diff --git a/sdk/src/main/java/com/uid2/network/DefaultNetworkSession.kt b/sdk/src/main/java/com/uid2/network/DefaultNetworkSession.kt index 693acec..f38e366 100644 --- a/sdk/src/main/java/com/uid2/network/DefaultNetworkSession.kt +++ b/sdk/src/main/java/com/uid2/network/DefaultNetworkSession.kt @@ -3,9 +3,10 @@ package com.uid2.network import java.io.IOException import java.net.HttpURLConnection import java.net.URL +import javax.net.ssl.HttpsURLConnection /** - * A default implementation of [NetworkSession] that leverages [HttpURLConnection] to make the necessary + * A default implementation of [NetworkSession] that leverages [HttpsURLConnection] to make the necessary * GET and POST requests. * * If a consuming application wants to take control over the network requests, they can implement their own custom @@ -14,7 +15,7 @@ import java.net.URL public open class DefaultNetworkSession : NetworkSession { /** - * Loads the given [URL] and [NetworkRequest] using [HttpURLConnection]. + * Loads the given [URL] and [NetworkRequest] using [HttpsURLConnection]. */ override fun loadData(url: URL, request: NetworkRequest): NetworkResponse { try { @@ -56,16 +57,20 @@ public open class DefaultNetworkSession : NetworkSession { // If we're unable to make a request, e.g. due to lack of connection, we will simply report an internal // error. return NetworkResponse(HttpURLConnection.HTTP_INTERNAL_ERROR) + } catch (ex: ClassCastException) { + // If we detect a ClassCastException, it means that the opened connection is not a HttpsURLConnection and + // is likely just HttpURLConnection. This should not be allowed. + return NetworkResponse(HttpURLConnection.HTTP_INTERNAL_ERROR, "HTTPS connection not available") } } /** - * Opens the given URL to return the HttpURLConnection. + * Opens the given URL to return the HttpsURLConnection. * * This is done via an open method, to allow better testability, given that the URL class is * final and therefore hard to mock itself. */ - public open fun openConnection(url: URL): HttpURLConnection = (url.openConnection() as HttpURLConnection) + public open fun openConnection(url: URL): HttpsURLConnection = (url.openConnection() as HttpsURLConnection) /** * Extension to convert the given NetworkRequestType into the expected request method name. diff --git a/sdk/src/main/java/com/uid2/storage/FileStorageManager.kt b/sdk/src/main/java/com/uid2/storage/FileStorageManager.kt index 7373054..bbd07e7 100644 --- a/sdk/src/main/java/com/uid2/storage/FileStorageManager.kt +++ b/sdk/src/main/java/com/uid2/storage/FileStorageManager.kt @@ -18,6 +18,13 @@ internal class FileStorageManager( private val ioDispatcher: CoroutineDispatcher = Dispatchers.IO, ) : StorageManager { + // For storage, we use the parent filesDir which is part of the Application's internal storage. This internal + // storage is sandboxed to prevent any other app, or even the user, from accessing it directly. We rely on Android + // keeping this file secure. + // + // On Android 10+, this location is also likely encrypted. + // + // https://developer.android.com/training/data-storage/app-specific#internal-access-files constructor(context: Context) : this({ File(context.filesDir, FILE_IDENTITY) }) // This lazy value *should* only be requested on the ioDispatcher. diff --git a/sdk/src/test/java/com/uid2/network/DefaultNetworkSessionTest.kt b/sdk/src/test/java/com/uid2/network/DefaultNetworkSessionTest.kt index 2ee04c6..97e2097 100644 --- a/sdk/src/test/java/com/uid2/network/DefaultNetworkSessionTest.kt +++ b/sdk/src/test/java/com/uid2/network/DefaultNetworkSessionTest.kt @@ -16,13 +16,14 @@ import java.io.ByteArrayInputStream import java.io.OutputStream import java.net.HttpURLConnection import java.net.URL +import javax.net.ssl.HttpsURLConnection class DefaultNetworkSessionTest { @get:Rule val mockkRule = MockKRule(this) private val url = URL("https://test.com/path") - private val connection = mockk(relaxed = true) + private val connection = mockk(relaxed = true) private val outputStream = mockk(relaxed = true) @Before