Merge pull request #3 from NMA-SPMS/master

EddyVerbruggen · web-flow · commit 825b1f2d0ee8 · 2016-11-28T20:47:25.000+01:00
Add android implementation
diff --git a/README.md b/README.md
@@ -35,7 +35,8 @@ Want a nicer guide than these raw code samples? Read [Nic Raboy's blog post abou
 
 ```js
   touchid.verifyFingerprint({
-    message: 'Scan yer finger' // optional, shown in the fingerprint dialog (default: 'Scan your finger').
+    message: 'Scan yer finger', // optional, shown in the fingerprint dialog (default on ios: 'Scan your finger', default on android: 'We are doing this for your own security.').
+    title: 'Android title' // optional title for android,(default: 'Please confirm your credentials.')
   }).then(
       function() {
         console.log("Fingerprint was OK");
@@ -48,6 +49,8 @@ Want a nicer guide than these raw code samples? Read [Nic Raboy's blog post abou
 
 ### function: verifyFingerprintWithCustomFallback
 
+#### Note: not implemented in android yet
+
 ```js
   touchid.verifyFingerprintWithCustomFallback({
     message: 'Scan yer finger', // optional, shown in the fingerprint dialog (default: 'Scan your finger').
@@ -71,6 +74,8 @@ So instead of checking the fingerprint after `available` add another check.
 In case `didFingerprintDatabaseChange` returns `true` you probably want to re-authenticate your user
 before accepting valid fingerprints again.
 
+#### Note: not implemented in android yet
+
 ```js
 touchid.available().then(
     function(avail) {
diff --git a/touchid.android.js b/touchid.android.js
@@ -1,12 +1,196 @@
-exports.available = function () {
+
+var app = require('application');
+var utils = require('utils/utils');
+
+var KeyguardManager = android.app.KeyguardManager;
+var ActivityCompat = android.support.v4.app.ActivityCompat;
+var Manifest = android.Manifest;
+var PackageManager = android.content.pm.PackageManager;
+var KeyStore = java.security.KeyStore;
+var Cipher = javax.crypto.Cipher;
+var KeyGenerator = javax.crypto.KeyGenerator;
+var KeyProperties = android.security.keystore.KeyProperties;
+var SecretKey = javax.crypto.SecretKey;
+var KeyGenParameterSpec = android.security.keystore.KeyGenParameterSpec;
+
+
+//var FingerprintManager;
+
+//var KEYGUARD_SYSTEM_SERVICE = "keyguard";
+var KEY_NAME = 'fingerprintscanner';
+var SECRET_BYTE_ARRAY = Array.create('byte', 16);
+var REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS = 1;
+var AUTHENTICATION_DURATION = 15; // in seconds
+
+var activity = null;
+
+var keyguardManager = null;
+
+var title = null;
+var message = null;
+
+var available = function () {
+  return new Promise(function (resolve, reject) {
+
+    keyguardManager = utils.ad.getApplicationContext().getSystemService("keyguard");
+
+    if (!keyguardManager.isKeyguardSecure()) { 
+        resolve(false);
+        return;
+    }
+
+     if (android.os.Build.VERSION.SDK_INT >= 23) { //23 == android.os.BUILD.M
+          //Fingerprint API only available on from Android 6.0 (M)
+          var fingerprintManager = utils.ad.getApplicationContext().getSystemService("fingerprint");
+          if (!fingerprintManager.isHardwareDetected()) { 
+              // Device doesn't support fingerprint authentication
+              reject('Device doesn\'t support fingerprint authentication');     
+          } else if (!fingerprintManager.hasEnrolledFingerprints()) { 
+              // User hasn't enrolled any fingerprints to authenticate with 
+              reject('User hasn\'t enrolled any fingerprints to authenticate with');    
+          } else { 
+              resolve(true);
+          }
+      }else{
+          reject('Your api version don\'t support fingerprint auth');
+      }
+    
+    resolve(true);
+  });
+};
+
+var didFingerprintDatabaseChange = function () {
+  return new Promise(function (resolve, reject) {
+    resolve('Not yet implemented!');
+  });
+};
+
+
+var verifyFingerprint = function (arg) {
+  if(arg){
+    if(arg.title) title = arg.title;
+    if(arg.message) message = arg.message;
+  }
   return new Promise(function (resolve, reject) {
-    resolve(false);
+    activity = app.android.foregroundActivity;
+    try {
+      activity.onActivityResult = function onActivityResult(requestCode, resultCode, data) {
+        if (requestCode === REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS) {
+          if (resultCode === android.app.Activity.RESULT_OK) {
+            // the user has just authenticated via the ConfirmDeviceCredential activity
+            resolve('Congrats! You have just been authenticated successfully!');
+          } else {
+            // the user has quit the activity without providing credentials
+            reject('The last authentication attempt was cancelled.');
+          }
+        }
+      };
+
+      if (keyguardManager == null) {
+        reject('Sorry, your device does not support keyguardManager.');
+      }
+      if (keyguardManager && !keyguardManager.isKeyguardSecure()) {
+        reject('Secure lock screen hasn\'t been set up.\n Go to "Settings -> Security -> Screenlock" to set up a lock screen.');
+      }
+
+      createKey();
+      tryEncrypt(); 
+      
+    } catch (ex) {
+      console.log("Error in verifyFingerprint: " + ex);
+      reject(ex);
+    }
   });
 };
 
-// shouldn't be called anyway because 'available' returned false
-exports.verifyFingerprint = function () {
+
+var verifyFingerprintWithCustomFallback = function (arg) {
   return new Promise(function (resolve, reject) {
-    reject("Not available");
+    try {
+      resolve('Not implemented');
+    } catch (ex) {
+      console.log("Error in verifyFingerprint: " + ex);
+      reject(ex);
+    }
   });
-};
+};
+
+/**
+ * Creates a symmetric key in the Android Key Store which can only be used after the user has
+ * authenticated with device credentials within the last X seconds.
