Merge pull request #162 from mtpilarek/keystore

Keystore

Author: mCodex

README.md

@@ -4,18 +4,16 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 [![Open Source Love](https://badges.frapsoft.com/os/v2/open-source.png?v=103)](https://github.com/ellerbrock/open-source-badges/)
 
+`react-native-sensitive-info` manages all data stored in Android Shared Preferences, iOS Keychain and Windows Credentials. You can set and get all key/value using simple methods.
 
-**react-native-sensitive-info**  is the next generation of [react-native-get-shared-prefs](https://www.npmjs.com/package/react-native-get-shared-prefs).
 
-# Introduction
+# Help Wanted
 
-`react-native-sensitive-info` manages all data stored in Android Shared Preferences, iOS Keychain and Windows Credentials. You can set and get all key/value using simple methods.
+Hi 👋! It's been 3 years since I released RNSensitiveInfo's first version only to fix a problem that I was facing at that moment. I was starting my career as JS Developer and RNSensitiveInfo helped me a lot through my learning path. Unfortunately, I don't have too much time as I wanted to, to support by myself this awesome library that we've built so far. So, I'm looking for developers who could help during this journey... We have so many pending issues, features, security improvements, unity/integration tests that could be done... I'm still willing to help and take care of releasing it.
 
+Feel free to contact me,
 
-| RN SensitiveInfo Version | Description                      |
-|--------------------------|----------------------------------|
-| 4.0+                     | Compatible with RN 0.40+         |
-| <= 3.0.2                 | Compatible with RN 0.40 or below |
+Best Regards!
 
