Merge branch 'remove_unused_properties' into 'master'

Document customization options

Closes #9155

See merge request leap/bitmask_android!268

4 files changed, 123 insertions, 68 deletions

diff --git a/README.md b/README.md
index 61384eb6..b472f45a 100644
--- a/README.md
+++ b/README.md
@@ -161,6 +161,8 @@ In order to temporarily disable building tor you can run:
 ```
 BUILD_TOR=false ./scripts/build_deps.sh
 ```
+### Custom Builds
+Please refer to to the customization [README](/app/src/custom/README.md).
 
 ### Debug APKs <a name="debug-apks"></a>
 
@@ -169,11 +171,6 @@ After having run `./build_deps.sh`, you can assemble debug packages for running
 ./gradlew assembleNormalProductionFatDebug
 ```
 
-In order to build a custom branded version of Bitmask you can run:
-```bash
-./gradlew assembleCustomProductionFatDebug
-```
-
 If everything went fine, you will find the debug apks in `/bitmask_android/app/build/outputs/apk/`.
 
 ### Release APKs <a name="release-apks"></a>
diff --git a/app/build.gradle b/app/build.gradle
index 0a987f84..171cad02 100644
--- a/app/build.gradle
+++ b/app/build.gradle
@@ -46,6 +46,8 @@ android {
     //This is the default donation URL and should be set to the donation page of LEAP
     // and this should not be set/altered anywhere else.
     buildConfigField 'String', 'default_donation_url', '"https://riseuplabs.org/leap"'
+    // custom donation url, only used in Custom flavor
+    buildConfigField 'String', 'donation_url', 'null'
     //The field to enable donations in the app.
     buildConfigField 'boolean', 'enable_donation', 'false'
     //The field to enable donation reminder popup in the app if enable_donation is set to 'false' this will be disabled.
@@ -77,14 +79,6 @@ android {
     buildConfigField 'boolean', 'actionbar_center_title', 'true'
     buildConfigField 'boolean', 'actionbar_capitalize_title', 'true'
 
-    //ignore the following configs, only used in custom flavor
-    buildConfigField 'String', 'donation_url', 'null'
-    buildConfigField "String", "customProviderUrl", '""'
-    buildConfigField "String", "customProviderIp", '""'
-    buildConfigField "String", "customProviderApiIp", '""'
-    buildConfigField "String", "geoipUrl", '""'
-    buildConfigField "String", "customProviderMotdUrl", '""'
-
     testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
     dexOptions {
       jumboMode true
@@ -130,25 +124,14 @@ android {
       //**************************************************************************
       //**************************************************************************
       //Configurations for custom branded app.
-
+      //
+      //In order to configure the URLs for your custom provider (required!), please
+      //check out app/src/custom/README.md
+      //
       //Change the package name as needed, e.g. "org.example.myapp"
       applicationId "se.leap.riseupvpn"
       //Set app name here
       appName = "Riseup VPN"
-      //Provider base url, e.g. '"https://example.com"'
-      def customProviderUrl = '"https://black.riseup.net"'
-      buildConfigField "String", "customProviderUrl", customProviderUrl
-      //static ip address of provider, using a commercially validated CA certificate to serve the provider.json
-      def customProviderIp = '""'
-      buildConfigField "String", "customProviderIp", customProviderIp
-      //static ip address of the provider api, using a self signed certificate to serve provider.json, eip-service.json etc.
-      def customProviderApiIp = '""'
-      buildConfigField "String", "customProviderApiIp", customProviderApiIp
-      def geoipUrl = '"https://menshen.riseup.net/json"'
-      buildConfigField "String", "geoipUrl", geoipUrl
-      //URL for the message of the day, see https://0xacab.org/leap/motd#motd-message-of-the-day
-      def customProviderMotdUrl = '"https://static.riseup.net/vpn/motd.json"'
-      buildConfigField "String", "customProviderMotdUrl", customProviderMotdUrl
       //Change the versionCode as needed
       //versionCode 1
       //Change the versionName as needed
diff --git a/app/src/custom/README.md b/app/src/custom/README.md
new file mode 100644
index 00000000..f0bed297
--- /dev/null
+++ b/app/src/custom/README.md
@@ -0,0 +1,75 @@
+# Custom branding
+## Feature flags
+You can customize Bitmask and create provider specific branded version of it. 
