diff --git a/briar-android/build.gradle b/briar-android/build.gradle index ef67411453b17e40db2f911018031603ef582bea..a0f141b51d9e519ab679b915620cb96ca03b94fa 100644 --- a/briar-android/build.gradle +++ b/briar-android/build.gradle @@ -112,7 +112,6 @@ dependencies { implementation 'androidx.recyclerview:recyclerview-selection:1.1.0' implementation 'info.guardianproject.panic:panic:1.0' - implementation 'info.guardianproject.trustedintents:trustedintents:0.2' implementation 'de.hdodenhof:circleimageview:3.1.0' implementation 'com.google.zxing:core:3.3.3' // newer version need minSdk 24 implementation 'uk.co.samuelwall:material-tap-target-prompt:3.3.0' @@ -157,8 +156,8 @@ dependencies { androidTestAnnotationProcessor "com.google.dagger:dagger-compiler:$dagger_version" androidTestCompileOnly 'javax.annotation:jsr250-api:1.0' androidTestImplementation "junit:junit:$junit_version" - androidTestScreenshotImplementation 'tools.fastlane:screengrab:2.0.0' - androidTestScreenshotImplementation 'com.jraska:falcon:2.1.1' + androidTestScreenshotImplementation 'tools.fastlane:screengrab:2.1.1' + androidTestScreenshotImplementation 'com.jraska:falcon:2.2.0' androidTestScreenshotImplementation 'androidx.test.uiautomator:uiautomator:2.2.0' } diff --git a/briar-android/src/main/java/info/guardianproject/GuardianProjectRSA4096.java b/briar-android/src/main/java/info/guardianproject/GuardianProjectRSA4096.java new file mode 100644 index 0000000000000000000000000000000000000000..b4e144659876e0fa6c0842f229a1e5f9cb608ab2 --- /dev/null +++ b/briar-android/src/main/java/info/guardianproject/GuardianProjectRSA4096.java @@ -0,0 +1,116 @@ +package info.guardianproject; + +import info.guardianproject.trustedintents.ApkSignaturePin; + +/** + * This is the second Guardian Project APK signing key. It was generated since + * RSA 1024-bit keys are deprecated. So any new Guardian Project app will be + * signed by this key. It is used to sign these apps: + * <ul> + * <li>Checkey</li> + * <li>Courier</li> + * </ul> + * + * @author hans + */ +public final class GuardianProjectRSA4096 extends ApkSignaturePin { + + public GuardianProjectRSA4096() { + fingerprints = new String[] { + "f006a20481c71a690de02e385ab0c9fa4ac1245240f68102682703ba0656867a", + }; + certificates = new byte[][] { + { + 48, -126, 5, -84, 48, -126, 3, -108, 2, 9, 0, -126, -20, 93, -43, 112, 34, + -87, 29, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 5, 5, 0, 48, -127, + -105, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, 2, 85, 83, 49, 17, 48, 15, 6, 3, + 85, 4, 8, 12, 8, 78, 101, 119, 32, 89, 111, 114, 107, 49, 17, 48, 15, 6, 3, + 85, 4, 7, 12, 8, 78, 101, 119, 32, 89, 111, 114, 107, 49, 25, 48, 23, 6, 3, + 85, 4, 10, 12, 16, 71, 117, 97, 114, 100, 105, 97, 110, 32, 80, 114, 111, + 106, 101, 99, 116, 49, 29, 48, 27, 6, 3, 85, 4, 3, 12, 20, 103, 117, 97, + 114, 100, 105, 97, 110, 112, 114, 111, 106, 101, 99, 116, 46, 105, 110, + 102, 111, 49, 40, 48, 38, 6, 9, 42, -122, 72, -122, -9, 13, 1, 9, 1, 22, + 25, 114, 111, 111, 116, 64, 103, 117, 97, 114, 100, 105, 97, 110, 112, 114, + 111, 106, 101, 99, 116, 46, 105, 110, 102, 111, 48, 30, 23, 13, 49, 52, 48, + 53, 49, 52, 49, 55, 53, 55, 50, 57, 90, 23, 13, 52, 49, 48, 57, 50, 56, 49, + 55, 53, 55, 50, 57, 90, 48, -127, -105, 49, 11, 48, 9, 6, 3, 85, 4, 6, 19, + 2, 85, 83, 49, 17, 48, 15, 6, 3, 85, 4, 8, 12, 8, 78, 101, 119, 32, 89, + 111, 114, 107, 49, 17, 48, 15, 6, 3, 85, 4, 7, 12, 8, 78, 101, 119, 32, 89, + 111, 114, 107, 49, 25, 48, 23, 6, 3, 85, 4, 10, 12, 16, 71, 117, 97, 114, + 100, 105, 97, 110, 32, 80, 114, 111, 106, 101, 99, 116, 49, 29, 48, 27, 6, + 3, 85, 4, 3, 12, 20, 103, 117, 97, 114, 100, 105, 97, 110, 112, 114, 111, + 106, 101, 99, 116, 46, 105, 110, 102, 111, 49, 40, 48, 38, 6, 9, 42, -122, + 72, -122, -9, 13, 1, 9, 1, 22, 25, 114, 111, 111, 116, 64, 103, 117, 97, + 114, 100, 105, 97, 110, 112, 114, 111, 106, 101, 99, 116, 46, 105, 110, + 102, 111, 48, -126, 2, 34, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, + 1, 5, 0, 3, -126, 2, 15, 0, 48, -126, 2, 10, 2, -126, 2, 1, 0, -51, 108, + 83, -44, 61, 81, 46, 61, 2, -61, 46, 60, 2, -30, 44, 38, -70, -63, -93, + -66, -57, 1, 2, -32, -80, -82, 98, -26, -70, -34, 60, -65, -55, -43, 16, + -63, -89, -104, 50, 108, -26, -2, -3, -55, -77, 47, 75, 89, 99, 12, -32, + 32, 120, -26, -81, 54, 95, -57, -114, -100, -39, -110, -4, 120, 90, 90, + -40, -89, -53, 63, -122, -45, -80, 32, -6, -12, -29, -107, 45, 10, -23, 76, + 5, 112, -15, -63, 48, 35, -61, 0, -107, -110, 44, -46, -126, -30, -30, -33, + 86, 22, 30, 8, -72, 29, 75, 121, 31, -120, 119, 59, -57, 19, -64, 31, 84, + -94, -38, 91, 82, 92, -95, 66, 2, 120, -37, -113, 126, 54, -83, 83, -125, + 122, 110, -106, 80, 59, -127, -72, -23, 64, 105, 20, 25, -41, -3, -61, -44, + 51, -28, 17, 36, -90, -18, -25, 96, 37, -93, -48, 98, 47, 27, 49, 40, -31, + -62, -102, -49, 28, -55, 50, -38, -70, -83, 101, 97, 96, -122, -114, 18, + 47, 119, 117, -7, -55, -64, -1, 96, -120, 61, -89, -70, -7, -89, 113, -41, + 88, 27, 26, 95, -52, 53, 59, 7, 11, 79, 86, 31, -109, -21, 120, -15, 38, + 106, 33, -121, 82, 18, 45, 32, 49, 93, -26, -74, -104, 4, -122, 96, 39, + 126, -24, 16, 119, -45, -119, 110, -31, 55, -109, 53, 53, -11, -58, -124, + -84, 41, -42, 64, 17, -5, -78, -57, -100, 118, -105, -38, -94, 84, -16, + -53, -106, -11, 76, 81, 70, -83, -56, 73, -96, -100, -18, 55, -3, -3, 34, + -97, -62, 59, -17, -79, 91, -9, 122, 95, -108, -121, -76, -62, -72, 61, + -82, 105, -99, -59, 10, 51, 52, 77, -105, -127, 37, 79, 88, -127, 27, 39, + 44, 15, 123, -59, -118, -96, 61, -28, 23, -54, 124, 100, 57, 37, 123, -83, + -124, 11, 123, 73, -53, 18, 119, -39, -13, 46, 123, -55, 4, -91, 114, 93, + -116, -98, 21, 95, -30, -82, -108, 87, -65, -8, 30, 67, 14, 22, 79, -64, + 86, -128, -83, 74, 69, -42, 9, -18, -120, -52, 7, 62, 78, 88, -53, -125, + 41, -122, -91, -34, -110, 111, -118, -25, 25, -83, 90, -95, 84, -121, 95, + 72, -53, -14, -14, -48, 65, 4, 23, 99, 56, 23, -20, 9, 46, 63, 83, -26, + -86, 54, -104, 79, 9, 94, -91, -69, 10, -125, -17, -28, -32, -79, 5, -11, + 37, 103, -46, -75, 71, -119, 39, 48, -53, -51, 118, 43, 28, 68, 14, -33, + -82, -76, -98, 1, 41, 94, -128, -86, 51, -89, 17, -31, 38, -70, -2, -27, + -105, -87, 103, 93, 19, 73, -106, -82, -76, 110, -48, -124, -51, 92, -91, + -51, 22, 1, -48, 52, -127, -24, 26, -77, 4, 22, 33, 24, -128, -1, 9, -42, + 23, -53, 78, 10, -39, -115, -95, 17, 100, 90, 16, -23, -127, -38, 10, -62, + -64, 113, -115, -114, 78, -11, -124, 113, 113, -42, -66, 114, -98, -40, + -41, 2, 3, 1, 0, 1, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 5, 5, + 0, 3, -126, 2, 1, 0, -54, 125, -113, -9, -45, 82, 2, -79, -87, 31, -17, + -10, 117, 16, 1, 67, -63, 57, -49, -81, -90, 48, 7, -58, 89, -29, 120, 84, + 116, 51, 54, -94, 74, -111, -11, 53, -13, 53, -125, -76, -64, 46, -35, 19, + -19, 25, 36, -82, 66, 113, -14, -6, -63, 83, 15, 8, -77, -74, -94, -53, + -35, -61, -75, 52, 13, -128, 9, 96, 66, 46, 46, -57, 24, -28, -39, -46, 96, + -115, -63, 92, -70, 51, 49, -94, 96, 77, 16, 108, -59, -28, 112, -2, -3, + -87, 27, 56, 118, 29, -95, -76, -70, 34, -105, -24, -104, 70, 24, -88, -29, + -28, -101, -98, 24, -48, -32, -111, 97, 61, -70, -21, -111, 70, -55, 68, + -76, 125, -61, 56, -122, 48, -118, 74, 61, -101, -46, -43, -12, -114, -116, + -57, -108, 91, -109, -62, -117, -76, -48, 109, 81, -22, -113, -73, 64, -61, + 102, 92, -117, -9, -100, 62, -90, 99, 102, -50, -41, -75, 31, 5, -76, -31, + -85, 118, -57, -21, 102, 71, 41, -34, -45, -92, 88, 82, -95, 65, -100, -31, + -28, -85, -37, 94, -52, 72, 39, 55, -42, 18, 29, 115, 23, -106, -2, -54, + -45, 61, 53, 62, 107, 109, -65, 69, 4, -123, 124, -30, -54, -44, 38, 119, + 49, -123, -27, -50, 77, -9, -40, -114, -50, -70, -123, 86, -115, 127, 45, + 42, 23, -25, -83, -81, -38, -84, -3, 99, -36, 12, -67, -39, -110, 21, -40, + -128, 6, -96, -24, -116, -62, 63, 127, 39, 57, -83, -63, 0, 127, -12, 73, + 85, -41, -101, -70, -48, -94, -94, -73, -38, -115, -62, -34, 