react-native-security-suite 0.2.0 → 0.3.1

package/LICENSE

@@ -1,7 +1,6 @@
 MIT License
 
-Copyright (c) 2021 Mohammad Navabi
-
+Copyright (c) 2023 Mohammad Navabi
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights

package/README.md

@@ -1,6 +1,7 @@
 # react-native-security-suite
 
 Security solutions for Android and iOS
+SSL Pinning
 A native implementation encryption/decryption
 Root/Jailbreak detection
 
@@ -25,9 +26,27 @@ import {
   encrypt,
   decrypt,
   deviceHasSecurityRisk,
+  fetch,
 } from 'react-native-security-suite';
 
-// ...
+// SSL Pinning
+const response = await fetch('URL', {
+  body: {},
+  headers: {},
+  certificates: [
+    /* certs */
+  ],
+  validDomains: [
+    /* your valid domain */
+  ],
+  timeout: 6000,
+});
+let responseJson = await response.json();
+console.log('SSL Pinning server response: ', responseJson);
+
+// ------- OR --------
+
+// Hard Encrypt/Decrypt with sharedKey
 const publicKey = await getPublicKey();
 console.log('Public key: ', publicKey);
 /*

package/android/build.gradle

@@ -1,60 +1,103 @@
 buildscript {
-    if (project == rootProject) {
-        repositories {
-            google()
-            mavenCentral()
-            jcenter()
-        }
-
-        dependencies {
-            classpath 'com.android.tools.build:gradle:3.5.3'
-        }
-    }
+  repositories {
+    google()
+    mavenCentral()
+  }
+
+  dependencies {
+    classpath "com.android.tools.build:gradle:7.2.1"
+  }
 }
 
-apply plugin: 'com.android.library'
+def isNewArchitectureEnabled() {
+  return rootProject.hasProperty("newArchEnabled") && rootProject.getProperty("newArchEnabled") == "true"
+}
+
+apply plugin: "com.android.library"
+
+
+def appProject = rootProject.allprojects.find { it.plugins.hasPlugin('com.android.application') }
 
-def safeExtGet(prop, fallback) {
-    rootProject.ext.has(prop) ? rootProject.ext.get(prop) : fallback
+if (isNewArchitectureEnabled()) {
+  apply plugin: "com.facebook.react"
 }
 
-android {
-    compileSdkVersion safeExtGet('SecuritySuite_compileSdkVersion', 31)
-    defaultConfig {
-        minSdkVersion safeExtGet('SecuritySuite_minSdkVersion', 21)
-        targetSdkVersion safeExtGet('SecuritySuite_targetSdkVersion', 31)
-        versionCode 1
-        versionName "1.0"
+def getExtOrDefault(name) {
+  return rootProject.ext.has(name) ? rootProject.ext.get(name) : project.properties["SecuritySuite_" + name]
+}
 
-    }
+def getExtOrIntegerDefault(name) {
+  return rootProject.ext.has(name) ? rootProject.ext.get(name) : (project.properties["SecuritySuite_" + name]).toInteger()
+}
 
-    buildTypes {
-        release {
-            minifyEnabled false
-        }
-    }
-    lintOptions {
-        disable 'GradleCompatible'
+def supportsNamespace() {
+  def parsed = com.android.Version.ANDROID_GRADLE_PLUGIN_VERSION.tokenize('.')
+  def major = parsed[0].toInteger()
+  def minor = parsed[1].toInteger()
+
+  // Namespace support was added in 7.3.0
+  if (major == 7 && minor >= 3) {
+    return true
+  }
+
+  return major >= 8
+}
+
+android {
+  if (supportsNamespace()) {
+    namespace "com.securitysuite"
+  } else {
+    sourceSets {
+      main {
+        manifest.srcFile "src/main/AndroidManifestDeprecated.xml"
+      }
     }
-    compileOptions {
-        sourceCompatibility JavaVersion.VERSION_1_8
-        targetCompatibility JavaVersion.VERSION_1_8
+  }
+
+  compileSdkVersion getExtOrIntegerDefault("compileSdkVersion")
+
+  defaultConfig {
+    minSdkVersion getExtOrIntegerDefault("minSdkVersion")
+    targetSdkVersion getExtOrIntegerDefault("targetSdkVersion")
+    buildConfigField "boolean", "IS_NEW_ARCHITECTURE_ENABLED", isNewArchitectureEnabled().toString()
+  }
+  buildTypes {
+    release {
+      minifyEnabled false
     }
+  }
+
+  lintOptions {
+    disable "GradleCompatible"
+  }
+
+  compileOptions {
+    sourceCompatibility JavaVersion.VERSION_1_8
+    targetCompatibility JavaVersion.VERSION_1_8
+  }
+
 }
 
 repositories {
-    mavenLocal()
-    maven {
-        // All of React Native (JS, Obj-C sources, Android binaries) is installed from npm
-        url("$rootDir/../node_modules/react-native/android")
-    }
-    google()
-    mavenCentral()
-    jcenter()
+  mavenCentral()
+  google()
+  jcenter()
 }
 
