Merge pull request #81 from ycai2/feature/key-permanently-invalidated-exception

feature: handle exception by re-initialize key

Author: mCodex

android/src/main/java/br/com/classapp/RNSensitiveInfo/RNSensitiveInfoModule.java

@@ -7,6 +7,7 @@
 import android.os.CancellationSignal;
 import android.security.keystore.KeyGenParameterSpec;
 import android.security.keystore.KeyInfo;
+import android.security.keystore.KeyPermanentlyInvalidatedException;
 import android.security.keystore.KeyProperties;
 import android.support.annotation.NonNull;
 import android.util.Base64;
@@ -212,36 +213,40 @@ private void putExtra(String key, Object value, SharedPreferences mSharedPrefere
      * Android Keystore.
      */
     private void initKeyStore() {
-        if (android.os.Build.VERSION.SDK_INT < android.os.Build.VERSION_CODES.M) {
-            return;
-        }
         try {
             mKeyStore = KeyStore.getInstance(ANDROID_KEYSTORE_PROVIDER);
             mKeyStore.load(null);
 
             // Check if a generated key exists under the KEY_ALIAS_AES .
             if (!mKeyStore.containsAlias(KEY_ALIAS_AES)) {
-                KeyGenerator keyGenerator = KeyGenerator.getInstance(
-                        KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEYSTORE_PROVIDER);
-
-                KeyGenParameterSpec.Builder builder = null;
-                builder = new KeyGenParameterSpec.Builder(
-                        KEY_ALIAS_AES,
-                        KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT);
-
-                builder.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
-                        .setKeySize(256)
-                        .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
-                        // forces user authentication with fingerprint
-                        .setUserAuthenticationRequired(true);
-
-                keyGenerator.init(builder.build());
-                keyGenerator.generateKey();
+                prepareKey();
             }
         } catch (Exception e) {
         }
     }
 
+    private void prepareKey() throws Exception {
+        if (android.os.Build.VERSION.SDK_INT < android.os.Build.VERSION_CODES.M) {
+            return;
+        }
+        KeyGenerator keyGenerator = KeyGenerator.getInstance(
+                KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEYSTORE_PROVIDER);
+
+        KeyGenParameterSpec.Builder builder = null;
+        builder = new KeyGenParameterSpec.Builder(
+                KEY_ALIAS_AES,
+                KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT);
+
+        builder.setBlockModes(KeyProperties.BLOCK_MODE_CBC)
+                .setKeySize(256)
+                .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7)
+                // forces user authentication with fingerprint
+                .setUserAuthenticationRequired(true);
+
+        keyGenerator.init(builder.build());
+        keyGenerator.generateKey();
+    }
+
     private void putExtraWithAES(final String key, final String value, final SharedPreferences mSharedPreferences, final Promise pm, Cipher cipher) {
         if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M && hasSetupFingerprint()) {
             try {
@@ -250,6 +255,7 @@ private void putExtraWithAES(final String key, final String value, final SharedP
                     cipher = Cipher.getInstance(AES_DEFAULT_TRANSFORMATION);
                     cipher.init(Cipher.ENCRYPT_MODE, secretKey);
 
+
                     // Retrieve information about the SecretKey from the KeyStore.
                     SecretKeyFactory factory = SecretKeyFactory.getInstance(
                             secretKey.getAlgorithm(), ANDROID_KEYSTORE_PROVIDER);
@@ -303,6 +309,14 @@ public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult re
 
                 putExtra(key, result, mSharedPreferences);
                 pm.resolve(value);
+            } catch (KeyPermanentlyInvalidatedException e) {
+                try {
+                    mKeyStore.deleteEntry(KEY_ALIAS_AES);
+                    prepareKey();
+                } catch (Exception keyResetError) {
+                    pm.reject(keyResetError);
+                }
+                pm.reject(e);
             } catch (SecurityException e) {
                 pm.reject(e);
             } catch (Exception e) {
@@ -375,6 +389,14 @@ public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult re
                 }
                 byte[] decryptedBytes = cipher.doFinal(cipherBytes);
                 pm.resolve(new String(decryptedBytes));
+            } catch (KeyPermanentlyInvalidatedException e) {
+                try {
+                    mKeyStore.deleteEntry(KEY_ALIAS_AES);
+                    prepareKey();
+                } catch (Exception keyResetError) {
+                    pm.reject(keyResetError);
+                }
+                pm.reject(e);
             } catch (SecurityException e) {
                 pm.reject(e);
             } catch (Exception e) {
@@ -384,4 +406,4 @@ public void onAuthenticationSucceeded(FingerprintManager.AuthenticationResult re
             pm.reject("Fingerprint not supported", "Fingerprint not supported");
         }
     }
-}
+}