Insert our public key at complile time and deobfuscate at runtime. Things close to working

astrid/AndroidManifest.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
           package="com.timsu.astrid"
-          android:versionName="4.2.4"
-          android:versionCode="275">
+          android:versionName="4.3.0-DONT-PUBLISH-ME"
+          android:versionCode="276">
           
   <!-- widgets, alarms, and services will break if Astrid is installed on SD card -->
   <!--    android:installLocation="internalOnly"> -->

astrid/build.xml

@@ -144,6 +144,14 @@
       <replaceregexp file="${source.dir}/com/todoroo/astrid/service/abtesting/ABTestInvoker.java"
     	             match="API_SECRET = .*"
     	             replace="API_SECRET = &quot;${apikey.analytics.secret}&quot;;" />
+    	
+      <replaceregexp file="${source.dir}/com/todoroo/astrid/billing/BillingConstants.java"
+                     match="PUB_KEY_REPLACE_CHAR = .*"
+    	             replace="PUB_KEY_REPLACE_CHAR = &#39;${apikey.googleplay.replacechar}&#39;;" />
+    	
+      <replaceregexp file="${source.dir}/com/todoroo/astrid/billing/BillingConstants.java"
+    	             match="PUB_KEY_OBFUSCATED = .*"
+    	             replace="PUB_KEY_OBFUSCATED = &quot;${apikey.googleplay.pubkey}&quot;;" />
     </target>
 
     <!-- update api keys that require release signing -->

astrid/src/com/todoroo/astrid/billing/BillingActivity.java

@@ -17,7 +17,6 @@ import android.widget.Button;
 import android.widget.Toast;
 
 import com.timsu.astrid.R;
-import com.todoroo.andlib.service.Autowired;
 import com.todoroo.andlib.service.DependencyInjectionService;
 import com.todoroo.andlib.utility.DialogUtilities;
 import com.todoroo.andlib.utility.Preferences;
@@ -42,9 +41,6 @@ public class BillingActivity extends Activity {
     private Button buyMonth;
     private Button buyYear;
 
-    @Autowired private ActFmPreferenceService actFmPreferenceService;
-
-
     @Override
     protected void onCreate(Bundle savedInstanceState) {
         DependencyInjectionService.getInstance().inject(this);
@@ -213,9 +209,11 @@ public class BillingActivity extends Activity {
             if (purchaseState == PurchaseState.PURCHASED) {
                 // Success
                 // Report premium activation to server
+                System.err.println("====== SUCCESS! ======");
             } else if (purchaseState == PurchaseState.REFUNDED || purchaseState == PurchaseState.EXPIRED) {
                 // Subscription ended
                 // Report premium deactivation to server
+                System.err.println("====== REFUNDED ======");
             }
         }
 

astrid/src/com/todoroo/astrid/billing/BillingConstants.java

@@ -47,8 +47,12 @@ public class BillingConstants {
     public static final String ITEM_TYPE_SUBSCRIPTION = "subs";
 
 
-    public static final String PRODUCT_ID_MONTHLY = "premium_monthly";
-    public static final String PRODUCT_ID_YEARLY = "premium_yearly";
+    public static final String PRODUCT_ID_MONTHLY = "com.timsu.astrid.premium_monthly";
+    public static final String PRODUCT_ID_YEARLY = "com.timsu.astrid.premium_yearly";
+
+    public static final char PUB_KEY_OBFUSCATION_CHAR = '!';
+    public static final char PUB_KEY_REPLACE_CHAR = 'B';
+    public static final String PUB_KEY_OBFUSCATED = "pubkey";
 
     // The response codes for a request, defined by Android Market.
     public enum ResponseCode {

astrid/src/com/todoroo/astrid/billing/Security.java

@@ -126,7 +126,8 @@ public class Security {
              * Generally, encryption keys / passwords should only be kept in memory
              * long enough to perform the operation they need to perform.
              */
-            String base64EncodedPublicKey = "your public key here";
+
+            String base64EncodedPublicKey = constructPublicKey();
             PublicKey key = Security.generatePublicKey(base64EncodedPublicKey);
             verified = Security.verify(key, signedData, signature);
             if (!verified) {
@@ -190,6 +191,11 @@ public class Security {
         return purchases;
     }
 
+    private static String constructPublicKey() {
+        return BillingConstants.PUB_KEY_OBFUSCATED.replace(BillingConstants.PUB_KEY_OBFUSCATION_CHAR,
+                BillingConstants.PUB_KEY_REPLACE_CHAR);
+    }
+
     /**
      * Generates a PublicKey instance from a string containing the
      * Base64-encoded public key.