Changes included in v1.0.1.44 of Covid Tracker App (HSEIreland#3)

Author: colmharte

android/build.gradle

@@ -11,7 +11,6 @@
 //   - https://github.com/facebook/react-native/blob/0.58-stable/local-cli/templates/HelloWorld/android/app/build.gradle
 
 def DEFAULT_COMPILE_SDK_VERSION = 28
-def DEFAULT_BUILD_TOOLS_VERSION = '28.0.3'
 def DEFAULT_MIN_SDK_VERSION = 23
 def DEFAULT_TARGET_SDK_VERSION = 28
 
@@ -52,7 +51,6 @@ buildscript {
 
 android {
     compileSdkVersion safeExtGet('compileSdkVersion', DEFAULT_COMPILE_SDK_VERSION)
-    buildToolsVersion safeExtGet('buildToolsVersion', DEFAULT_BUILD_TOOLS_VERSION)
     defaultConfig {
         minSdkVersion safeExtGet('minSdkVersion', DEFAULT_MIN_SDK_VERSION)
         targetSdkVersion safeExtGet('targetSdkVersion', DEFAULT_TARGET_SDK_VERSION)

android/src/main/java/ie/gov/tracing/ExposureNotificationModule.java

@@ -108,7 +108,7 @@ public void tryEnable(Promise promise) {
     }
 
     @ReactMethod
-    public void checkExposure(Boolean readExposureDetails) {
+    public void checkExposure(Boolean readExposureDetails, Boolean skipTimeCheck) {
         if(nearbyNotSupported()) return;
         Tracing.checkExposure(readExposureDetails);
     }

android/src/main/java/ie/gov/tracing/nearby/ExposureNotificationClientWrapper.java

@@ -59,7 +59,7 @@ public Task<List<TemporaryExposureKey>> getTemporaryExposureKeyHistory() {
   }
 
   Task<Void> provideDiagnosisKeys(List<File> files, String token) {
-    String settings = Fetcher.fetch("/settings", false, appContext);
+    String settings = Fetcher.fetch("/settings/exposures", false, appContext);
     Gson gson = new Gson();
     Map map = gson.fromJson(settings, Map.class);
 

android/src/main/java/ie/gov/tracing/network/Fetcher.kt

@@ -4,7 +4,9 @@ import android.content.Context
 import androidx.annotation.Keep
 import com.google.common.io.BaseEncoding
 import com.google.gson.Gson
+import ie.gov.tracing.Tracing
 import ie.gov.tracing.common.Events
+import ie.gov.tracing.storage.ExpoSecureStoreInterop
 import ie.gov.tracing.storage.ExposureEntity
 import ie.gov.tracing.storage.SharedPrefs
 import org.apache.commons.io.FileUtils
@@ -23,6 +25,10 @@ data class Callback(val mobile: String, val closeContactDate: Long, val payload:
 @Keep
 data class Metric(val os: String, val event: String, val version: String, val payload: Map<String, Any>?)
 
+@Keep
+data class CallbackRecovery(val mobile:String, val code: String, val iso: String,val number: String)
+
+
 class Fetcher {
 
     companion object {
@@ -186,7 +192,8 @@ class Fetcher {
         fun triggerCallback(exposureEntity: ExposureEntity, context: Context, payload: Map<String, Any>) {
             try {
                 val notificationSent = SharedPrefs.getLong("notificationSent", context)
-                val callbackNum = SharedPrefs.getString("callbackNumber", context)
+                var callbackNum = SharedPrefs.getString("callbackNumber", context)
+
 
                 if (notificationSent > 0) {
                     Events.raiseEvent(Events.INFO, "triggerCallback - notification " +
@@ -195,9 +202,29 @@ class Fetcher {
                 }
 
                 if (callbackNum.isEmpty()) {
-                    Events.raiseEvent(Events.INFO, "triggerCallback - no callback number " +
-                            "set, not sending callback")
-                    return
+
+                    try {
+                        val store = ExpoSecureStoreInterop(context)
+                        val jsonStr = store.getItemImpl("cti.callBack")
+                        val callBackData = Gson().fromJson(jsonStr, CallbackRecovery::class.java)
+
+                        if(callBackData.code == null || callBackData.number == null){
+                            Events.raiseEvent(Events.INFO, "triggerCallback - no callback recovery")
+                            return;
+                        }
+                        callbackNum = callBackData.code +  callBackData.number
+
+
+                    } catch (exExpo: Exception) {
+                        Events.raiseError("ExpoSecureStoreInterop", exExpo)
+                    }
+
+                    if (callbackNum.isEmpty()) {
+
+                        Events.raiseEvent(Events.INFO, "triggerCallback - no callback number " +
+                                "set, not sending callback")
+                        return
+                    }
                 }
 
