aramezx

## OkHttp_Certificate_Pinner
/*
* OkHttp lib provide a CertificatePinner class to be added to an OkHttpClient instance.
* The easiest way to pin a host is turn on pinning with a broken configuration and
* read the expected configuration when the connection fails.
*/
CertificatePinner certificatePinner = new CertificatePinner.Builder()
         .add("mydomain.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
         .build();
     OkHttpClient client = OkHttpClient.Builder()
         .certificatePinner(certificatePinner)

## network_security_config.xml
/*
*
* Network security configuration
* The Network Security Configuration feature lets apps customize their network security settings in a safe,
* declarative configuration file without modifying app code.
* These settings can be configured for specific domains and for a specific app.
* The key capabilities of this feature are as follows:
*   - Custom trust anchors: Customize which Certificate Authorities (CA) are trusted for an app's secure connections. For example, trusting particular self-signed certificates or restricting the set of public CAs that the app trusts.
*   - Debug-only overrides: Safely debug secure connections in an app without added risk to the installed base.
*   - Cleartext traffic opt-out: Protect apps from accidental usage of cleartext traffic.

## SymmetricKeyGenerationAndroidMRedesignedKeyStore.java
/*
* Android M officially introduces several new keystore features into the framework API,
* but the underlying work to support them has been going on for quite a while in the AOSP master branch.
* The most visible new feature is support for generating and using symmetric keys that
* are protected by the system keystore. Storing symmetric keys has been possible in previous versions too,
* but required using private (hidden) keystore APIs, and was thus not guaranteed to be portable across versions.
* Android M introduces a keystore-backed symmetric KeyGenerator, and adds support for the KeyStore.SecretKeyEntry JCA class,
* which allows storing and retrieving symmetric keys via the standard java.security.
* KeyStore JCA API. To support this, Android-specific key parameter classes and associated builders
* have been added to the Android SDK.

## keyExchangeImplementationUsingRSAOAEP.java
/*  if you need to implement RSA key exchange, you can easily make use of OAEP padding like this:  */

ndroidRsaEngine rsa = new AndroidRsaEngine("key1", false);

Digest digest = new SHA512Digest();
Digest mgf1digest = new SHA512Digest();
OAEPEncoding oaep = new OAEPEncoding(rsa, digest, mgf1digest, null);

oaep.init(true, null);
byte[] cipherText = oaep.processBlock(plainBytes, 0, plainBytes.length);

## usingBouncyCastleForDigitalSignImplementation.java
/*
*	If you use this primitive to implement, for example, Bouncy Castle's
*	AsymmetricBlockCipher interface, you can use any signature algorithm available in the
*	Bouncy Castle lightweight API (we actually use Spongy Castle to stay compatible
*	with Android 2.x without too much hastle).
*	For example, if you want to use a more modern (and provably secure)
*	signature algorithm than Android's default PKCS#1.5
*	implementation, such as RSA-PSS you can accomplish it with something
*	like this (see sample project for AndroidRsaEngine):
*/

## usingRSAPrivateKeyForDataEncryption.java
/*
 * By using the IKeyStoreService directly you can store symmetric keys or other secret data
 * in the system key store by using the put() method, which the current java.security.KeyStore implementation
 * does not allow (it can only store PrivateKey's). Such data is only encrypted
 * by the key store master key, and even the system key store is hardware-backed,
 * data is not protected by hardware in any way.
 *
 * Accessing hidden services is not the only way to augment the system key store functionality.
 * Since the sign() operation implements a 'raw' signature operation (RSASP1 in RFC 3447),
 * key store-managed (including hardware-backed) keys can be used to

## generateKeyPairAndroidKeyStoreAPI18.java
/*
*
*	The API is outlined in the 'Security' section of the 4.3 new API introduction page,
*	and details can be found in the official SDK reference, so we will only review it briefly.
*	Instead of introducing yet another Android-specific API, key store access is exposed via standard JCE APIs,
*	namely KeyGenerator and KeyStore. Both are backed by a new Android JCE provider,
*	AndroidKeyStoreProvider and are accessed by passing "AndroidKeyStore" as the type
*	parameter of the respective factory methods (those APIs were actually available in 4.2 as well,
*	but were not public). For a full sample detailing their usage,
*	refer to the BasicAndroidKeyStore project in the Android SDK.

