search

adorsys / secure-storage-android

Store strings & credentials securely encrypted on your device
Apache License 2.0
367 stars 58 forks source link

Android-P support #30

Closed jimocallaghan closed 5 years ago

jimocallaghan commented 6 years ago

Hi,

Is there any plan to support Android P with this library? I'm seeing the following error with the dev preview 2, though the test app UI reports encryption and decryption works correctly. Thanks.

05-30 11:39:56.140 8438-8438/de.adorsys.android.securestoragetest W/KeyStore: KeyStore exception android.os.ServiceSpecificException: (code 7) at android.os.Parcel.createException(Parcel.java:1956) at android.os.Parcel.readException(Parcel.java:1910) at android.os.Parcel.readException(Parcel.java:1860) at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786) at android.security.KeyStore.get(KeyStore.java:195) at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificateChain(AndroidKeyStoreSpi.java:118) at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:484) at java.security.KeyStore.getEntry(KeyStore.java:1560) at de.adorsys.android.securestoragelibrary.KeystoreTool.getPublicKey(KeystoreTool.java:159) at de.adorsys.android.securestoragelibrary.KeystoreTool.encryptMessage(KeystoreTool.java:75) at de.adorsys.android.securestoragelibrary.SecurePreferences.setValue(SecurePreferences.java:45) at de.adorsys.android.securestoragetest.MainActivity.handleOnGenerateKeyButtonClick(MainActivity.kt:88) at de.adorsys.android.securestoragetest.MainActivity.access$handleOnGenerateKeyButtonClick(MainActivity.kt:38) at de.adorsys.android.securestoragetest.MainActivity$onCreate$1.onClick(MainActivity.kt:48) at android.view.View.performClick(View.java:6597) at android.view.View.performClickInternal(View.java:6574) at android.view.View.access$3100(View.java:778) at android.view.View$PerformClick.run(View.java:25881) at android.os.Handler.handleCallback(Handler.java:873) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:164) at android.app.ActivityThread.main(ActivityThread.java:6649) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:826)

drilonrecica commented 6 years ago

Hi @jimocallaghan ,

We will look into this and keep you informed.

Thanks for your input.

luckyhandler commented 6 years ago

Hey @jimocallaghan,

first: what you quote is a warning and not an error which of course doesn't mean that we don't want to get rid of it. second: I debugged the sample app and the value is correctly encrypted and decrypted and our test is also passing. So SecureStorage is working on Android P.

As the functionality is not affected by the warning I would wait until the official Android P gets released. If the warning is still shown in the final release we will continue investigating the issue.

Thanks for your report!

simhachalam commented 6 years ago

Hi @itsmortoncornelius : i am still facing same warning message in official release as well. I have checked it on my pixel device with latest android official release.

hatpick commented 6 years ago

@itsmortoncornelius I'm getting an exception too

android.os.ServiceSpecificException:  (code 7)
        at android.os.Parcel.createException(Parcel.java:1956)
        at android.os.Parcel.readException(Parcel.java:1910)
        at android.os.Parcel.readException(Parcel.java:1860)
        at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786)
        at android.security.KeyStore.get(KeyStore.java:195)
        at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificateChain(AndroidKeyStoreSpi.java:118)
        at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:484)
        at java.security.KeyStore.getEntry(KeyStore.java:1560)
        at de.adorsys.android.securestoragelibrary.a.d(Unknown Source:13)
        at de.adorsys.android.securestoragelibrary.a.a(Unknown Source:21)
        at de.adorsys.android.securestoragelibrary.SecurePreferences.setValue(Unknown Source:9)

btw, I have the official android P on my pixel

luckyhandler commented 6 years ago

Thanks for the info. We will have a look at this warning then. But please be aware that this does not affect the functionality of Secure Storage. You can continue using it on Android P. See my comment above.

chaurasiadilip commented 6 years ago

@itsmortoncornelius ,getting Prompt with "Detected problems with API compatibility" warning message and also getting an exception