+There's a section called "Configurations for custom branded app." in `app/build.gradle` that contains various build properties to alter the behavior of the app. Descriptions of the properties are provided inline.
+
+## Bootstrapping
+
+You need to specify a couple of URLs required for bootstrapping. 
+In `app/src/custom/assets/urls`, you need to create a json file with the naming scheme `<domain_name>.url`.
+The json *needs* to contain the field `"main_url" : "<main entry point of your leap provider>"`. The main entry point is the domain where your publicly available provider.json and CA cert is served.
+
+*Optional* fields are:
+| key | value | 
+|----------|-------------|
+| geoip_url | URL your [menshen](https://0xacab.org/leap/menshen) service points to | 
+| motd_url | URL you serve a [message of the day json](https://0xacab.org/leap/motd). Motd is not yet integrated in Lillypad and needs to be deployed separately |
+| provider_ip | IP under which your provider.json and CA cert are provided. This allows to circumvent DNS blockings |
+| provider_api_ip | IP under which your eip-service.json and VPN credentials are provided. This allows to circumvent DNS blockings |
+
+Additionally you can preship your your `provider.json` and the PEM formatted CA cert used for the communication to the API. It allows certificate pinning without an trust on first use model and improves slightly the security for the API communication. The files need to be located in `app/src/custom/assets/` and named as `<domainname>.json` and `<domainname>.pem`.
+
+## Design
+In order to adapt the **color scheme** of the app, you need to replace the values in `app/src/custom/values/custom-theme.xml`. Descriptions of the resource keys are provided inline.
+
+There are a couple of images you should replace to customize your app. It is important that all assets you replace keep the exact same file name, otherwise the app won't use them. Please be aware that assets might occour more than once in different `drawable*` directories. All of them need to be replaced to avoid inconsistencies across different devices. 
+
+The following table shows relevant asset names in `app/src/custom/res` to change animations and images. Since it's is possible that assets of the same resource have different file endings, e.g. .png or .xml, they are shown without file endings in the table.
+
+| asset | resource | comment |
+|----------|-------------| -----|
+| launcher icon | `ic_launcher` | |
+| message of the day icon | `ic_motd` | |
+| donation reminder icon | `logo_square` | |
+| navigation drawer foreground logo | `drawer_logo` | can be omitted if your drawer logo doesn't consist of a foreground and background image |
+| navigation drawer background image | `background_drawer` | |
+| rotating VPN connection progress animation | `rotate_progress_image` | shows progress at the border of the on/off button |
+| VPN connected image | `state_connected`| |
+| VPN connecting image | `state_connecting` | an example for an animated image can be found in `drawable-anydpi-v24/state_connecting.xml` |
+| VPN disconnected image | `state_disconnected` | |
+| background image connected state | `bg_connected` ||
+| background image connecting state | `bg_connecting` ||
+| background image disconnected state | `bg_disconnected` ||
+| transition animation connected - disconnected | `state_transition_connected_disconnected` ||
+| spash view (until Android 11) | `ic_splash_background` ||
+| splash view icon (Android 12+) | `splash_icon` ||
+| splash view branding (Android 12+) | `splash_branding` | is shown at the bottom of the splash view |
+
+## Donations
+You can enable a donation reminder for your custom branded app:
+
+1. Adapt the following fields in build.gradle:
+```gradle
+  //This is the donation URL and should be set to the relevant donation page.
+      buildConfigField 'String', 'donation_url', '"https://riseup.net/vpn/donate"'
+      //The field to enable donations in the app.
+      buildConfigField 'boolean', 'enable_donation', 'true'
+      //The field to enable donation reminder popup in the app if enable_donation is set to 'false' this will be disabled.
+      buildConfigField 'boolean', 'enable_donation_reminder', 'true'
+      //The duration in days to trigger the donation reminder
+      buildConfigField 'int', 'donation_reminder_duration', '7'
+```
+2. Adapt the donation reminder icon (see table above)
+3. replace all `donate_message` strings in `app/src/custom/res/values*/strings.xml`. If you don't have a translation for a language, remove the `donate_message` entry from the corresponding `strings.xml`
+
+## Terms of Service
+There's a string resource `terms_of_service` in `app/src/custom/res/values*/strings.xml` that you should adapt for your provider. 