62, -92, 96, + 16, 6, -19, -84, 38, -93, -117, -52, 32, 92, -21, 123, -117, 81, 50, -71, + 103, 121, 127, 4, -3, -40, 62, 100, 22, -123, -68, -69, -54, -127, -67, 50, + -114, 77, -30, 26, -102, 29, 106, 48, 83, 99, 73, 96, 124, -77, 51, 8, 15, + 40, 72, -108, 105, 62, 119, -113, -90, 57, -62, 127, -57, -21, -40, -109, + 96, 101, 71, -40, -101, 127, 69, 110, 43, 59, -102, -8, -42, -70, -24, 51, + -51, 54, 42, -110, -119, 41, -101, 45, -101, -124, 56, -75, -26, 86, -65, + 54, 21, -88, -30, 79, -26, -127, 121, -102, -48, -25, -62, 99, 76, -90, + -48, -37, 123, 9, 67, 51, -41, -116, 29, 69, 88, 93, -42, 23, 73, -112, 24, + -85, 60, 1, 3, -95, 12, -49, -55, 95, 109, -37, 10, -124, 119, -52, -31, + 91, 55, -67, 99, 87, -55, 97, 25, -9, -119, -41, -98, 100, -14, 70, -44, + -63, 60, -127, -99, 15, 49, 22, -118, -49, 66, -106, 36, -34, -5, 6, -48, + 123, -79, 115, 57, 30, -3, -34, -67, 91, 34, 3, -52, -106, 79, -63, 125, + 123, -16, -120, -53, -98, 34, 86, -60, 94, 78, -91, -34, 0, -8, 73, -119, + -87, 12, -101, -112, -10, -79, 10, 105, -82, 120, -106, -9, 99, 57, -63, + -26, 125, -80, 102, -106, -11, -91, -1, 37, 33 + }, + }; + } +} diff --git a/briar-android/src/main/java/info/guardianproject/LICENSE.txt b/briar-android/src/main/java/info/guardianproject/LICENSE.txt new file mode 100644 index 0000000000000000000000000000000000000000..4362b49151d7b34ef83b3067a8f9c9f877d72a0e --- /dev/null +++ b/briar-android/src/main/java/info/guardianproject/LICENSE.txt @@ -0,0 +1,502 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 2.1, February 1999 + + Copyright (C) 1991, 1999 Free Software Foundation, Inc. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.] + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +Licenses are intended to guarantee your freedom to share and change +free software--to make sure the software is free for all its users. + + This license, the Lesser General Public License, applies to some +specially designated software packages--typically libraries--of the +Free Software Foundation and other authors who decide to use it. You +can use it too, but we suggest you first think carefully about whether +this license or the ordinary General Public License is the better +strategy to use in any particular case, based on the explanations below. + + When we speak of free software, we are referring to freedom of use, +not price. Our General Public Licenses are designed to make sure that +you have the freedom to distribute copies of free software (and charge +for this service if you wish); that you receive source code or can get +it if you want it; that you can change the software and use pieces of +it in new free programs; and that you are informed that you can do +these things. + + To protect your rights, we need to make restrictions that forbid +distributors to deny you these rights or to ask you to surrender these +rights. These restrictions translate to certain responsibilities for +you if you distribute copies of the library or if you modify it. + + For example, if you distribute copies of the library, whether gratis +or for a fee, you must give the recipients all the rights that we gave +you. You must make sure that they, too, receive or can get the source +code. If you link other code with the library, you must provide +complete object files to the recipients, so that they can relink them +with the library after making changes to the library and recompiling +it. And you must show them these terms so they know their rights. + + We protect your rights with a two-step method: (1) we copyright the +library, and (2) we offer you this license, which gives you legal +permission to copy, distribute and/or modify the library. + + To protect each distributor, we want to make it very clear that +there is no warranty for the free library. Also, if the library is +modified by someone else and passed on, the recipients should know +that what they have is not the original version, so that the original +author's reputation will not be affected by problems that might be +introduced by others. + + Finally, software patents pose a constant threat to the existence of +any free program. We wish to make sure that a company cannot +effectively restrict the users of a free program by obtaining a +restrictive license from a patent holder. Therefore, we insist that +any patent license obtained for a version of the library must be +consistent with the full freedom of use specified in this license. + + Most GNU software, including some libraries, is covered by the +ordinary GNU General Public License. This license, the GNU Lesser +General Public License, applies to certain designated libraries, and +is quite different from the ordinary General Public License. We use +this license for certain libraries in order to permit linking those +libraries into non-free programs. + + When a program is linked with a library, whether statically or using +a shared library, the combination of the two is legally speaking a +combined work, a derivative of the original library. The ordinary +General Public License therefore permits such linking only if the +entire combination fits its criteria of freedom. The Lesser General +Public License permits more lax criteria for linking other code with +the library. + + We call this license the "Lesser" General Public License because it +does Less to protect the user's freedom than the ordinary General +Public License. It also provides other free software developers Less +of an advantage over competing non-free programs. These disadvantages +are the reason we use the ordinary General Public License for many +libraries. However, the Lesser license provides advantages in certain +special circumstances. + + For example, on rare occasions, there may be a special need to +encourage the widest possible use of a certain library, so that it becomes +a de-facto standard. To achieve this, non-free programs must be +allowed to use the library. A more frequent case is that a free +library does the same job as widely used non-free libraries. In this +case, there is little to gain by limiting the free library to free +software only, so we use the Lesser General Public License. + + In other cases, permission to use a particular library in non-free +programs enables a greater number of people to use a large body of +free software. For example, permission to use the GNU C Library in +non-free programs enables many more people to use the whole GNU +operating system, as well as its variant, the GNU/Linux operating +system. + + Although the Lesser General Public License is Less protective of the +users' freedom, it does ensure that the user of a program that is +linked with the Library has the freedom and the wherewithal to run +that program using a modified version of the Library. + + The precise terms and conditions for copying, distribution and +modification follow. Pay close attention to the difference between a +"work based on the library" and a "work that uses the library". The +former contains code derived from the library, whereas the latter must +be combined with the library in order to run. + + GNU LESSER GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library or other +program which contains a notice placed by the copyright holder or +other authorized party saying it may be distributed under the terms of +this Lesser General Public License (also called "this License"). +Each licensee is addressed as "you". + + A "library" means a collection of software functions and/or data +prepared so as to be conveniently linked with application programs +(which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work +which has been distributed under these terms. A "work based on the +Library" means either the Library or any derivative work under +copyright law: that is to say, a work containing the Library or a +portion of it, either verbatim or with modifications and/or translated +straightforwardly