android.os.ServiceSpecificException: (code 7) at android.os.Parcel.createException(Parcel.java:1956) at android.os.Parcel.readException(Parcel.java:1910) at android.os.Parcel.readException(Parcel.java:1860) at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786) at android.security.KeyStore.get(KeyStore.java:195) at android.security.KeyStore.get(KeyStore.java:206) at java.lang.reflect.Method.invoke(Native Method) at com.ca.mas.core.security.KeyStoreAdapter.get(KeyStoreAdapter.java:120) at com.ca.mas.core.storage.implementation.KeyStoreStorage.readData(KeyStoreStorage.java:175) at com.ca.mas.core.storage.implementation.KeyStoreStorage.deleteData(KeyStoreStorage.java:410) at com.ca.mas.core.datasource.KeystoreDataSource.remove(KeystoreDataSource.java:158) at com.ca.mas.core.store.PrivateTokenStorage.clear(PrivateTokenStorage.java:102) at com.ca.mas.core.conf.ConfigurationManager$ClientChangeListener.onUpdated(ConfigurationManager.java:418) at com.ca.mas.core.conf.ConfigurationManager.activate(ConfigurationManager.java:170) at com.ca.mas.core.MobileSsoFactory.getInstance(MobileSsoFactory.java:171) at com.ca.mas.core.MobileSsoFactory.getInstance(MobileSsoFactory.java:88) at com.ca.mas.foundation.MAS.start(MAS.java:233) at com.digitaslbi.hastingsdirect.HDApplication.initCAGateway(HDApplication.java:61) at com.digitaslbi.hastingsdirect.HDApplication.onCreate(HDApplication.java:43) at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1154) at android.app.ActivityThread.handleBindApplication(ActivityThread.java:5871) at android.app.ActivityThread.access$1100(ActivityThread.java:199) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1650) at android.os.Handler.dispatchMessage(Handler.java:106) at android.os.Looper.loop(Looper.java:193) at android.app.ActivityThread.main(ActivityThread.java:6669) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

i am testing on Pixel that have official android P. please help to resolve this issue.

drilonrecica commented 6 years ago

@chaurasiadilip We are currently working on resolving this. We'll keep you informed on anything new.

drilonrecica commented 6 years ago

-INFO- Android P restricts access to non-SDK API's are used.

Google apparently lists the Keystore.java class as a non-SDK API as it is a Java feature and not Android specific.

We will contact Google and try to get the Keystore.java class or at least the getEntry() method which is causing the warning whitelisted.

We'll keep you informed on anything new.

https://android-developers.googleblog.com/2018/05/whats-new-in-android-p-beta.html

luckyhandler commented 6 years ago

@chaurasiadilip I think we are mixing up two bugs here. In the stack trace you provide secure storage is not present. We tested on a Pixel with Android P and the only thing we get is what @jimocallaghan and @hatpick reported. And that doesn't affect the functionality on Android P. We don't use restricted or hidden APIs in our code so it cannot be related to API-restrictions. Your stracktrace contains Cordova classes as far as I know and so I guess that Cordova has another issue here which is not related to this library and which leads to the prompt you are writing about. What we can reproduce is

android.os.ServiceSpecificException: (code 7) at android.os.Parcel.createException(Parcel.java:1956) at android.os.Parcel.readException(Parcel.java:1910) at android.os.Parcel.readException(Parcel.java:1860) at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786) at android.security.KeyStore.get(KeyStore.java:195) at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificateChain( AndroidKeyStoreSpi.java:118) at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:484) at java.security.KeyStore.getEntry(KeyStore.java:1560) at de.adorsys.android.securestoragelibrary.KeystoreTool.getPrivateKey(KeystoreTool.java:176) at de.adorsys.android.securestoragelibrary.KeystoreTool.decryptMessage( KeystoreTool.java:100) at de.adorsys.android.securestoragelibrary.SecurePreferences .getStringValue(SecurePreferences.java:89)

AdrianGlasnapp commented 6 years ago

Guys, check my answer here: https://stackoverflow.com/questions/52024752/android-p-keystore-exception-android-os-servicespecificexception/52295484#52295484

It solved this issue in my project where I was accessing KeyPair generated in KeyStore.

drilonrecica commented 6 years ago

implementation "de.adorsys.android:securestoragelibrary:1.0.3" Secure Storage version 1.0.3 is released and ready to use. We fixed the issue that was showing the warning on Android P.

Thanks to @DrGlass for posting the solution and thanks to everyone else for your support in trying to resolve this issue.

developerfromjokela commented 5 years ago

Hello! I am still having issue on v1.1.1

KeyStore exception android.os.ServiceSpecificException: (code 7) at android.os.Parcel.createException(Parcel.java:1964) at android.os.Parcel.readException(Parcel.java:1918) at android.os.Parcel.readException(Parcel.java:1868) at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786) at android.security.KeyStore.get(KeyStore.java:195) at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificate(AndroidKeyStoreSpi.java:149) at java.security.KeyStore.getCertificate(KeyStore.java:1120) at de.adorsys.android.securestoragelibrary.a.b(Unknown Source:15) at de.adorsys.android.securestoragelibrary.SecurePreferences.setValue(Unknown Source:4) at com.developerfromjokela.pusacloud.uploader.activities.LoginActivity$LoginAsync.onPostExecute(LoginActivity.java:108) at com.developerfromjokela.pusacloud.uploader.activities.LoginActivity$LoginAsync.onPostExecute(LoginActivity.java:79) at android.os.AsyncTask.finish(AsyncTask.java:695) at android.os.AsyncTask.access$600(AsyncTask.java:180) at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:712) at android.os.Handler.dispatchMessage(Handler.java:106) at android.os.Looper.loop(Looper.java:193) at android.app.ActivityThread.main(ActivityThread.java:6718) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

