search

aws-amplify / amplify-android

The fastest and easiest way to use AWS from your Android app.
https://docs.amplify.aws/lib/q/platform/android/
Apache License 2.0
249 stars 117 forks source link

AndroidKeystoreAesGcm.encryptInternal #2939

Open fauzimubarokk opened 1 month ago

fauzimubarokk commented 1 month ago

Before opening, please confirm:

Language and Async Model

Kotlin - Coroutines

Amplify Categories

Authentication

Gradle script dependencies

```groovy implementation("com.amplifyframework:aws-auth-cognito:2.23.0") ```

Environment information

``` # Put output below this line ------------------------------------------------------------ Gradle 8.7 ------------------------------------------------------------ ```

Please include any relevant guides or documentation you're referencing

https://docs.amplify.aws/lib/auth/signin_web_ui/q/platform/android/#launch-web-ui-sign-in

Describe the bug

Fatal Exception: java.security.KeyStoreException
the master key android-keystore://amplify_master_key exists but is unusable

Fatal Exception: java.security.KeyStoreException: the master key android-keystore://amplify_master_key exists but is unusable
       at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewMasterKey(AndroidKeysetManager.java:332)
       at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:290)
       at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:155)
       at com.amplifyframework.core.store.EncryptedKeyValueRepository.getSharedPreferencesOrThrow(EncryptedKeyValueRepository.kt:110)
       at com.amplifyframework.core.store.EncryptedKeyValueRepository.openKeystoreWithAmplifyMasterKey(EncryptedKeyValueRepository.kt:86)
       at com.amplifyframework.core.store.EncryptedKeyValueRepository.getOrCreateSharedPreferences(EncryptedKeyValueRepository.kt:64)
       at com.amplifyframework.core.store.EncryptedKeyValueRepository.access$getOrCreateSharedPreferences(EncryptedKeyValueRepository.kt)
       at com.amplifyframework.core.store.EncryptedKeyValueRepository$sharedPreferences$2.invoke(EncryptedKeyValueRepository.kt:48)
       at com.amplifyframework.core.store.EncryptedKeyValueRepository$sharedPreferences$2.invoke(EncryptedKeyValueRepository.kt:48)
       at kotlin.SynchronizedLazyImpl.getValue(LazyJVM.kt:74)
       at com.amplifyframework.core.store.EncryptedKeyValueRepository.getSharedPreferences(EncryptedKeyValueRepository.kt:48)
       at com.amplifyframework.core.store.EncryptedKeyValueRepository.get(EncryptedKeyValueRepository.kt:51)
       at com.amplifyframework.auth.cognito.data.AWSCognitoAuthCredentialStore.retrieveCredential(AWSCognitoAuthCredentialStore.kt:62)
       at com.amplifyframework.auth.cognito.actions.CredentialStoreCognitoActions$loadCredentialStoreAction$$inlined$invoke$1.execute(Action.kt:70)
       at com.amplifyframework.statemachine.ConcurrentEffectExecutor$execute$1$1.invokeSuspend(ConcurrentEffectExecutor.kt:26)
       at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
       at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:104)
       at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt)
       at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:811)
       at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:715)
       at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt)

Reproduction steps (if applicable)

No response

Code Snippet

// Put your code below this line.

Log output

``` // Put your logs below this line ```

amplifyconfiguration.json

{
  "auth": {
    "plugins": {
      "awsCognitoAuthPlugin": {
        "IdentityManager": {
          "Default": {}
        },
        "AppSync": {
          "Default": {
            "ApiUrl": "****",
            "Region": "ap-southeast-1",
            "AuthMode": "API_KEY",
            "ApiKey": "*****",
            "ClientDatabasePrefix": "***"
          },
        "CredentialsProvider": {
          "CognitoIdentity": {
            "Default": {
              "PoolId": "****",
              "Region": "***"
            }
          }
        },
        "CognitoUserPool": {
          "Default": {
            "PoolId": "ap-southeast",
            "AppClientId": "***",
            "Region": "ap-southeast"
          }
        },
        "Auth": {
          "Default": {
            "OAuth": {
              "WebDomain": "***",
              "AppClientId": "***",
              "SignInRedirectURI": "***",
              "SignOutRedirectURI": "***",
              "Scopes": [
                "phone",
                "email",
                "openid",
                "profile",
                "aws.cognito.signin.user.admin"
              ]
            }
          }
        }
      }
    }
  }

GraphQL Schema

```graphql // Put your schema below this line ```

Additional information and screenshots

No response

mattcreaser commented 1 month ago

This is a duplicate of #2845. @fauzimubarokk do you have any details on the devices this occurs on? Some devices simply have faulty keystore implementations - we make a best effort but if the keystore doesn't work there's not much we can do.

fauzimubarokk commented 1 month ago

Here are the details of the devices :

Device Name Operating System
image image

@mattcreaser

vincetran commented 4 weeks ago

Hmm. On previous projects I have seen that Oppo devices have been notoriously difficult to code around due to the way Oppo has customized Android. When it says 71% Oppo, does that mean there are other devices that have encountered this issue that makes up the rest of the 29%?