into another language. (Hereinafter, translation is +included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for +making modifications to it. For a library, complete source code means +all the source code for all modules it contains, plus any associated +interface definition files, plus the scripts used to control compilation +and installation of the library. + + Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running a program using the Library is not restricted, and output from +such a program is covered only if its contents constitute a work based +on the Library (independent of the use of the Library in a tool for +writing it). Whether that is true depends on what the Library does +and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's +complete source code as you receive it, in any medium, provided that +you conspicuously and appropriately publish on each copy an +appropriate copyright notice and disclaimer of warranty; keep intact +all the notices that refer to this License and to the absence of any +warranty; and distribute a copy of this License along with the +Library. + + You may charge a fee for the physical act of transferring a copy, +and you may at your option offer warranty protection in exchange for a +fee. + + 2. You may modify your copy or copies of the Library or any portion +of it, thus forming a work based on the Library, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a + table of data to be supplied by an application program that uses + the facility, other than as an argument passed when the facility + is invoked, then you must make a good faith effort to ensure that, + in the event an application does not supply such function or + table, the facility still operates, and performs whatever part of + its purpose remains meaningful. + + (For example, a function in a library to compute square roots has + a purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must + be optional: if the application does not supply it, the square + root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Library, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Library, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote +it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library +with the Library (or with a work based on the Library) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public +License instead of this License to a given copy of the Library. To do +this, you must alter all the notices that refer to this License, so +that they refer to the ordinary GNU General Public License, version 2, +instead of to this License. (If a newer version than version 2 of the +ordinary GNU General Public License has appeared, then you can specify +that version instead if you wish.) Do not make any other change in +these notices. + + Once this change is made in a given copy, it is irreversible for +that copy, so the ordinary GNU General Public License applies to all +subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of +the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or +derivative of it, under Section 2) in object code or executable form +under the terms of Sections 1 and 2 above provided that you accompany +it with the complete corresponding machine-readable source code, which +must be distributed under the terms of Sections 1 and 2 above on a +medium customarily used for software interchange. + + If distribution of object code is made by offering access to copy +from a designated place, then offering equivalent access to copy the +source code from the same place satisfies the requirement to +distribute the source code, even though third parties are not +compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the +Library, but is designed to work with the Library by being compiled or +linked with it, is called a "work that uses the Library". Such a +work, in isolation, is not a derivative work of the Library, and +therefore falls outside the scope of this License. + + However, linking a "work that uses the Library" with the Library +creates an executable that is a derivative of the Library (because it +contains portions of the Library), rather than a "work that uses the +library". The executable is therefore covered by this License. +Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file +that is part of the Library, the object code for the work may be a +derivative work of the Library even though the source code is not. +Whether this is true is especially significant if the work can be +linked without the Library, or if the work is itself a library. The +threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data +structure layouts and accessors, and small macros and small inline +functions (ten lines or less in length), then the use of the object +file is unrestricted, regardless of whether it is legally a derivative +work. (Executables containing this object code plus portions of the +Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may +distribute the object code for the work under the terms of Section 6. +Any executables containing that work also fall under Section 6, +whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also combine or +link a "work that uses the Library" with the Library to produce a +work containing portions of the Library, and distribute that work +under terms of your choice, provided that the terms permit +modification of the work for the customer's own use and reverse +engineering for debugging such modifications. + + You must give prominent notice with each copy of the work that the +Library is used in it and that the Library and its use are covered by +this License. You must supply a copy of this License. If the work +during execution displays copyright notices, you must include the +copyright notice for the Library among them, as well as a reference +directing the user to the copy of this License. Also, you must do one +of these things: + + a) Accompany the work with the complete corresponding + machine-readable source code for the Library including whatever + changes were used in the work (which must be distributed under + Sections 1 and 2 above); and, if the work is an executable linked + with the Library, with the complete machine-readable "work that + uses the Library", as object code and/or source code, so that the + user can modify the Library and then relink to produce a modified + executable containing the modified Library. (It is understood + that the user who changes the contents of definitions files in the + Library will not necessarily be able to recompile the application + to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user's computer system, + rather than copying library functions into the executable, and (2) + will operate properly with a modified version of the library, if + the user installs one, as long as the modified version is + interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at + least three years, to give the same user the materials + specified in Subsection 6a, above, for a charge no more + than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy + from a designated place, offer equivalent access to copy the above + specified materials from the same place. + + e) Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the +Library" must include any data and utility programs needed for +reproducing the executable from it. However, as a special exception, +the materials to be distributed need not include anything that is +normally distributed (in either source or binary form) with the major +components (compiler, kernel, and so on) of the operating system on +which the executable runs, unless that component itself accompanies +the executable. + + It may happen that this requirement contradicts the license +restrictions of other proprietary libraries that do not normally +accompany the operating system. Such a contradiction means you cannot +use both them and the Library together in an executable that you +distribute. + + 7. You may place library facilities that are a work based on the +Library side-by-side in a single library together with other library +facilities not covered by this License, and distribute such a combined +library, provided that the separate distribution of the work based on +the Library and of the other library facilities is otherwise +permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work + based on the Library, uncombined with any other library + facilities. This must be distributed under the terms of the + Sections above. + + b) Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + + 8. You may not copy, modify, sublicense, link with, or distribute +the Library except as expressly provided under this License. Any +attempt otherwise to copy, modify, sublicense, link with, or +distribute the Library is void, and will automatically terminate your +rights under this License. However, parties who have received copies, +or rights, from you under this License will not have their licenses +terminated so long as such parties remain in full compliance. + + 9. