Back to Monkton

Rebar Android App Configuration File

Monkton, Inc. 2018

App Configurations allow for multiple configurations to be generated for an app being built. These configurations can range from endpoints to security configuration settings.

The configuration file is simply named app-config.json, our sample apps include the build scripts and configuration file layout to generate a development, production, and test builds with different configurations.

Structure is as follows:

{project_root}/src/production/assets/app-config.json

{project_root}/src/development/assets/app-config.json

{project_root}/src/test/assets/app-config.json

To automatically embed these into your app for different build types, perform the following changes to your build.gradle file in your project.

    sourceSets {
        // Defines how we import the development assets for configuration
        debug {
            assets.srcDirs = ['src/development/assets']
        }
        // Defines how we import the production assets for configuration
        release {
            assets.srcDirs = ['src/production/assets']
        }
        // Defines how we import the test assets for configuration
        test {
            assets.srcDirs = ['src/test/assets']
        }
    }

API Url

The rebar.api.url field configures the API endpoint in which the App will communicate. This field can also be a Managed App Config pushed down by your MDM.

The rebar.api.url should be the full URL to your api endpoint in the format: https://api.example.com/v1

If this field is omitted it will cause the app sanity check to fail.

This field is mandatory.

Url Scheme

The rebar.scheme is a string value indicating the url scheme of this app. This will allow for other apps to perform callbacks when necessary. This must also be defined in the main activity within your Android Manifest file.

To add to your manifest:

        <activity
            android:name="io.monkton.rebar.ui.startup.AppStartupActivity"
            android:label="@string/app_name"
            android:launchMode="singleTask">
            <intent-filter>
                <!-- Default Launcher Activity -->
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
            <intent-filter>
                <!-- Allows us to open via URL  -->
                <data android:scheme="-your-scheme-" android:host="-your-scheme-host-"></data>
                <action android:name="android.intent.action.VIEW"></action>
                <category android:name="android.intent.category.DEFAULT"></category>
                <category android:name="android.intent.category.BROWSABLE"></category>
            </intent-filter>
        </activity>

This field is optional.

The default value is null.

SSL Pinning

The rebar.tls.pinned is a string array of acceptable SHA-512 hashes of the server certificates. These hashes should be generated using the Admin console. This field can also be a Managed App Config pushed down by your MDM

SSL Pinning adds another layer of security and verification of certificates when using TLS.

This field is mandatory.

FIPS

The rebar.fips.disabled flag is an optional boolean value indicating if FIPS mode should be disabled for the app.

The default value is false when using Rebar.

Note: FIPS is not enabled for simulator builds.

TLS Ciphers

The rebar.tls.ciphers setting is a string array of acceptable ciphers for TLS. There are 12 optional ciphers and one mandatory cipher available for selection.

  • TLS_RSA_WITH_AES_128_CBC_SHA (optional)
  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (optional)
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (optional)
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (optional)
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (optional)
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (optional)
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (optional)
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (optional)
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (optional)
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (optional)
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (optional)
  • TLS_RSA_WITH_AES_128_CBC_SHA256 (optional)
  • TLS_RSA_WITH_AES_256_CBC_SHA256 (optional)

In invalid cipher will cause the app sanity check to fail.

These checks are mandatory through via NIAP FCS_TLSS_EXT.1.1.

The default value is ["TLS_RSA_WITH_AES_128_CBC_SHA"].

OCSP Enabled

The rebar.useOCSP is a boolean value that indicates to the Rebar SDK that OCSP checks of certificates are enabled. This field can also be a Managed App Config pushed down by your MDM

The Rebar SDK will attempt to perform the OCSP check to validate that the certificate presented from the server is valid and that the certificate chain is valid.

These checks are mandatory through via NIAP FIA_X509_EXT.1.1.

The default value is true.

Continue on OCSP Error

The rebar.continueOnOCSPError is a boolean value that indicates that the OSCP checks, if failed, should be allowed to continue on. OCSP checks can fail if the server cannot be reached. This field can also be a Managed App Config pushed down by your MDM

For more information on the requirements of this flag please consult NIAP FIA_X509_EXT.2.2.

The default value is false.

