Android-P support
jimocallaghan opened this issue ยท 18 comments
Hi,
Is there any plan to support Android P with this library? I'm seeing the following error with the dev preview 2, though the test app UI reports encryption and decryption works correctly. Thanks.
05-30 11:39:56.140 8438-8438/de.adorsys.android.securestoragetest W/KeyStore: KeyStore exception android.os.ServiceSpecificException: (code 7) at android.os.Parcel.createException(Parcel.java:1956) at android.os.Parcel.readException(Parcel.java:1910) at android.os.Parcel.readException(Parcel.java:1860) at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786) at android.security.KeyStore.get(KeyStore.java:195) at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificateChain(AndroidKeyStoreSpi.java:118) at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:484) at java.security.KeyStore.getEntry(KeyStore.java:1560) at de.adorsys.android.securestoragelibrary.KeystoreTool.getPublicKey(KeystoreTool.java:159) at de.adorsys.android.securestoragelibrary.KeystoreTool.encryptMessage(KeystoreTool.java:75) at de.adorsys.android.securestoragelibrary.SecurePreferences.setValue(SecurePreferences.java:45) at de.adorsys.android.securestoragetest.MainActivity.handleOnGenerateKeyButtonClick(MainActivity.kt:88) at de.adorsys.android.securestoragetest.MainActivity.access$handleOnGenerateKeyButtonClick(MainActivity.kt:38) at de.adorsys.android.securestoragetest.MainActivity$onCreate$1.onClick(MainActivity.kt:48) at android.view.View.performClick(View.java:6597) at android.view.View.performClickInternal(View.java:6574) at android.view.View.access$3100(View.java:778) at android.view.View$PerformClick.run(View.java:25881) at android.os.Handler.handleCallback(Handler.java:873) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loop(Looper.java:164) at android.app.ActivityThread.main(ActivityThread.java:6649) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:826)
Hey @jimocallaghan,
first: what you quote is a warning and not an error which of course doesn't mean that we don't want to get rid of it.
second: I debugged the sample app and the value is correctly encrypted and decrypted and our test is also passing. So SecureStorage is working on Android P.
As the functionality is not affected by the warning I would wait until the official Android P gets released. If the warning is still shown in the final release we will continue investigating the issue.
Thanks for your report!
Hi @itsmortoncornelius : i am still facing same warning message in official release as well. I have checked it on my pixel device with latest android official release.
@itsmortoncornelius I'm getting an exception too
android.os.ServiceSpecificException: (code 7)
at android.os.Parcel.createException(Parcel.java:1956)
at android.os.Parcel.readException(Parcel.java:1910)
at android.os.Parcel.readException(Parcel.java:1860)
at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786)
at android.security.KeyStore.get(KeyStore.java:195)
at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificateChain(AndroidKeyStoreSpi.java:118)
at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:484)
at java.security.KeyStore.getEntry(KeyStore.java:1560)
at de.adorsys.android.securestoragelibrary.a.d(Unknown Source:13)
at de.adorsys.android.securestoragelibrary.a.a(Unknown Source:21)
at de.adorsys.android.securestoragelibrary.SecurePreferences.setValue(Unknown Source:9)
btw, I have the official android P on my pixel
Thanks for the info. We will have a look at this warning then. But please be aware that this does not affect the functionality of Secure Storage. You can continue using it on Android P. See my comment above.