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Library or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Library (or any work based on the +Library), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Library or works based on it. + + 10. Each time you redistribute the Library (or any work based on the +Library), the recipient automatically receives a license from the +original licensor to copy, distribute, link with or modify the Library +subject to these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties with +this License. + + 11. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Library at all. For example, if a patent +license would not permit royalty-free redistribution of the Library by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any +particular circumstance, the balance of the section is intended to apply, +and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Library under this License may add +an explicit geographical distribution limitation excluding those countries, +so that distribution is permitted only in or among countries not thus +excluded. In such case, this License incorporates the limitation as if +written in the body of this License. + + 13. The Free Software Foundation may publish revised and/or new +versions of the Lesser General Public License from time to time. +Such new versions will be similar in spirit to the present version, +but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library +specifies a version number of this License which applies to it and +"any later version", you have the option of following the terms and +conditions either of that version or of any later version published by +the Free Software Foundation. If the Library does not specify a +license version number, you may choose any version ever published by +the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free +programs whose distribution conditions are incompatible with these, +write to the author to ask for permission. For software which is +copyrighted by the Free Software Foundation, write to the Free +Software Foundation; we sometimes make exceptions for this. Our +decision will be guided by the two goals of preserving the free status +of all derivatives of our free software and of promoting the sharing +and reuse of software generally. + + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY +KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU +FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING +RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF +SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Libraries + + If you develop a new library, and you want it to be of the greatest +possible use to the public, we recommend making it free software that +everyone can redistribute and change. You can do so by permitting +redistribution under these terms (or, alternatively, under the terms of the +ordinary General Public License). + + To apply these terms, attach the following notices to the library. It is +safest to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + <one line to give the library's name and a brief idea of what it does.> + Copyright (C) <year> <name of author> + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the library, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the + library `Frob' (a library for tweaking knobs) written by James Random Hacker. + + <signature of Ty Coon>, 1 April 1990 + Ty Coon, President of Vice + +That's all there is to it! diff --git a/briar-android/src/main/java/info/guardianproject/trustedintents/ApkSignaturePin.java b/briar-android/src/main/java/info/guardianproject/trustedintents/ApkSignaturePin.java new file mode 100644 index 0000000000000000000000000000000000000000..ba53de8bfe15575a63a05919fc069d54c041f19e --- /dev/null +++ b/briar-android/src/main/java/info/guardianproject/trustedintents/ApkSignaturePin.java @@ -0,0 +1,86 @@ +package info.guardianproject.trustedintents; + +import android.content.pm.Signature; + +import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; + +public abstract class ApkSignaturePin { + + protected String[] fingerprints; // hex-encoded SHA-256 hashes of the certs + protected byte[][] certificates; // array of DER-encoded X.509 certificates + private Signature[] signatures; + + public Signature[] getSignatures() { + if (signatures == null) { + signatures = new Signature[certificates.length]; + for (int i = 0; i < certificates.length; i++) + signatures[i] = new Signature(certificates[i]); + } + return signatures; + } + + /** + * Gets the fingerprint of the first certificate in the signature. + * + * @param algorithm - Which hash to use (e.g. MD5, SHA1, SHA-256) + * @return the fingerprint as hex String + */ + public String getFingerprint(String algorithm) { + try { + MessageDigest md = MessageDigest.getInstance(algorithm); + byte[] hashBytes = md.digest(certificates[0]); + BigInteger bi = new BigInteger(1, hashBytes); + md.reset(); + return String.format("%0" + (hashBytes.length << 1) + "x", bi); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return null; + } + + /** + * Gets the MD5 fingerprint of the first certificate in the signature. + * + * @return the MD5 sum as hex String + */ + public String getMD5Fingerprint() { + return getFingerprint("MD5"); + } + + /** + * Gets the SHA1 fingerprint of the first certificate in the signature. + * + * @return the SHA1 sum as hex String + */ + public String getSHA1Fingerprint() { + return getFingerprint("SHA1"); + } + + /** + * Gets the SHA-256 fingerprint of the first certificate in the signature. + * + * @return the SHA-256 sum as hex String + */ + public String getSHA256Fingerprint() { + return getFingerprint("SHA-256"); + } + + /** + * Compares the calculated SHA-256 cert fingerprint to the stored one. + * + * @return the result of the comparison + */ + public boolean doFingerprintsMatchCertificates() { + if (fingerprints == null || certificates == null) + return false; + String[] calcedFingerprints = new String[certificates.length]; + for (int i = 0; i < calcedFingerprints.length; i++) + calcedFingerprints[i] = getSHA256Fingerprint(); + if (fingerprints.length == 0 || calcedFingerprints.length == 0) + return false; + return Arrays.equals(fingerprints, calcedFingerprints); + } +} diff --git a/briar-android/src/main/java/info/guardianproject/trustedintents/TrustedIntents.java b/briar-android/src/main/java/info/guardianproject/trustedintents/TrustedIntents.java new file mode 100644 index 0000000000000000000000000000000000000000..e9a735cf3dd0f44c90f32baa0fb4f8f7d668a83b --- /dev/null +++ b/briar-android/src/main/java/info/guardianproject/trustedintents/TrustedIntents.java @@ -0,0 +1,270 @@ +package info.guardianproject.trustedintents; + +import android.app.Activity; +import