Merge pull request #489 from ForgeRock/develop

ForgeRock Android SDK 4.8.1 Release

Author: spetrov

.github/workflows/bitbar-prepare-artifacts.yaml

@@ -2,6 +2,9 @@ name: Prepare BitBar Artifacts
 on:
   workflow_call:
     secrets:
+      E2E_CONFIG:
+        description: 'Variables for the e2e tests'
+        required: true
       SIGNING_KEYSTORE:
         description: 'Needed for signing the apk artifacts'
         required: true
@@ -30,6 +33,17 @@ jobs:
           repository: ${{github.event.pull_request.head.repo.full_name}}
           fetch-depth: 0
 
+      # Set up the variables for the tests from the secrets
+      - name: Setup config file for e2e tests
+        run: |
+          echo "${{ secrets.E2E_CONFIG }}" > forgerock-integration-tests/src/main/assets/test_config.properties
+
+      # Use the following step to debug the config file in case of issues
+      - name: Verify config file exists (debug only)
+        run: |
+          ls -l forgerock-integration-tests/src/main/assets
+          shasum -a 256 forgerock-integration-tests/src/main/assets/test_config.properties
+
       # Setup JDK and cache and restore dependencies.
       - name: Set up JDK 17
         uses: actions/setup-java@v3

.github/workflows/ci.yaml

@@ -46,6 +46,7 @@ jobs:
     if: ${{ github.actor != 'dependabot[bot]' }}
     needs: build-and-test
     secrets:
+      E2E_CONFIG: ${{ secrets.E2E_CONFIG }}
       SIGNING_KEYSTORE: ${{ secrets.SIGNING_KEYSTORE }}
       SIGNING_ALIAS: ${{ secrets.SIGNING_ALIAS }}
       SIGNING_KEYSTORE_PASSWORD: ${{ secrets.SIGNING_KEYSTORE_PASSWORD }}

.github/workflows/release.yaml

@@ -40,6 +40,7 @@ jobs:
   # Tag the repo, and create a new release
   release:
     name: Tag the repo and create a new release
+    runs-on: macos-latest
     needs: publish
     steps:
       # Clone the repo

CHANGELOG.md

@@ -1,3 +1,8 @@
+## [4.8.1]
+
+#### Fixed
+- Encryption and decryption performance has been enhanced through the implementation of caching for the KeyStore, Cipher, and Symmetric Key. Additionally, developers now have the flexibility to enable or disable StrongBox during key generation. [SDKS-4090]
+
 ## [4.8.0]
 #### Added
 - Support for new response payload in WebAuthn authentication and registration [SDKS-3843]

e2e/app/src/main/java/com/example/app/token/TokenViewModel.kt

@@ -30,7 +30,7 @@ class TokenViewModel : ViewModel() {
     fun getAccessToken() {
         viewModelScope.launch(Dispatchers.Default) {
             try {
-                FRUser.getCurrentUser().accessToken?.let { token ->
+                FRUser.getCurrentUser()?.accessToken?.let { token ->
                     state.update {
                         it.copy(token, null)
                     }

forgerock-auth/src/main/java/org/forgerock/android/auth/storage/CookiesStorage.kt

@@ -11,6 +11,8 @@ import android.content.Context
 import kotlinx.serialization.KSerializer
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.serializer
+import org.forgerock.android.auth.ContextProvider
+import org.forgerock.android.auth.Encryptor
 import org.forgerock.android.auth.Logger
 import org.forgerock.android.auth.SharedPreferencesSignOnManager
 