+
 dependencies {
-    //noinspection GradleDynamicVersion
-    implementation "com.facebook.react:react-native:+"  // From node_modules
-    implementation "com.scottyab:rootbeer-lib:0.1.0"
+  // For < 0.71, this will be from the local maven repo
+  // For > 0.71, this will be replaced by `com.facebook.react:react-android:$version` by react gradle plugin
+  //noinspection GradleDynamicVersion
+  implementation "com.facebook.react:react-native:+"
+  implementation "com.squareup.okhttp3:okhttp:3.0.1"
+  implementation "com.scottyab:rootbeer-lib:0.1.0"
+}
+
+if (isNewArchitectureEnabled()) {
+  react {
+    jsRootDir = file("../src/")
+    libraryName = "SecuritySuite"
+    codegenJavaPackageName = "com.securitysuite"
+  }
 }

package/android/gradle.properties

@@ -0,0 +1,5 @@
+SecuritySuite_kotlinVersion=1.7.0
+SecuritySuite_minSdkVersion=21
+SecuritySuite_targetSdkVersion=31
+SecuritySuite_compileSdkVersion=31
+SecuritySuite_ndkversion=21.4.7075529

package/android/src/main/AndroidManifest.xml

@@ -1,4 +1,2 @@
-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
-          package="com.reactnativesecuritysuite">
-
+<manifest xmlns:android="http://schemas.android.com/apk/res/android">
 </manifest>

package/android/src/main/AndroidManifestDeprecated.xml

@@ -0,0 +1,3 @@
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+          package="com.securitysuite">
+</manifest>

package/android/src/main/java/com/{reactnativesecuritysuite → securitysuite}/SecuritySuiteModule.java

@@ -1,10 +1,11 @@
-package com.reactnativesecuritysuite;
+package com.securitysuite;
 
 import com.facebook.react.bridge.Callback;
 import com.facebook.react.bridge.Promise;
 import com.facebook.react.bridge.ReactApplicationContext;
 import com.facebook.react.bridge.ReactContextBaseJavaModule;
 import com.facebook.react.bridge.ReactMethod;
+import com.facebook.react.bridge.ReadableMap;
 import com.facebook.react.module.annotations.ReactModule;
 import com.scottyab.rootbeer.RootBeer;
 
@@ -188,6 +189,12 @@ public class SecuritySuiteModule extends ReactContextBaseJavaModule {
       Settings.Secure.ANDROID_ID);
   }
 
+  @ReactMethod
+  public void fetch(String url, final ReadableMap options, Callback callback) {
+    Sslpinning sslpinning = new Sslpinning(context);
+    sslpinning.fetch(url, options, callback);
+  }
+
   @ReactMethod
   public void deviceHasSecurityRisk(Promise promise) {
     RootBeer rootBeer = new RootBeer(context);

package/android/src/main/java/com/{reactnativesecuritysuite → securitysuite}/SecuritySuitePackage.java

@@ -1,4 +1,4 @@
-package com.reactnativesecuritysuite;
+package com.securitysuite;
 
 import androidx.annotation.NonNull;
 