+ */
+function createKey() {
+  try {
+    var keyStore = KeyStore.getInstance('AndroidKeyStore');
+    keyStore.load(null);
+    var keyGenerator = KeyGenerator.getInstance(KeyProperties.KEY_ALGORITHM_AES, 'AndroidKeyStore');
+
+    keyGenerator.init(
+      new KeyGenParameterSpec.Builder(KEY_NAME, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
+        .setBlockModes([KeyProperties.BLOCK_MODE_CBC])
+        .setUserAuthenticationRequired(true)
+        .setUserAuthenticationValidityDurationSeconds(AUTHENTICATION_DURATION)
+        .setEncryptionPaddings([KeyProperties.ENCRYPTION_PADDING_PKCS7])
+        .build()
+    );
+    keyGenerator.generateKey();
+  } catch (error) {
+    // checks if the AES algorithm is implemented by the AndroidKeyStore
+    if ((error.nativeException + '').indexOf('java.security.NoSuchAlgorithmException:') > -1) {
+     //You need a device with API level >= 23 in order to detect if the user has already been authenticated in the last x seconds.
+    }
+  }
+}
+
+
+function tryEncrypt() {
+  try {
+    var keyStore = KeyStore.getInstance('AndroidKeyStore');
+    keyStore.load(null);
+    var secretKey = keyStore.getKey(KEY_NAME, null);
+
+    var cipher = Cipher.getInstance(KeyProperties.KEY_ALGORITHM_AES + "/" +
+                                    KeyProperties.BLOCK_MODE_CBC + "/" +
+                                    KeyProperties.ENCRYPTION_PADDING_PKCS7);
+
+    cipher.init(Cipher.ENCRYPT_MODE, secretKey);
+    cipher.doFinal(SECRET_BYTE_ARRAY);
+    
+    return true;
+  } catch (error) {
+    if ((error.nativeException + '').indexOf('android.security.keystore.UserNotAuthenticatedException') > -1) {
+      // the user must provide their credentials in order to proceed
+      showAuthenticationScreen();
+    } else if((error.nativeException + '').indexOf('android.security.keystore.KeyPermanentlyInvalidatedException') > -1){
+      //Invalid fingerprint
+      console.log(error);
+    } else {
+      console.log(error);
+    }
+
+    return false;
+  }
+}
+
+/**
+ * Starts the built-in Android ConfirmDeviceCredential activity.
+ */
+function showAuthenticationScreen() {
+  // title and description are optional, if you want the defaults,
+  // you must pass nulls to the factory function
+
+  if(title === null) title = 'Please confirm your credentials.';
+  if(message === null) message = 'We are doing this for your own security.';
+  var intent = keyguardManager.createConfirmDeviceCredentialIntent(title, message);
+
+  if (intent != null) {
+    activity.startActivityForResult(intent, REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS);
+  }
+}
+
+
+
+exports.available = available;
+exports.didFingerprintDatabaseChange = didFingerprintDatabaseChange;
+exports.verifyFingerprint = verifyFingerprint;
+exports.verifyFingerprintWithCustomFallback = verifyFingerprintWithCustomFallback;
diff --git a/touchid.d.ts b/touchid.d.ts
@@ -2,10 +2,17 @@ declare module "nativescript-touchid" {
 
   export interface VerifyFingerprintOptions {
     /**
-     * The optional message in the fingerprint dialog.
+     * The optional message in the fingerprint dialog on ios and page description on android.
      * Default: 'Scan your finger'.
      */
     message?: string;
+
+    /**
+     * The optional title in the fingerprint page for android.
+     * Default: 'We are doing this for your own security'.
+     */
+
+    title?: string;
   }
 
   export interface verifyFingerprintWithCustomFallbackOptions {
