diff --git a/CHANGELOG.md b/CHANGELOG.md index a94a1e1bc9..806358065c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,8 @@ All notable changes to this project will be documented in this file. ### Added ### Changed ### Removed +* core: SSL Pinning has been removed +* ui: Datatrans SSL Pinning has been deactivated ### Fixed ## [0.79.0] diff --git a/core/src/main/java/io/snabble/sdk/Config.kt b/core/src/main/java/io/snabble/sdk/Config.kt index d707ec833f..10f4c43643 100644 --- a/core/src/main/java/io/snabble/sdk/Config.kt +++ b/core/src/main/java/io/snabble/sdk/Config.kt @@ -1,13 +1,18 @@ package io.snabble.sdk import android.content.Context -import com.google.gson.* +import com.google.gson.JsonDeserializationContext +import com.google.gson.JsonDeserializer +import com.google.gson.JsonElement +import com.google.gson.JsonNull +import com.google.gson.JsonPrimitive +import com.google.gson.JsonSerializationContext +import com.google.gson.JsonSerializer import io.snabble.sdk.utils.Dispatch import io.snabble.sdk.utils.GsonHolder import io.snabble.sdk.utils.Logger import okhttp3.Interceptor import java.io.File -import java.lang.Exception import java.lang.reflect.Type import java.util.concurrent.TimeUnit @@ -96,10 +101,6 @@ data class Config ( @JvmField var maxShoppingCartAge: Long = TimeUnit.HOURS.toMillis(4), - /** If set to true, disables certificate pinning. Not recommended for production! */ - @JvmField - var disableCertificatePinning: Boolean = false, - /** SQL queries that will get executed in order on the product database. */ @JvmField var initialSQL: List = emptyList(), diff --git a/core/src/main/java/io/snabble/sdk/OkHttpClientFactory.kt b/core/src/main/java/io/snabble/sdk/OkHttpClientFactory.kt index b44a1f12ee..d9632088ca 100644 --- a/core/src/main/java/io/snabble/sdk/OkHttpClientFactory.kt +++ b/core/src/main/java/io/snabble/sdk/OkHttpClientFactory.kt @@ -6,55 +6,20 @@ import io.snabble.sdk.auth.useragent.UserAgentInterceptor import io.snabble.sdk.utils.LetsEncryptCertHelper import io.snabble.sdk.utils.Logger import okhttp3.Cache -import okhttp3.CertificatePinner import okhttp3.OkHttpClient import java.util.concurrent.TimeUnit @RestrictTo(RestrictTo.Scope.LIBRARY) internal object OkHttpClientFactory { - private val PINS = arrayOf( - "sha256/YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=", // Let's Encrypt X3 cross-signed - "sha256/sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis=", // Let's Encrypt X4 cross-signed - "sha256/J2/oqMTsdhFWW/n85tys6b4yDBtb6idZayIEBx7QTxA=", // Let's Encrypt E1 - "sha256/vZNucrIS7293MQLGt304+UKXMi78JTlrwyeUIuDIknA=", // Let's Encrypt E2 - "sha256/jQJTbIh0grw0/1TkHSumWb+Fs0Ggogr621gT3PvPKG0=", // Let's Encrypt R3 cross-signed - "sha256/5VReIRNHJBiRxVSgOTTN6bdJZkpZ0m1hX+WPd5kPLQM=", // Let's Encrypt R4 cross-signed - // backup CAs - "sha256/C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=", // ISRG Root X1 - "sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=", // AddTrust External Root - "sha256/r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=", // DigiCert Global Root - "sha256/i7WTqTvh0OioIruIfFR4kMPnBqrS2rdiVPl/s2uC/CY=", // DigiCert Global Root G2 - "sha256/WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18=", // DigiCert HA Root - "sha256/h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU=", // GeoTrust Global - "sha256/q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8=", // GeoTrust PCA G3 Root - "sha256/47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=", // GeoTrust PCA G4 - "sha256/SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo=" // GeoTrust PCA - ) @RestrictTo(RestrictTo.Scope.LIBRARY) - internal fun createOkHttpClient(application: Application): OkHttpClient { - val builder = OkHttpClient.Builder() - builder.cache(Cache(application.cacheDir, 10 * 1024 * 1024)) - builder.retryOnConnectionFailure(true) - builder.pingInterval(5, TimeUnit.SECONDS) // workaround for https://github.com/square/okhttp/issues/3146 - builder.addInterceptor(OkHttpLogger { message: String? -> - Logger.i(message) - }) - Snabble.config.networkInterceptor?.let { - builder.addNetworkInterceptor(it) - } - builder.addInterceptor(UserAgentInterceptor(application)) - if (!Snabble.config.disableCertificatePinning) { - val environments = Environment.values() - builder.certificatePinner(CertificatePinner.Builder().apply { - PINS.forEach { pin -> - environments.forEach { env -> - add(env.wildcardUrl, pin) - } - } - }.build()) - } - LetsEncryptCertHelper.addLetsEncryptCertificatesForMarshmallowOrEarlier(builder) - return builder.build() - } + internal fun createOkHttpClient(application: Application): OkHttpClient = OkHttpClient.Builder() + .cache(Cache(application.cacheDir, 10 * 1024 * 1024)) + .retryOnConnectionFailure(true) + .pingInterval(5, TimeUnit.SECONDS) // workaround for https://github.com/square/okhttp/issues/3146 + .addInterceptor(OkHttpLogger { message: String? -> Logger.i(message) }) + .addInterceptor(UserAgentInterceptor(application)) + .apply { Snabble.config.networkInterceptor?.let { addNetworkInterceptor(it) } } + .apply { LetsEncryptCertHelper.addLetsEncryptCertificatesForMarshmallowOrEarlier(this) } + .build() } diff --git a/core/src/main/java/io/snabble/sdk/SnabbleInitializer.kt b/core/src/main/java/io/snabble/sdk/SnabbleInitializer.kt index d20a12d43e..a0a9623c6a 100644 --- a/core/src/main/java/io/snabble/sdk/SnabbleInitializer.kt +++ b/core/src/main/java/io/snabble/sdk/SnabbleInitializer.kt @@ -40,7 +40,6 @@ class SnabbleInitializer : Initializer { generateSearchIndex = properties.getBoolean("generateSearchIndex", generateSearchIndex) maxProductDatabaseAge = properties.getLong("maxProductDatabaseAge", maxProductDatabaseAge) maxShoppingCartAge = properties.getLong("maxShoppingCartAge", maxShoppingCartAge) - disableCertificatePinning = properties.getBoolean("disableCertificatePinning", disableCertificatePinning) vibrateToConfirmCartFilled = properties.getBoolean("vibrateToConfirmCartFilled", vibrateToConfirmCartFilled) loadActiveShops = properties.getBoolean("loadActiveShops", loadActiveShops) checkInRadius = properties.getFloat("checkInRadius", checkInRadius) @@ -81,7 +80,6 @@ class SnabbleInitializer : Initializer { generateSearchIndex = getBoolean("snabble_generate_search_index", generateSearchIndex) maxProductDatabaseAge = getLong("snabble_max_product_database_age", maxProductDatabaseAge) maxShoppingCartAge = getLong("snabble_max_shopping_cart_age", maxShoppingCartAge) - disableCertificatePinning = getBoolean("snabble_disable_certificate_pinning") vibrateToConfirmCartFilled = getBoolean("snabble_vibrate_to_confirm_cart_filled", vibrateToConfirmCartFilled) loadActiveShops = getBoolean("snabble_load_active_shops", loadActiveShops) checkInRadius = getFloat("snabble_check_in_radius", checkInRadius) diff --git a/ui/src/main/java/io/snabble/sdk/ui/payment/creditcard/datatrans/ui/DatatransViewModel.kt b/ui/src/main/java/io/snabble/sdk/ui/payment/creditcard/datatrans/ui/DatatransViewModel.kt index ad7d1e99c9..a58816c7e8 100644 --- a/ui/src/main/java/io/snabble/sdk/ui/payment/creditcard/datatrans/ui/DatatransViewModel.kt +++ b/ui/src/main/java/io/snabble/sdk/ui/payment/creditcard/datatrans/ui/DatatransViewModel.kt @@ -86,7 +86,6 @@ internal class DatatransViewModel( } options.appCallbackScheme = "snabble" options.isTesting = isTesting - options.useCertificatePinning = true } fun errorHandled() {