+
+## Compiling
+
+Please make sure you have checked out the [submodules](../../../README.md#submodules) and built the [dependencies](../../../README.md#just-build-it) first.
+
+In order to build a debug version of your custom branded app run:
+```bash
+./gradlew assembleCustomProductionFatDebug
+```
diff --git a/app/src/test/resources/v4/riseup.net.cert b/app/src/test/resources/v4/riseup.net.cert
index 49b4f576..5181a66b 100644
--- a/app/src/test/resources/v4/riseup.net.cert
+++ b/app/src/test/resources/v4/riseup.net.cert
@@ -1,43 +1,43 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAudf0Quu9UehPF+oi8ZwBf7OBE1oj/SoY5tDkkWHcShxVfw26
-Cwnw+dAViCXS0zgTtx1qIN9bQgMEheanc2iuP1emF0G18Yi9L54soh6O+zR5M6od
-tpWLOxYMqYCJPoAK+GBxW95bobLUjk1EJigyrrtORprgO2wi8TznZ+shdO6AlvUr
-iUrvbmdMMIxPk3wvSX1f+2IbVlRf+2ovcRHMZqJ+plQiZEuRWkMqGiwiKwNFmIfZ
-lIwkPIzly06RGfRML2cMS8ewM0ryAsgjH6O9KyujtW+T8B03Es1xHowxw9yIeiAr
-sgWbDwawWtfzGUlLkupoice7huBMYe1vBCdglQIDAQABAoIBAHTe6A9FrPNbgpHp
-fjwu/YpPWnbPEx7cYHiXGYaL4jsBAos6GKtkfxS61S+fiaum8k8PwnQVwpAK0cdb
-PCcJx7qx5hNuEXtpoH/Xmv4A9a3oW+gvrSvrc3me7iuSV7zkTQHRtLgvZ7SSf7VV
-xeuxD95ukFU6hJUZ9gd7Y5MofQvI9iFn5V+w7wPlmqkZM/whxrPQwTHGvPsXWaEu
-5nUuGW3y1WvvhwNBjrnPP1A/UZ06hhMvAUGlvFRxBm4ADoSDBfjZdP5ZjOPMP1Y0
-D5FGHboueYzFDBQEXpxw1nvjuXzlt6SjA91gRIMJQAwsK5MxntQJXrOX7JEl6BgI
-aGgVfEECgYEAyo1KFgVoleyyZ9aBzlXs7g+WKRrD8jxbloQiaamLpxTOgvBDU4Wq
-KI+zcEJ5GOrAOe6qEfCXn7REefZZr2z7hOs/oj/zsAGHgRDpFkZ3USA5LsruL917
-4EAZH+VJUvN8H8GgU2N4sj0sDk+yaLZo9dhYilo78cDUX4BoGtdaEykCgYEA6uH9
-O3UcgnKVghTrpuLca8ov1S4QH8XamD4rMIeHpSn/l32JCBjtjL9LQYqve+lcxyC8
-Je07ZzznhEYdQ/ASMVjBOVMVNq+AaYm1X2DSYvje1IDFFz4Ya/luHy3xThhSqnkm
-jtjxAICScuboUmAC+E9rpnmlJ6W06DwxYlWJm40CgYBSCcfoA2jI0IWx6P/KQqMk
-CMwY+e5DPo8Z94q4oSMfGR5LimS6f3jb1Ngor8O8g9g3nqLjgT7oQGs7uru4gbud
-qmqrnJtmvjfT3rWJgCDzismeWjL+0AZMXanPcV6xakzrz9DP9Yn9Jymg4kawgrEg
-Ye/6mXGOCTv7Mlb4CCFDgQKBgQDYdDh00aDbShMjlHnyCoCMyP+5mkB7t06SHECa
-8Vr8xy5mgeaFUsufeC43EUJUk6LPUwhwfyXOJt9IE4EmuZdaaGtwk3MqOSPCnohJ
