GithubHelp home page GithubHelp logo

tencent / soter Goto Github PK

View Code? Open in Web Editor NEW
1.9K 76.0 204.0 9.03 MB

A secure and quick biometric authentication standard and platform in Android held by Tencent.

License: Other

Java 99.62% AIDL 0.38%
fingerprint fingerprint-authentication authentication authentication-flow wechat-payment

soter's Introduction

Hello TENCENT SOTER

license WeChat Approved PRs Welcome

For English version, please click here.

2.1.8

  • 修复一些已知问题

2.0.7

  • 发布aar到jitpack,新的依赖方法看这里

2.0版本变化

  • 增加对华为设备的支持。
  • 增加对Android9.0的支持。
  • 增加人脸识别功能。
  • 后台ASK的解析有少量变动,看这里
  • 后台is_support接口传参有变更,看这里

TENCENT SOTER简介

TENCENT SOTER是腾讯于2015年开始制定的生物认证平台与标准,通过与厂商合作,目前已经在一百余款、数亿部Android设备上得到支持,并且这个数字还在快速增长。

目前,TENCENT SOTER已经在微信指纹支付、微信公众号/小程序指纹授权接口等场景使用,并得到了验证。

接入TENCENT SOTER,你可以在不获取用户指纹图案的前提下,在Android设备上实现可信的指纹认证,获得与微信指纹支付一致的安全快捷认证体验。

SoterFramework

快速接入

可以在几行代码之内快速体验TENCENT SOTER完成指纹授权接口。

在使用之前,请确保所使用的测试机在支持机型列表中。

添加gradle依赖

在项目的build.gradle中,添加TENCENT SOTER依赖

repositories {
    ...
    maven {
            url "https://jitpack.io"
    }
    ...
}

dependencies {
    ...
    implementation 'com.github.Tencent.soter:soter-wrapper:2.0.7'
    ...
}

声明权限

AndroidManifest.xml中添加使用指纹权限

<uses-permission android:name="android.permission.USE_FINGERPRINT"/>

初始化

初始化过程整个应用声明周期内只需要进行一次,用于生成基本配置和检查设备支持情况。你可以选择在Application的onCreate()中,或者在使用TENCENT SOTER之前进行初始化。

InitializeParam param = new InitializeParam.InitializeParamBuilder()
.setScenes(0) // 场景值常量,后续使用该常量进行密钥生成或指纹认证
.build();
SoterWrapperApi.init(context, 
new SoterProcessCallback<SoterProcessNoExtResult>() {...}, 
param);

准备密钥

需要在使用指纹认证之前生成相关密钥

SoterWrapperApi.prepareAuthKey(new SoterProcessCallback<SoterProcessKeyPreparationResult>() {...},false, true, 0, null, null);

进行指纹/人脸认证

密钥生成完毕之后,可以使用封装接口调用指纹传感器进行认证。

AuthenticationParam param = new AuthenticationParam.AuthenticationParamBuilder()
                                    .setScene(0)
                                    .setContext(MainActivity.this)
    								// fingerprint
    								.setBiometricType(ConstantsSoter.FINGERPRINT_AUTH)
    								// faceid
    								//.setBiometricType(ConstantsSoter.FACEID_AUTH)
    								.setSoterBiometricCanceller(mSoterBiometricCanceller)
                                    .setPrefilledChallenge("test challenge")
                                    .setSoterBiometricStateCallback(new 			SoterBiometricStateCallback() {...}).build();
SoterWrapperApi.requestAuthorizeAndSign(new SoterProcessCallback<SoterProcessAuthenticationResult>() {...}, param);

释放

当你不再使用TENCENT SOTER时,可以选择释放所有资源,用于停止所有生成、上传任务以及支持状态等。释放之后再次使用时,需要重新进行初始化。 实际上,TENCENT SOTER本身不会占据过多资源,只需要在确认不会再次使用的前提下(如切换账户之前)释放一次即可。

SoterWrapperApi.release();

更多文档

  • 想了解TENCENT SOTER更多信息与原理?看这里

  • 想要更高的安全性,用于登录甚至支付场景中?看这里

联系我们

如有相关问题,可以在issues中提问。

为了方便大家交流,也可以加入下面的QQ群,讨论相关技术问题:

qqgroup_qrcode

贡献代码

我们欢迎开发者贡献代码丰富TENCENT SOTER应用,请参考这个文档

协议

TENCENT SOTER基于BSD协议。请参考协议文档

参与贡献

腾讯开源激励计划 鼓励开发者的参与和贡献,期待你的加入。

合规使用指南

SOTER Client SDK合规使用指南

信息公示

Changelog

  • Adding support for Huawei device
  • Adding support for Android P
  • Adding FaceId function
  • A few changes in backend parsing ASK,Check this.

