[Android] License validation issue MIUI Android 6 / others Android 4.x

[8BallBomBom]

Hey There. We've recently added your module to our project with licenses for debug and release versions. Nothing past adding the module and license info. After checking through logcat i came across this.

06-12 23:42:08.464 2893-2893/com.stumble.debug D/NOTIFEE: (License): Remote verification started.
06-12 23:42:08.464 2893-2893/com.stumble.debug D/License: License key found from resources: *license for debug app here*
06-12 23:42:08.474 2893-2893/com.stumble.debug E/License: java.security.spec.InvalidKeySpecException: java.lang.RuntimeException: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
        at com.android.org.conscrypt.OpenSSLKey.getPrivateKey(OpenSSLKey.java:180)
        at com.android.org.conscrypt.OpenSSLRSAKeyFactory.engineGeneratePrivate(OpenSSLRSAKeyFactory.java:64)
        at java.security.KeyFactory.generatePrivate(KeyFactory.java:187)
        at n.o.t.i.f.e.e.nZ_i.nz_n(SourceFile:132)
        at app.notifee.core.Worker.nz_n(SourceFile:27)
        at app.notifee.core.Worker.lambda$6bc3g2OwlMH0Cmb2IhUkkKcXUN0(SourceFile)
        at app.notifee.core.-$$Lambda$Worker$6bc3g2OwlMH0Cmb2IhUkkKcXUN0.attachCompleter(lambda)
        at androidx.concurrent.futures.CallbackToFutureAdapter.getFuture(CallbackToFutureAdapter.java:102)
        at app.notifee.core.Worker.startWork(SourceFile:1)
        at androidx.work.impl.WorkerWrapper$1.run(WorkerWrapper.java:281)
        at android.os.Handler.handleCallback(Handler.java:739)
        at android.os.Handler.dispatchMessage(Handler.java:95)
        at android.os.Looper.loop(Looper.java:135)
        at android.app.ActivityThread.main(ActivityThread.java:5221)
        at java.lang.reflect.Method.invoke(Native Method)
        at java.lang.reflect.Method.invoke(Method.java:372)
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:899)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:694)
     Caused by: java.lang.RuntimeException: error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag
        at com.android.org.conscrypt.NativeCrypto.d2i_PKCS8_PRIV_KEY_INFO(Native Method)
        at com.android.org.conscrypt.OpenSSLKey.getPrivateKey(OpenSSLKey.java:178)
        at com.android.org.conscrypt.OpenSSLRSAKeyFactory.engineGeneratePrivate(OpenSSLRSAKeyFactory.java:64) 
        at java.security.KeyFactory.generatePrivate(KeyFactory.java:187) 
        at n.o.t.i.f.e.e.nZ_i.nz_n(SourceFile:132) 
        at app.notifee.core.Worker.nz_n(SourceFile:27) 
        at app.notifee.core.Worker.lambda$6bc3g2OwlMH0Cmb2IhUkkKcXUN0(SourceFile) 
        at app.notifee.core.-$$Lambda$Worker$6bc3g2OwlMH0Cmb2IhUkkKcXUN0.attachCompleter(lambda) 
        at androidx.concurrent.futures.CallbackToFutureAdapter.getFuture(CallbackToFutureAdapter.java:102) 
        at app.notifee.core.Worker.startWork(SourceFile:1) 
        at androidx.work.impl.WorkerWrapper$1.run(WorkerWrapper.java:281) 
        at android.os.Handler.handleCallback(Handler.java:739) 
        at android.os.Handler.dispatchMessage(Handler.java:95) 
        at android.os.Looper.loop(Looper.java:135) 
        at android.app.ActivityThread.main(ActivityThread.java:5221) 
        at java.lang.reflect.Method.invoke(Native Method) 
        at java.lang.reflect.Method.invoke(Method.java:372) 
        at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:899) 
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:694) 
06-12 23:42:09.725 2893-2952/com.stumble.debug D/NOTIFEE: (License): Remote verification API responded.
06-12 23:42:09.732 2893-2952/com.stumble.debug D/NOTIFEE: (License): Remote verification completed with status: 2

Also our config json file is laid out as follows.

{
    "android": {
        "release": {
            "license": "key here but removed"
        },
        "debug": {
            "license": "key here but removed"
        }
    },
    "ios": {
        "release": {
            "license": "key here but removed"
        },
        "debug": {
            "license": "key here but removed"
        }
    }
  }

[8BallBomBom]

As a side note, what seems odd is that error above was on the first app launch since adding notifee. Now after closing and running the app again i can see just this.