 # Install
 
@@ -169,6 +167,18 @@ strings: {
 }
 ```
 
+#### setInvalidatedByBiometricEnrollment
+
+If you want to control the behaviour on android when new Fingers are enrolled or removed on the device [https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder#setInvalidatedByBiometricEnrollment(boolean)](https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder#setInvalidatedByBiometricEnrollment(boolean)) on any device with API level greater than 24 (`Android version >= N`). You should call during the initialization of your app to the function `setInvalidatedByBiometricEnrollment`.
+This will re-initialise the internal android Key generator with the flag set to keep/invalidate the credentials upon fingers change.
+
+```javascript
+    import SInfo from 'react-native-sensitive-info';
+
+    SInfo.setInvalidatedByBiometricEnrollment(false);
+```
+If you do not call to this function the default value is set to `true`.
+
 ### iOS Specific Options
 
 #### kSecAccessControl
@@ -186,6 +196,13 @@ SInfo.setItem('key1', 'value1', {
 
 Note: By default `kSecAccessControl` will get set to `kSecAccessControlUserPresence`.
 
+#### kSecAttrSynchronizable
+
+You can set this to `true` in order to sync the keychain items with iCloud.
+
+Note: By default `kSecAttrSynchronizable` will get set to `false`.
+
+
 # How to use?
 
 Here is a simple example:

RNSensitiveInfo.js

@@ -1,3 +1,21 @@
-import { NativeModules } from 'react-native';
+import { NativeModules } from "react-native";
 
-module.exports = NativeModules.RNSensitiveInfo;
+const RNSensitiveInfo = NativeModules.RNSensitiveInfo;
+
+module.exports = {
+  ...RNSensitiveInfo,
+  setInvalidatedByBiometricEnrollment() {
+    if (RNSensitiveInfo.setInvalidatedByBiometricEnrollment == null) {
+      return;
+    }
+
+    return RNSensitiveInfo.setInvalidatedByBiometricEnrollment();
+  },
+  cancelFingerprintAuth() {
+    if (RNSensitiveInfo.cancelFingerprintAuth == null) {
+      return;
+    }
+
+    return RNSensitiveInfo.cancelFingerprintAuth();
+  }
+};

android/src/main/java/br/com/classapp/RNSensitiveInfo/RNSensitiveInfoModule.java

@@ -1,5 +1,8 @@
 package br.com.classapp.RNSensitiveInfo;
 
+import android.app.Activity;
+import android.app.Fragment;
+import android.app.FragmentTransaction;
 import android.content.Context;
 import android.content.SharedPreferences;
 import android.hardware.fingerprint.FingerprintManager;
@@ -9,9 +12,9 @@
 import android.security.keystore.KeyInfo;
 import android.security.KeyPairGeneratorSpec;
 import android.security.keystore.KeyProperties;
-import android.support.annotation.NonNull;
 import android.util.Base64;
 import android.util.Log;
+import androidx.annotation.NonNull;
 
 import com.facebook.react.bridge.Promise;
 import com.facebook.react.bridge.ReactApplicationContext;
@@ -68,6 +71,9 @@ public class RNSensitiveInfoModule extends ReactContextBaseJavaModule {
     private KeyStore mKeyStore;
     private CancellationSignal mCancellationSignal;
 
+    // Keep it true by default to maintain backwards compatibility with existing users.
+    private boolean invalidateEnrollment = true;
+
     public RNSensitiveInfoModule(ReactApplicationContext reactContext) {
         super(reactContext);
 
@@ -126,6 +132,16 @@ private boolean hasSetupFingerprint() {
         }
     }
 
+    @ReactMethod
+    public void setInvalidatedByBiometricEnrollment(final boolean invalidatedByBiometricEnrollment, final Promise pm) {
+        this.invalidateEnrollment = invalidatedByBiometricEnrollment;
+        try {
+            prepareKey();
+        } catch (Exception e) {
+            pm.reject(e);
+        }
+    }
+
     @ReactMethod
     public void isHardwareDetected(final Promise pm) {
         if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
@@ -291,6 +307,34 @@ private void initKeyStore() {
         }
     }
 
+    private void showDialog(final HashMap strings, Object cryptoObject, FingerprintUiHelper.Callback callback) {
+        if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M) {
+            // DialogFragment.show() will take care of adding the fragment
+            // in a transaction.  We also want to remove any currently showing
+            // dialog, so make our own transaction and take care of that here.
+
+            Activity activity = getCurrentActivity();
+            if (activity == null) {
+                callback.onError(AppConstants.E_INIT_FAILURE,
+                        strings.containsKey("cancelled") ? strings.get("cancelled").toString() : "Authentication was cancelled");
+                return;
+            }
+
+            FragmentTransaction ft = activity.getFragmentManager().beginTransaction();
+            Fragment prev = getCurrentActivity().getFragmentManager().findFragmentByTag(AppConstants.DIALOG_FRAGMENT_TAG);
+            if (prev != null) {
+                ft.remove(prev);
+            }
+            ft.addToBackStack(null);
+
+            // Create and show the dialog.
+            FingerprintAuthenticationDialogFragment newFragment = FingerprintAuthenticationDialogFragment.newInstance(strings);
+            newFragment.setCryptoObject((FingerprintManager.CryptoObject) cryptoObject);
+            newFragment.setCallback(callback);
+            newFragment.show(ft, AppConstants.DIALOG_FRAGMENT_TAG);
+        }
+    }
+
     /**
      * Generates a new AES key and stores it under the { @code KEY_ALIAS_AES } in the
      * Android Keystore.
@@ -322,6 +366,14 @@ private void prepareKey() throws Exception {
                 // forces user authentication with fingerprint
                 .setUserAuthenticationRequired(true);
 
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.N) {
+            try {
+                builder.setInvalidatedByBiometricEnrollment(invalidateEnrollment);
+            } catch (Exception e) {
+                Log.d("RNSensitiveInfo", "Error setting setInvalidatedByBiometricEnrollment: " + e.getMessage());
+            }
+        }
+
         keyGenerator.init(builder.build());
         keyGenerator.generateKey();
     }
@@ -362,12 +414,7 @@ public void onError(String errorCode, CharSequence errString) {
                             }
 
                             // Show the fingerprint dialog
-                            FingerprintAuthenticationDialogFragment fragment