Continue on OCSP Signing Missing

The rebar.continueOnOCSPSigningMissing is a boolean value that indicates that the OSCP checks, if missing the OCSP Signing OID, should be allowed to continue on. This field can also be a Managed App Config pushed down by your MDM

For more information on the requirements of this flag please consult NIAP FIA_X509_EXT.2.2.

The default value is false.

App Permissions

The rebar.permissions is a dictionary of permissions that the app can request. These permissions must be mapped in the config files. These permissions will be prompted to the user when they authenticate with the app the first login.

For instance, the permissions would be configured like ("none" permissions maybe omitted):

	"rebar.permissions": {
		"pii": { "request": "required" },
		"location": { "request": "required" },
		"push": { "request": "none" },
		"microphone": { "request": "none" },
		"camera": { "request": "none" }
	},
  • pii - indicates the app may use and transfer PII
  • push - indicates that push permissions will be requested
  • location - indicates that location will be requested
  • microphone - indicates that the microphone will be requested
  • camera - indicates that the camera will be requested

Account Options

Account Authentication Type

The rebar.auth is a mandatory string value that indicates how accounts will login to the app. There are two options, credentials (email and password) and derived credentials. Derived credentials must have the Derived app installed with credentials provisioned to use. This field can also be a Managed App Config pushed down by your MDM

Acceptable values:

  • derivedkit
  • credentials

In invalid or missing value will cause the app sanity check to fail.

The default value is null.

Create Account Options

The rebar.account.create is an optional string value that indicates if and how accounts can be created on the device. If null is given for this value, the user will not see a "Create Account" button or screen.

Note: Active Directory backed accounts login to the app, they do not create accounts. If only letting AD backed accounts are being used this value should be null.

Acceptable values:

  • null
  • tokens

The default value is null.

Derived Credential Signature Algorithm

The rebar.derived.signature is an optional string value that indicates what hashing algorithm should be used with authenticating with derived credentials and hashing a secret.

Acceptable values:

  • sha1
  • sha224
  • sha256
  • sha384
  • sha512

The default value is sha256.

Android GCM Values

The rebar.gcm.id is a string value that indicates the GCM identifier for this application.

The default value is null.

Android GCM Handler

The rebar.gcm.handler is a string value that for the fully qualified name (package and class name) of the GCM handler to handle GCM callbacks within the application.

The default value is null.

DOD Specific Elements

DOD Welcome Banner

The rebar.dodBanner is a boolean value that indicates that the App should display a startup banner when the user authenticates into the application. This field can also be a Managed App Config pushed down by your MDM.

The default value is false.

DOD Welcome Banner Text

The rebar.dodBannerText is a string value that overrides the DOD Welcome Banner text. This field can also be a Managed App Config pushed down by your MDM.

The default value is null.

NIAP Testing Configuration Elements

NIAP Debug Harness

The rebar.niap-harness is a boolean value that indicates that the App should include and use and enable our NIAP Debug Harness features. This field can also be a Managed App Config pushed down by your MDM.

The default value is false.

NIAP Auditing

The rebar.niap-audit is a boolean value that indicates that the App should perform our NIAP Auditing functionality for testing under NIAP. This field can also be a Managed App Config pushed down by your MDM.

The default value is false.

NIAP TLS Auditing

The rebar.tlsLogging is a boolean value that indicates that the App should print out logging information from our TLS sessions. This field can also be a Managed App Config pushed down by your MDM.

The default value is false.

UI / UX Configuration Elements

Default Color

The rebar.color is a string hexadecimal value (e.g. #AAAAAA) value that will color the Rebar generated screens within the app. This allows a custom color scheme to be presented for the app during the configuration process. This field can also be a Managed App Config pushed down by your MDM

App Welcome Screen

The rebar.screen.welcome is an optional string value that maps to the class name of a custom welcome screen. This screen will present the user with a custom view that welcomes them to the app. The screen should implement the Rebar method calls to create accounts or login.

If this value is set, Rebar will instantiate and create the welcome screen.

The default value is null.

Main App Screen

The rebar.screen.main is an optional/mandatory string value that maps to the class name of the main user interface for this app.

If this value is set, Rebar will instantiate and create the main screen.

The default value is null.