Security Configuration for NervousNet Android

security/build.gradle

@@ -0,0 +1,33 @@
+apply plugin: 'com.android.library'
+
+android {
+    compileSdkVersion 22
+    buildToolsVersion "22.0.1"
+
+    defaultConfig {
+        minSdkVersion 19
+        targetSdkVersion 22
+        versionCode 1
+        versionName "1.0"
+    }
+    buildTypes {
+        release {
+            minifyEnabled false
+            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
+        }
+    }
+    testOptions {
+        unitTests.returnDefaultValues = true
+    }
+}
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    compile fileTree(include: ['*.jar'], dir: 'libs')
+    compile 'com.android.support:appcompat-v7:22.2.0'
+    testCompile  'junit:junit:4.12'
+    testCompile "org.mockito:mockito-core:1.9.5"
+}

security/src/androidTest/java/ch/ethz/soms/nervous/android/security/ApplicationTest.java

@@ -0,0 +1,13 @@
+package ch.ethz.soms.nervous.android.security;
+
+import android.app.Application;
+import android.test.ApplicationTestCase;
+
+/**
+ * <a href="http://d.android.com/tools/testing/testing_android.html">Testing Fundamentals</a>
+ */
+public class ApplicationTest extends ApplicationTestCase<Application> {
+    public ApplicationTest() {
+        super(Application.class);
+    }
+}

security/src/androidTest/java/ch/ethz/soms/nervous/android/security/CryptoHandlerTest.java

@@ -0,0 +1,116 @@
+package ch.ethz.soms.nervous.android.security;
+
+import android.content.Context;
+import android.test.ActivityTestCase;
+
+import junit.framework.Assert;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Created by Kishore on 9/4/2015.
+ */
+public class CryptoHandlerTest extends ActivityTestCase{
+
+    Context context;
+    CryptoHandler cryptoHandler;
+
+    @Before
+    public void setUpObjects(){
+        context = getActivity().getApplicationContext();
+        cryptoHandler = CryptoHandler.getInstance(context);
+        Assert.assertNotNull(cryptoHandler);
+    }
+
+    @Test
+    public void testEncryptDecrypt(){
+
+        String TEST_PASS = "changeit";
+        String TEST_MSG = "Hello World!";
+
+        String encryptedMsg = null;
+        try {
+            encryptedMsg = cryptoHandler.encrypt(TEST_PASS, TEST_MSG);
+            Assert.assertNotNull(encryptedMsg);
+        }catch (GeneralSecurityException e){
+            Assert.fail("error occurred during encrypt");
+            e.printStackTrace();
+        }
+
+        String messageAfterDecrypt = null;
+        try {
+            messageAfterDecrypt = cryptoHandler.decrypt(TEST_PASS, encryptedMsg);
+            Assert.assertNotNull(messageAfterDecrypt);
+
+        }catch (GeneralSecurityException e){
+            Assert.fail("error occurred during Decrypt");
+            e.printStackTrace();
+        }
+
+        if (!TEST_MSG.equals(messageAfterDecrypt)){
+            Assert.fail("messages don't match after encrypt and decrypt");
+        }
+    }
+
+    @Test
+    public void testEncryptDecryptFail(){
+
+        String TEST_PASS_VALID = "changeit";
+        String TEST_PASS_INVALID = "fakepassword";
+        String TEST_MSG = "Hello World!";
+
+        String encryptedMsg = null;
+        try {
+            encryptedMsg = cryptoHandler.encrypt(TEST_PASS_VALID, TEST_MSG);
+            Assert.assertNotNull(encryptedMsg);
+        }catch (GeneralSecurityException e){
+            Assert.fail("error occurred during encrypt");
+            e.printStackTrace();
+        }
+
+        String messageAfterDecrypt = null;
+        try {
+            messageAfterDecrypt = cryptoHandler.decrypt(TEST_PASS_INVALID, encryptedMsg);
+
+        }catch (GeneralSecurityException e){
+        }
+
+        if (TEST_MSG.equals(messageAfterDecrypt)){
+            Assert.fail("messages match after encrypt and decrypt with different passwords, shouldn't match in " +
+                    "this condition.");
+        }
+    }
+
+    @Test
+    public void testEncryt(){
+
+        String TEST_PASS = "password";
+        String message = "hello world";
+
+        try {
+            String encryptedMsg = cryptoHandler.encrypt(TEST_PASS, message);
+
+        }catch (GeneralSecurityException e){
+            Assert.fail("error occurred during encrypt");
+            e.printStackTrace();
+        }
+    }
+
+    @Test
+    public void testDecrpyt(){
+
+        String TEST_PASS = "password";
+        String encryptedMsg = "2B22cS3UC5s35WBihLBo8w==";
+
+        try {
+            String messageAfterDecrypt = cryptoHandler.decrypt(TEST_PASS, encryptedMsg);
+
+        }catch (GeneralSecurityException e){
+            Assert.fail("error occurred during Decrypt");
+            e.printStackTrace();
+        }
+    }
+}

security/src/androidTest/java/ch/ethz/soms/nervous/android/security/SecurityConfigurationTest.java

