Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Password does not work on Android API 33 #8

Open
Rocketeer007 opened this issue Nov 18, 2022 · 7 comments
Open

Adding Password does not work on Android API 33 #8

Rocketeer007 opened this issue Nov 18, 2022 · 7 comments

Comments

@Rocketeer007
Copy link

I have added the Fingerprint Scanner library to my Codename One project using the Maven dependency:

<dependency>
    <groupId>com.codenameone</groupId>
    <artifactId>fingerprint-scanner-lib</artifactId>
    <version>1.1.2</version>
    <type>pom</type>
</dependency>

When calling Fingerprint.addPassword(reason, key, value), the failure callback is triggered, with a very confusing exception.

D/MyAppName: [main] 0:3:46,172 - Exception: javax.crypto.IllegalBlockSizeException - null
W/System.err: javax.crypto.IllegalBlockSizeException
W/System.err:     at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:613)
W/System.err:     at javax.crypto.Cipher.doFinal(Cipher.java:2056)
W/System.err:     at com.codename1.fingerprint.impl.InternalFingerprintImpl$5$1.onAuthenticationSucceeded(InternalFingerprintImpl.java:386)
W/System.err:     at android.hardware.biometrics.BiometricPrompt$1.lambda$onAuthenticationSucceeded$0$android-hardware-biometrics-BiometricPrompt$1(BiometricPrompt.java:498)
W/System.err:     at android.hardware.biometrics.BiometricPrompt$1$$ExternalSyntheticLambda4.run(Unknown Source:4)
W/System.err:     at android.os.Handler.handleCallback(Handler.java:942)
W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:99)
W/System.err:     at android.os.Looper.loopOnce(Looper.java:201)
W/System.err:     at android.os.Looper.loop(Looper.java:288)
W/System.err:     at android.app.ActivityThread.main(ActivityThread.java:7898)
W/System.err:     at java.lang.reflect.Method.invoke(Native Method)
W/System.err:     at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
W/System.err:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:936)
W/System.err: Caused by: android.security.KeyStoreException: Key user not authenticated (internal Keystore code: -26 message: In KeystoreOperation::update
W/System.err: 
W/System.err: Caused by:
W/System.err:     0: In update: KeyMint::update failed.
W/System.err:     1: Error::Km(ErrorCode(-26))) (public error code: 2 internal Keystore code: -26)
W/System.err:     at android.security.KeyStore2.getKeyStoreException(KeyStore2.java:369)
W/System.err:     at android.security.KeyStoreOperation.handleExceptions(KeyStoreOperation.java:78)
W/System.err:     at android.security.KeyStoreOperation.update(KeyStoreOperation.java:115)
W/System.err:     at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer$MainDataStream.update(KeyStoreCryptoOperationChunkedStreamer.java:222)
W/System.err:     at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.update(KeyStoreCryptoOperationChunkedStreamer.java:156)
W/System.err:     at android.security.keystore2.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:179)
W/System.err:     at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:603)
W/System.err: 	... 12 more
D/MyAppName: [EDT] 0:3:46,220 - Exception: java.lang.RuntimeException - null
W/System.err: java.lang.RuntimeException
W/System.err:     at com.codename1.fingerprint.impl.InternalCallback.requestError(InternalCallback.java:138)
W/System.err:     at com.codename1.fingerprint.impl.InternalFingerprintImpl$5$1.onAuthenticationSucceeded(InternalFingerprintImpl.java:407)
W/System.err:     at android.hardware.biometrics.BiometricPrompt$1.lambda$onAuthenticationSucceeded$0$android-hardware-biometrics-BiometricPrompt$1(BiometricPrompt.java:498)
W/System.err:     at android.hardware.biometrics.BiometricPrompt$1$$ExternalSyntheticLambda4.run(Unknown Source:4)
W/System.err:     at android.os.Handler.handleCallback(Handler.java:942)
W/System.err:     at android.os.Handler.dispatchMessage(Handler.java:99)
W/System.err:     at android.os.Looper.loopOnce(Looper.java:201)
W/System.err:     at android.os.Looper.loop(Looper.java:288)
W/System.err:     at android.app.ActivityThread.main(ActivityThread.java:7898)
W/System.err:     at java.lang.reflect.Method.invoke(Native Method)
W/System.err:     at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548)
W/System.err:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:936)

Searching for other instances of this online, I found a similar issue mentioned here (android/security-samples#86), but with no resolution.

The same application works perfectly on Android API 32

@shai-almog
Copy link
Contributor

I have made some commits that seem to fix the issue in Git. I need to perform more thorough testing on different android versions before releasing. If all goes well, I can have a release in 7 to 10 days.
But you can build from source and try it out, if you can't wait that long: https://github.com/codenameone/FingerprintScanner

@shannah
Copy link
Collaborator

shannah commented Nov 19, 2022

With 8b4e578 it seems to be working well now. Want more time to test on other versions. Will make release next weekend.

@thinkerheart
Copy link

Thank you @shannah @shai-almog for your commits about that. I saw that "setUserAuthenticationRequired" have not set on Android API 33 when keypair is generated. Could you please tell me why "setUserAuthenticationRequired" is not working on Android API 33 ? Thank you all.

@Rocketeer007
Copy link
Author

Looking at the two commits recently added here, it seems that @shai-almog tried a solution of setUserAuthenticationValidityDurationSeconds(30), and @shannah instead removed setUserAuthenticationRequired(true)

I'm not an Android developer... so I don't really understand the impact of setUserAuthenticationRequired. It would be really helpful if you could explain what this is doing, and why it's a better solution than setting a validity duration for the user authentication...

That said, I tested both solution, and for my use case, setUserAuthenticationRequired(false) seems to work better; user authentication is still required, whereas with the other solution I still got some exceptions.

@Rocketeer007
Copy link
Author

@shannah Any chance we can get a release that includes this fix?

@Rocketeer007
Copy link
Author

@shai-almog @shannah Any chance of this being released in an official version of the FingerprintScanner library?

@shai-almog
Copy link
Contributor

I have just released this on maven central as version 1.1.3. It is also updated in the Codename One settings if you update that way.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants