Merge pull request #1 from smartdevicelink/develop

v1.0 Release

.github/CONTRIBUTING.md

@@ -0,0 +1,29 @@
+# Contributing to SDL Projects
+
+Third party contributions are essential for making SDL great. However, we do have a few guidelines we need contributors to follow.
+
+### Issues
+If writing a bug report, please make sure <a href="http://yourbugreportneedsmore.info" target="_blank">it has enough info</a>. Include all relevant information.
+
+If requesting a feature, understand that we appreciate the input! However, it may not immediately fit our roadmap, and it may take a while for us to get to your request.
+
+### Gitflow
+We use <a href="http://nvie.com/posts/a-successful-git-branching-model/">Gitflow</a> as our branch management system. Please follow gitflow's guidelines while contributing to any SDL project.
+
+### Pull Requests
+* Please follow the repository's for all code and documentation.
+* All feature branches should be based on `develop` and have the format `feature/branch_name`.
+* Minor bug fixes, that is bug fixes that do not change, add, or remove any public API, should be based on `master` and have the format `hotfix/branch_name`.
+* All pull requests should implement a single feature or fix a single bug. Pull Requests that involve multiple changes (it is our discretion what precisely this means) will be rejected with a reason.
+* All commits should separated into logical units, i.e. unrelated changes should be in different commits within a pull request.
+* Work in progress pull requests should have "[WIP]" in front of the Pull Request title. When you believe the pull request is ready to merge, remove this tag and @mention the appropriate SDL team to schedule a review.
+* All new code *must* include unit tests. Bug fixes should have a test that fails previously and now passes. All new features should be covered. If your code does not have tests, or regresses old tests, it will be rejected.
+* A great example of a <a href="https://github.com/smartdevicelink/SmartDeviceLink-iOS/pull/45" "_target>pull request can be found here</a>.
+
+### Contributor's License Agreement (CLA)
+In order to accept Pull Requests from contributors, you must first sign [the Contributor's License Agreement](https://docs.google.com/forms/d/1VNR8EUd5b46cQ7uNbCq1fJmnu0askNpUp5dudLKRGpU/viewform). If you need to make a change to information that you entered, [please contact us](mailto:theresa@livio.io).
+
+### Repository Specific Guidelines
+  * <a href="https://github.com/smartdevicelink/sdl_android/wiki/Style-Guide" target="blank">Android Style Guide</a>
+  * Please document all code written. Write [JavaDoc style documentation](http://www.oracle.com/technetwork/articles/java/index-137868.html) for methods, and use inline code comments where it makes sense, i.e. for non-obvious code chunks.
+

.github/ISSUE_TEMPLATE.md

@@ -0,0 +1,23 @@
+[Delete any non-applicable sections, but we may ask for more information. Please reference the [SmartDeviceLink GitHub Best Practices](https://d83tozu1c8tt6.cloudfront.net/media/resources/SDL_GitHub_BestPractices.pdf) for further instructions on how to enter an issue.]
+
+### Bug Report
+[Summary]
+
+##### Reproduction Steps
+1. [Step 1]
+2. [Step 2]
+3. [Step 3]
+
+##### Expected Behavior
+[Some expected behavior]
+
+##### Observed Behavior
+[Some observed behavior]
+
+##### OS & Version Information
+* Android Version: [What version of Android are you using when the bug occurred]
+* SDL Android Version: [What version of the library has this bug been seen on]
+* Testing Against: [What you tested with to observe this behavior]
+
+##### Test Case, Sample Code, and / or Example App
+[Paste a link to a PR, gist, or other code that exemplifies this behavior]

