Fix vulnerabilities and refactoring

app/build.gradle

@@ -1,13 +1,13 @@
 apply plugin: 'com.android.application'
 
 android {
-    compileSdkVersion 24
-    buildToolsVersion "24.0.2"
+    compileSdkVersion 26
+    buildToolsVersion "25.0.3"
 
     defaultConfig {
         applicationId "com.github.orangegangsters.lollipin"
         minSdkVersion 14
-        targetSdkVersion 24
+        targetSdkVersion 26
         versionCode 1
         versionName "1.0"
     }
@@ -23,7 +23,7 @@ dependencies {
     compile fileTree(dir: 'libs', include: ['*.jar'])
 
     compile project(':lib')
-    compile 'com.android.support:appcompat-v7:24.2.0'
+    compile "com.android.support:appcompat-v7:$support_library_version"
 
     //Lollipop dialogs https://github.com/lewisjdeane/L-Dialogs and buttons, animations etc...
     compile 'uk.me.lewisdeane.ldialogs:ldialogs:1.2.0@aar'

app/src/main/java/com/github/orangegangsters/lollipin/CustomApplication.java

@@ -11,12 +11,11 @@
  */
 public class CustomApplication extends Application {
 
-    @SuppressWarnings("unchecked")
     @Override
     public void onCreate() {
         super.onCreate();
 
-        LockManager<CustomPinActivity> lockManager = LockManager.getInstance();
+        LockManager lockManager = LockManager.getInstance();
         lockManager.enableAppLock(this, CustomPinActivity.class);
         lockManager.getAppLock().setLogoId(R.drawable.security_lock);
     }

build.gradle

@@ -1,23 +1,24 @@
-// Top-level build file where you can add configuration options common to all sub-projects/modules.
-
 buildscript {
+    ext {
+        support_library_version = "26.0.2"
+    }
     repositories {
         jcenter()
     }
     dependencies {
-        classpath 'com.android.tools.build:gradle:2.1.2'
-
-        // NOTE: Do not place your application dependencies here; they belong
-        // in the individual module build.gradle files
+        classpath 'com.android.tools.build:gradle:2.3.1'
+        classpath "io.realm:realm-gradle-plugin:3.1.4"
     }
 }
 
 allprojects {
     repositories {
-        maven{
+        maven {
             url "https://github.com/omadahealth/omada-nexus/raw/master/release"
         }
+        maven {
+            url 'https://maven.google.com'
+        }
         jcenter()
-
     }
 }

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
-#Fri Apr 15 10:56:37 PDT 2016
+#Tue Oct 24 12:25:49 EEST 2017
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-2.10-all.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-3.3-all.zip

lib/build.gradle

@@ -1,12 +1,12 @@
 apply plugin: 'com.android.library'
 
 android {
-    compileSdkVersion 24
-    buildToolsVersion "24.0.2"
+    compileSdkVersion 26
+    buildToolsVersion "25.0.3"
 
     defaultConfig {
         minSdkVersion 14
-        targetSdkVersion 24
+        targetSdkVersion 26
         versionCode 2
         versionName VERSION_NAME
     }
@@ -26,31 +26,10 @@ dependencies {
     compile 'com.github.omadahealth.typefaceview:typefaceview:1.5.0@aar' //TypefaceTextView
 
     //Compat
-    compile 'com.android.support:support-v4:24.2.0'
-    compile 'com.android.support:appcompat-v7:24.2.0'
-    compile "com.android.support:support-v13:24.2.0"
+    compile "com.android.support:support-v4:$support_library_version"
+    compile "com.android.support:appcompat-v7:$support_library_version"
+    compile "com.android.support:support-v13:$support_library_version"
 }
 
 //gradle clean build uploadArchives
-apply from: 'https://raw.github.com/omadahealth/omada-nexus/master/gradle-mvn-push/gradle-mvn-push.gradle'
-
-//task androidSourcesJar(type: Jar) {
-//    classifier = 'sources'
-//    from android.sourceSets.main.java.sourceFiles
-//}
-//artifacts {
-//    archives androidSourcesJar
-//}
-//
-//apply plugin: 'maven'
-//uploadArchives {
-//    repositories {
-//        mavenDeployer {
-//            repository(url: uri("../../omada-nexus/release"))
-//            snapshotRepository(url: uri("../../omada-nexus/release"))
-//            pom.groupId = GROUP
-//            pom.artifactId = POM_ARTIFACT_ID
-//            pom.version = VERSION_NAME
-//        }
-//    }
-//}
+apply from: 'https://raw.github.com/omadahealth/omada-nexus/master/gradle-mvn-push/gradle-mvn-push.gradle'

lib/src/main/java/com/github/orangegangsters/lollipin/lib/encryption/Encryptor.java

@@ -11,7 +11,7 @@
  * Used by {@link com.github.orangegangsters.lollipin.lib.managers.AppLockImpl} to get the SHA1
  * of the 4-digit password.
  */
-public class Encryptor {
+public final class Encryptor {
 
     /**
      * Convert a chain of bytes into a {@link java.lang.String}

lib/src/main/java/com/github/orangegangsters/lollipin/lib/encryption/SaltGenerator.java