-                                    = FingerprintAuthenticationDialogFragment.newInstance(strings);
-                            fragment.setCryptoObject(new FingerprintManager.CryptoObject(cipher));
-                            fragment.setCallback(new PutExtraWithAESCallback());
-
-                            fragment.show(getCurrentActivity().getFragmentManager(), AppConstants.DIALOG_FRAGMENT_TAG);
+                            showDialog(strings, new FingerprintManager.CryptoObject(cipher), new PutExtraWithAESCallback());
 
                         } else {
                             mCancellationSignal = new CancellationSignal();
@@ -478,12 +525,7 @@ public void onError(String errorCode, CharSequence errString) {
                             }
 
                             // Show the fingerprint dialog
-                            FingerprintAuthenticationDialogFragment fragment
-                                    = FingerprintAuthenticationDialogFragment.newInstance(strings);
-                            fragment.setCryptoObject(new FingerprintManager.CryptoObject(cipher));
-                            fragment.setCallback(new DecryptWithAesCallback());
-
-                            fragment.show(getCurrentActivity().getFragmentManager(), AppConstants.DIALOG_FRAGMENT_TAG);
+                            showDialog(strings, new FingerprintManager.CryptoObject(cipher), new DecryptWithAesCallback());
 
                         } else {
                             mCancellationSignal = new CancellationSignal();

android/src/main/java/br/com/classapp/RNSensitiveInfo/utils/AppConstants.java

@@ -6,4 +6,5 @@ public interface AppConstants {
 
     // error codes
     String E_AUTHENTICATION_CANCELLED = "E_AUTHENTICATION_CANCELLED";
+    String E_INIT_FAILURE = "E_INIT_FAILURE";
 }

android/src/main/java/br/com/classapp/RNSensitiveInfo/view/Fragments/FingerprintAuthenticationDialogFragment.java

@@ -56,6 +56,11 @@ public class FingerprintAuthenticationDialogFragment extends DialogFragment
 
     private SharedPreferences mSharedPreferences;
 
+    private boolean mSavedInstanceStateDone = false;
+    private boolean mPendingDismiss = false;
+    private boolean mDidDismiss = false;
+    private boolean mDidInvokeCallback = false;
+
     public static FingerprintAuthenticationDialogFragment newInstance(HashMap strings) {
         FingerprintAuthenticationDialogFragment f = new FingerprintAuthenticationDialogFragment();
 
@@ -96,10 +101,10 @@ public View onCreateView(LayoutInflater inflater, ViewGroup container,
         mCancelButton.setOnClickListener(new View.OnClickListener() {
             @Override
             public void onClick(View view) {
-                mCallback.onError(
+                callbackOnError(
                         AppConstants.E_AUTHENTICATION_CANCELLED,
                         mStrings.containsKey("cancelled") ? mStrings.get("cancelled").toString() : "Authentication was cancelled");
-                dismiss();
+                dismissDialog();
             }
         });
 
@@ -120,7 +125,14 @@ public void onClick(View view) {
     @Override
     public void onResume() {
         super.onResume();
-        mFingerprintUiHelper.startListening(mCryptoObject);
+        mSavedInstanceStateDone = false;
+
+        if (mPendingDismiss) {
+            // if there's a pending dismiss request, dismiss a fragment when it resumes
+            dismissDialog();
+        } else {
+            mFingerprintUiHelper.startListening(mCryptoObject);
+        }
     }
 
     @Override
@@ -132,7 +144,7 @@ public void onPause() {
     @Override
     public void onCancel(DialogInterface dialog) {
         super.onCancel(dialog);
-        mCallback.onError(
+        callbackOnError(
                 AppConstants.E_AUTHENTICATION_CANCELLED,
                 mStrings.containsKey("cancelled") ? mStrings.get("cancelled").toString() : "Authentication was cancelled");
     }
@@ -144,6 +156,24 @@ public void onAttach(Context context) {
         mActivity = getActivity();
     }
 
+    public void onSaveInstanceState(Bundle outState) {
+        super.onSaveInstanceState(outState);
+        mSavedInstanceStateDone = true;
+    }
+
+    private void dismissDialog() {
+        if (mDidDismiss) return;
+
+        if (!mSavedInstanceStateDone) {
+            // fragment is running, dismiss it
+            mDidDismiss = true;
+            dismiss();
+        } else {
+            // fragment is paused, dismiss it onResume
+            mPendingDismiss = true;
+        }
+    }
+
     /**
      * Sets the crypto object to be passed in when authenticating with fingerprint.
      */
@@ -158,17 +188,31 @@ public void setCallback(FingerprintUiHelper.Callback callback) {
         mCallback = callback;
     }
 
+    public void callbackOnAuthenticated(FingerprintManager.AuthenticationResult result) {
+        if (!mDidInvokeCallback) {
+            mDidInvokeCallback = true;
+            mCallback.onAuthenticated(result);
+        }
+    }
+
+    public void callbackOnError(String errorCode, CharSequence errString) {
+        if (!mDidInvokeCallback) {
+            mDidInvokeCallback = true;
+            mCallback.onError(errorCode, errString);
+        }
+    }
+
     @Override
     public void onAuthenticated(FingerprintManager.AuthenticationResult result) {
         // Callback from FingerprintUiHelper. Let the activity know that authentication was
         // successful.
-        mCallback.onAuthenticated(result);
-        dismiss();
+        callbackOnAuthenticated(result);
+        dismissDialog();
     }
 
     @Override
     public void onError(String errorCode, CharSequence errString) {
-        mCallback.onError(errorCode, errString);
-        dismiss();
+        callbackOnError(errorCode, errString);
+        dismissDialog();
     }
 }

android/src/main/java/br/com/classapp/RNSensitiveInfo/view/Fragments/FingerprintUiHelper.java

@@ -94,6 +94,7 @@ public void stopListening() {
     @Override
     public void onAuthenticationError(final int errMsgId, final CharSequence errString) {
         if (!mSelfCancelled) {
+            mCancelButton.setEnabled(false);
             showError(errString);
             mIcon.postDelayed(new Runnable() {
                 @Override

example/.babelrc

@@ -1,3 +1,3 @@
 {
-  "presets": ["react-native"]
+  "presets": ["module:metro-react-native-babel-preset"]
 }