Tarun Yekbote whytarun

## secureCodingPractice.java
# Bad practice: Hardcoded UserName and Password
String username ="admin"
String password ="p@ssw0rd"

# Good practice: Retrive credential from a secure source
String username = CredentialManager.getUsername()
String password =CredentialManager.getPassword()

## NetworkModule.kt
 @Singleton
    @Provides
    fun provideOkhttpClient(authInterceptor: AuthInterceptor,
                            certificateHelper: CertificateHelper
                           ) :OkHttpClient{
        val trustManagers = certificateHelper.createTrustManagers()
        val sslContext = SSLContext.getInstance("TLS")
        sslContext.init(null, trustManagers, null)
        return OkHttpClient().newBuilder()
            .readTimeout(2, TimeUnit.MINUTES)

## FirebaseAuth.kt
FirebaseAuth mAuth = FirebaseAuth.getInstance();

// Sign in with email and password
mAuth.signInWithEmailAndPassword(email, password)
    .addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
        @Override
        public void onComplete(@NonNull Task<AuthResult> task) {
            if (task.isSuccessful()) {
                // User is authenticated
            } else {

## build.gradle
buildTypes {
        release {
            buildConfigField "String", "BASE_URL", "\"https://mbl.test.com\""
            minifyEnabled true
            shrinkResources true
            debuggable false
            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'),
                                                       'proguard-rules.pro'
        }

## CertificateHelper.kt
class CertificateHelper @Inject constructor(@ApplicationContext context: Context) {
    private val applicationContext = context
    fun createTrustManagers(): Array<TrustManager> {
        val certificateInputStream = applicationContext.resources.openRawResource(
                                                              R.raw.test)
        val certificateFactory = CertificateFactory.getInstance("X.509")
        val certificate = certificateFactory.generateCertificate(certificateInputStream)
        val trustManagerFactory = TrustManagerFactory.getInstance(
                                               TrustManagerFactory.getDefaultAlgorithm())
        val keyStore = KeyStore.getInstance(KeyStore.getDefaultType())

## CheckPermission.kt
if (!usbManager!!.hasPermission(usbDevice)) {
    usbManager!!.requestPermission(usbDevice, mPendingIntent)
}
	# Bad practice: Hardcoded UserName and Password
	String username ="admin"
	String password ="p@ssw0rd"

	# Good practice: Retrive credential from a secure source
	String username = CredentialManager.getUsername()
	String password =CredentialManager.getPassword()
	@Singleton
	@Provides
	fun provideOkhttpClient(authInterceptor: AuthInterceptor,
	certificateHelper: CertificateHelper
	) :OkHttpClient{
	val trustManagers = certificateHelper.createTrustManagers()
	val sslContext = SSLContext.getInstance("TLS")
	sslContext.init(null, trustManagers, null)
	return OkHttpClient().newBuilder()
	.readTimeout(2, TimeUnit.MINUTES)
	FirebaseAuth mAuth = FirebaseAuth.getInstance();

	// Sign in with email and password
	mAuth.signInWithEmailAndPassword(email, password)
	.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
	@Override
	public void onComplete(@NonNull Task<AuthResult> task) {
	if (task.isSuccessful()) {
	// User is authenticated
	} else {
	buildTypes {
	release {
	buildConfigField "String", "BASE_URL", "\"https://mbl.test.com\""
	minifyEnabled true
	shrinkResources true
	debuggable false
	proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'),
	'proguard-rules.pro'
	}
	class CertificateHelper @Inject constructor(@ApplicationContext context: Context) {
	private val applicationContext = context
	fun createTrustManagers(): Array<TrustManager> {
	val certificateInputStream = applicationContext.resources.openRawResource(
	R.raw.test)
	val certificateFactory = CertificateFactory.getInstance("X.509")
	val certificate = certificateFactory.generateCertificate(certificateInputStream)
	val trustManagerFactory = TrustManagerFactory.getInstance(
	TrustManagerFactory.getDefaultAlgorithm())
	val keyStore = KeyStore.getInstance(KeyStore.getDefaultType())
	if (!usbManager!!.hasPermission(usbDevice)) {
	usbManager!!.requestPermission(usbDevice, mPendingIntent)
	}