                 val dayInMs = 1000 * 60 * 60 * 24

android/src/main/java/ie/gov/tracing/storage/ExpoSecureStoreInterop.java

@@ -0,0 +1,146 @@
+// Modified from https://github.com/expo/expo/blob/master/packages/expo-secure-store/android/src/main/java/expo/modules/securestore/SecureStoreModule.java
+package ie.gov.tracing.storage;
+
+import android.content.Context;
+import android.content.SharedPreferences;
+import android.util.Base64;
+import android.util.Log;
+
+import org.json.JSONException;
+import org.json.JSONObject;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.GCMParameterSpec;
+
+public class ExpoSecureStoreInterop {
+
+    private static final String SHARED_PREFERENCES_NAME = "SecureStore";
+    private static final String KEYSTORE_PROVIDER = "AndroidKeyStore";
+
+    private static final String SCHEME_PROPERTY = "scheme";
+
+    private KeyStore mKeyStore;
+    private AESEncrypter mAESEncrypter;
+
+    private Context mContext;
+    public ExpoSecureStoreInterop(Context context) {
+
+        mContext = context;
+        mAESEncrypter = new AESEncrypter();
+    }
+
+    public String getItemImpl(String key) {
+        // We use a SecureStore-specific shared preferences file, which lets us do things like enumerate
+        // its entries or clear all of them
+        SharedPreferences prefs = getSharedPreferences();
+        if (prefs.contains(key)) {
+            return readJSONEncodedItem(key,prefs);
+        } else {
+           return "";
+        }
+    }
+
+    private String readJSONEncodedItem(String key, SharedPreferences prefs) {
+        String encryptedItemString = prefs.getString(key, null);
+        JSONObject encryptedItem;
+        try {
+            encryptedItem = new JSONObject(encryptedItemString);
+        } catch (JSONException e) {
+            return "";
+        }
+
+        String scheme = encryptedItem.optString(SCHEME_PROPERTY);
+        if (scheme == null) {
+            return "";
+        }
+
+        String value;
+        try {
+            switch (scheme) {
+                case AESEncrypter.NAME:
+
+                    KeyStore keyStore = getKeyStore();
+                    String keystoreAlias = mAESEncrypter.getKeyStoreAlias();
+                    KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(keystoreAlias, null);
+
+                    value = mAESEncrypter.decryptItem(encryptedItem, secretKeyEntry);
+                    break;
+                default:
+                    return "";
+            }
+        } catch (Exception e) {
+            return "";
+        }
+
+        return value;
+    }
+
+    /**
+     * We use a shared preferences file that's scoped to both the experience and SecureStore. This
+     * lets us easily list or remove all the entries for an experience.
+     */
+    private SharedPreferences getSharedPreferences() {
+        return mContext.getSharedPreferences(SHARED_PREFERENCES_NAME, Context.MODE_PRIVATE);
+    }
+
+    private KeyStore getKeyStore() throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
+        if (mKeyStore == null) {
+            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_PROVIDER);
+            keyStore.load(null);
+            mKeyStore = keyStore;
+        }
+        return mKeyStore;
+    }
+
+
+    /**
+     * An encrypter that stores a symmetric key (AES) in the Android keystore. It generates a new IV
+     * each time an item is written to prevent many-time pad attacks. The IV is stored with the
+     * encrypted item.
+     * <p>
+     * AES with GCM is supported on Android 10+ but storing an AES key in the keystore is supported
+     * on only Android 23+. If you generate your own key instead of using the Android keystore (like
+     * the hybrid encrypter does) you can use the encyption and decryption methods of this class.
+     */
+    protected static class AESEncrypter  {
+        public static final String NAME = "aes";
+
+        private static final String DEFAULT_ALIAS = "key_v1";
+        private static final String AES_CIPHER = "AES/GCM/NoPadding";
+        private static final int AES_KEY_SIZE_BITS = 256;
+
+        private static final String CIPHERTEXT_PROPERTY = "ct";
+        private static final String IV_PROPERTY = "iv";
+        private static final String GCM_AUTHENTICATION_TAG_LENGTH_PROPERTY = "tlen";
+
+        public String getKeyStoreAlias() {
+            String baseAlias =  DEFAULT_ALIAS;
+            return AES_CIPHER + ":" + baseAlias;
+        }
+
+        public String decryptItem(JSONObject encryptedItem, KeyStore.SecretKeyEntry secretKeyEntry) throws
+                GeneralSecurityException, JSONException {
+
+            String ciphertext = encryptedItem.getString(CIPHERTEXT_PROPERTY);
+            String ivString = encryptedItem.getString(IV_PROPERTY);
+            int authenticationTagLength = encryptedItem.getInt(GCM_AUTHENTICATION_TAG_LENGTH_PROPERTY);
+            byte[] ciphertextBytes = Base64.decode(ciphertext, Base64.DEFAULT);
+            byte[] ivBytes = Base64.decode(ivString, Base64.DEFAULT);
+
+            GCMParameterSpec gcmSpec = new GCMParameterSpec(authenticationTagLength, ivBytes);
+            Cipher cipher = Cipher.getInstance(AES_CIPHER);
+            cipher.init(Cipher.DECRYPT_MODE, secretKeyEntry.getSecretKey(), gcmSpec);
+            byte[] plaintextBytes = cipher.doFinal(ciphertextBytes);
+
+            return new String(plaintextBytes, StandardCharsets.UTF_8);
+        }
+    }
+}