A Quick Look at TENCENT SOTER

TENCENT SOTER is a biometric standard as well as a platform held by Tencent.

There are more than 100 models, hundreds of millions Android devices supporting TENCENT SOTER, and the number is still increasing fast.

TENCENT SOTER has been already used in scenarios like WeChat fingerprint payment, fingerprint authentication in Official Account Webpages and Mini Programs.

You can get a consistent experience in fingerprint authenticating in your application, like what it is like in WeChat Payment, by getting access to TENCENT SOTER.

SoterFramework

Quick Start

You can get access to TENCENT SOTER in few lines of code to quick experience.

You should make sure your device for testing is in support list.

Add Gradle Dependency

Add TENCENT SOTER dependency in your project's build.gradle

repositories {
    ...
    maven {
            url "https://dl.bintray.com/tencent-soter/maven/"
    }
    ...
}

dependencies {
    ...
    compile 'com.tencent.soter:soter-wrapper:2.0.0'
    ...
}

Declare Permission

Add fingerprint permission declaration in AndroidManifest.xml

<uses-permission android:name="android.permission.USE_FINGERPRINT"/>

Initialize

You need to initialize only once in application's lifecycle. You can either do it in Application's onCreate(), or anywhere before you need to use TENCENT SOTER.

InitializeParam param = new InitializeParam.InitializeParamBuilder()
.setScenes(0) // The senary constant for business index
.build();
SoterWrapperApi.init(context, 
new SoterProcessCallback<SoterProcessNoExtResult>() {...}, 
param);

Prepare Keys

You need to prepare keys before authentication process.

SoterWrapperApi.prepareAuthKey(new SoterProcessCallback<SoterProcessKeyPreparationResult>() {...},false, true, 0, null, null);

Authenticate With Fingerprint

You can use wrapped interface to authenticate when fingerprint.

AuthenticationParam param = new AuthenticationParam.AuthenticationParamBuilder()
                                    .setScene(0)
                                    .setContext(MainActivity.this)
    								// fingerprint
    								.setBiometricType(ConstantsSoter.FINGERPRINT_AUTH)
    								// faceid
    								//.setBiometricType(ConstantsSoter.FACEID_AUTH)
    								.setSoterBiometricCanceller(mSoterBiometricCanceller)
                                    .setPrefilledChallenge("test challenge")
                                    .setSoterBiometricStateCallback(new 			SoterBiometricStateCallback() {...}).build();
SoterWrapperApi.requestAuthorizeAndSign(new SoterProcessCallback<SoterProcessAuthenticationResult>() {...}, param);

Release

You can release all the resource when you do not use TENCENT SOTER again by calling release. It will abort on-going tasks and remove support status. TENCENT SOTER will not occupy too much room actually. You can only do it when you confirm that you did not need to use it, like switch an account.

SoterWrapperApi.release();

More Document

  • Want to know more about TENCENT SOTER's mechanism? Check this.
  • Want to use TENCENT SOTER in more sensitive business scenarios like login, or even payment? Check this.

Contact Us

You can add your comments in issues if you have any question.

You can also join in the following QQ Group for more convenient discussing:

qqgroup_qrcode

Contributing

For more information about contributing issues or pull requests, check our CONTRIBUTING document.

Compliance usage guide

SOTER Client SDK compliance usage guide

Information Publication

  • Name:SOTER Client SDK
  • Version Number:2.1.8
  • Developer:Shenzhen Tencent Computer Systems Company Limited
  • The Main Function:TENCENT SOTER is a safe, universal and complete fingerprint authentication solution. By geting access to SOTER, developers can quickly implement secure fingerprint authentication.
  • Operation Instruction
  • SOTER Client SDK Personal Information Protection Rules

License

TENCENT SOTER is based on BSD license. Please check our LICENSE document.