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,33 @@
+[Things to note: Pull Requests **must** fix an issue. Discussion about the feature / bug takes place in the issue, discussion of the implementation takes place in the PR. Please also see the [Contributing Guide](https://github.com/smartdevicelink/sdl_security_java_suite/blob/develop/.github/CONTRIBUTING.md) for information on branch naming and the CLA, and the [SmartDeviceLink GitHub Best Practices](https://d83tozu1c8tt6.cloudfront.net/media/resources/SDL_GitHub_BestPractices.pdf) document for more information on how to enter a pull request.  Once this PR is ready for review, please request one from the authors @bilal-alsharifi and @BrettyWhite
+
+Delete the above section when you've read it.]
+
+Fixes #[issue number]
+
+This PR is **[ready / not ready]** for review.
+
+### Risk
+This PR makes **[no / minor / major]** API changes.
+
+### Testing Plan
+[Describe how you plan to unit test the changes in this PR]
+
+### Summary
+[Summary of PR changes]
+
+### Changelog
+##### Breaking Changes
+* [Breaking change info]
+
+##### Enhancements
+* [Enhancement info]
+
+##### Bug Fixes
+* [Bug Fix Info]
+
+### Tasks Remaining:
+- [ ] [Task 1]
+- [ ] [Task 2]
+
+### CLA
+- [ ] I have signed [the CLA](https://docs.google.com/forms/d/e/1FAIpQLSdsgJY33VByaX482zHzi-xUm49JNnmuJOyAM6uegPQ2LXYVfA/viewform)

.gitignore

@@ -0,0 +1,230 @@
+### Android ###
+# Built application files
+*.apk
+*.ap_
+*.aab
+# Files for the ART/Dalvik VM
+*.dex
+# Java class files
+*.class
+# Generated files
+bin/
+gen/
+out/
+release/
+# Gradle files
+.gradle/
+/SdlSecurity/gradle/wrapper/gradle-wrapper.jar
+build/
+# Local configuration file (sdk path, etc)
+local.properties
+# Proguard folder generated by Eclipse
+proguard/
+# Log Files
+*.log
+# Android Studio Navigation editor temp files
+.navigation/
+# Android Studio captures folder
+captures/
+# IntelliJ
+*.iml
+.idea/workspace.xml
+.idea/tasks.xml
+.idea/gradle.xml
+.idea/assetWizardSettings.xml
+.idea/dictionaries
+.idea/libraries
+# Android Studio 3 in .gitignore file.
+.idea/caches
+.idea/modules.xml
+# Comment next line if keeping position of elements in Navigation Editor is relevant for you
+.idea/navEditor.xml
+# Keystore files
+# Uncomment the following lines if you do not want to check your keystore files in.
+#*.jks
+#*.keystore
+# External native build folder generated in Android Studio 2.2 and later
+.externalNativeBuild
+# Google Services (e.g. APIs or Firebase)
+# google-services.json
+# Freeline
+freeline.py
+freeline/
+freeline_project_description.json
+# fastlane
+fastlane/report.xml
+fastlane/Preview.html
+fastlane/screenshots
+fastlane/test_output
+fastlane/readme.md
+# Version control
+vcs.xml
+# lint
+lint/intermediates/
+lint/generated/
+lint/outputs/
+lint/tmp/
+# lint/reports/
+### Android Patch ###
+gen-external-apklibs
+output.json
+# Replacement of .externalNativeBuild directories introduced
+# with Android Studio 3.5.
+.cxx/
+### C ###
+# Prerequisites
+*.d
+# Object files
+*.o
+*.ko
+*.obj
+*.elf
+# Linker output
+*.ilk
+*.map
+*.exp
+# Precompiled Headers
+*.gch
+*.pch
+# Libraries
+*.lib
+*.la
+*.lo
+# Shared objects (inc. Windows DLLs)
+*.dll
+# Executables
+*.exe
+*.out
+*.app
+*.i*86
+*.x86_64
+*.hex
+# Debug files
+*.dSYM/
+*.su
+*.idb
+*.pdb
+# Kernel Module Compile Results
+*.mod*
+*.cmd
+.tmp_versions/
+modules.order
+Module.symvers
+Mkfile.old
+dkms.conf
+### C++ ###
+# Prerequisites
+# Compiled Object files
+*.slo
+# Precompiled Headers
+# Compiled Dynamic libraries
+# Fortran module files
+*.mod
+*.smod
+# Compiled Static libraries
+*.lai
+# Executables
+### Java ###
+# Compiled class file
+# Log file
+# BlueJ files
+*.ctxt
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+### macOS ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+# Icon must end with two \r
+Icon
+# Thumbnails
+._*
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+### AndroidStudio ###
+# Covers files to be ignored for android development using Android Studio.
+# Built application files
+# Files for the ART/Dalvik VM
+# Java class files
+# Generated files
+# Gradle files
+.gradle
+# Signing files
+.signing/
+# Local configuration file (sdk path, etc)
+# Proguard folder generated by Eclipse
+# Log Files
+# Android Studio
+/*/build/
+/*/local.properties
+/*/out
+/*/*/build
+/*/*/production
+*.ipr
+*~
+*.swp
+# Android Patch
+# External native build folder generated in Android Studio 2.2 and later
+# NDK
+obj/
+# IntelliJ IDEA
+*.iws
+/out/
+# User-specific configurations
+.idea/caches/
+.idea/libraries/
+.idea/shelf/
+.idea/.name
+.idea/compiler.xml
+.idea/copyright/profiles_settings.xml
+.idea/encodings.xml
+.idea/misc.xml
+.idea/scopes/scope_settings.xml
+.idea/vcs.xml
+.idea/jsLibraryMappings.xml
+.idea/datasources.xml
+.idea/dataSources.ids
+.idea/sqlDataSources.xml
+.idea/dynamic.xml
+.idea/uiDesigner.xml
+# OS-specific files
+.DS_Store?
+ehthumbs.db
+Thumbs.db
+# Legacy Eclipse project files
+.classpath
+.project
+.cproject
+.settings/
+# Mobile Tools for Java (J2ME)
+# Package Files #
+# virtual machine crash logs (Reference: http://www.java.com/en/download/help/error_hotspot.xml)
+## Plugin-specific files:
+# mpeltonen/sbt-idea plugin
+.idea_modules/
+# JIRA plugin
+atlassian-ide-plugin.xml
+# Mongo Explorer plugin
+.idea/mongoSettings.xml
+# Crashlytics plugin (for Android Studio and IntelliJ)
+com_crashlytics_export_strings.xml
+crashlytics.properties
+crashlytics-build.properties
+fabric.properties
+### AndroidStudio Patch ###
+!/gradle/wrapper/gradle-wrapper.jar