package/android/src/main/java/com/securitysuite/Sslpinning.java

@@ -0,0 +1,302 @@
+package com.securitysuite;
+
+import android.content.Context;
+import android.net.Uri;
+
+import com.facebook.react.bridge.Arguments;
+import com.facebook.react.bridge.Callback;
+import com.facebook.react.bridge.ReactApplicationContext;
+import com.facebook.react.bridge.ReadableArray;
+import com.facebook.react.bridge.ReadableMap;
+import com.facebook.react.bridge.ReadableMapKeySetIterator;
+import com.facebook.react.bridge.ReadableType;
+import com.facebook.react.bridge.WritableMap;
+
+import org.json.JSONException;
+
+import java.io.BufferedOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import okhttp3.CertificatePinner;
+import okhttp3.Headers;
+import okhttp3.MediaType;
+import okhttp3.MultipartBody;
+import okhttp3.Request;
+import okhttp3.OkHttpClient;
+import okhttp3.RequestBody;
+import okhttp3.Response;
+
+public class Sslpinning {
+  private ReactApplicationContext context;
+  private static String content_type = "application/json; charset=utf-8";
+  public static MediaType mediaType = MediaType.parse(content_type);
+  String responseBodyString = "{}";
+
+  public Sslpinning(ReactApplicationContext context) {
+    this.context = context;
+  }
+
+  public void fetch(String url, final ReadableMap options, Callback callback) {
+    if (!isValidUrl(url)) {
+      callback.invoke(null, "url is invalid!");
+      return;
+    }
+
+    String hostname;
+    try {
+      hostname = getHostname(url);
+    } catch (URISyntaxException e) {
+      hostname = url;
+    }
+
+    if (!options.hasKey("certificates")) {
+      callback.invoke(null, "certificates is required!");
+      return;
+    }
+
+    ReadableArray hashes = options.getArray("certificates");
+    if (hashes == null || hashes.size() == 0) {
+      callback.invoke(null, "certificates is empty!");
+      return;
+    }
+
+    try {
+      CertificatePinner certificatePinner = getCertificatePinner(hostname, options);
+      OkHttpClient client = getClient(options, certificatePinner);
+
+      Headers header = setHeader(options);
+      RequestBody body = setBody(context, options);
+      String method = getMethod(options);
+
+      Request request = new Request.Builder()
+        .url(url)
+        .headers(header)
+        .method(method, body)
+        .build();
+
+      WritableMap output = Arguments.createMap();
+
+      try {
+        Response response = client.newCall(request).execute();
+        int responseCode = response.code();
+
+        byte[] bytes = response.body().bytes();
+        responseBodyString = new String(bytes, "UTF-8");
+
+        output.putInt("status", responseCode);
+        output.putString("url", request.url().toString());
+
+        if (!response.isSuccessful() || responseCode >= 400) {
+          output.putString("error", responseBodyString);
+          callback.invoke(null, output);
+          return;
+        }
+        output.putString("response", responseBodyString);
+        callback.invoke(output, null);
+      } catch (IOException e) {
+        output.putString("error", responseBodyString);
+
+        callback.invoke(null, output);
+        if (e instanceof java.net.SocketTimeoutException) {
+          System.err.print("Socket TimeOut");
+        } else {
+          e.printStackTrace();
+        }
+      }
+    } catch(JSONException e) {
+      callback.invoke(null, e);
+    }
+  }
+
+  private CertificatePinner getCertificatePinner(String hostname, ReadableMap options) {
+    CertificatePinner.Builder certificatePinner = new CertificatePinner.Builder();
+
+    ReadableArray hashes = options.getArray("certificates");
+    for (int i = 0; i < hashes.size(); i++) {
+      certificatePinner.add(hostname, "sha256/" + hashes.getString(i));
+    }
+
+    return certificatePinner.build();
+  }
+
+  private OkHttpClient getClient(ReadableMap options, CertificatePinner certificatePinner) throws JSONException {
+      if (options.hasKey("timeout")) {
+        int timeout = options.getInt("timeout");
+        return new OkHttpClient.Builder()
+          .connectTimeout(timeout, TimeUnit.MILLISECONDS)
+          .readTimeout(timeout, TimeUnit.MILLISECONDS)
+          .writeTimeout(timeout, TimeUnit.MILLISECONDS)
+          .certificatePinner(certificatePinner)
+          .build();
+      } else {
+        return new OkHttpClient.Builder()
+          .certificatePinner(certificatePinner)
+          .build();
+      }
+  }
+
+  private static String getHostname(String url) throws URISyntaxException {
+    URI uri = new URI(url);
+    String domain = uri.getHost();
+    return domain.startsWith("www.") ? domain.substring(4) : domain;
+  }
+
+  private String getMethod(ReadableMap options) {
+    String method = "GET";
+    if (options.hasKey("method")) {
+      method = options.getString("method");
+    }
+