-hCV91dErzhtTJwNEhdGI5ELK8DlGJm11GNFH4DSVtNuGBjrWcAJJoTKkzd1gYxAz
-iZZNhQKBgB78oOOWX6yS+UDnJzyuojZbl9YeXXRjPXqUWqjdp+Qagn6KFYIBRdFL
-S8vHtJpshsP0qAAEo7P+KueMQKFTRsU6CWZN68omB3K+LNGod+PT4yfM4PqC4MlN
-kis7OehmiRA7HUPmV9YRL3JsH0W9q0PxCtm8c6gLfcp3OZ93yNSJ
+MIIEpAIBAAKCAQEAoubdIK609+1LgeOFWDt++yaizzQRgmYWGfV7MtK3H5FB4BG9
+dE0Y6Psfs1T9wgtZ1qf4gI0njpS7m5PlwDFkBCbbQ+frhSVwi9tJoQo8Npvc9VU8
++0h1JTyySPNgKKrXzOTtkRgnVenf5HLJoBsMOyqlFkcoV3Rw3ca+n/pw87iriCyY
+HdQkh/i/psCG46s+p1O/C41dRoO4DQonCB68K0kA/EUM9KpTHxAw0f2Ug0X31st/
+z1apnCJn2LdzlW3qcgkrJgWJ0VkX1tImjuepfqYHme0m1yalavgUW27Hargl/MjY
+420BDA+hVyxfq0BpXCDUb8JmHvL5j7g+7SR4BwIDAQABAoIBABI3oSkDgKdtORF4
+gTQBy0yI4JItb3vWsMgMZM+lMudr1iMZuMclzBBZ7QygB5TIsi5IMIknv/G4/lYC
+ryHUJCw2sDSi3frQ2go55r0EqQEuYwJomt47Fyan6AQye2Fw4Zs/SrX8LoH0Gp6w
+m421GKQRO88G/CLzmZ+jlzPKzRDkO06RBK0kt2d6c2avOsk5KCLy/VhvLyMrbORe
+dSM+xHGIj1y83vgqy6mHFnDxRQrKTRskMrlZ04wIFf+ewke7eE7pBREki4ZPOGfi
+/CIpI0G6i5B3QnoJxdQcpFIYOYFu/ty3wsDEzfsRqEc+VPcgzGkvRGG1ewsrgIQ7
+bQQQGRkCgYEAxSxKPb1rVb5blIP+Mq8TqK7TeLL8ZXzkclIhtVh4lcCNTJpRN0Yk
+SnhlScWDg3gJ8Zb79pYz1PEiFjW0xK34VLXAWGeR2+YB8FUM1DpAJ1MEob1dA5ka
+fifc865AQLRB6bkM9xSqdTb7pQp5E88CE5w3ZCyQlPuBPGuS/zblLU0CgYEA04EA
+zaOZuaX0q/OvzLtsQqjbXHoCrd0pxEC2KZn+88sRvX0nk2sv8B58PMzYTrpKUHWg
+dJhwqGHNJVI5+v+1kyMtDgyIi0Yqqe5IqBzuk24ts0znODCXP4rVz9u5WdcIpofl
+Hhzg1svDtHPexswCaWF5HqHtyFA9dcENR0ZLIKMCgYEAvxAF+QHeSr4lXCrzXgXN
+VP3kKee3MFjvvd/cji/m2aY2xe4bmSY88HTuIahlojXl3Ndj3TT7kPMBBuiP/K5g
+HyXn90KVUrL1Wf/waI7xr6mAqYIn6d6oj2rtbqyB0rFZ1bPd3meGLgNTokAdx5Ym
++v27pzSP/e4g832CehClz1kCgYEAoTeNCDKzQ7qHVObMUy9t5yXVB5mNH0AczRZS
+hEV4/BYHMLwMhadHhC2In8O5AdGoQcpXg2iLPx5FhDQ4M+XkXwKKHlJZZmgWry8N
+vO9Iv6JVPX3aJY+MSogmUGl40E1Dr8SYVarHi5MIWy2TW084a2E8NKhTmsPnBTIh
+T/n53CcCgYBuDeK4NoLne7h8q6TpSk/1p7fDkE/G5ueCcBOOrZBHan8y+VkUH1ZM
+rPkO8MprbJ+q/wBBfUvurycdHxtOQaahv7ZwIfKsXxGHShrhZseOTi1Wkkfw9kt2
+CE2U7O5Pn9KBKUwuPihaEqCtSjiSJKZr02UapFjS9R0FTAbf7LwYNg==