LICENSE

@@ -0,0 +1,28 @@
+Copyright (c) 2017 - 2019, SmartDeviceLink Consortium, Inc.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+* Neither the name of SmartDeviceLink Consortium, Inc. nor the names of its
+  contributors may be used to endorse or promote products derived from
+  this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

README.md

@@ -1 +1,26 @@
-Work in progress...
+# SDL Security Java Suite
+
+SDL Security is a TLS based security library built to interact with sdl_java_suite and provide TLS certificate authentication and encryption / decryption.
+
+### When is this useful?
+This library can be used to allow TLS authentication on a specific RPC service, for example the RPC or Video service.
+
+### How do I use it?
+This library is primarily for automotive OEMs to base their own proprietary library on. The OEM may change the URL to retrieve a certificate, and may want to provide additional protection to this library. Otherwise, it will be quite easy for an attacker to take the certificate and defeat the TLS protection.
+
+The OEM must also rename this library and classes for the reasons seen below.
+
+To use this library, the developer will pass the name of the class into the `SdlManager`'s builder' method:
+```
+List<Class<? extends SdlSecurityBase>> secList = new ArrayList<>();
+secList.add(SdlSecurity.class);
+builder.setSdlSecurity(secList, null);
+```
+
+They must also pass in the name of the Vehicle 'Makes' that library is used for, for example, a Ford library may be used for `["Ford", "Lincoln"]`. This must match what is passed through the `register app interface` RPC response. For more information on how to setup the library, please check the [resources folder](/resources/readme.md).
+
+#### Rebuild Native Code
+If you would like to rebuild the native code for OpenSSL or tlsEngine, please check the [instructions here](/resources/compile_native_code.md).
+
+#### Security Note:
+Anyone implementing this library should take care to add additional protections as this library is not cryptographically secure out-of-the box.

SdlSecurity/.gitignore

@@ -0,0 +1,14 @@
+*.iml
+.gradle
+/local.properties
+/.idea/caches
+/.idea/libraries
+/.idea/modules.xml
+/.idea/workspace.xml
+/.idea/navEditor.xml
+/.idea/assetWizardSettings.xml
+.DS_Store
+/build
+/captures
+.externalNativeBuild
+.cxx