@@ -0,0 +1,25 @@
+package com.github.orangegangsters.lollipin.lib.encryption;
+
+import android.util.Base64;
+
+import java.security.SecureRandom;
+import java.util.Arrays;
+
+public final class SaltGenerator {
+
+    private static final int KEY_LENGTH = 256;
+    private static final String DEFAULT_PASSWORD_SALT = "7xn7@c$";
+
+    public static String generate() {
+        byte[] salt = new byte[KEY_LENGTH];
+        try {
+            SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
+            sr.setSeed(System.currentTimeMillis());
+            sr.nextBytes(salt);
+            return Arrays.toString(salt);
+        } catch (Exception e) {
+            salt = DEFAULT_PASSWORD_SALT.getBytes();
+        }
+        return Base64.encodeToString(salt, Base64.DEFAULT);
+    }
+}

lib/src/main/java/com/github/orangegangsters/lollipin/lib/enums/Algorithm.java

@@ -1,13 +1,16 @@
 package com.github.orangegangsters.lollipin.lib.enums;
 
+import android.support.annotation.NonNull;
+import android.support.annotation.Nullable;
+
 /**
  * Created by olivier.goutay on 4/15/16.
  */
 public enum Algorithm {
 
     SHA1("1"), SHA256("2");
 
-    private String mValue;
+    private final String mValue;
 
     Algorithm(String value) {
         this.mValue = value;
@@ -17,7 +20,8 @@ public String getValue() {
         return mValue;
     }
 
-    public static Algorithm getFromText(String text) {
+    @NonNull
+    public static Algorithm getFromText(@Nullable String text) {
         for (Algorithm algorithm : Algorithm.values()) {
             if (algorithm.mValue.equals(text)) {
                 return algorithm;

lib/src/main/java/com/github/orangegangsters/lollipin/lib/interfaces/ConfigurationStorage.java

@@ -0,0 +1,34 @@
+package com.github.orangegangsters.lollipin.lib.interfaces;
+
+public interface ConfigurationStorage {
+
+    long readTimeout();
+
+    void writeTimeout(long timeout);
+
+    int readLogoId();
+
+    void writeLogoId(int logoId);
+
+    boolean readShouldShowForgot();
+
+    void writeShouldShowForgot(boolean showForgot);
+
+    boolean readPinChallengeCanceled();
+
+    void writePinChallengeCanceled(boolean pinChallengeCanceled);
+
+    boolean readOnlyBackgroundTimeout();
+
+    void writeOnlyBackgroundTimeout(boolean onlyBackgroundTimeout);
+
+    boolean readFingerprintAuthEnabled();
+
+    void writeFingerprintAuthEnabled(boolean enabled);
+
+    long readLastActiveMillis();
+
+    void writeLastActiveMillis(long millis);
+
+    void clear();
+}

lib/src/main/java/com/github/orangegangsters/lollipin/lib/interfaces/KeyboardButtonClickedListener.java

@@ -15,13 +15,13 @@ public interface KeyboardButtonClickedListener {
      * Called before {@link #onRippleAnimationEnd()}.
      * @param keyboardButtonEnum The organized enum of the clicked button
      */
-    public void onKeyboardClick(KeyboardButtonEnum keyboardButtonEnum);
+    void onKeyboardClick(KeyboardButtonEnum keyboardButtonEnum);
 
     /**
      * Receive the end of a {@link com.andexert.library.RippleView} animation using a
      * {@link com.andexert.library.RippleAnimationListener} to determine the end.
      * Called after {@link #onKeyboardClick(com.github.orangegangsters.lollipin.lib.enums.KeyboardButtonEnum)}.
      */
-    public void onRippleAnimationEnd();
+    void onRippleAnimationEnd();
 
 }

lib/src/main/java/com/github/orangegangsters/lollipin/lib/interfaces/LifeCycleInterface.java

@@ -14,10 +14,10 @@ public interface LifeCycleInterface {
     /**
      * Called in {@link android.app.Activity#onResume()}
      */
-    public void onActivityResumed(Activity activity);
+    void onActivityResumed(Activity activity);
 
     /**
      * Called in {@link android.app.Activity#onPause()}
      */
-    public void onActivityPaused(Activity activity);
+    void onActivityPaused(Activity activity);
 }

lib/src/main/java/com/github/orangegangsters/lollipin/lib/interfaces/PasscodeDataStorage.java

@@ -0,0 +1,34 @@
+package com.github.orangegangsters.lollipin.lib.interfaces;
+
+import android.support.annotation.NonNull;
+import android.support.annotation.Nullable;
+
+import com.github.orangegangsters.lollipin.lib.enums.Algorithm;
+
+public interface PasscodeDataStorage {
+
+    int readAttemptsCount();
+
+    void writeAttemptsCount(int attempts);
+
+    @Nullable
+    String readSalt();
+
+    void writeSalt(@Nullable String salt);
+
+    @NonNull
+    Algorithm readCurrentAlgorithm();
+
+    void writeCurrentAlgorithm(@NonNull Algorithm algorithm);
+
+    @NonNull
+    String readPasscode();
+
+    void writePasscode(@NonNull String passcode);
+
+    boolean hasPasscode();
+
+    void clearPasscode();
+
+    void clear();
+}