android.content.ActivityNotFoundException; +import android.content.ComponentName; +import android.content.Context; +import android.content.Intent; +import android.content.pm.ActivityInfo; +import android.content.pm.PackageInfo; +import android.content.pm.PackageManager; +import android.content.pm.PackageManager.NameNotFoundException; +import android.content.pm.ResolveInfo; +import android.content.pm.Signature; +import android.text.TextUtils; +import android.util.Log; + +import java.lang.reflect.Constructor; +import java.security.cert.CertificateException; +import java.util.LinkedHashSet; + +public class TrustedIntents { + + private static TrustedIntents instance; + + private static PackageManager pm; + + private final LinkedHashSet<ApkSignaturePin> pinList; + + private TrustedIntents(Context context) { + pm = context.getPackageManager(); + this.pinList = new LinkedHashSet<ApkSignaturePin>(); + } + + public static TrustedIntents get(Context context) { + if (instance == null) + instance = new TrustedIntents(context); + return instance; + } + + /** + * Check whether a resolved {@link Activity} is trusted. + * + * @param resolveInfo the one to check + * @return whether the {@code Intent}'s receiver is trusted + */ + public boolean isReceiverTrusted(ResolveInfo resolveInfo) { + return isPackageNameTrusted(resolveInfo.activityInfo.packageName); + } + + /** + * Check whether a resolved {@link Activity} is trusted. + * + * @param activityInfo the one to check + * @return whether the {@code Intent}'s receiver is trusted + */ + public boolean isReceiverTrusted(ActivityInfo activityInfo) { + return isPackageNameTrusted(activityInfo.packageName); + } + + /** + * Check an {@link Intent} is trusted based on the {@code packageName} set + * by {@link Intent#setPackage(String)} + * + * @param intent the one to check + * @return whether the {@code Intent}'s receiver is trusted + */ + public boolean isReceiverTrusted(Intent intent) { + if (!isIntentSane(intent)) + return false; + String packageName = intent.getPackage(); + if (TextUtils.isEmpty(packageName)) { + packageName = intent.getComponent().getPackageName(); + } + return isPackageNameTrusted(packageName); + } + + /** + * Check whether a {@code packageName} is trusted. + * + * @param packageName the one to check + * @return whether the {@code packageName} is trusted + */ + public boolean isPackageNameTrusted(String packageName) { + try { + checkTrustedSigner(packageName); + } catch (NameNotFoundException e) { + e.printStackTrace(); + return false; + } catch (CertificateException e) { + return false; + } + return true; + } + + /** + * Returns an {@link Intent} if the sending app is signed by one of + * the trusted signing keys as set in {@link #addTrustedSigner(Class)}. + * + * @returns {@code null} if there is no {@code Intent} or if the + * sender is not trusted. + * @see #addTrustedSigner(Class) + */ + public Intent getIntentFromTrustedSender(Activity activity) { + Intent intent = activity.getIntent(); + String packageName = getCallingPackageName(activity); + if (TextUtils.isEmpty(packageName)) { + return null; + } + if (isPackageNameTrusted(packageName)) { + return intent; + } + return null; + } + + /** + * Get the package name of the {@link Activity} that sent the + * {@link Intent} that started this {@code Activity}. + * <p/> + * <strong>WARNING</strong>: If the {@code Activity} has + * {@code android:launchMode="singleInstance"} or {@code "singleTask"}, then + * this method will not disconnect because it is not possible to get the + * calling {@code Activity}, as set by + * {@link Activity#startActivityForResult(Intent, int)} + * + * @param activity the {@code Activity} to check for the {@code Intent} + * @return the package of the sending app or {@code null} if it was not a + * {@code ACTION_CONNECT Intent} or the {@code Intent} was not sent + * with {@link Activity#startActivityForResult(Intent, int)} + */ + public static String getCallingPackageName(Activity activity) { + // getCallingPackage() was unstable until android-18, use this + ComponentName componentName = activity.getCallingActivity(); + if (componentName == null) + return null; + String packageName = componentName.getPackageName(); + if (TextUtils.isEmpty(packageName)) { + Log.e(activity.getClass().getSimpleName(), + "Received Intent without sender! The Intent must be sent using startActivityForResult() and received without launchMode singleTask or singleInstance!"); + } + return packageName; + } + + /** + * This is used to check whether an {@link Intent} that will be sent is + * complete. It should <strong>not</strong> be used with {@code Intent}s + * that have been received already. + */ + private boolean isIntentSane(Intent intent) { + if (intent == null) + return false; + if (TextUtils.isEmpty(intent.getPackage())) { + ComponentName componentName = intent.getComponent(); + if (componentName == null || TextUtils.isEmpty(componentName.getPackageName())) { + return false; + } + } + return true; + } + + /** + * Add an APK signature that is always trusted for any packageName. + * + * @param cls {@link Class} of the {@link ApkSignaturePin} to trust + * @return boolean + * @throws {@link IllegalArgumentException} the class cannot be instantiated + */ + public boolean addTrustedSigner(Class<? extends ApkSignaturePin> cls) { + try { + Constructor<? extends ApkSignaturePin> constructor = cls.getConstructor(); + return pinList.add((ApkSignaturePin) constructor.newInstance((Object[]) null)); + } catch (Exception e) { + e.printStackTrace(); + throw new IllegalArgumentException(e); + } + } + + /** + * Remove an APK signature from the trusted set. + * + * @param cls {@link Class} of the {@link ApkSignaturePin} to remove + */ + public boolean removeTrustedSigner(Class<? extends ApkSignaturePin> cls) { + for (ApkSignaturePin pin : pinList) { + if (pin.getClass().equals(cls)) { + return pinList.remove(pin); + } + } + return false; + } + + /** + * Remove all {@link ApkSignaturePin}s from the trusted set. + */ + public boolean removeAllTrustedSigners() { + pinList.clear(); + return pinList.isEmpty(); + } + + /** + * Check if a {@link ApkSignaturePin} is trusted. + * + * @param cls {@link Class} of the {@link ApkSignaturePin} to check + */ + public boolean isTrustedSigner(Class<? extends ApkSignaturePin> cls) { + for (ApkSignaturePin pin : pinList) { + if (pin.getClass().equals(cls)) { + return true; + } + } + return false; + } + + public void checkTrustedSigner(String packageName) + throws NameNotFoundException, CertificateException { + PackageInfo packageInfo = pm.getPackageInfo(packageName, PackageManager.GET_SIGNATURES); + checkTrustedSigner(packageInfo.signatures); + } + + public void checkTrustedSigner(PackageInfo packageInfo) + throws NameNotFoundException, CertificateException { + checkTrustedSigner(packageInfo.signatures); + } + + public void checkTrustedSigner(Signature[] signatures) + throws NameNotFoundException, CertificateException { + if (signatures == null || signatures.length == 0) + throw new CertificateException("signatures cannot be null or empty!"); + for (int i = 0; i < signatures.length; i++) + if (signatures[i] == null || signatures[i].toByteArray().length == 0) + throw new CertificateException("Certificates cannot be null or empty!"); + + // check whether the APK signer is trusted for all apps + for (ApkSignaturePin pin : pinList) + if (areSignaturesEqual(signatures, pin.getSignatures())) + return; // found a matching trusted APK signer + + throw new CertificateException("APK signatures did not match!"); + } + + public boolean areSignaturesEqual(Signature[] sigs0, Signature[] sigs1) { + // TODO where is Android's implementation of this that I can just call? + if (sigs0 == null || sigs1 == null) + return false; + if (sigs0.length == 0 || sigs1.length == 0) + return false; + if (sigs0.length != sigs1.length) + return false; + for (int i = 0; i < sigs0.length; i++) + if (!sigs0[i].equals(sigs1[i])) + return false; + return true; + } + + public void startActivity(Context context, Intent intent) throws CertificateException { + if (!isIntentSane(intent)) + throw new ActivityNotFoundException("The intent was null or empty!"); + String packageName = intent.getPackage(); + if (TextUtils.isEmpty(packageName)) { + packageName = intent.getComponent().getPackageName(); + intent.setPackage(packageName); + } + try { + checkTrustedSigner(packageName); + } catch (NameNotFoundException e) { + e.printStackTrace(); + throw new ActivityNotFoundException(e.getLocalizedMessage()); + } + context.startActivity(intent); + } +} diff --git a/briar-android/witness.gradle b/briar-android/witness.gradle index dcfee5197cf8656dcfc339f4f572e19e998ea776..927d07e6fb1febc90ef887f53e85a348c92aa240 100644 --- a/briar-android/witness.gradle +++ b/briar-android/witness.gradle @@ -1,5 +1,5 @@ dependencyVerification { - verify = [ + verify = [ 'androidx.activity:activity-ktx:1.2.3:activity-ktx-1.2.3.aar:423c0226e237e08de245cf66f8ccaf103854bc19a584d971a4a075fd15d70df1', 'androidx.activity:activity:1.2.2:activity-1.2.2.aar:e165fb20f006b77894d349572cc3acd2760baa8416ae4d33cb8de6a84dd6730c', 'androidx.activity:activity:1.2.4:activity-1.2.4.aar:ae8e9c7de57e387d2ad90e73f3a5a5dfd502bd4f034c1dccfdb3506d1d2df81a', @@ -101,14 +101,13 @@ dependencyVerification { 'com.google.j2objc:j2objc-annotations:1.3:j2objc-annotations-1.3.jar:21af30c92267bd6122c0e0b4d20cccb6641a37eaf956c6540ec471d584e64a7b', 'com.google.zxing:core:3.3.3:core-3.3.3.jar:5820f81e943e4bce0329306621e2d6255d2930b0a6ce934c5c23c0d6d3f20599', 'com.ibm.icu:icu4j:53.1:icu4j-53.1.jar:e37a4467bac5cdeb02c5c4b8e5063d2f4e67b69e3c7df6d6b610f13185572bab', - 'com.jraska:falcon:2.1.1:falcon-2.1.1.aar:827f06556b7fa599f29a48a5277df39ca3dce5080d4ea6f9ea1f9c7b6b78bb7a', + 'com.jraska:falcon:2.2.0:falcon-2.2.0.aar:8b016c6e016ef99fb493b8614b2362cfba540a68ac16a9bb6da310ae10e30b81', 'com.squareup:javapoet:1.13.0:javapoet-1.13.0.jar:4c7517e848a71b36d069d12bb3bf46a70fd4cda3105d822b0ed2e19c00b69291', 'com.squareup:javawriter:2.1.1:javawriter-2.1.1.jar:f699823d0081f69cbb676c1845ea222e0ada79bc88a53e5d22d8bd02d328f57e', 'com.vanniktech:emoji-google:0.7.0:emoji-google-0.7.0.aar:b98966812e3f607ee823cde15dd9b3823c6f02e5587572b860b9d95e3f971402', 'com.vanniktech:emoji:0.7.0:emoji-0.7.0.aar:66f5981f8b5f93e82d2d4b3fa4c6299904d686ca62a2366e61de723b20253707', 'de.hdodenhof:circleimageview:3.1.0:circleimageview-3.1.0.aar:8e9965b54072ee159074a55df216e17d5a622c94ce915ef311b1a1f32660c7fb', 'info.guardianproject.panic:panic:1.0:panic-1.0.jar:35116ab95212e67f94577faf67b88c11a6b21cbf9178b3f5b51d3dff45203ffd', - 'info.guardianproject.trustedintents:trustedintents:0.2:trustedintents-0.2.jar:6221456d8821a8d974c2acf86306900237cf6afaaa94a4c9c44e161350f80f3e', 'javax.annotation:javax.annotation-api:1.3.2:javax.annotation-api-1.3.2.jar:e04ba5195bcd555dc95650f7cc614d151e4bcd52d29a10b8aa2197f3ab89ab9b', 'javax.annotation:jsr250-api:1.0:jsr250-api-1.0.jar:a1a922d0d9b6d183ed3800dfac01d1e1eb159f0e8c6f94736931c1def54a941f', 'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff', @@ -173,7 +172,6 @@ dependencyVerification { 'org.robolectric:shadows-framework:4.4:shadows-framework-4.4.jar:0602f5bbef601036831e0ce8600b6d08d80ce3c9260be5cb7b362b176ce3d9f0', 'org.robolectric:utils-reflector:4.4:utils-reflector-4.4.jar:35a77865bb9a451e99b95575cb154a5f08ecb007bd17e390817c0f31ab9db869', 'org.robolectric:utils:4.4:utils-4.4.jar:f9756b5c57116ae9ec55a65ca52b64ba1f77d30b5eb7b55fef5d125fdf7d69d9', - 'tools.fastlane:screengrab:2.0.0:screengrab-2.0.0.aar:15ac15eb7c371db05e721be8d466567c2b7274b767d91478e781b6d89ee5d3d0', - 'uk.co.samuelwall:material-tap-target-prompt:3.3.0:material-tap-target-prompt-3.3.0.aar:00f16e8d7e55d01e3b41cf66e09eee8588870ca7285ba3c72267ca0482f1606e', - ] + 'tools.fastlane:screengrab:2.1.1:screengrab-2.1.1.aar:5a02781c0986e71ddbc691263115c2db70bdebb4b48d5b6dcf06ab1cb547d62d', + 'uk.co.samuelwall:material-tap-target-prompt:3.3.0:material-tap-target-prompt-3.3.0.aar:00f16e8d7e55d01e3b41cf66e09eee8588870ca7285ba3c72267ca0482f1606e',] } diff --git a/briar-headless/build.gradle b/briar-headless/build.gradle index efff4722b08b349bc1403c3f02eba69b5a244caf..704bb1b01dbcf9caead97332931e17e197b56a02 100644 --- a/briar-headless/build.gradle +++ b/briar-headless/build.gradle @@ -37,9 +37,9 @@ dependencies { testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion" testImplementation "org.junit.jupiter:junit-jupiter-params:$junitVersion" testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion" - testImplementation 'io.mockk:mockk:1.10.4' + testImplementation 'io.mockk:mockk:1.12.4' testImplementation 'org.skyscreamer:jsonassert:1.5.0' - testImplementation 'khttp:khttp:0.1.0' + testImplementation "com.squareup.okhttp3:okhttp:4.10.0" kaptTest "com.google.dagger:dagger-compiler:$daggerVersion" } diff --git a/briar-headless/src/test/java/org/briarproject/briar/headless/IntegrationTest.kt b/briar-headless/src/test/java/org/briarproject/briar/headless/IntegrationTest.kt index ac26ea72dfa5890176a9b50a3e19da3fe799b5b2..3c66aac4f4d58790aab4abf1ef95fd651dce02c6 100644 --- a/briar-headless/src/test/java/org/briarproject/briar/headless/IntegrationTest.kt +++ b/briar-headless/src/test/java/org/briarproject/briar/headless/IntegrationTest.kt @@ -2,7 +2,11 @@ package org.briarproject.briar.headless import io.javalin.Javalin import io.javalin.core.util.Header.AUTHORIZATION -import khttp.responses.Response +import okhttp3.MediaType.Companion.toMediaType +import okhttp3.OkHttpClient +import okhttp3.Request +import okhttp3.RequestBody.Companion.toRequestBody +import okhttp3.Response import org.briarproject.bramble.BrambleCoreEagerSingletons import org.briarproject.bramble.api.crypto.CryptoComponent import org.briarproject.briar.BriarCoreEagerSingletons @@ -22,6 +26,7 @@ abstract class IntegrationTest { private val dataDir = File("tmp") + private val client: OkHttpClient = OkHttpClient() protected lateinit var api: Javalin protected lateinit var crypto: CryptoComponent protected lateinit var testDataCreator: TestDataCreator @@ -48,34 +53,55 @@ abstract class IntegrationTest { dataDir.deleteRecursively() } - protected fun get(url: String): Response { - return khttp.get(url, getAuthTokenHeader(token)) + protected fun get(url: String, authToken: String = token): Response { + val request: Request = Request.Builder() + .url(url) + .header(AUTHORIZATION, "Bearer $authToken") + .build() + return client.newCall(request).execute() } protected fun getWithWrongToken(url: String): Response { - return khttp.get(url, getAuthTokenHeader("wrongToken")) + return get(url, "wrongToken") } - protected fun post(url: String, data: String): Response { - return khttp.post(url, getAuthTokenHeader(token), data = data) + protected fun post(url: String, data: String, authToken: String = token): Response { + val json = "application/json; charset=utf-8".toMediaType() + val body = data.toRequestBody(json) + val request: Request = Request.Builder() + .url(url) + .header(AUTHORIZATION, "Bearer $authToken") + .post(body) + .build() + return client.newCall(request).execute() } protected fun postWithWrongToken(url: String): Response { - return khttp.post(url, getAuthTokenHeader("wrongToken"), data = "") + return post(url, data = "", authToken = "wrongToken") } - protected fun delete(url: String): Response { - return khttp.delete(url, getAuthTokenHeader(token)) + protected fun delete(url: String, authToken: String = token): Response { + val request: Request = Request.Builder() + .url(url) + .header(AUTHORIZATION, "Bearer $authToken") + .delete() + .build() + return client.newCall(request).execute() } - protected fun delete(url: String, data: String): Response { - return khttp.delete(url, getAuthTokenHeader(token), data = data) + protected fun delete(url: String, data: String, authToken: String = token): Response { + val json = "application/json; charset=utf-8".toMediaType() + val body = data.toRequestBody(json) + val request: Request = Request.Builder() + .url(url) + .header(AUTHORIZATION, "Bearer $authToken") + .delete(body) + .build() + return client.newCall(request).execute() } protected fun deleteWithWrongToken(url: String): Response { - return khttp.delete(url, getAuthTokenHeader("wrongToken")) + return delete(url, authToken = "wrongToken") } - private fun getAuthTokenHeader(token: String) = mapOf(Pair(AUTHORIZATION, "Bearer $token")) - } diff --git a/briar-headless/src/test/java/org/briarproject/briar/headless/contact/ContactControllerIntegrationTest.kt b/briar-headless/src/test/java/org/briarproject/briar/headless/contact/ContactControllerIntegrationTest.kt index 9c4cfcc2a172330cb8f73fcfa28a9c3fe28b4973..2e1e345b7da762c2822a43b7f0b094e47cf61c20 100644 --- a/briar-headless/src/test/java/org/briarproject/briar/headless/contact/ContactControllerIntegrationTest.kt +++ b/briar-headless/src/test/java/org/briarproject/briar/headless/contact/ContactControllerIntegrationTest.kt @@ -1,26 +1,39 @@ package org.briarproject.briar.headless.contact +import okhttp3.Response import org.briarproject.bramble.api.contact.HandshakeLinkConstants.BASE32_LINK_BYTES import org.briarproject.briar.headless.IntegrationTest import org.briarproject.briar.headless.url import org.briarproject.briar.test.BriarTestUtils.getRealHandshakeLink +import org.json.JSONArray +import org.json.JSONObject import org.junit.jupiter.api.Assertions.assertEquals import org.junit.jupiter.api.Assertions.assertTrue import org.junit.jupiter.api.Test class ContactControllerIntegrationTest : IntegrationTest() { + /** + * Can only be called once. + */ + private val Response.jsonArray: JSONArray get() = JSONArray(body?.use { it.string() }) + + /** + * Can only be called once. + */ + private val Response.jsonObject: JSONObject get() = JSONObject(body?.use { it.string() }) + @Test fun `returning list of contacts needs authentication token`() { val response = getWithWrongToken("$url/contacts") - assertEquals(401, response.statusCode) + assertEquals(401, response.code) } @Test fun `returns list of contacts`() { // retrieve empty list of contacts var response = get("$url/contacts") - assertEquals(200, response.statusCode) + assertEquals(200, response.code) assertEquals(0, response.jsonArray.length()) // add one test contact @@ -29,9 +42,10 @@ class ContactControllerIntegrationTest : IntegrationTest() { // retrieve list with one test contact response = get("$url/contacts") - assertEquals(200, response.statusCode) - assertEquals(1, response.jsonArray.length()) - val contact = response.jsonArray.getJSONObject(0) + assertEquals(200, response.code) + val jsonArray = response.jsonArray + assertEquals(1, jsonArray.length()) + val contact = jsonArray.getJSONObject(0) val author = contact.getJSONObject("author") assertEquals(testContactName, author.getString("name")) } @@ -39,7 +53,7 @@ class ContactControllerIntegrationTest : IntegrationTest() { @Test fun `returns own handshake link`() { val response = get("$url/contacts/add/link") - assertEquals(200, response.statusCode) + assertEquals(200, response.code) val link = response.jsonObject.getString("link") assertTrue(link.startsWith("briar://")) assertEquals(BASE32_LINK_BYTES + 8, link.length) @@ -48,14 +62,14 @@ class ContactControllerIntegrationTest : IntegrationTest() { @Test fun `returning own handshake link needs authentication token`() { val response = getWithWrongToken("$url/contacts/add/link") - assertEquals(401, response.statusCode) + assertEquals(401, response.code) } @Test fun `returns list of pending contacts`() { // retrieve empty list of pending contacts var response = get("$url/contacts/add/pending") - assertEquals(200, response.statusCode) + assertEquals(200, response.code) assertEquals(0, response.jsonArray.length()) // add one pending contact @@ -65,37 +79,38 @@ class ContactControllerIntegrationTest : IntegrationTest() { "alias": "$alias" }""" response = post("$url/contacts/add/pending", json) - assertEquals(200, response.statusCode) + assertEquals(200, response.code) // get added contact as only list item response = get("$url/contacts/add/pending") - assertEquals(200, response.statusCode) - assertEquals(1, response.jsonArray.length()) - val jsonObject = response.jsonArray.getJSONObject(0) + assertEquals(200, response.code) + val jsonArray = response.jsonArray + assertEquals(1, jsonArray.length()) + val jsonObject = jsonArray.getJSONObject(0) assertEquals(alias, jsonObject.getJSONObject("pendingContact").getString("alias")) // remove pending contact again val idString = jsonObject.getJSONObject("pendingContact").getString("pendingContactId") val deleteJson = """{"pendingContactId": "$idString"}""" - response = delete("$url/contacts/add/pending", deleteJson) - assertEquals(200, response.statusCode) + response = delete("$url/contacts/add/pending", data = deleteJson) + assertEquals(200, response.code) // list of pending contacts should be empty now response = get("$url/contacts/add/pending") - assertEquals(200, response.statusCode) + assertEquals(200, response.code) assertEquals(0, response.jsonArray.length()) } @Test fun `returning list of pending contacts needs authentication token`() { val response = getWithWrongToken("$url/contacts/add/pending") - assertEquals(401, response.statusCode) + assertEquals(401, response.code) } @Test fun `adding a pending contact needs authentication token`() { val response = postWithWrongToken("$url/contacts/add/pending") - assertEquals(401, response.statusCode) + assertEquals(401, response.code) } @Test @@ -106,7 +121,7 @@ class ContactControllerIntegrationTest : IntegrationTest() { "alias": "$alias" }""" val response = post("$url/contacts/add/pending", json) - assertEquals(400, response.statusCode) + assertEquals(400, response.code) assertEquals("INVALID_LINK", response.jsonObject.getString("error")) } @@ -118,7 +133,7 @@ class ContactControllerIntegrationTest : IntegrationTest() { "alias": "$alias" }""" val response = post("$url/contacts/add/pending", json) - assertEquals(400, response.statusCode) + assertEquals(400, response.code) assertEquals("INVALID_PUBLIC_KEY", response.jsonObject.getString("error")) } @@ -130,36 +145,37 @@ class ContactControllerIntegrationTest : IntegrationTest() { "alias": "$alias" }""" var response = post("$url/contacts/add/pending", json) - assertEquals(200, response.statusCode) + assertEquals(200, response.code) val pendingContactId = response.jsonObject.getString("pendingContactId") response = post("$url/contacts/add/pending", json) - assertEquals(403, response.statusCode) - assertEquals("PENDING_EXISTS", response.jsonObject.getString("error")) - assertEquals(pendingContactId, response.jsonObject.getString("pendingContactId")) - assertEquals(alias, response.jsonObject.getString("pendingContactAlias")) + assertEquals(403, response.code) + val jsonObject = response.jsonObject + assertEquals("PENDING_EXISTS", jsonObject.getString("error")) + assertEquals(pendingContactId, jsonObject.getString("pendingContactId")) + assertEquals(alias, jsonObject.getString("pendingContactAlias")) } @Test fun `removing a pending contact needs authentication token`() { val response = deleteWithWrongToken("$url/contacts/add/pending") - assertEquals(401, response.statusCode) + assertEquals(401, response.code) } @Test fun `deleting a contact needs authentication token`() { val response = deleteWithWrongToken("$url/contacts/1") - assertEquals(401, response.statusCode) + assertEquals(401, response.code) } @Test fun `deleting real and non-existing contact`() { var response = delete("$url/contacts/1") - assertEquals(200, response.statusCode) + assertEquals(200, response.code) response = delete("$url/contacts/1") - assertEquals(404, response.statusCode) + assertEquals(404, response.code) } } diff --git a/briar-headless/witness.gradle b/briar-headless/witness.gradle index 