06-12 23:52:24.502 3367-3367/com.stumble.debug D/NOTIFEE: (License): Local verification started.
06-12 23:52:24.503 3367-3367/com.stumble.debug D/License: License key found from resources: *license for debug app here*
06-12 23:52:24.517 3367-3367/com.stumble.debug D/NOTIFEE: (License): Local verification succeeded.

[mikehardy]

That is odd - looks like a server error of some sort. @Salakar would be good to print out what the code maps to, but that one is 'BAD_REQUEST_TOKEN' from the mapping I have. What's that actually mean? Unsure - perhaps the license wasn't copied with fidelity somehow? If you uninstall / reinstall the app you'll force it to go remote again to verify the token I believe. I did not see this with my integration a couple days ago so I'd assume something is amiss until a clean install starts up without exception

[8BallBomBom]

Seems like weird behaviour. Especially since the license is the same each time.

[danieltran]

We just purchased a license for notifee and we're experiencing the same issue. This the error we're getting:

22:16:28.214    NOTIFEE     (License): Remote verification started.
    22:16:28.215    License     License key found from resources: *license for dev*
    22:16:28.229    License     
java.security.spec.InvalidKeySpecException: java.lang.RuntimeException: error:0c0890ba:ASN.1 encoding routines:asn1_check_tlen:WRONG_TAG
    at com.android.org.conscrypt.OpenSSLKey.getPrivateKey(OpenSSLKey.java:283)
    at com.android.org.conscrypt.OpenSSLRSAKeyFactory.engineGeneratePrivate(OpenSSLRSAKeyFactory.java:64)
    at java.security.KeyFactory.generatePrivate(KeyFactory.java:187)
    at n.o.t.i.f.e.e.nZ_i.nz_n(SourceFile:132)
    at app.notifee.core.Worker.nz_n(SourceFile:27)
    at app.notifee.core.Worker.lambda$6bc3g2OwlMH0Cmb2IhUkkKcXUN0(SourceFile)
    at app.notifee.core.-$$Lambda$Worker$6bc3g2OwlMH0Cmb2IhUkkKcXUN0.attachCompleter(lambda)
    at androidx.concurrent.futures.CallbackToFutureAdapter.getFuture(CallbackToFutureAdapter.java:102)
    at app.notifee.core.Worker.startWork(SourceFile:1)
    at androidx.work.impl.WorkerWrapper$1.run(WorkerWrapper.java:281)
    at android.os.Handler.handleCallback(Handler.java:742)
    at android.os.Handler.dispatchMessage(Handler.java:95)
    at android.os.Looper.loop(Looper.java:157)
    at android.app.ActivityThread.main(ActivityThread.java:5603)
    at java.lang.reflect.Method.invoke(Native Method)
    at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:774)
    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:652)
Caused by: java.lang.RuntimeException: error:0c0890ba:ASN.1 encoding routines:asn1_check_tlen:WRONG_TAG
    at com.android.org.conscrypt.NativeCrypto.d2i_PKCS8_PRIV_KEY_INFO(Native Method)
    at com.android.org.conscrypt.OpenSSLKey.getPrivateKey(OpenSSLKey.java:281)
    ... 16 more

    22:16:30.048    NOTIFEE     (License): Remote verification API responded.
    22:16:30.054    NOTIFEE     (License): Remote verification completed with status: 2

with config file like this:

  "android": {
    "dev": {
      "license": "dev-license"
    },
    "staging": {
      "license": "staging-license"
    },
    "prod:" {
      "license": "prod-license"
    }
  }

Similarly weird is that remote validation is fine in the Android emulator with the same app build and same key, but move the same app to my physical Android device and it will consistently fail with the error above every time. Any ideas what could possibly be causing this? The physical device is a Redmi Note 3 running Android 6.0.1. MIUI 10.2.10.

[mikehardy]

This is a problem, but I think it will end up being device specific - MIUI in particular is renowned for implementing things incorrectly and perhaps they have done something incorrect with the crypto.

If it is working in the emulator, I think it's safe to tick this off your list from a development checklist perspective - but it is still on us to figure it out for real.

Local validation will be sufficient while the package is in alpha, and disabling notifications in release builds on remote validation failures would be gated on resolving this to make sure nothing unexpected happens.

I've labeled so that it will stay open and with P1 it will be examined prior to any breaking change like that

Thanks for reporting!

[8BallBomBom]

Also a problem on some Samsung devices. Might not be too much of an issue though as RN is starting to push Android 5 minimum soon.