@@ -0,0 +1,101 @@
+package ch.ethz.soms.nervous.android.security;
+
+import android.content.Context;
+import android.content.res.Resources;
+import android.test.ActivityTestCase;
+
+import com.android.kbanala.security.R;
+
+import junit.framework.Assert;
+
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+import javax.net.ssl.SSLSocketFactory;
+
+public class SecurityConfigurationTest extends ActivityTestCase{
+
+	private final String VALID_TEST_URI = "https://wikipedia.org";
+	private final String INVALID_TEST_URI = "https://localhost";
+
+    Context context;
+    Resources resources;
+
+    @Before
+    public void setUpObjects(){
+        context = getActivity().getApplicationContext();
+        resources = getActivity().getResources();
+    }
+
+    @Test
+    public void testSecurityConfiguration(){
+        // Check if Local Key Store is configured, if Self-Signed certificates are being used
+        if(resources.getBoolean(R.bool.USING_SELF_SIGNED_CERTIFICATES)){
+            Assert.assertNotNull(resources.getString(R.string.LOCAL_KEY_STORE_TYPE));
+            Assert.assertNotNull(resources.getString(R.string.LOCAL_KEY_STORE));
+            Assert.assertNotNull(resources.getString(R.string.LOCAL_KEY_STORE_PASSWORD));
+        }
+
+        // Check if at least one of the certificate values are true.
+        if(!resources.getBoolean(R.bool.USING_CA_CERTIFICATES) && !resources.getBoolean(R.bool.USING_SELF_SIGNED_CERTIFICATES)){
+            Assert.fail("should use at least one certificate type.");
+        }
+
+    }
+
+	@Test
+	public void testGetSSLSocketFactoryInstance() {
+        try {
+            SSLSocketFactory sslSocketFactory = SecurityConfiguration.getSSLSocketFactoryInstance(context);
+            Assert.assertNotNull(sslSocketFactory);
+        } catch (CertificateException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | IOException | KeyManagementException e) {
+            Assert.fail("failed to obtain SSLSocketFactory.");
+        }
+    }
+
+	@Test
+	public void testMakeRequest() {
+        if(!usingCACerts()){
+            return;
+        }
+		try {
+			URL url = new URL(VALID_TEST_URI);
+			InputStream inputStream = SecurityConfiguration.makeRequest(context, url);
+			Assert.assertNotNull(inputStream);
+		} catch (MalformedURLException e) {
+            Assert.fail("Invalid URL");
+		} catch (CertificateException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | IOException | KeyManagementException e) {
+            Assert.fail("Mis-configured Certificate.");
+		}
+	}
+
+	@Test
+	public void testMakeRequestFail() {
+		try {
+			URL url = new URL(INVALID_TEST_URI);
+			InputStream inputStream = SecurityConfiguration.makeRequest(context, url);
+			Assert.assertNull(inputStream);
+		} catch (MalformedURLException e) {
+
+		} catch (CertificateException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException | IOException | KeyManagementException e) {
+
+		}
+	}
+
+    private boolean usingCACerts(){
+        if(resources.getBoolean(R.bool.USING_CA_CERTIFICATES)){
+            return true;
+        }
+        return false;
+    }
+}

security/src/main/AndroidManifest.xml

@@ -0,0 +1,10 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.android.kbanala.security">
+
+    <uses-permission android:name="android.permission.INTERNET" />
+
+    <application android:allowBackup="true" android:label="@string/app_name">
+
+    </application>
+
+</manifest>

security/src/main/java/ch/ethz/soms/nervous/android/security/CryptoHandler.java

@@ -0,0 +1,25 @@
+package ch.ethz.soms.nervous.android.security;
+
+import android.content.Context;
+
+import ch.ethz.soms.nervous.android.security.services.SymmetricCryptoHandler;
+
+/**
+ * Created by Kishore on 9/3/2015.
+ * Singleton class to Encrypt and Decrypt data.
+ */
+public class CryptoHandler extends SymmetricCryptoHandler{
+
+    private static CryptoHandler cryptoHandler;
+
+    private CryptoHandler(Context context) {
+        super(context);
+    }
+
+    public static CryptoHandler getInstance(Context context){
+        if(cryptoHandler == null){
+            cryptoHandler = new CryptoHandler(context);
+        }
+        return cryptoHandler;
+    }
+}