## generatePrivateKeyUsingKeyStore.java
/*
 * Generate a new EC key pair entry in the Android Keystore by
 * using the KeyPairGenerator API. The private key can only be
 * used for signing or verification and only with SHA-256 or
 * SHA-512 as the message digest.
 */
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
        KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder(
        alias,
	/*
	* OkHttp lib provide a CertificatePinner class to be added to an OkHttpClient instance.
	* The easiest way to pin a host is turn on pinning with a broken configuration and
	* read the expected configuration when the connection fails.
	*/
	CertificatePinner certificatePinner = new CertificatePinner.Builder()
	.add("mydomain.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
	.build();
	OkHttpClient client = OkHttpClient.Builder()
	.certificatePinner(certificatePinner)
	/*
	*
	* Network security configuration
	* The Network Security Configuration feature lets apps customize their network security settings in a safe,
	* declarative configuration file without modifying app code.
	* These settings can be configured for specific domains and for a specific app.
	* The key capabilities of this feature are as follows:
	* - Custom trust anchors: Customize which Certificate Authorities (CA) are trusted for an app's secure connections. For example, trusting particular self-signed certificates or restricting the set of public CAs that the app trusts.
	* - Debug-only overrides: Safely debug secure connections in an app without added risk to the installed base.
	* - Cleartext traffic opt-out: Protect apps from accidental usage of cleartext traffic.
	/*
	* Android M officially introduces several new keystore features into the framework API,
	* but the underlying work to support them has been going on for quite a while in the AOSP master branch.
	* The most visible new feature is support for generating and using symmetric keys that
	* are protected by the system keystore. Storing symmetric keys has been possible in previous versions too,
	* but required using private (hidden) keystore APIs, and was thus not guaranteed to be portable across versions.
	* Android M introduces a keystore-backed symmetric KeyGenerator, and adds support for the KeyStore.SecretKeyEntry JCA class,
	* which allows storing and retrieving symmetric keys via the standard java.security.
	* KeyStore JCA API. To support this, Android-specific key parameter classes and associated builders
	* have been added to the Android SDK.
	/* if you need to implement RSA key exchange, you can easily make use of OAEP padding like this: */

	ndroidRsaEngine rsa = new AndroidRsaEngine("key1", false);

	Digest digest = new SHA512Digest();
	Digest mgf1digest = new SHA512Digest();
	OAEPEncoding oaep = new OAEPEncoding(rsa, digest, mgf1digest, null);

	oaep.init(true, null);
	byte[] cipherText = oaep.processBlock(plainBytes, 0, plainBytes.length);
	/*
	* If you use this primitive to implement, for example, Bouncy Castle's
	* AsymmetricBlockCipher interface, you can use any signature algorithm available in the
	* Bouncy Castle lightweight API (we actually use Spongy Castle to stay compatible
	* with Android 2.x without too much hastle).
	* For example, if you want to use a more modern (and provably secure)
	* signature algorithm than Android's default PKCS#1.5
	* implementation, such as RSA-PSS you can accomplish it with something
	* like this (see sample project for AndroidRsaEngine):
	*/
	/*
	* By using the IKeyStoreService directly you can store symmetric keys or other secret data
	* in the system key store by using the put() method, which the current java.security.KeyStore implementation
	* does not allow (it can only store PrivateKey's). Such data is only encrypted
	* by the key store master key, and even the system key store is hardware-backed,
	* data is not protected by hardware in any way.
	*
	* Accessing hidden services is not the only way to augment the system key store functionality.
	* Since the sign() operation implements a 'raw' signature operation (RSASP1 in RFC 3447),
	* key store-managed (including hardware-backed) keys can be used to
	/*
	*
	* The API is outlined in the 'Security' section of the 4.3 new API introduction page,
	* and details can be found in the official SDK reference, so we will only review it briefly.
	* Instead of introducing yet another Android-specific API, key store access is exposed via standard JCE APIs,
	* namely KeyGenerator and KeyStore. Both are backed by a new Android JCE provider,
	* AndroidKeyStoreProvider and are accessed by passing "AndroidKeyStore" as the type
	* parameter of the respective factory methods (those APIs were actually available in 4.2 as well,
	* but were not public). For a full sample detailing their usage,
	* refer to the BasicAndroidKeyStore project in the Android SDK.
	/*
	* Generate a new EC key pair entry in the Android Keystore by
	* using the KeyPairGenerator API. The private key can only be
	* used for signing or verification and only with SHA-256 or
	* SHA-512 as the message digest.
	*/
	KeyPairGenerator kpg = KeyPairGenerator.getInstance(
	KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore");
	kpg.initialize(new KeyGenParameterSpec.Builder(
	alias,