Loading play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/transport/screenlock/ScreenLockCredentialStore.kt +11 −4 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ import android.database.sqlite.SQLiteDatabase import android.database.sqlite.SQLiteOpenHelper import android.os.Build import android.security.keystore.KeyGenParameterSpec import android.security.keystore.KeyPermanentlyInvalidatedException import android.security.keystore.KeyProperties import android.util.Base64 import android.util.Log Loading @@ -20,6 +21,7 @@ import java.security.cert.Certificate import java.security.spec.ECGenParameterSpec import kotlin.random.Random @RequiresApi(23) class ScreenLockCredentialStore(val context: Context) { private val keyStore by lazy { KeyStore.getInstance("AndroidKeyStore").apply { load(null) } } Loading Loading @@ -51,10 +53,15 @@ class ScreenLockCredentialStore(val context: Context) { keyStore.getCertificateChain(getAlias(rpId, keyId)) fun getSignature(rpId: String, keyId: ByteArray): Signature? { try { val privateKey = getPrivateKey(rpId, keyId) ?: return null val signature = Signature.getInstance("SHA256withECDSA") signature.initSign(privateKey) return signature } catch (e: KeyPermanentlyInvalidatedException) { keyStore.deleteEntry(getAlias(rpId, keyId)) throw e } } fun containsKey(rpId: String, keyId: ByteArray): Boolean = keyStore.containsAlias(getAlias(rpId, keyId)) Loading play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/ui/AuthenticatorActivity.kt +12 −4 Original line number Diff line number Diff line Loading @@ -122,7 +122,7 @@ class AuthenticatorActivity : AppCompatActivity(), TransportHandlerCallback { } @RequiresApi(24) suspend fun handleRequest(options: RequestOptions) { suspend fun handleRequest(options: RequestOptions, allowInstant: Boolean = true) { try { val facetId = getFacetId(this, options, callerPackage) options.checkIsValid(this, facetId, callerPackage) Loading @@ -135,10 +135,10 @@ class AuthenticatorActivity : AppCompatActivity(), TransportHandlerCallback { Log.d(TAG, "facetId=$facetId, appName=$appName") // Check if we can directly open screen lock handling if (!requiresPrivilege) { if (!requiresPrivilege && allowInstant) { val instantTransport = transportHandlers.firstOrNull { it.isSupported && it.shouldBeUsedInstantly(options) } if (instantTransport != null && instantTransport.transport in INSTANT_SUPPORTED_TRANSPORTS) { startTransportHandling(instantTransport.transport) startTransportHandling(instantTransport.transport, true) return } } Loading Loading @@ -250,10 +250,18 @@ class AuthenticatorActivity : AppCompatActivity(), TransportHandlerCallback { return shouldStartTransportInstantly(SCREEN_LOCK) } fun startTransportHandling(transport: Transport): Job = lifecycleScope.launchWhenResumed { @RequiresApi(24) fun startTransportHandling(transport: Transport, instant: Boolean = false): Job = lifecycleScope.launchWhenResumed { val options = options ?: return@launchWhenResumed try { finishWithSuccessResponse(getTransportHandler(transport)!!.start(options, callerPackage), transport) } catch (e: SecurityException) { Log.w(TAG, e) if (instant) { handleRequest(options, false) } else { finishWithError(SECURITY_ERR, e.message ?: e.javaClass.simpleName) } } catch (e: CancellationException) { Log.w(TAG, e) // Ignoring cancellation here Loading Loading
play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/transport/screenlock/ScreenLockCredentialStore.kt +11 −4 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ import android.database.sqlite.SQLiteDatabase import android.database.sqlite.SQLiteOpenHelper import android.os.Build import android.security.keystore.KeyGenParameterSpec import android.security.keystore.KeyPermanentlyInvalidatedException import android.security.keystore.KeyProperties import android.util.Base64 import android.util.Log Loading @@ -20,6 +21,7 @@ import java.security.cert.Certificate import java.security.spec.ECGenParameterSpec import kotlin.random.Random @RequiresApi(23) class ScreenLockCredentialStore(val context: Context) { private val keyStore by lazy { KeyStore.getInstance("AndroidKeyStore").apply { load(null) } } Loading Loading @@ -51,10 +53,15 @@ class ScreenLockCredentialStore(val context: Context) { keyStore.getCertificateChain(getAlias(rpId, keyId)) fun getSignature(rpId: String, keyId: ByteArray): Signature? { try { val privateKey = getPrivateKey(rpId, keyId) ?: return null val signature = Signature.getInstance("SHA256withECDSA") signature.initSign(privateKey) return signature } catch (e: KeyPermanentlyInvalidatedException) { keyStore.deleteEntry(getAlias(rpId, keyId)) throw e } } fun containsKey(rpId: String, keyId: ByteArray): Boolean = keyStore.containsAlias(getAlias(rpId, keyId)) Loading
play-services-fido/core/src/main/kotlin/org/microg/gms/fido/core/ui/AuthenticatorActivity.kt +12 −4 Original line number Diff line number Diff line Loading @@ -122,7 +122,7 @@ class AuthenticatorActivity : AppCompatActivity(), TransportHandlerCallback { } @RequiresApi(24) suspend fun handleRequest(options: RequestOptions) { suspend fun handleRequest(options: RequestOptions, allowInstant: Boolean = true) { try { val facetId = getFacetId(this, options, callerPackage) options.checkIsValid(this, facetId, callerPackage) Loading @@ -135,10 +135,10 @@ class AuthenticatorActivity : AppCompatActivity(), TransportHandlerCallback { Log.d(TAG, "facetId=$facetId, appName=$appName") // Check if we can directly open screen lock handling if (!requiresPrivilege) { if (!requiresPrivilege && allowInstant) { val instantTransport = transportHandlers.firstOrNull { it.isSupported && it.shouldBeUsedInstantly(options) } if (instantTransport != null && instantTransport.transport in INSTANT_SUPPORTED_TRANSPORTS) { startTransportHandling(instantTransport.transport) startTransportHandling(instantTransport.transport, true) return } } Loading Loading @@ -250,10 +250,18 @@ class AuthenticatorActivity : AppCompatActivity(), TransportHandlerCallback { return shouldStartTransportInstantly(SCREEN_LOCK) } fun startTransportHandling(transport: Transport): Job = lifecycleScope.launchWhenResumed { @RequiresApi(24) fun startTransportHandling(transport: Transport, instant: Boolean = false): Job = lifecycleScope.launchWhenResumed { val options = options ?: return@launchWhenResumed try { finishWithSuccessResponse(getTransportHandler(transport)!!.start(options, callerPackage), transport) } catch (e: SecurityException) { Log.w(TAG, e) if (instant) { handleRequest(options, false) } else { finishWithError(SECURITY_ERR, e.message ?: e.javaClass.simpleName) } } catch (e: CancellationException) { Log.w(TAG, e) // Ignoring cancellation here Loading