@itsmortoncornelius ,getting Prompt with "Detected problems with API compatibility" warning message and also getting an exception
android.os.ServiceSpecificException: (code 7)
at android.os.Parcel.createException(Parcel.java:1956)
at android.os.Parcel.readException(Parcel.java:1910)
at android.os.Parcel.readException(Parcel.java:1860)
at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786)
at android.security.KeyStore.get(KeyStore.java:195)
at android.security.KeyStore.get(KeyStore.java:206)
at java.lang.reflect.Method.invoke(Native Method)
at com.ca.mas.core.security.KeyStoreAdapter.get(KeyStoreAdapter.java:120)
at com.ca.mas.core.storage.implementation.KeyStoreStorage.readData(KeyStoreStorage.java:175)
at com.ca.mas.core.storage.implementation.KeyStoreStorage.deleteData(KeyStoreStorage.java:410)
at com.ca.mas.core.datasource.KeystoreDataSource.remove(KeystoreDataSource.java:158)
at com.ca.mas.core.store.PrivateTokenStorage.clear(PrivateTokenStorage.java:102)
at com.ca.mas.core.conf.ConfigurationManager$ClientChangeListener.onUpdated(ConfigurationManager.java:418)
at com.ca.mas.core.conf.ConfigurationManager.activate(ConfigurationManager.java:170)
at com.ca.mas.core.MobileSsoFactory.getInstance(MobileSsoFactory.java:171)
at com.ca.mas.core.MobileSsoFactory.getInstance(MobileSsoFactory.java:88)
at com.ca.mas.foundation.MAS.start(MAS.java:233)
at com.digitaslbi.hastingsdirect.HDApplication.initCAGateway(HDApplication.java:61)
at com.digitaslbi.hastingsdirect.HDApplication.onCreate(HDApplication.java:43)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1154)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:5871)
at android.app.ActivityThread.access$1100(ActivityThread.java:199)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1650)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
i am testing on Pixel that have official android P.
please help to resolve this issue.
@chaurasiadilip
We are currently working on resolving this.
We'll keep you informed on anything new.
-INFO-
Android P restricts access to non-SDK API's are used.
Google apparently lists the Keystore.java class as a non-SDK API as it is a Java feature and not Android specific.
We will contact Google and try to get the Keystore.java class or at least the getEntry() method which is causing the warning whitelisted.
We'll keep you informed on anything new.
https://android-developers.googleblog.com/2018/05/whats-new-in-android-p-beta.html
@chaurasiadilip I think we are mixing up two bugs here. In the stack trace you provide secure storage is not present. We tested on a Pixel with Android P and the only thing we get is what @jimocallaghan and @hatpick reported. And that doesn't affect the functionality on Android P.
We don't use restricted or hidden APIs in our code so it cannot be related to API-restrictions.
Your stracktrace contains Cordova classes as far as I know and so I guess that Cordova has another issue here which is not related to this library and which leads to the prompt you are writing about.
What we can reproduce is
android.os.ServiceSpecificException: (code 7) at android.os.Parcel.createException(Parcel.java:1956) at android.os.Parcel.readException(Parcel.java:1910) at android.os.Parcel.readException(Parcel.java:1860) at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786) at android.security.KeyStore.get(KeyStore.java:195) at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificateChain( AndroidKeyStoreSpi.java:118) at java.security.KeyStoreSpi.engineGetEntry(KeyStoreSpi.java:484) at java.security.KeyStore.getEntry(KeyStore.java:1560) at de.adorsys.android.securestoragelibrary.KeystoreTool.getPrivateKey(KeystoreTool.java:176) at de.adorsys.android.securestoragelibrary.KeystoreTool.decryptMessage( KeystoreTool.java:100) at de.adorsys.android.securestoragelibrary.SecurePreferences .getStringValue(SecurePreferences.java:89)
Guys, check my answer here:
https://stackoverflow.com/questions/52024752/android-p-keystore-exception-android-os-servicespecificexception/52295484#52295484
It solved this issue in my project where I was accessing KeyPair generated in KeyStore.
implementation "de.adorsys.android:securestoragelibrary:1.0.3"
Secure Storage version 1.0.3 is released and ready to use. We fixed the issue that was showing the warning on Android P.
Thanks to @drglass for posting the solution and thanks to everyone else for your support in trying to resolve this issue.
