Partial Revert "CertifitacePinning: Add toggle to enable/disable"

Disable certificate pinning for debug builds only. This reverts commit fbeee2300c.
2026-06-13 02:11:07 -04:00 · 2024-12-18 21:59:26 +07:00
parent e17dbb8f96
commit 3423fc3ecf
5 changed files with 13 additions and 47 deletions
--- a/app/src/main/java/com/aurora/store/data/network/OkHttpClientModule.kt
+++ b/app/src/main/java/com/aurora/store/data/network/OkHttpClientModule.kt
@@ -22,11 +22,11 @@ package com.aurora.store.data.network
 import android.content.Context
 import android.util.Base64
 import android.util.Log
+import com.aurora.store.BuildConfig
 import com.aurora.store.R
 import com.aurora.store.data.model.Algorithm
 import com.aurora.store.data.model.ProxyInfo
 import com.aurora.store.util.Preferences
-import com.aurora.store.util.Preferences.PREFERENCE_CERTIFICATE_PINNING_ENABLED
 import com.aurora.store.util.Preferences.PREFERENCE_PROXY_ENABLED
 import com.aurora.store.util.Preferences.PREFERENCE_PROXY_INFO
 import com.google.gson.Gson
@@ -35,10 +35,10 @@ import dagger.Provides
 import dagger.hilt.InstallIn
 import dagger.hilt.android.qualifiers.ApplicationContext
 import dagger.hilt.components.SingletonComponent
-import okhttp3.CertificatePinner
-import okhttp3.OkHttpClient
 import java.io.ByteArrayInputStream
 import java.io.InputStream
+import okhttp3.CertificatePinner
+import okhttp3.OkHttpClient
 import java.net.Authenticator
 import java.net.InetSocketAddress
 import java.net.PasswordAuthentication
@@ -60,18 +60,8 @@ object OkHttpClientModule {

    @Provides
    @Singleton
-    fun providesOkHttpClientInstance(
-        @ApplicationContext context: Context,
-        certPinner: CertificatePinner,
-        proxy: Proxy?
-    ): OkHttpClient {
-        val isCertPinningEnabled = Preferences.getBoolean(
-            context,
-            PREFERENCE_CERTIFICATE_PINNING_ENABLED,
-            true
-        )
-
-        val builder = OkHttpClient().newBuilder()
+    fun providesOkHttpClientInstance(certPinner: CertificatePinner, proxy: Proxy?): OkHttpClient {
+        val okHttpClientBuilder = OkHttpClient().newBuilder()
            .proxy(proxy)
            .connectTimeout(25, TimeUnit.SECONDS)
            .readTimeout(25, TimeUnit.SECONDS)
@@ -80,13 +70,11 @@ object OkHttpClientModule {
            .followRedirects(true)
            .followSslRedirects(true)

-        if (isCertPinningEnabled) {
-            builder.certificatePinner(certPinner)
-        } else {
-            Log.i(TAG, "Certificate pinning is disabled")
+        if (!BuildConfig.DEBUG) {
+            okHttpClientBuilder.certificatePinner(certPinner)
        }

-        return builder.build()
+        return okHttpClientBuilder.build()
    }

    @Provides
@@ -96,21 +84,12 @@ object OkHttpClientModule {
        val googleRootCerts = getGoogleRootCertHashes(context).map { "sha256/$it" }
            .toTypedArray()

-        return CertificatePinner.Builder()
+        return  CertificatePinner.Builder()
            .add("*.googleapis.com", *googleRootCerts)
            .add("*.google.com", *googleRootCerts)
-            .add(
-                "auroraoss.com",
-                "sha256/mEflZT5enoR1FuXLgYYGqnVEoZvmf9c2bVBpiOjYQ0c="
-            ) // GTS Root R4
-            .add(
-                "*.exodus-privacy.eu.org",
-                "sha256/C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="
-            ) // ISRG Root X1
-            .add(
-                "gitlab.com",
-                "sha256/x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4="
-            ) // USERTrust RSA Certification Authority
+            .add("auroraoss.com", "sha256/mEflZT5enoR1FuXLgYYGqnVEoZvmf9c2bVBpiOjYQ0c=") // GTS Root R4
+            .add("*.exodus-privacy.eu.org", "sha256/C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M=") // ISRG Root X1
+            .add("gitlab.com", "sha256/x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=") // USERTrust RSA Certification Authority
            .build()
    }