+    return method;
+  }
+
+  private Headers setHeader(ReadableMap options) {
+    if (!options.hasKey("headers")) {
+      return null;
+    }
+
+    ReadableMap headers = options.getMap("headers");
+    Headers.Builder builder = new Headers.Builder();
+
+    Map<String, String> headersMap = readableMapToHashMap(headers);
+    for (Map.Entry<String, String> set : headersMap.entrySet()) {
+      builder.add(set.getKey(), set.getValue());
+    }
+
+    return builder.build();
+  }
+
+  private HashMap readableMapToHashMap(ReadableMap readableMap) {
+    if (readableMap == null) {
+      return null;
+    }
+
+    HashMap map = new HashMap<String, String>();
+    ReadableMapKeySetIterator keySetIterator = readableMap.keySetIterator();
+    while (keySetIterator.hasNextKey()) {
+      String key = keySetIterator.nextKey();
+      ReadableType type = readableMap.getType(key);
+      switch(type) {
+        case String:
+          map.put(key, readableMap.getString(key));
+          break;
+        case Map:
+          HashMap<String, Object> attributes = this.readableMapToHashMap(readableMap.getMap(key));
+          map.put(key, attributes);
+          break;
+        default:
+          // do nothing
+      }
+    }
+
+    return map;
+  }
+
+  private static boolean isFilePart(ReadableArray part) {
+    if (part.getType(1) != ReadableType.Map) {
+      return false;
+    }
+    ReadableMap value = part.getMap(1);
+    return value.hasKey("type") && (value.hasKey("uri") || value.hasKey("path"));
+  }
+
+  private RequestBody setBody(ReactApplicationContext context, ReadableMap options) {
+    if (!options.hasKey("body")) {
+      return null;
+    }
+
+    RequestBody body = null;
+    ReadableType bodyType = options.getType("body");
+      switch (bodyType) {
+        case String:
+          body = RequestBody.create(mediaType, options.getString("body"));
+          break;
+        case Map:
+          ReadableMap bodyMap = options.getMap("body");
+          if (bodyMap.hasKey("formData")) {
+            ReadableMap formData = bodyMap.getMap("formData");
+            body = getBody(formData);
+          } else if (bodyMap.hasKey("_parts")) {
+            body = getBody(bodyMap);
+          }
+          break;
+    }
+    return body;
+  }
+
+  private RequestBody getBody(ReadableMap body) {
+    MultipartBody.Builder multipartBodyBuilder = new MultipartBody.Builder().setType(MultipartBody.FORM);
+    multipartBodyBuilder.setType((MediaType.parse("multipart/form-data")));
+    if (body.hasKey("_parts")) {
+      ReadableArray parts = body.getArray("_parts");
+      for (int i = 0; i < parts.size(); i++) {
+        ReadableArray part = parts.getArray(i);
+        String key = "";
+        if (part.getType(0) == ReadableType.String) {
+          key = part.getString(0);
+        } else if (part.getType(0) == ReadableType.Number) {
+          key = String.valueOf(part.getInt(0));
+        }
+
+        if (isFilePart(part)) {
+          ReadableMap fileData = part.getMap(1);
+          addFormDataPart(this.context, multipartBodyBuilder, fileData, key);
+        } else {
+          String value = part.getString(1);
+          multipartBodyBuilder.addFormDataPart(key, value);
+        }
+      }
+    }
+    return multipartBodyBuilder.build();
+  }
+
+  private static void addFormDataPart(Context context, MultipartBody.Builder multipartBodyBuilder, ReadableMap fileData, String key) {
+    Uri _uri = Uri.parse("");
+    if (fileData.hasKey("uri")) {
+      _uri = Uri.parse(fileData.getString("uri"));
+    } else if (fileData.hasKey("path")) {
+      _uri = Uri.parse(fileData.getString("path"));
+    }
+    String type = fileData.getString("type");
+    String fileName = "";
+    if (fileData.hasKey("fileName")) {
+      fileName = fileData.getString("fileName");
+    } else if (fileData.hasKey("name")) {
+      fileName = fileData.getString("name");
+    }
+
+    try {
+      File file = getTempFile(context, _uri);
+      multipartBodyBuilder.addFormDataPart(key, fileName, RequestBody.create(MediaType.parse(type), file));
+    } catch (IOException e) {
+      e.printStackTrace();
+    }
+  }
+
+  public static File getTempFile(Context context, Uri uri) throws IOException {
+    File file = File.createTempFile("media", null);
+    InputStream inputStream = context.getContentResolver().openInputStream(uri);
+    OutputStream outputStream = new BufferedOutputStream(new FileOutputStream(file));
+    byte[] buffer = new byte[1024];
+    int len;
+    while ((len = inputStream.read(buffer)) != -1)
+      outputStream.write(buffer, 0, len);
+    inputStream.close();
+    outputStream.close();
+    return file;
+  }
+
+  private boolean isValidUrl(String url) {
+    String regex = "^(https?|ftp|file)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]";
+    return url.matches(regex);
+  }
+}

