NowSecure Lab Auto Integration

Monkton, Inc.

Monkton has built and tested Rebar apps with NowSecure Lab Auto as part of our DevSecOps process for building and delivering mobile apps. Performing automated testing requires some segregation of the build process.

As of right now, there are limitations on using production signing certificates with NowSecure. To get around this, we suggest leveraging the Debug build as the build you will pass to NowSecure for automated testing.

Configuring for NowSecure

To accomplish proper testing with NowSecure, we will need to perform the following steps:

NowSecure Lab Auto Integration Checklist

  • Creating a separate target for the app

    A new target will allow you to build specifically for NowSecure

  • Configure the test configuration file

    Setting the rebar.vetting flag to enable automated testing in the app

Configuring the NowSecure Target

First, you will want to duplicate your target for your Rebar App. Select your Rebar App target, and Duplicate it. Name it to AppName + Scannable. While it can be set to anything, we adopted the Scannable postfix for our NowSecure builds.

Below, for Monkton's Homes app, we call the NowSecure scannable build HomesScannable

Duplicating Target

From there, ensure that you configure the correct build settings for your app:

  • Ensure the correct PList name is set
  • Ensure the correct Product Name is set
Target Duplication Checklist Checklist

  • Ensure the correct PList name is set

    Under Build Settings look for the Info.plist file and ensure it is properly set

  • Ensure the correct Product Name is set

    Under Build Settings look for the Product Name file and ensure it is properly set

Configuring the NowSecure Scheme

Next, you will want to configure the scheme.

First, tap the scheme selector and navigate to Manage Scheme

Managing Schemes

Next, tap Manage Schemes and select the scheme for the new target you created.

Managing Schemes Selection

Once you have selected the scheme, you will want to edit the Release configuration. From here, navigate to Release on the left hand side of the modal and select Debug for the Build Configuration.

Managing Schemes Selection

Configuring the NowSecure Config File

In your config/testing/app-config.json file, add the following configuration setting:

"rebar.vetting": true,

This will ensure that the app resigning works as intended.

Scanning Rebar® Processing

The rebar-xcode-actions script provides a variety of functions in one file. It embeds Rebar, it copies over the configuration files, and it digitally signs the Rebar binaries with the users credentials.

For NowSecure, we need to ensure the sixth parameter is true for a scan build.

For each target you configure, you will need to add a Run Script in the Build Phases of the target. Name this script "Rebar® Processing". This can be done by tapping the "+" and selecting New Run Script

Add the following:

# Performs the embedding of Rebar as well as injection of configuration files
${SRCROOT}/helpers/rebar-xcode-actions \
    "${SRCROOT}" \
    "${SRCROOT}" \
    "${CONFIGURATION}" \
    "${BUILT_PRODUCTS_DIR}" \
    "${PRODUCT_NAME}" \
    "${EXPANDED_CODE_SIGN_IDENTITY_NAME}" \
    "true"

This will copy the Rebar binaries, embed config files, and then sign them for the application.

Note This is already configured in the project template

Scanning Rebar® Simulator Strip

This script will strip out any Simulator slices from the Rebar Permissions libraries.

For NowSecure, we need to ensure the sixth parameter is true for a scan build.

For each target you configure, you will need to add a Run Script in the Build Phases of the target. Name this script "Rebar® Simulator Strip". This can be done by tapping the "+" and selecting New Run Script

${SRCROOT}/helpers/rebar-xcode-strip \
    "${CONFIGURATION}" \
    "${TARGET_BUILD_DIR}" \
    "${WRAPPER_NAME}" \
    "true"