Added function invalidateByFingerprintEnrollment()

pisalcoding · pisalcoding · commit 46dc00d8c08a · 2024-06-09T21:06:36.000+07:00
diff --git a/fingerprint-auth/build.gradle b/fingerprint-auth/build.gradle
@@ -5,11 +5,11 @@ plugins {
 }
 
 android {
-    compileSdk 32
+    compileSdk 33
 
     defaultConfig {
         minSdk 23
-        targetSdk 32
+        targetSdk 33
 
         testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"
         consumerProguardFiles "consumer-rules.pro"
@@ -50,7 +50,7 @@ afterEvaluate {
 
                 groupId = 'com.github.pisalcoding'
                 artifactId = 'android-fingerprint-auth'
-                version = '1.0.0'
+                version = '1.1.0'
             }
         }
     }
diff --git a/fingerprint-auth/src/main/java/me/pisal/fingerprint/auth/FingerprintAuth.kt b/fingerprint-auth/src/main/java/me/pisal/fingerprint/auth/FingerprintAuth.kt
@@ -5,13 +5,19 @@ import android.content.Context
 import android.os.Bundle
 import android.os.Handler
 import android.security.keystore.KeyGenParameterSpec
-import android.security.keystore.KeyProperties.*
+import android.security.keystore.KeyProperties.BLOCK_MODE_GCM
+import android.security.keystore.KeyProperties.ENCRYPTION_PADDING_NONE
+import android.security.keystore.KeyProperties.KEY_ALGORITHM_AES
+import android.security.keystore.KeyProperties.PURPOSE_DECRYPT
+import android.security.keystore.KeyProperties.PURPOSE_ENCRYPT
 import android.view.LayoutInflater
 import android.view.View
 import android.view.ViewGroup
 import androidx.annotation.LayoutRes
 import androidx.core.hardware.fingerprint.FingerprintManagerCompat
-import androidx.core.hardware.fingerprint.FingerprintManagerCompat.*
+import androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationCallback
+import androidx.core.hardware.fingerprint.FingerprintManagerCompat.AuthenticationResult
+import androidx.core.hardware.fingerprint.FingerprintManagerCompat.CryptoObject
 import androidx.core.os.CancellationSignal
 import androidx.fragment.app.FragmentActivity
 import com.google.android.material.bottomsheet.BottomSheetDialogFragment
@@ -37,7 +43,6 @@ class FingerprintAuth private constructor(private val mHostActivity: FragmentAct
      */
     fun withDialogView(fragment: BaseFingerprintDialogFragment): FingerprintAuth {
         mDialogFragment = fragment
-        mFingerprintManager = FingerprintManagerCompat.from(mHostActivity)
         return this
     }
 
@@ -57,6 +62,24 @@ class FingerprintAuth private constructor(private val mHostActivity: FragmentAct
         validityDuration = duration
     }
 
+    /**
+     * Sets whether this key should be invalidated on biometric enrollment.
+     *
+     * <p>By default, {@code invalidateKey} is {@code true}, so keys that are valid for
+     * biometric authentication only are <em>irreversibly invalidated</em> when a new
+     * biometric is enrolled, or when all existing biometrics are deleted.  That may be
+     * changed by calling this method with {@code invalidateKey} set to {@code false}.
+     *
+     * <p>Invalidating keys on enrollment of a new biometric or unenrollment of all biometrics
+     * improves security by ensuring that an unauthorized person who obtains the password can't
+     * gain the use of biometric-authenticated keys by enrolling their own biometric.  However,
+     * invalidating keys makes key-dependent operations impossible, requiring some fallback
+     * procedure to authenticate the user and set up a new key.
+     */
+    fun invalidateByFingerprintEnrollment(invalidateKey: Boolean) {
+        invalidateByFingerprintEnrollment = invalidateKey
+    }
+
     /**
      * After fingerprint scan is successful, you can access [CredentialsKeeper] safely
      * and without SecurityExceptions
@@ -66,23 +89,45 @@ class FingerprintAuth private constructor(private val mHostActivity: FragmentAct
         return this
     }
 
