0 analyzers had findings. 7 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.