[mikehardy]

Yes - flutter is API21+, react-native 0.64 also (so I would assume the actual Facebook app as well) and I'd be surprised if Google's GMS packages (all the play services stuff) didn't go there as well. In my stats on a really large project that actually skews towards older APIs, <API21 is 0.7% of userbase now. It appears it's time

[danieltran]

We tested on a Pixel 3 and Samsung S6 and license activation is working on those devices so that's good but yes would be great to have this addressed.

[mikehardy]

@danieltran I note your issue was logged against this device / OS " The physical device is a Redmi Note 3 running Android 6.0.1. MIUI 10.2.10." so my take about it not being a problem with Android 5+ does not appear valid and this will not age out quickly. I will keep it open for further investigation as time permits. My above commit about it being an error yes but not disabling the plugin stands so it may not get priority for a while but also notifications will not fail for you at least. Thanks everyone for the collaboration

[lucadegasperi]

Hello Everyone, I'm getting a similar issue on both a samsung SM-J710F running android 6.0.1 and an Asus ASUS_Z00ED running android 6.0.1 as well. The notifications are not displayed as the library is giving me the following error using the release key:

NOTIFEE : (License): Attempted to call method displayNotification but your license is invalid.

All the other android versions run just fine.

My notifee.config.js file has the following structure

{
  "android": {
    "license": "XXX.XXX.XXX"
  },
  "ios": {
    "license": "XXX.XXX.XXX"
  }
}

[mikehardy]

The notifications are not displayed as the library is giving me the following error using the release key:

That is unexpected, I had thought the notifications would still at least work, meaning we could sort of wait while these device/os-version combinations aged off. Looks to be not the case

Sorry about this, raising priority

[mikehardy]

@Salakar sorry to tag you in on this but I'm pretty sure you worked on the local validation - we have local notification display failure for customers on these though we haven't reproduced it yet (it may be manufacturer-specific). There may be some cutout we need to do or special exception handling for Android 6.0.1 on these devices owing to crypto library failures ?

[mikehardy]

Only hit I have on those strings is that the cert might work better as DER not PEM, but I have verified nothing about that claim - https://github.com/owntracks/android/issues/361#issuecomment-234550323 - and it might be regressive - another item with some promise (but also wholly unverified other than to check it had promising avenues of exploration) was https://stackoverflow.com/questions/46812752/error0c0890baasn-1-encoding-routinesasn1-check-tlenwrong-tag

[lucadegasperi]

Thank you @mikehardy for raising priority. Is there some way to have a stop-gap fix for this issue? Like just allowing 6.0 devices to not check the license key?

[mikehardy]

Hi @lucadegasperi I just raised this internally, it's under active discussion - thanks for your patience

[mikehardy]

Okay we have internal agreement on a workaround and I've got go ahead to implement. It is the holidays so please forgive me if it takes me a while but I intend to fix this with time as available. Cheers

[lucadegasperi]

Thank you @mikehardy, if you need me to test the workaround I'm available 👍

[mikehardy]

I have a PR posted for this one, should be fixed / released shortly, thanks for your patience

[mikehardy]

Call for testers! If you were able to reproduce this problem on demand before, I would love to hear if we have fixed it before general release. (@lucadegasperi perhaps 😄 ?)

I did my absolute best with local testing, but that's not the same as actual reproduction and we don't have devices that reproduce this, so we need your help. I can verify it works when test-integrated into my main work project.

To test:

1. Alter your package.json dependency to be like this:

   "@notifee/react-native": "notifee/react-native-notifee.git#@mikehardy/issue87-prerelease",

2. add a postinstall step to package.json like this:

   "postinstall": "cd node_modules/@notifee/react-native && yarn"

   (although mine actually looks like this, as I use patch-package plus a jetify for good measure:

   "postinstall": "patch-package && jetify && cd node_modules/@notifee/react-native && yarn"

   )

3. ...it should work on Android 6 devices. You will likely still see stack traces but notifications should still work.

I would love to hear feedback if you have any

Cheers

[lucadegasperi]

@mikehardy Thank you very much! Works so far on Android 6. Do you need any logs?

[mikehardy]

That is fantastic news! Thanks a bunch for testing it. I appreciate the offer for logging but this is one of those things that works or doesn't ;-).

I believe it is safe to keep that prerelease integrated if it is important to your project, there is nothing unrelated to the fix in this pre-release, in terms of diff from 0.15.2 and what's on that branch.

All future releases will have the fix so you can go back to a more standard integration on next release