@@ -147,8 +126,7 @@ object OkHttpClientModule {

    private fun getGoogleRootCertHashes(context: Context): List<String> {
        return try {
-            val certs =
-                getX509Certificates(context.resources.openRawResource(R.raw.google_roots_ca))
+            val certs = getX509Certificates(context.resources.openRawResource(R.raw.google_roots_ca))
            certs.map {
                val messageDigest = MessageDigest.getInstance(Algorithm.SHA256.value)
                messageDigest.update(it.publicKey.encoded)
--- a/app/src/main/java/com/aurora/store/util/Preferences.kt
+++ b/app/src/main/java/com/aurora/store/util/Preferences.kt
@@ -47,7 +47,6 @@ object Preferences {
    const val PREFERENCE_PROXY_URL = "PREFERENCE_PROXY_URL"
    const val PREFERENCE_PROXY_INFO = "PREFERENCE_PROXY_INFO"
    const val PREFERENCE_PROXY_ENABLED = "PREFERENCE_PROXY_ENABLED"
-    const val PREFERENCE_CERTIFICATE_PINNING_ENABLED = "PREFERENCE_CERTIFICATE_PINNING_ENABLED"

    const val PREFERENCE_DISPENSER_URLS = "PREFERENCE_DISPENSER_URLS"
    const val PREFERENCE_VENDING_VERSION = "PREFERENCE_VENDING_VERSION"
--- a/app/src/main/java/com/aurora/store/view/ui/onboarding/OnboardingFragment.kt
+++ b/app/src/main/java/com/aurora/store/view/ui/onboarding/OnboardingFragment.kt
@@ -31,7 +31,6 @@ import androidx.viewpager2.widget.ViewPager2.OnPageChangeCallback
 import com.aurora.Constants
 import com.aurora.extensions.areNotificationsEnabled
 import com.aurora.extensions.isIgnoringBatteryOptimizations
-import com.aurora.store.BuildConfig
 import com.aurora.store.R
 import com.aurora.store.data.helper.UpdateHelper
 import com.aurora.store.data.model.UpdateMode
@@ -41,7 +40,6 @@ import com.aurora.store.util.CertUtil
 import com.aurora.store.util.PackageUtil
 import com.aurora.store.util.Preferences
 import com.aurora.store.util.Preferences.PREFERENCE_AUTO_DELETE
-import com.aurora.store.util.Preferences.PREFERENCE_CERTIFICATE_PINNING_ENABLED
 import com.aurora.store.util.Preferences.PREFERENCE_DEFAULT
 import com.aurora.store.util.Preferences.PREFERENCE_DEFAULT_SELECTED_TAB
 import com.aurora.store.util.Preferences.PREFERENCE_DISPENSER_URLS
@@ -171,7 +169,6 @@ class OnboardingFragment : BaseFragment<FragmentOnboardingBinding>() {
        if (!CertUtil.isAppGalleryApp(requireContext(), requireContext().packageName)) {
            save(PREFERENCE_DISPENSER_URLS, setOf(Constants.URL_DISPENSER))
        }
-        save(PREFERENCE_CERTIFICATE_PINNING_ENABLED, !BuildConfig.DEBUG)
        save(PREFERENCE_VENDING_VERSION, 0)

        /*Customization*/
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -231,8 +231,6 @@
    <string name="pref_network_proxy_title">Proxy</string>
    <string name="pref_network_proxy_enable">"Enable proxy"</string>
    <string name="pref_network_proxy_enable_desc">"Allow all traffic from app to go through the proxy"</string>
-    <string name="pref_certificate_pinning_enable">"Enable certificate pinning"</string>
-    <string name="pref_certificate_pinning_enable_desc">"Locks the app to trust only specific server certificates, preventing connections to untrusted or compromised servers."</string>
    <string name="pref_network_proxy_url">"Proxy URL"</string>
    <string name="pref_network_proxy_url_message">Enter a valid proxy URL to pass all data through the proxy.</string>
    <string name="pref_ui_title">"Customization"</string>
--- a/app/src/main/res/xml/preferences_network.xml
+++ b/app/src/main/res/xml/preferences_network.xml
@@ -44,12 +44,6 @@
        app:singleLineTitle="false"
        app:title="@string/pref_common_extra" />

-    <SwitchPreferenceCompat
-        app:iconSpaceReserved="false"
-        app:key="PREFERENCE_CERTIFICATE_PINNING_ENABLED"
-        app:summary="@string/pref_certificate_pinning_enable_desc"
-        app:title="@string/pref_certificate_pinning_enable" />
-
    <com.aurora.store.view.custom.preference.AuroraListPreference
        app:defaultValue="0"
        app:entries="@array/pref_vending_version"