As a user I want to be able to use the Mobile Application even when the SSL certificate has been changed without the need to update the mobile application on my device
ACs
[x] The app should be able to get the SSL Fingerprint Trusted-List in the splash screen
[x] The app should be able to get the new SSL Fingerprint Trusted-List (TBD)
[x] While using the application
[x] This option provides seamless user experience where the SSL Fingerprint Trusted-List is replaced without user interaction, similar to the OAuth2 procedure of refreshing the authentication tokens
[x] After app restart
[x] Once the certificate is installed the user should be redirected to the splash screen with a user friendly message that for security reasons the app should be restarted
[ ] This option will be easier to be implemented
[x] The app should be able to decrypt the SSL Fingerprint Trusted-List
[x] Once the SSL Fingerprint Trusted-List is decrypted an SSL HTTP Interceptor should be added to ensure the man-in-the-middle is prevented
[x] The SSL Private Key should be added to the application by using the obfuscation option from envided in the build pipeline of the CI/CD
As a user I want to be able to use the Mobile Application even when the SSL certificate has been changed without the need to update the mobile application on my device
ACs
References
https://pub.dev/packages/envied#obfuscationencryption