Sunday, 28 January 2018

SSL Pinning OverView


Certificate Pinning:

To summarize, pinning a certificate means that your app is verifying that the site the app is communicating with is the actual site by comparing the certificate presented by the site to one bundled in the app. This prevents a man-in-the-middle attack on your app.

SSL pinning isn’t something you want to implement in all your applications, but it makes sense when developing high-risk apps that need strong protection

HOW DOES THIS WORK ON ANDROID ?

  • obtain a certificate for the desired host (preferably the whole certificate chain)
  • make sure the certificate is in .bks format - this step is crucial in order for pinning to work properly across all devices
  • use Apache HTTP client shipped with Android - initialize it to use the obtained .bks keystore for SSL connections

Risks Involved

There is a downside to pinning a certificate. If the site rotates its certificate on a regular basis, then your application would need to be updated regularly. For example, Google rotates its certificates, so you will need to update your application about once a month (if it depended on Google services).

Example of a Failure Scenario
1. App has pinned certificate(s) to some domain name.
2. Certificates get updated on the server side.
3. Version of the app that pinned to old certificate(s) and doesn't know about new certificate(s) won't allow connection.


Links





Challenges






https://dev.to/drankolq/certificate-pinning-your-android-and-ios-apps

- No comments:
Labels:

Wednesday, 10 January 2018

Room Persistence Library

The Room persistence library provides an abstraction layer over SQLite to allow fluent database access while harnessing the full power of SQLite.
The library helps you create a cache of your app's data on a device that's running your app. This cache, which serves as your app's single source of truth, allows users to view a consistent copy of key information within your app, regardless of whether users have an internet connection.

Components of RoomWe have 3 components they are
Entity : It’s nothing but a model class annotated with @Entity where all the variable will becomes column name for the table and name of the model class becomes name of the table.Database: This is an abstract class where you define all the entities that means all the tables that you want to create for that database.Dao: This is an interface which acts is an intermediary between the user and the database. All the operation to be performed on a table has to be defined here.

 Sample Example is shown below

Following dependencies in build.gradle file

 // ViewModel and LiveData
implementation "android.arch.lifecycle:extensions:1.0.0"    
annotationProcessor "android.arch.lifecycle:compiler:1.0.0"
// Room    
implementation "android.arch.persistence.room:runtime:1.0.0"    
annotationProcessor "android.arch.persistence.room:compiler:1.0.0"
// Paging    
implementation "android.arch.paging:runtime:1.0.0-alpha4-1"
// Test helpers for LiveData    
testImplementation "android.arch.core:core-testing:1.0.0"
// Test helpers for Room    
testImplementation "android.arch.persistence.room:testing:1.0.0"


Java Classes


@Entity(tableName = "user")
public class User {

    public int getUid() {
        return uid;
    }

    public void setUid(int uid) {
        this.uid = uid;
    }

    public String getFirstName() {
        return firstName;
    }

    public void setFirstName(String firstName) {
        this.firstName = firstName;
    }

    public String getLastName() {
        return lastName;
    }

    public void setLastName(String lastName) {
        this.lastName = lastName;
    }

    @PrimaryKey(autoGenerate = true)
    private int uid;

    @ColumnInfo(name = "first_name")
    private String firstName;

    @ColumnInfo(name = "last_name")
    private String lastName;


}






@Dao


public interface  UserDao {

    @Query("SELECT * FROM user")
    List<User> getAll();

    @Query("SELECT * FROM user where first_name LIKE  :firstName AND last_name LIKE :lastName")
    User findByName(String firstName, String lastName);

    @Query("SELECT COUNT(*) from user")
    int countUsers();

    @Insert    


    void insertAll(User... users);

    @Delete    


    void delete(User user);
}






@Database(entities = {User.class}, version = 1)
public abstract class AppDatabase extends RoomDatabase {


    private static AppDatabase INSTANCE;

    public abstract UserDao userDao();

    public static AppDatabase getAppDatabase(Context context) {
        if (INSTANCE == null) {
            INSTANCE =
                    Room.databaseBuilder(context.getApplicationContext(), AppDatabase.class, "user-database")
                            // allow queries on the main thread.                            // Don't do this on a real app! See PersistenceBasicSample for an example.                            .allowMainThreadQueries()
                            .build();
        }
        return INSTANCE;
    }

    public static void destroyInstance() {
        INSTANCE = null;
    }

}






public class MainActivity extends AppCompatActivity {

    List<User> usersList;

    @Override    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        //Storing sample Data       // populateWithTestData(AppDatabase.getAppDatabase(MainActivity.this));        //Retrieving the data for specific user        User testUser = findUser(AppDatabase.getAppDatabase(MainActivity.this), "Abhi", "Sai");
        Toast.makeText(MainActivity.this, String.valueOf(testUser.getUid()), Toast.LENGTH_LONG).show();
        //Retrieving all users data        usersList = getUsersList(AppDatabase.getAppDatabase(MainActivity.this));
        for (User testUserItems : usersList) {
            Log.i("User ", testUserItems.getFirstName() + "  " + testUserItems.getLastName());
        }

    }

    private static void populateWithTestData(AppDatabase db) {
        User user = new User();
        user.setFirstName("Sanjay");
        user.setLastName("Shah");
        addUser(db, user);
        user.setFirstName("Abhi");
        user.setLastName("Sai");
        addUser(db, user);

    }


    private static User addUser(final AppDatabase db, User user) {
        db.userDao().insertAll(user);
        return user;
    }


    private static User findUser(final AppDatabase db, String fName, String lName) {
        User tUser;
        tUser = db.userDao().findByName(fName, lName);


        return tUser;
    }

    private static List<User> getUsersList(final AppDatabase db) {

        List<User> userList;
        userList = db.userDao().getAll();


        return userList;
    }
}






















-





No comments:
  


















Labels:

















        

      









Subscribe to:
Comments (Atom)









Pass a HashMap from Angular Client to Spring boot API



This example is for the case where fileData is very huge and in json format   let map = new Map<string, string>()      map.set(this.ge...