index.d.ts

@@ -1,4 +1,4 @@
-declare module "react-native-exposure-notification-service" {
+declare module "@nearform/react-native-exposure-notification-service" {
   import { EventSubscriptionVendor } from "react-native"
 
   export enum AuthorisedStatus {
@@ -81,7 +81,7 @@ declare module "react-native-exposure-notification-service" {
 
     getDiagnosisKeys(): Promise<DiagnosisKey[]>
 
-    checkExposure(readDetails?: boolean): void
+    checkExposure(readDetails?: boolean, skipTimeCheck?: boolean): void
 
     getCloseContacts(): Promise<CloseContact[]>
 

ios/ExposureCheck.swift

@@ -61,7 +61,7 @@ class ExposureCheck: AsyncOperation {
         case .callback:
           return self.configData.serverURL + "/callback"
         case .settings:
-          return self.configData.serverURL + "/settings"
+          return self.configData.serverURL + "/settings/exposures"
         case .refresh:
           return self.configData.serverURL + "/refresh"
       }
@@ -98,7 +98,9 @@ class ExposureCheck: AsyncOperation {
           self.finishNoProcessing("No config set so can't proceeed with checking exposures")
           return
        }
+    
        self.sessionManager = Session(interceptor: RequestInterceptor(self.configData, self.serverURL(.refresh)))
+        
        os_log("Running with params %@, %@, %@", log: OSLog.checkExposure, type: .debug, self.configData.serverURL, self.configData.authToken, self.configData.refreshToken)
 
        guard (self.configData.lastRunDate!.addingTimeInterval(TimeInterval(self.configData.checkExposureInterval * 60)) < Date() || self.skipTimeCheck) else {
@@ -125,11 +127,13 @@ class ExposureCheck: AsyncOperation {
        }
     }
 
+    
     private func finishNoProcessing(_ message: String) {
       os_log("%@", log: OSLog.checkExposure, type: .info, message)
 
       Storage.shared.updateRunData(self.storageContext, message)
-      self.finish()
+        
+      self.trackDailyMetrics()
     }
 
     private func processExposures(_ files: [URL], _ lastIndex: Int) {
@@ -224,8 +228,8 @@ class ExposureCheck: AsyncOperation {
 
           let durations:[Int] = exposures.customAttenuationDurations ?? exposures.attenuationDurations
 
-          guard durations.count == 3, thresholds.thresholdWeightings.count == 3 else {
-            Storage.shared.updateRunData(self.storageContext, "Failure processing exposure keys, Durations or threshold not an array of 3 elements")
+          guard thresholds.thresholdWeightings.count >= durations.count else {
+            Storage.shared.updateRunData(self.storageContext, "Failure processing exposure keys, thresholds not correctly defined")
             return self.trackDailyMetrics()
           }
 
@@ -234,7 +238,7 @@ class ExposureCheck: AsyncOperation {
             contactTime += Int(Double(element) * thresholds.thresholdWeightings[index])
           }
 