package/android/src/main/java/com/{reactnativesecuritysuite → securitysuite}/StorageEncryption.java

@@ -1,5 +1,4 @@
-package com.reactnativesecuritysuite;
-
+package com.securitysuite;
 
 import android.util.Base64;
 

package/ios/ReactNativeSslPinning-Bridging-Header.h

@@ -0,0 +1,2 @@
+#import <React/RCTBridgeModule.h>
+#import <React/RCTViewManager.h>

package/ios/{SecuritySuite.m → SecuritySuite.mm}

@@ -16,6 +16,8 @@ RCT_EXTERN_METHOD(storageEncrypt:(NSString)input withSecretKey:(NSString*)secret
 
 RCT_EXTERN_METHOD(storageDecrypt:(NSString)input withSecretKey:(NSString*)secretKey withHardEncryption:(BOOL)hardEncryption withCallback:(RCTResponseSenderBlock)callback)
 
+RCT_EXTERN_METHOD(fetch:(NSString)url withData:(NSDictionary)data withCallback:(RCTResponseSenderBlock)callback)
+
 RCT_EXTERN_METHOD(deviceHasSecurityRisk:(RCTPromiseResolveBlock)resolve withRejecter:(RCTPromiseRejectBlock)reject)
 
 + (BOOL)requiresMainQueueSetup

package/ios/SecuritySuite.swift

@@ -1,7 +1,9 @@
-import IOSSecuritySuite
 import Foundation
 import CryptoKit
 import SwiftUI
+import Security
+import CommonCrypto
+import IOSSecuritySuite
 
 @available(iOS 13.0, *)
 @objc(SecuritySuite)
@@ -123,6 +125,58 @@ class SecuritySuite: NSObject {
     func getDeviceId() -> String {
         return UIDevice.current.identifierForVendor!.uuidString.replacingOccurrences(of: "-", with: "", options: [], range: nil)
     }
+    
+    @objc(fetch:withData:withCallback:)
+    func fetch(url: NSString, data: NSDictionary, callback: @escaping RCTResponseSenderBlock) -> Void {
+        let config = URLSessionConfiguration.default
+        config.httpShouldSetCookies = false
+        config.httpCookieAcceptPolicy = .never
+        config.networkServiceType = .responsiveData
+        config.shouldUseExtendedBackgroundIdleMode = true
+        
+        let sslPinning = SSLPinning(data: data)
+        
+        var request = URLRequest(url: URL(string: url as String)!)
+
+        if data["method"] != nil { request.httpMethod = data["method"] as! String } else { request.httpMethod =  "POST" }
+        if data["body"] != nil { request.httpBody = (data["body"] as! String).data(using: .utf8)! } else { request.httpBody = "".data(using: .utf8)! }
+        if data["headers"] != nil { request.allHTTPHeaderFields = data["headers"] as! [String : String] }
+        if data["timeout"] != nil { request.timeoutInterval = data["timeout"] as! TimeInterval }
+        let session = URLSession(configuration: config, delegate: sslPinning, delegateQueue: .main)
+        let task = session.dataTask(with: request) { data, response, error in
+            let response = response as? HTTPURLResponse
+            
+            if error == nil {
+                let responseCode = response?.statusCode
+                let responseString = String.init(decoding: data ?? .init(), as: UTF8.self)
+                let errorString = error?.localizedDescription
+                let responseJSON = try? JSONSerialization.jsonObject(with: data!, options: [])
+
+                var result:NSMutableDictionary = [
+                    "status": response?.statusCode,
+                    "url": url,
+                ]
+                if errorString == nil && responseCode! < 400 {
+                    result["response"] = responseString
+                    result["responseJSON"] = responseJSON
+                    callback([result, NSNull()])
+                } else {
+                    result["error"] = responseString
+                    result["errorJSON"] = responseJSON
+                    do {
+                        let jsonData = try JSONSerialization.data(withJSONObject: result)
+                        callback([NSNull(), result])
+                    } catch {
+                        callback([NSNull(), "JSON_PARSE_ERROR"])
+                    }
+                }
+            } else {
+                callback([NSNull(), "MUST_BE_UPDATE"])
+            }
+        }
+        
+        task.resume()
+    }
 
     @objc(deviceHasSecurityRisk:withRejecter:)
     func deviceHasSecurityRisk(resolve:RCTPromiseResolveBlock, reject:RCTPromiseRejectBlock) -> Void {