9c7063f5cd8a9f04d08018cbb8977ff963a19f6d..2d45f588162c186875a487c9902841031b0968fd 100644 --- a/briar-headless/witness.gradle +++ b/briar-headless/witness.gradle @@ -16,22 +16,24 @@ dependencyVerification { 'com.google.guava:guava:27.1-jre:guava-27.1-jre.jar:4a5aa70cc968a4d137e599ad37553e5cfeed2265e8c193476d7119036c536fe7', 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava:listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99', 'com.google.j2objc:j2objc-annotations:1.1:j2objc-annotations-1.1.jar:2994a7eb78f2710bd3d3bfb639b2c94e219cedac0d4d084d516e78c16dddecf6', + 'com.squareup.okhttp3:okhttp:4.10.0:okhttp-4.10.0.jar:7580f14fa1691206e37081ad3f92063b1603b328da0bb316f2fef02e0562e7ec', + 'com.squareup.okio:okio-jvm:3.0.0:okio-jvm-3.0.0.jar:be64a0cc1f28ea9cd5c970dd7e7557af72c808d738c495b397bf897c9921e907', + 'com.squareup.okio:okio:3.0.0:okio-metadata-3.0.0.jar:dcbe63ed43b2c90c325e9e6a0863e2e7605980bff5e728c6de1088be5574979e', 'com.squareup:javapoet:1.11.1:javapoet-1.11.1.jar:9cbf2107be499ec6e95afd36b58e3ca122a24166cdd375732e51267d64058e90', 'com.vaadin.external.google:android-json:0.0.20131108.vaadin1:android-json-0.0.20131108.vaadin1.jar:dfb7bae2f404cfe0b72b4d23944698cb716b7665171812a0a4d0f5926c0fac79', 'io.javalin:javalin:3.5.0:javalin-3.5.0.jar:6618f99ad4c241eefcaf3a02c85adc52ec346c9710e8eb5a3f1a916e3d7acec4', - 'io.mockk:mockk-agent-api:1.10.4:mockk-agent-api-1.10.4.jar:8deb59189b48d5870a746f954ca681424040544812c7ae295f3bef87a9499cfe', - 'io.mockk:mockk-agent-common:1.10.4:mockk-agent-common-1.10.4.jar:13b81a3297a3c15ed9f62b838aaede20347018f07c30cad2ca74a4dd99786f8f', - 'io.mockk:mockk-agent-jvm:1.10.4:mockk-agent-jvm-1.10.4.jar:51eb22de58c44f140384e61878e8c0da0fcf80c60a139d28ef7b027ea4bc2042', - 'io.mockk:mockk-common:1.10.4:mockk-common-1.10.4.jar:aaf3cc99442100767dc72776f250113f992facfb43bf6ba9a5282d1c8aaecd00', - 'io.mockk:mockk-dsl-jvm:1.10.4:mockk-dsl-jvm-1.10.4.jar:2432e2d0dfd31c3cb33e12137b8c712358cb0c4cddbd27b5bd6c55db2068e1a1', - 'io.mockk:mockk-dsl:1.10.4:mockk-dsl-1.10.4.jar:b97d750bebfd7da92a020f5417deface710c58802a78a8fff68661f77eaa3037', - 'io.mockk:mockk:1.10.4:mockk-1.10.4.jar:e26d4eb8c9c0c5ac00acb9bfeedfe0feb10055bf7e80db57539936413ea38f7c', + 'io.mockk:mockk-agent-api:1.12.4:mockk-agent-api-1.12.4.jar:6eb3407b1f88c0c0ced9636f82874100786b74b3b06c4354c4d85229779fdec8', + 'io.mockk:mockk-agent-common:1.12.4:mockk-agent-common-1.12.4.jar:427d071ec7a85f105c152a51a89738d8ee52954130e5c09500837dfbe3549329', + 'io.mockk:mockk-agent-jvm:1.12.4:mockk-agent-jvm-1.12.4.jar:840c11f2e0a14d35e229c2b6018273f4623c7f619ebf9701164bb9c2db99c098', + 'io.mockk:mockk-common:1.12.4:mockk-common-1.12.4.jar:16f1ba4738535458cb91fa1a759794f6618a6f9f1ae1d149e79b48cc06ea5e7b', + 'io.mockk:mockk-dsl-jvm:1.12.4:mockk-dsl-jvm-1.12.4.jar:faee4b52def68fa182f89d23c2a45f2246ef88b6b1ba98346aa85f57e5ed630f', + 'io.mockk:mockk-dsl:1.12.4:mockk-dsl-1.12.4.jar:7fc96f9ed5118c915a3890ba2e4090c9b283ae7bdc37ab83885415bdf77650e4', + 'io.mockk:mockk:1.12.4:mockk-1.12.4.jar:2c34a3690b958a3cf38b82d0f4910dc9992fb078dce6f56d71498293557bf805', 'javax.annotation:jsr250-api:1.0:jsr250-api-1.0.jar:a1a922d0d9b6d183ed3800dfac01d1e1eb159f0e8c6f94736931c1def54a941f', 'javax.inject:javax.inject:1:javax.inject-1.jar:91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff', 'javax.servlet:javax.servlet-api:3.1.0:javax.servlet-api-3.1.0.jar:af456b2dd41c4e82cf54f3e743bc678973d9fe35bd4d3071fa05c7e5333b8482', - 'khttp:khttp:0.1.0:khttp-0.1.0.jar:48ab3bd22e461f2c2e74e3446d8f9568e24aab157f61fdc85ded6c0bfbe9a926', - 'net.bytebuddy:byte-buddy-agent:1.10.14:byte-buddy-agent-1.10.14.jar:30272167eceb1cb68fa84730a12d1abfd1daed6ae0c19fdefee47a9a9a0cfd33', - 'net.bytebuddy:byte-buddy:1.10.14:byte-buddy-1.10.14.jar:0e6b935bfcb3e451d525956acad53ec86ff916d714abdbd32b3d2039771896f8', + 'net.bytebuddy:byte-buddy-agent:1.12.6:byte-buddy-agent-1.12.6.jar:9b29421fe4650b75fc3ed53590f914c54f932e334b3506cc00296dff73024183', + 'net.bytebuddy:byte-buddy:1.12.6:byte-buddy-1.12.6.jar:211918dc24f0fdef4335ce8af40ef5616e15e818b962a21146397c7701eb75a7', 'net.java.dev.jna:jna:5.6.0:jna-5.6.0.jar:5557e235a8aa2f9766d5dc609d67948f2a8832c2d796cea9ef1d6cbe0b3b7eaf', 'net.ltgt.gradle.incap:incap:0.2:incap-0.2.jar:b625b9806b0f1e4bc7a2e3457119488de3cd57ea20feedd513db070a573a4ffd', 'org.apiguardian:apiguardian-api:1.1.0:apiguardian-api-1.1.0.jar:a9aae9ff8ae3e17a2a18f79175e82b16267c246fbbd3ca9dfbbb290b08dcfdd4', @@ -57,7 +59,7 @@ dependencyVerification { 'org.jetbrains.kotlin:kotlin-compiler-embeddable:1.7.10:kotlin-compiler-embeddable-1.7.10.jar:470ba8941794f818a34b0a8f387ee27e44268e95a108322d18d9749ae345e22b', 'org.jetbrains.kotlin:kotlin-daemon-embeddable:1.7.10:kotlin-daemon-embeddable-1.7.10.jar:77c5f3ab1ed653a899e96835937a9daf3a46e496fdfa6915ff6d20b2953619a4', 'org.jetbrains.kotlin:kotlin-klib-commonizer-embeddable:1.7.10:kotlin-klib-commonizer-embeddable-1.7.10.jar:1c2550f1e7ec4d1590aacddd7852b90a4cf05de6e66cee31ad747c8dc0834e33', - 'org.jetbrains.kotlin:kotlin-reflect:1.4.20:kotlin-reflect-1.4.20.jar:3b7c82def79fb96c4579d40a47e37dec872f9f8209ee0da3ce828c39dba612e1', + 'org.jetbrains.kotlin:kotlin-reflect:1.6.0:kotlin-reflect-1.6.0.jar:c6161884209221db7f5ddb031bb480a3c46bb90d5b65d7cc0167b149aaa9c494', 'org.jetbrains.kotlin:kotlin-reflect:1.7.10:kotlin-reflect-1.7.10.jar:187c5e5a588a6ed18c3a41b54df138a5944121bdb396be1c3fa4abee67397955', 'org.jetbrains.kotlin:kotlin-script-runtime:1.7.10:kotlin-script-runtime-1.7.10.jar:84bfc2aa4eec6768113930cdaef8b5b9f59ac4138fbca3b11300fff4d076950c', 'org.jetbrains.kotlin:kotlin-scripting-common:1.7.10:kotlin-scripting-common-1.7.10.jar:c3a346f38a3d6e242f2316c5a7a4a6b526f2cc42b44ebd40654a0f885cbc4940', @@ -69,13 +71,12 @@ dependencyVerification { 'org.jetbrains.kotlin:kotlin-stdlib-jdk8:1.7.10:kotlin-stdlib-jdk8-1.7.10.jar:8aafdd60c94f454c92e5066d266a5ed53ecc63c78f623b3fd9db56fea4032873', 'org.jetbrains.kotlin:kotlin-stdlib:1.7.10:kotlin-stdlib-1.7.10.jar:e771fe74250a943e8f6346713201ff1d8cb95c3a5d1a91a22b65a9e04f6a8901', 'org.jetbrains:annotations:13.0:annotations-13.0.jar:ace2a10dc8e2d5fd34925ecac03e4988b2c0f851650c94b8cef49ba1bd111478', - 'org.json:json:20150729:json-20150729.jar:38c21b9c3d6d24919cd15d027d20afab0a019ac9205f7ed9083b32bdd42a2353', 'org.junit.jupiter:junit-jupiter-api:5.5.2:junit-jupiter-api-5.5.2.jar:249a2fdbd3931987c0298d00ca08ed248496e0fc11e0463c08c4f82e0cc79b1c', 'org.junit.jupiter:junit-jupiter-engine:5.5.2:junit-jupiter-engine-5.5.2.jar:6d777da9876e2ef7a0336e8f098f8d74a5a64f810aa3a4a2f5f3b766ce97837b', 'org.junit.jupiter:junit-jupiter-params:5.5.2:junit-jupiter-params-5.5.2.jar:fd49c7fd9d0f7f1e5b5f6982254cee79177fa2e76a37fdee0466e64f975567b5', 'org.junit.platform:junit-platform-commons:1.5.2:junit-platform-commons-1.5.2.jar:fc44afdfc0f20c85e71a66e7943281aef3bc1e0fd62d2d69a36cb6901e682c10', 'org.junit.platform:junit-platform-engine:1.5.2:junit-platform-engine-1.5.2.jar:ff20ba4ad8c00ef17baef9c55512f9c02d9a68740f7f1ac01a9a6aa0239931f8', - 'org.objenesis:objenesis:3.1:objenesis-3.1.jar:cdb3d038c188de6f46ffd5cd930be2d5e5dba59c53b26437995d534e3db2fb80', + 'org.objenesis:objenesis:3.2:objenesis-3.2.jar:03d960bd5aef03c653eb000413ada15eb77cdd2b8e4448886edf5692805e35f3', 'org.opentest4j:opentest4j:1.2.0:opentest4j-1.2.0.jar:58812de60898d976fb81ef3b62da05c6604c18fd4a249f5044282479fc286af2', 'org.skyscreamer:jsonassert:1.5.0:jsonassert-1.5.0.jar:a310bc79c3f4744e2b2e993702fcebaf3696fec0063643ffdc6b49a8fb03ef39', 'org.slf4j:slf4j-api:1.7.30:slf4j-api-1.7.30.jar:cdba07964d1bb40a0761485c6b1e8c2f8fd9eb1d19c53928ac0d7f9510105c57', diff --git a/build.gradle b/build.gradle index 934440d3b601aa9ff7f6dc22c4f80d47ec17c0ad..a009d347bae3be26f868edf253f447b0b8c47b61 100644 --- a/build.gradle +++ b/build.gradle @@ -3,7 +3,6 @@ allprojects { repositories { mavenCentral() - jcenter() mavenLocal() google() maven { url "https://jitpack.io" } @@ -20,7 +19,6 @@ allprojects { buildscript { repositories { - jcenter() mavenLocal() google() maven {