Remove client side encryption of production API keys (#680)

* Removes `leyndo` dependency from `build.gradle`.
* Removes `SimpleCrypt` class.
* Removes encryption and `leyndo` installation scripts.
* Updates `release-checklist.md` documentation for local production builds.
* Updates `deploy.sh` script to assemble production APK on Circle CI.

This patch removes client-side API key encryption for production builds. It is to be replaced by request signing and server-side validation prior to launch.

#679

Fixes #663

app/build.gradle

@@ -150,9 +150,4 @@ dependencies {
   testCompile 'org.assertj:assertj-core:1.7.0'
   testCompile "org.jetbrains.kotlin:kotlin-reflect:$kotlin_version"
   testCompile 'org.json:json:20160212'
-
-  if (flavorType == 'Prod') {
-    println("Including production only dependencies...")
-    compile 'com.mapzen.android:leyndo:0.0.1-SNAPSHOT'
-  }
 }

app/src/main/kotlin/com/mapzen/erasermap/model/ApiKeys.kt

@@ -31,15 +31,8 @@ class ApiKeys private constructor(val application: EraserMapApplication) {
     }
 
     private fun configureKeys() {
-        if (BuildConfig.DEBUG) {
-            tilesKey = BuildConfig.VECTOR_TILE_API_KEY
-            searchKey = BuildConfig.PELIAS_API_KEY
-            routingKey = BuildConfig.VALHALLA_API_KEY
-        } else {
-            val crypt = SimpleCrypt(application)
-            tilesKey = crypt.decode(BuildConfig.VECTOR_TILE_API_KEY)
-            searchKey = crypt.decode(BuildConfig.PELIAS_API_KEY)
-            routingKey = crypt.decode(BuildConfig.VALHALLA_API_KEY)
-        }
+        tilesKey = BuildConfig.VECTOR_TILE_API_KEY
+        searchKey = BuildConfig.PELIAS_API_KEY
+        routingKey = BuildConfig.VALHALLA_API_KEY
     }
 }

release-checklist.md

@@ -5,9 +5,8 @@ Eraser Map Release Checklist
 
 1. Clone the production keystore from its private repository and copy it into your home folder.
 2. Add the keystore credentials to `~/.gradle/gradle.properties`.
-3. Copy the production API key values encoded using `encrypter.sh` into `~/.gradle/gradle.properties`.
-4. Install the `leyndo` project into your local Maven repository.
-5. Build release APK using `./gradlew clean installProdRelease`.
+3. Copy the production API keys into `~/.gradle/gradle.properties`.
+4. Build release APK using `./gradlew clean installProdRelease --refresh-dependencies`.
 
 ## Building a release APK on Circle CI
 

scripts/deploy.sh

@@ -7,7 +7,6 @@ if [ -z ${PERFORM_RELEASE} ]
     ./gradlew assembleDevDebug -PmintApiKey=$MINT_API_KEY -PvectorTileApiKey=$VECTOR_TILE_API_KEY -PpeliasApiKey=$PELIAS_API_KEY -PvalhallaApiKey=$VALHALLA_API_KEY -PbuildNumber=$CIRCLE_BRANCH-$CIRCLE_BUILD_NUM -PsearchBaseUrl="$SEARCH_BASE_URL" -ProuteBaseUrl="$ROUTE_BASE_URL"
     s3cmd put app/build/outputs/apk/app-dev-debug.apk s3://android.mapzen.com/erasermap-development/$CIRCLE_BRANCH-$CIRCLE_BUILD_NUM.apk
   else
-    scripts/install-leyndo.sh
     cd app && git clone $CONFIG_REPO
     cd ..
     ./gradlew clean assembleProdRelease --refresh-dependencies -PmintApiKey=$MINT_API_KEY -PvectorTileApiKey=$VECTOR_TILE_API_KEY_PROD -PpeliasApiKey=$PELIAS_API_KEY_PROD -PvalhallaApiKey=$VALHALLA_API_KEY_PROD -PbuildNumber=$RELEASE_TAG -PreleaseStoreFile=$RELEASE_STORE_FILE -PreleaseStorePassword="$RELEASE_STORE_PASSWORD" -PreleaseKeyAlias=$RELEASE_KEY_ALIAS -PreleaseKeyPassword="$RELEASE_KEY_PASSWORD" -PsearchBaseUrl="$SEARCH_BASE_URL" -ProuteBaseUrl="$ROUTE_BASE_URL"