-          os_log("Calculated contact time, %d, %d, %d, %d, %d", log: OSLog.checkExposure, type: .debug, durations[0], durations[1], durations[2], contactTime, thresholds.timeThreshold)
+          os_log("Calculated contact time, %@, %d, %d", log: OSLog.checkExposure, type: .debug, durations.map { String($0) }, contactTime, thresholds.timeThreshold)
 
           if contactTime >= thresholds.timeThreshold && exposures.maximumRiskScoreFullRange > 0 {
              os_log("Detected exposure event", log: OSLog.checkExposure, type: .info)
@@ -256,13 +260,15 @@ class ExposureCheck: AsyncOperation {
     }
 
     private func trackDailyMetrics() {
-      let calendar = Calendar.current
-      
-      guard let dailyTrace = self.configData.dailyTrace else {
+      guard self.configData != nil else {
+        // don't track daily trace if config not setup
         return self.finish()
       }
-             
-      if (!self.isCancelled && !calendar.isDate(Date(), inSameDayAs: dailyTrace)) {
+        
+      let calendar = Calendar.current
+      let checkDate: Date = self.configData.dailyTrace ?? calendar.date(byAdding: .day, value: -2, to: Date())!
+        
+      if (!self.isCancelled && !calendar.isDate(Date(), inSameDayAs: checkDate)) {
          Storage.shared.updateDailyTrace(self.storageContext, date: Date())
          self.saveMetric(event: "DAILY_ACTIVE_TRACE") { _ in
            self.finish()

ios/ExposureNotificationModule.m

@@ -42,7 +42,8 @@ @interface RCT_EXTERN_MODULE(ExposureNotificationModule, RCTEventEmitter)
 RCT_EXTERN_METHOD(getLogData:(RCTPromiseResolveBlock)resolve
                   rejecter:(RCTPromiseRejectBlock)reject)
 
-RCT_EXTERN_METHOD(checkExposure:(BOOL *)readExposureDetails)
+RCT_EXTERN_METHOD(checkExposure:(BOOL *)readExposureDetails
+                  :(BOOL *)skipTimeCheck)
 
 RCT_EXTERN_METHOD(deleteAllData:(RCTPromiseResolveBlock)resolve
                   rejecter:(RCTPromiseRejectBlock)reject)

ios/ExposureNotificationModule.swift

@@ -53,7 +53,7 @@ public class ExposureNotificationModule: RCTEventEmitter {
         notificationDesc: configDict["notificationDesc"] as? String ?? "The COVID Tracker App has detected that you may have been exposed to someone who has tested positive for COVID-19.",
         authToken: token,
         version: (configDict["version"] as? String ?? Bundle.main.infoDictionary?["CFBundleShortVersionString"] as? String)!,
-        fileLimit: configDict["fileLimit"] as? Int ?? 10,
+        fileLimit: configDict["fileLimit"] as? Int ?? 3,
         callbackNumber: configDict["callbackNumber"] as? String ?? "",
         analyticsOptin: configDict["analyticsOptin"] as? Bool ?? false
       )
@@ -174,9 +174,9 @@ public class ExposureNotificationModule: RCTEventEmitter {
         }
     }
 
-    @objc public func checkExposure(_ readExposureDetails: Bool) {
+    @objc public func checkExposure(_ readExposureDetails: Bool, _ skipTimeCheck: Bool) {
         if #available(iOS 13.5, *) {
-            ExposureProcessor.shared.checkExposureForeground(readExposureDetails)
+            ExposureProcessor.shared.checkExposureForeground(readExposureDetails, skipTimeCheck)
         }
     }
 

ios/ExposureProcessor.swift

@@ -245,7 +245,7 @@ public class ExposureProcessor {
         os_log("Registering background task", log: OSLog.exposure, type: .debug)
     }
 
-    public func checkExposureBackground(_ task: BGTask) {
+    private func checkExposureBackground(_ task: BGTask) {
        os_log("Running exposure check in background", log: OSLog.exposure, type: .debug)
        let queue = OperationQueue()
        queue.maxConcurrentOperationCount = 1
@@ -265,19 +265,19 @@ public class ExposureProcessor {
        }
     }
 
-    public func checkExposureForeground(_ exposureDetails: Bool) {
+    public func checkExposureForeground(_ exposureDetails: Bool, _ skipTimeCheck: Bool) {
        os_log("Running exposure check in foreground", log: OSLog.exposure, type: .debug)
        let queue = OperationQueue()
        queue.maxConcurrentOperationCount = 1
-       queue.addOperation(ExposureCheck(true, exposureDetails))
+       queue.addOperation(ExposureCheck(skipTimeCheck, exposureDetails))
 
        let lastOperation = queue.operations.last
        lastOperation?.completionBlock = {
            os_log("Foreground exposure check is complete, %d", log: OSLog.exposure, type: .debug, lastOperation?.isCancelled ?? false)
        }
     }
 
-    public func scheduleCheckExposure() {
+    private func scheduleCheckExposure() {
       let context = Storage.PersistentContainer.shared.newBackgroundContext()
       guard ENManager.authorizationStatus == .authorized else {
            os_log("Not authorised so can't schedule exposure checks", log: OSLog.exposure, type: .info)