+    /**
+     * Error callback when the Fingerprint authentication fails.
+     */
     fun doOnFailure(block: BiometricFailureBlock): FingerprintAuth {
         mFailureBlock = block
         return this
     }
 
+    /**
+     * Return whether the keyguard is secured by a PIN, pattern or password or a SIM card
+     * is currently locked.
+     * @return {@code true} if a PIN, pattern or password is set or a SIM card is locked.
+     */
     fun deviceHasSecureLock(): Boolean {
         return isKeyguardSecure(mHostActivity)
     }
 
+    /**
+     * Determine if fingerprint hardware is present and functional.
+     *
+     * @return true if hardware is present and functional, false otherwise.
+     */
     fun deviceHasFingerprintSensor(): Boolean {
         return mFingerprintManager.isHardwareDetected
     }
 
+    /**
+     * Determine if there is at least one fingerprint enrolled.
+     *
+     * @return true if at least one fingerprint is enrolled, false otherwise
+     */
     fun deviceHasFingerprintsEnrolled(): Boolean {
         return mFingerprintManager.hasEnrolledFingerprints()
     }
 
+    /**
+     * @return true if the device has met all conditions to start using Fingerprint authentication.
+     * { 1. deviceHasSecureLock(), 2. deviceHasFingerprintSensor(), 3. deviceHasFingerprintsEnrolled }
+     */
     fun isDeviceEligible(): Boolean {
         return deviceHasSecureLock() &&
                 deviceHasFingerprintSensor() &&
@@ -234,10 +279,13 @@ class FingerprintAuth private constructor(private val mHostActivity: FragmentAct
         private const val DUMMY_KEY_ALIAS = "pZZA27l28r97"
 
         fun from(hostActivity: FragmentActivity): FingerprintAuth {
-            return FingerprintAuth(hostActivity)
+            return FingerprintAuth(hostActivity).apply {
+                this.mFingerprintManager = FingerprintManagerCompat.from(mHostActivity)
+            }
         }
 
         var validityDuration: Int = DEFAULT_VALIDITY_DURATION
+        var invalidateByFingerprintEnrollment: Boolean = true
         var aesKeySize: Int = DEFAULT_AES_KEY_SIZE
     }
 }
diff --git a/fingerprint-auth/src/main/java/me/pisal/fingerprint/auth/credentialskeeper/CredentialsKeeper.kt b/fingerprint-auth/src/main/java/me/pisal/fingerprint/auth/credentialskeeper/CredentialsKeeper.kt
@@ -46,6 +46,10 @@ class CredentialsKeeper(private val context: Context) {
                 setUserAuthenticationRequired(true)
                 setKeySize(256)
 
+                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+                    setInvalidatedByBiometricEnrollment(FingerprintAuth.invalidateByFingerprintEnrollment)
+                }
+
                 if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
                     setUserAuthenticationParameters(
                         FingerprintAuth.validityDuration,

Original file line number	Diff line number	Diff line change
`@@ -5,11 +5,11 @@ plugins {`
`5`	`5`	`}`
`6`	`6`
`7`	`7`	`android {`
`8`		`- compileSdk 32`
	`8`	`+ compileSdk 33`
`9`	`9`
`10`	`10`	`defaultConfig {`
`11`	`11`	`minSdk 23`
`12`		`- targetSdk 32`
	`12`	`+ targetSdk 33`
`13`	`13`
`14`	`14`	`testInstrumentationRunner "androidx.test.runner.AndroidJUnitRunner"`
`15`	`15`	`consumerProguardFiles "consumer-rules.pro"`
`@@ -50,7 +50,7 @@ afterEvaluate {`
`50`	`50`
`51`	`51`	`groupId = 'com.github.pisalcoding'`
`52`	`52`	`artifactId = 'android-fingerprint-auth'`
`53`		`- version = '1.0.0'`
	`53`	`+ version = '1.1.0'`
`54`	`54`	`}`
`55`	`55`	`}`
`56`	`56`	`}`