515orestis commented 5 years ago

i was using v1.03 i didn't have this problem but now i am on 1.2.1 and i am having it android 9 android.os.ServiceSpecificException: (code 7) at android.os.Parcel.createException(Parcel.java:1964) at android.os.Parcel.readException(Parcel.java:1918) at android.os.Parcel.readException(Parcel.java:1868) at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786) at android.security.KeyStore.get(KeyStore.java:195) at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificate(AndroidKeyStoreSpi.java:149) at java.security.KeyStore.getCertificate(KeyStore.java:1120) at de.adorsys.android.securestoragelibrary.KeystoreTool.keyPairExists(KeystoreTool.java:135) at de.adorsys.android.securestoragelibrary.SecurePreferences.setValue(SecurePreferences.java:55)

drilonrecica commented 5 years ago

Hi, We will look into this and keep you informed. Thanks for your input.

drilonrecica commented 5 years ago

Hi @515orestis & @developerfromjokela ,

The issue should be fixed with version 1.2.2. We will be releasing version 1.2.2 today afternoon (Central European Time). We'll keep you posted.

Thank you for your input.

drilonrecica commented 5 years ago

Version 1.2.2 was released. It fixes the issue with the ServiceSpecificException.

Tharkius commented 4 years ago

Version 1.2.2 was released. It fixes the issue with the ServiceSpecificException.

Catching an Exception and throwing a different Exception is not solving a problem, you're just sweeping it under the rug:

try {
            if (keyPairExists()) {
                publicKey = getKeyStoreInstance().getCertificate(KEY_ALIAS).getPublicKey();
            } else {
                if (BuildConfig.DEBUG) {
                    Log.e(KeystoreTool.class.getName(), context.getString(R.string.message_keypair_does_not_exist));
                }
                throw new SecureStorageException(context.getString(R.string.message_keypair_does_not_exist), null, INTERNAL_LIBRARY_EXCEPTION);
            }
        } catch (Exception e) {
            throw new SecureStorageException(e.getMessage(), e, KEYSTORE_EXCEPTION);
        }

Even when using getCertificate(), every now and then, the warning still pops-up in Android 9. And it's not just a warning, as it is usually accompanied by this NPE , which results in no data getting encrypted:

KeyStore: KeyStore exception
    android.os.ServiceSpecificException:  (code 7)
        at android.os.Parcel.createException(Parcel.java:1956)
        at android.os.Parcel.readException(Parcel.java:1910)
        at android.os.Parcel.readException(Parcel.java:1860)
        at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786)
        at android.security.KeyStore.get(KeyStore.java:195)
        at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificate(AndroidKeyStoreSpi.java:149)
        at java.security.KeyStore.getCertificate(KeyStore.java:1120)
        at wit.android.bcpBankingApp.utils.security.CryptographyUtils.encryptBytes(CryptographyUtils.java:71)
        at wit.android.bcpBankingApp.cache.handlers.KeyValueCacheHandler.addOrUpdateKeyValueWithKeystore(KeyValueCacheHandler.java:2134)
        at wit.android.bcpBankingApp.cache.handlers.KeyValueCacheHandler.setEncryptionSaltV2(KeyValueCacheHandler.java:723)
        at wit.android.bcpBankingApp.utils.CryptUtils.getEncryptionSaltV2(CryptUtils.java:219)
        at wit.android.bcpBankingApp.core.ApplicationManager.initEncryptionVars(ApplicationManager.java:427)
        at wit.android.bcpBankingApp.core.ApplicationManager.onCreate(ApplicationManager.java:392)
        at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1154)
        at android.app.ActivityThread.handleBindApplication(ActivityThread.java:5871)
        at android.app.ActivityThread.access$1100(ActivityThread.java:199)
        at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1650)
        at android.os.Handler.dispatchMessage(Handler.java:106)
        at android.os.Looper.loop(Looper.java:193)
        at android.app.ActivityThread.main(ActivityThread.java:6669)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)

So, does anyone have any idea of a final solution to this problem?

n-valdez commented 1 month ago

Could not resolve all files for configuration ':app:devBnfDebugRuntimeClasspath'.

Could not find de.adorsys.android:securestoragelibrary:1.2.2.