You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
114 lines
5.4 KiB
114 lines
5.4 KiB
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
Copyright 2015 The Android Open Source Project
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
<!-- TODO(thagikura) Add tests for Activity and Fragment once InstrumentationTests can be run
|
|
on an emulator or a device.
|
|
At this moment, due to the different API between the image and the SDK, they can't be launched.
|
|
E.g. Skipping device 'Nexus 5 - MNC', due to different API preview 'MNC' and 'android-MNC'
|
|
-->
|
|
<sample>
|
|
<name>AsymmetricFingerprintDialog</name>
|
|
<group>Security</group>
|
|
<package>com.example.android.asymmetricfingerprintdialog</package>
|
|
|
|
<minSdk>23</minSdk>
|
|
|
|
<dependency>com.squareup.dagger:dagger:1.2.2</dependency>
|
|
<annotationProcessor>com.squareup.dagger:dagger-compiler:1.2.2</annotationProcessor>
|
|
|
|
<!-- TODO(thagikura) These dependencies should be created as testCompile instead of compile but
|
|
the template system doesn't allow androidTestCompile dependencies. Change it once fixed.
|
|
-->
|
|
<dependency>junit:junit:4.12</dependency>
|
|
<dependency>org.mockito:mockito-core:1.10.19</dependency>
|
|
|
|
<strings>
|
|
<intro>
|
|
<![CDATA[
|
|
This sample demonstrates how you can use registered fingerprints to authenticate the user
|
|
before proceeding some actions such as purchasing an item. This version uses asymmetric keys.
|
|
]]>
|
|
</intro>
|
|
</strings>
|
|
|
|
<template src="base" />
|
|
|
|
<metadata>
|
|
<!-- Values: {DRAFT | PUBLISHED | INTERNAL | DEPRECATED | SUPERCEDED} -->
|
|
<status>PUBLISHED</status>
|
|
<categories>security</categories>
|
|
<technologies>Android</technologies>
|
|
<languages>Java</languages>
|
|
<solutions>Mobile</solutions>
|
|
<level>INTERMEDIATE</level>
|
|
<icon>screenshots/big-icon.png</icon>
|
|
<screenshots>
|
|
<img>screenshots/1-purchase-screen.png</img>
|
|
<img>screenshots/2-fingerprint-dialog.png</img>
|
|
<img>screenshots/3-fingerprint-authenticated.png</img>
|
|
<img>screenshots/4-new-fingerprint-enrolled.png</img>
|
|
</screenshots>
|
|
|
|
<api_refs>
|
|
<android>android.hardware.fingerprint.FingerprintManager</android>
|
|
<android>android.hardware.fingerprint.FingerprintManager.AuthenticationCallback</android>
|
|
<android>android.hardware.fingerprint.FingerprintManager.CryptoObject</android>
|
|
<android>android.security.KeyGenParameterSpec</android>
|
|
<android>java.security.KeyStore</android>
|
|
<android>java.security.Signature</android>
|
|
<android>java.security.KeyPairGenerator</android>
|
|
</api_refs>
|
|
|
|
<description>
|
|
<![CDATA[
|
|
A sample that demonstrates to use registered fingerprints to authenticate the user in your app
|
|
]]>
|
|
</description>
|
|
|
|
<intro>
|
|
<![CDATA[
|
|
This sample demonstrates how you can use registered fingerprints in your app to authenticate the
|
|
user before proceeding some actions such as purchasing an item.
|
|
|
|
First you need to create an asymmetric key pair in the Android Key Store using [KeyPairGenerator][1]
|
|
in the way that its private key can only be used after the user has authenticated with fingerprint
|
|
and transmit the public key to your backend with the user verified password (In a real world, the
|
|
app should show proper UIs).
|
|
|
|
By setting [KeyGenParameterSpec.Builder.setUserAuthenticationRequired][2] to true, you can permit the
|
|
use of the key only after the user authenticate it including when authenticated with the user's
|
|
fingerprint.
|
|
|
|
Then start listening to a fingerprint on the fingerprint sensor by calling
|
|
[FingerprintManager.authenticate][3] with a [Signature][4] initialized with the asymmetric key pair
|
|
created. Or alternatively you can fall back to server-side verified password as an authenticator.
|
|
|
|
Once the fingerprint (or password) is verified, the
|
|
[FingerprintManager.AuthenticationCallback#onAuthenticationSucceeded()][5] callback is called.
|
|
|
|
Then you can verify the purchase transaction on server side with the public key passed from the
|
|
client, by verifying the piece of data signed by the Signature.
|
|
|
|
[1]: https://developer.android.com/reference/java/security/KeyPairGenerator.html
|
|
[2]: https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder.html#setUserAuthenticationRequired%28boolean%29
|
|
[3]: https://developer.android.com/reference/android/hardware/fingerprint/FingerprintManager.html#authenticate%28android.hardware.fingerprint.FingerprintManager.CryptoObject,%20android.os.CancellationSignal,%20int,%20android.hardware.fingerprint.FingerprintManager.AuthenticationCallback,%20android.os.Handler%29
|
|
[4]: https://developer.android.com/reference/java/security/Signature.html
|
|
[5]: https://developer.android.com/reference/android/hardware/fingerprint/FingerprintManager.AuthenticationCallback.html#onAuthenticationSucceeded%28android.hardware.fingerprint.FingerprintManager.AuthenticationResult%29
|
|
]]>
|
|
</intro>
|
|
</metadata>
|
|
</sample>
|