Hello! I am still having issue on v1.1.1
KeyStore exception
android.os.ServiceSpecificException: (code 7)
at android.os.Parcel.createException(Parcel.java:1964)
at android.os.Parcel.readException(Parcel.java:1918)
at android.os.Parcel.readException(Parcel.java:1868)
at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786)
at android.security.KeyStore.get(KeyStore.java:195)
at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificate(AndroidKeyStoreSpi.java:149)
at java.security.KeyStore.getCertificate(KeyStore.java:1120)
at de.adorsys.android.securestoragelibrary.a.b(Unknown Source:15)
at de.adorsys.android.securestoragelibrary.SecurePreferences.setValue(Unknown Source:4)
at com.developerfromjokela.pusacloud.uploader.activities.LoginActivity$LoginAsync.onPostExecute(LoginActivity.java:108)
at com.developerfromjokela.pusacloud.uploader.activities.LoginActivity$LoginAsync.onPostExecute(LoginActivity.java:79)
at android.os.AsyncTask.finish(AsyncTask.java:695)
at android.os.AsyncTask.access$600(AsyncTask.java:180)
at android.os.AsyncTask$InternalHandler.handleMessage(AsyncTask.java:712)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6718)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
i was using v1.03 i didn't have this problem but now i am on 1.2.1 and i am having it android 9
android.os.ServiceSpecificException: (code 7)
at android.os.Parcel.createException(Parcel.java:1964)
at android.os.Parcel.readException(Parcel.java:1918)
at android.os.Parcel.readException(Parcel.java:1868)
at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786)
at android.security.KeyStore.get(KeyStore.java:195)
at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificate(AndroidKeyStoreSpi.java:149)
at java.security.KeyStore.getCertificate(KeyStore.java:1120)
at de.adorsys.android.securestoragelibrary.KeystoreTool.keyPairExists(KeystoreTool.java:135)
at de.adorsys.android.securestoragelibrary.SecurePreferences.setValue(SecurePreferences.java:55)
Hi,
We will look into this and keep you informed.
Thanks for your input.
Hi @515orestis & @developerfromjokela ,
The issue should be fixed with version 1.2.2.
We will be releasing version 1.2.2 today afternoon (Central European Time).
We'll keep you posted.
Thank you for your input.
Version 1.2.2 was released.
It fixes the issue with the ServiceSpecificException.
Version 1.2.2 was released.
It fixes the issue with theServiceSpecificException.
Catching an Exception and throwing a different Exception is not solving a problem, you're just sweeping it under the rug:
try {
if (keyPairExists()) {
publicKey = getKeyStoreInstance().getCertificate(KEY_ALIAS).getPublicKey();
} else {
if (BuildConfig.DEBUG) {
Log.e(KeystoreTool.class.getName(), context.getString(R.string.message_keypair_does_not_exist));
}
throw new SecureStorageException(context.getString(R.string.message_keypair_does_not_exist), null, INTERNAL_LIBRARY_EXCEPTION);
}
} catch (Exception e) {
throw new SecureStorageException(e.getMessage(), e, KEYSTORE_EXCEPTION);
}
Even when using getCertificate(), every now and then, the warning still pops-up in Android 9. And it's not just a warning, as it is usually accompanied by this NPE , which results in no data getting encrypted:
KeyStore: KeyStore exception
android.os.ServiceSpecificException: (code 7)
at android.os.Parcel.createException(Parcel.java:1956)
at android.os.Parcel.readException(Parcel.java:1910)
at android.os.Parcel.readException(Parcel.java:1860)
at android.security.IKeystoreService$Stub$Proxy.get(IKeystoreService.java:786)
at android.security.KeyStore.get(KeyStore.java:195)
at android.security.keystore.AndroidKeyStoreSpi.engineGetCertificate(AndroidKeyStoreSpi.java:149)
at java.security.KeyStore.getCertificate(KeyStore.java:1120)
at wit.android.bcpBankingApp.utils.security.CryptographyUtils.encryptBytes(CryptographyUtils.java:71)
at wit.android.bcpBankingApp.cache.handlers.KeyValueCacheHandler.addOrUpdateKeyValueWithKeystore(KeyValueCacheHandler.java:2134)
at wit.android.bcpBankingApp.cache.handlers.KeyValueCacheHandler.setEncryptionSaltV2(KeyValueCacheHandler.java:723)
at wit.android.bcpBankingApp.utils.CryptUtils.getEncryptionSaltV2(CryptUtils.java:219)
at wit.android.bcpBankingApp.core.ApplicationManager.initEncryptionVars(ApplicationManager.java:427)
at wit.android.bcpBankingApp.core.ApplicationManager.onCreate(ApplicationManager.java:392)
at android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1154)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:5871)
at android.app.ActivityThread.access$1100(ActivityThread.java:199)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1650)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:193)
at android.app.ActivityThread.main(ActivityThread.java:6669)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)
So, does anyone have any idea of a final solution to this problem?