@@ -26,15 +28,17 @@ private const val TAG = "CookiesStorage"
  * @param keyAlias The alias for the encryption key.
  * @param key The key used to store the cookies.
  * @param serializer The serializer for the collection of cookies.
+ * @param encryptor An optional encryptor for securing the cookies.
  */
 class CookiesStorage(
     context: Context,
     filename: String,
     keyAlias: String,
     key: String,
-    serializer: KSerializer<Collection<String>>
+    serializer: KSerializer<Collection<String>>,
+    encryptor: Encryptor? = null
 ) : SecureSharedPreferencesStorage<Collection<String>>(
-    context, filename, keyAlias, key, serializer
+    context, filename, keyAlias, key, serializer, encryptor
 ) {
 
     init {
@@ -63,10 +67,11 @@ class CookiesStorage(
  * @return A `StorageDelegate` for `CookiesStorage`.
  */
 fun CookiesStorage(
-    context: Context,
+    context: Context = ContextProvider.context,
     filename: String = ORG_FORGEROCK_V_2_COOKIES,
     keyAlias: String = ORG_FORGEROCK_V_2_KEYS,
     key: String = COOKIES,
+    encryptor: Encryptor? = null
 ): StorageDelegate<Collection<String>> =
     StorageDelegate {
         CookiesStorage(
@@ -75,5 +80,6 @@ fun CookiesStorage(
             keyAlias = keyAlias,
             key = key,
             serializer = Json.serializersModule.serializer(),
+            encryptor
         )
     }

forgerock-auth/src/main/java/org/forgerock/android/auth/storage/SSOTokenStorage.kt

@@ -11,6 +11,8 @@ import android.content.Context
 import kotlinx.serialization.KSerializer
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.serializer
+import org.forgerock.android.auth.ContextProvider
+import org.forgerock.android.auth.Encryptor
 import org.forgerock.android.auth.Logger
 import org.forgerock.android.auth.SSOToken
 import org.forgerock.android.auth.SharedPreferencesSignOnManager
@@ -28,15 +30,17 @@ private const val TAG = "SSOTokenStorage"
  * @param keyAlias The alias for the encryption key.
  * @param key The key used to store the SSO tokens.
  * @param serializer The serializer for the SSO tokens.
+ * @param encryptor An optional encryptor for securing the SSO tokens.
  */
 class SSOTokenStorage(
     context: Context,
     filename: String,
     keyAlias: String,
     key: String,
-    serializer: KSerializer<SSOToken>
+    serializer: KSerializer<SSOToken>,
+    encryptor: Encryptor? = null
 ) : SecureSharedPreferencesStorage<SSOToken>(
-    context, filename, keyAlias, key, serializer
+    context, filename, keyAlias, key, serializer, encryptor
 ) {
 
     init {
@@ -56,17 +60,19 @@ class SSOTokenStorage(
 /**
  * Factory function to create a `SSOTokenStorage` instance.
  *
- * @param context The application context.
+ * @param context The application context. Defaults to [ContextProvider.context]`.
  * @param filename The name of the file where SSO tokens are stored. Defaults to `ORG_FORGEROCK_V_2_SSO_TOKENS`.
  * @param keyAlias The alias for the encryption key. Defaults to `ORG_FORGEROCK_V_2_KEYS`.
  * @param key The key used to store the SSO tokens. Defaults to `SSO_TOKEN`.
+ * @param encryptor An optional encryptor for securing the SSO tokens. Defaults to `null`.
  * @return A `StorageDelegate` for `SSOTokenStorage`.
  */
 fun SSOTokenStorage(
-    context: Context,
+    context: Context = ContextProvider.context,
     filename: String = ORG_FORGEROCK_V_2_SSO_TOKENS,
     keyAlias: String = ORG_FORGEROCK_V_2_KEYS,
-    key: String = SSO_TOKEN
+    key: String = SSO_TOKEN,
+    encryptor: Encryptor? = null
 ): StorageDelegate<SSOToken> =
     StorageDelegate {
         SSOTokenStorage(
@@ -75,5 +81,6 @@ fun SSOTokenStorage(
             keyAlias = keyAlias,
             key = key,
             serializer = Json.serializersModule.serializer(),
+            encryptor
         )
     }

forgerock-auth/src/main/java/org/forgerock/android/auth/storage/SecureSharedPreferencesStorage.kt