 -----END RSA PRIVATE KEY-----
 -----BEGIN CERTIFICATE-----
-MIICeTCCAh6gAwIBAgIRAIbLa6Ts1lih8SKdunuWB+gwCgYIKoZIzj0EAwIwMzEx
-MC8GA1UEAwwoTEVBUCBSb290IENBIChjbGllbnQgY2VydGlmaWNhdGVzIG9ubHkh
-KTAeFw0yNDAxMTgxOTAzNTZaFw0yNDAyMjIxOTAzNTZaMBQxEjAQBgNVBAMTCVVO
-TElNSVRFRDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALnX9ELrvVHo
-TxfqIvGcAX+zgRNaI/0qGObQ5JFh3EocVX8NugsJ8PnQFYgl0tM4E7cdaiDfW0ID
-BIXmp3Norj9XphdBtfGIvS+eLKIejvs0eTOqHbaVizsWDKmAiT6ACvhgcVveW6Gy
-1I5NRCYoMq67Tkaa4DtsIvE852frIXTugJb1K4lK725nTDCMT5N8L0l9X/tiG1ZU
-X/tqL3ERzGaifqZUImRLkVpDKhosIisDRZiH2ZSMJDyM5ctOkRn0TC9nDEvHsDNK
-8gLIIx+jvSsro7Vvk/AdNxLNcR6MMcPciHogK7IFmw8GsFrX8xlJS5LqaInHu4bg
-TGHtbwQnYJUCAwEAAaNnMGUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
-AQUFBwMCMB0GA1UdDgQWBBSRZk4gUAUtg/gnCBt2OfkYak38mTAfBgNVHSMEGDAW
-gBR9SmLY/ytJxHm2orHcjj5jB1yo/jAKBggqhkjOPQQDAgNJADBGAiEA+7MB5Thd
-Xpb9vnNIpX10TahuOb9N4IQcpO6ai8pOqmwCIQD5zpNjB16pyKg/ctOpVjzKStQD
-kKiTsZU2DSNaeSapoA==
------END CERTIFICATE-----
\ No newline at end of file
+MIICdjCCAh2gAwIBAgIQEvFlsBeZpYERAhfR59N3ijAKBggqhkjOPQQDAjAzMTEw
+LwYDVQQDDChMRUFQIFJvb3QgQ0EgKGNsaWVudCBjZXJ0aWZpY2F0ZXMgb25seSEp
+MB4XDTI0MDIxNzE2MDgxNVoXDTI0MDMyMzE2MDgxNVowFDESMBAGA1UEAxMJVU5M
+SU1JVEVEMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoubdIK609+1L
+geOFWDt++yaizzQRgmYWGfV7MtK3H5FB4BG9dE0Y6Psfs1T9wgtZ1qf4gI0njpS7
+m5PlwDFkBCbbQ+frhSVwi9tJoQo8Npvc9VU8+0h1JTyySPNgKKrXzOTtkRgnVenf
+5HLJoBsMOyqlFkcoV3Rw3ca+n/pw87iriCyYHdQkh/i/psCG46s+p1O/C41dRoO4
+DQonCB68K0kA/EUM9KpTHxAw0f2Ug0X31st/z1apnCJn2LdzlW3qcgkrJgWJ0VkX
+1tImjuepfqYHme0m1yalavgUW27Hargl/MjY420BDA+hVyxfq0BpXCDUb8JmHvL5
+j7g+7SR4BwIDAQABo2cwZTAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
+BQUHAwIwHQYDVR0OBBYEFIPsBEktjxealc2usc6QdNNK2xHFMB8GA1UdIwQYMBaA
+FH1KYtj/K0nEebaisdyOPmMHXKj+MAoGCCqGSM49BAMCA0cAMEQCIHMF70zfZQ7Y
+lcz0IDjFbHO/Xd+Mh0QSdcz6lU4OdXO4AiABPaZ/DUa2qBX8AWO4itwTEQYroeF8
+0onH42V60UWxEA==
+-----END CERTIFICATE-----