@@ -11,6 +11,7 @@ import android.content.Context
 import android.content.SharedPreferences
 import kotlinx.serialization.KSerializer
 import kotlinx.serialization.Serializable
+import org.forgerock.android.auth.Encryptor
 import org.forgerock.android.auth.SecuredSharedPreferences
 import org.forgerock.android.auth.json
 
@@ -23,17 +24,19 @@ import org.forgerock.android.auth.json
  * @param keyAlias The alias for the encryption key.
  * @param key The key used to store the data.
  * @param serializer The serializer for the data.
+ * @param encryptor An optional encryptor for securing the data.
  */
 open class SecureSharedPreferencesStorage<T : @Serializable Any>(
     context: Context,
     filename: String,
     keyAlias: String,
     private var key: String,
     private val serializer: KSerializer<T>,
+    encryptor: Encryptor? = null
 ) : Storage<T> {
 
     private var sharedPreferences: SharedPreferences =
-        SecuredSharedPreferences(context, filename, keyAlias)
+        SecuredSharedPreferences(context, filename, keyAlias, encryptor)
 
     /**
      * Save an item to the secure shared preferences storage.

forgerock-auth/src/main/java/org/forgerock/android/auth/storage/TokenStorage.kt

@@ -11,6 +11,8 @@ import android.content.Context
 import kotlinx.serialization.json.Json
 import kotlinx.serialization.serializer
 import org.forgerock.android.auth.AccessToken
+import org.forgerock.android.auth.ContextProvider
+import org.forgerock.android.auth.Encryptor
 import org.forgerock.android.auth.OAuth2
 
 //Alias to store keys
@@ -25,13 +27,15 @@ const val ORG_FORGEROCK_V_1_TOKENS = "org.forgerock.v1.TOKENS"
  * @param filename The name of the file where tokens are stored.
  * @param keyAlias The alias for the encryption key.
  * @param key The key used to store the tokens.
+ * @param encryptor An optional Encryptor for securing the tokens.
  * @return A StorageDelegate for AccessToken.
  */
 fun TokenStorage(
-    context: Context,
+    context: Context = ContextProvider.context,
     filename: String = ORG_FORGEROCK_V_1_TOKENS,
     keyAlias: String = ORG_FORGEROCK_V_1_KEYS,
-    key: String = OAuth2.ACCESS_TOKEN
+    key: String = OAuth2.ACCESS_TOKEN,
+    encryptor: Encryptor? = null
 ): StorageDelegate<AccessToken> =
     StorageDelegate {
         SecureSharedPreferencesStorage(
@@ -40,5 +44,6 @@ fun TokenStorage(
             keyAlias = keyAlias,
             key = key,
             serializer = Json.serializersModule.serializer(),
+            encryptor
         )
     }

forgerock-core/src/main/java/org/forgerock/android/auth/SecuredSharedPreferences.java

@@ -54,11 +54,26 @@ public class SecuredSharedPreferences implements SharedPreferences {
     @Getter
     private final String keyAlias;
 
+    /**
+     * Creates a new instance of SecuredSharedPreferences.
+     *
+     * @param context   The application context.
+     * @param fileName  The name of the shared preferences file.
+     * @param keyAlias  The alias for the encryption key.
+     */
     public SecuredSharedPreferences(Context context, String fileName, String keyAlias) {
         this(context, fileName, keyAlias, null);
     }
 
-    SecuredSharedPreferences(Context context, String fileName, String keyAlias, Encryptor encryptor) {
+    /**
+     * Creates a new instance of SecuredSharedPreferences.
+     *
+     * @param context   The application context.
+     * @param fileName  The name of the shared preferences file.
+     * @param keyAlias  The alias for the encryption key.
+     * @param encryptor An optional custom encryptor. If null, a default encryptor will be used.
+     */
+    public SecuredSharedPreferences(Context context, String fileName, String keyAlias, Encryptor encryptor) {
         this.sharedPreferences = context.getSharedPreferences(fileName, Context.MODE_PRIVATE);
         this.listeners = new ArrayList<>();
         this.keyAlias = keyAlias;