Encouraging

Tencent Open Source Contribution Plan encourages your contributing, and looks forward to your attending。

soter's People

Contributors

christiecui avatar halflike avatar liuxb-tofu avatar peteryanyp avatar xdmakai avatar yexuan910812 avatar zhutoulwz avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

xyxjn jango2015 gilbert1987 luomor jeff-cn xiaojuziyang sun363587351 volcaner tighterman zhoudaqing alexhe popfisher shimingli yangxp108 lovezhaoruoxi rockystevejobs fjh658 supengchao matrixxun onexuan strivespring msdgwzhy6 gaoshanxiaoao wugsh lim-lau ljx0305 631929178 guofeng007 leileiliu-h songofhack dysonzhang suifengpiaobo qimingnan hpdx qiu2421653 ksxkq robinxdroid tangyichao szn0212 hhy5277 edward7zhang chinavolvocars androidok axdx1314 laizhouzhang magic-coder luoyiqi hechangpeng jiubadao ardmn marcohu47 atulgoswami21 fisheaty feifeiq zhutoulwz micromingle sn790519 bluedingding dreamerhzy paulzhu8597 brucewuu520 awesome-security zengchengcheng paul1989889 sunnyzl mengcuiguang yancewong yx2015 mengsanye droidsky liu31187 zhonyong0126 309746069 dujj chen-c bluewhale84 mehrdad-shokri morristech guoyu07 davyjones2010 newsolf rain168 kerasking strangermosr willsame jinkingmanager cryindance leovy airforce-1 taiyangmobile menzil 00zhengfu00 lifeqiuzhi520 enjoyandroid dong4am henuhaigang carpten piaomiao8179 refactormachine leiothrixs

soter's Issues

能否给不支持soter的手机增加封装

因为和之前的指纹调用的回调的方法不完全相同,所以能否默认检查是否包括soter并且提供统一的回调
或者提供一个和原生方法近似的回调方式,能够更方便的封装,目前觉得自己做的有点丑陋

Auth Key not found

小米8se报错:auth key model is null even after generation
求问这个错误的根本原因是什么

权限获取问题

请问官方:
demo中提供的权限哪些是soter必备的?

<uses-permission android:name="android.permission.USE_FINGERPRINT"/>
 <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE"/>
 <uses-permission android:name="android.permission.INTERNET"/>
 <uses-permission android:name="android.permission.CAMERA" />
 <uses-permission android:name="android.permission.USE_FACEAUTHENTICATION" />

验证ASK公钥是否合法接口数据格式不明确

文档中注意:组装请求JSON时,请将ask_json需要填入的value值进行format,以确保如实例中格式,否则将导致验签失败,实在是不知道应该按照什么格式?能否把规则具体点?

http请求方式: POST(请使用https协议)
https://api.weixin.qq.com/cgi-bin/soter_3rdapp/verify_ask?access_token=b4384c050f27b99151501b1a95eb529
POST数据格式:JSON
POST数据例子:
{
	"ask_json":"{ \"pub_key\":\"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApL2cM8x9+FZ22bn+3GsA\\nEpOWb7b6jILnAi+lE3lA6BQpbEL3YWWLXPK/pQ4HmnvSZVc281NalpO9riZBPULm\\n8GFiQNX1HE2ShAU7ybFOulKBb+kN2zh/TwFbwFDxALevYvCf6MepisY8vxEi5R+8\\nYqCCCBzLyBLFYGJUyp1Rl3bVwYNnEyl7j4GHFTiFrpoORelikVhRpceIjnn55cAV\\nH3E3wxMEhQcpcArn8FuIAf9lhgLlQL6hs5MrKJSiN0iM8dRpgoMIJtX31r3Zo3cj\\n2hrtiliMwRLe43qTFFn8YhrtXLKSBAGJD7ntYa/JCdDcg0aM1mE+5AhoP5o/0nii\\n1QIDAQAB\\n-----END PUBLIC KEY-----\" , \"cpu_id\":\"10\" , \"counter\":123 ,\"uid\":\"21\" }",
	"ask_json_signature":"oosngnoso3jvhii..."
}

"ask_json":"{ \"pub_key{\之间的空格也需要?

另外,文档中能够给一个范例数据?现在这种...让人情何以堪?

权限获取问题

尊敬的开发者:
我看到demo的代码中需要app获取 "android.permission.CAMERA" 和"android.permission.USE_FACEAUTHENTICATION" 权限,但我在没有申请此权限的情况下,也可以成功调用vivo的人脸识别。
这两个权限是因为某个厂商(比如华为)的特殊需要吗?能列出哪些厂商需要这两个权限吗?

errCode=14?是什么意思

SoterCoreResult{errCode=14, errMsg='not initialized yet. please make sure you've already called SoterWrapperApi.init(...) and call backed'}
请问errcode ==14是什么意思,这是什么情况呢

部分机型autkey验签失败

1、ask结构体为链路证书(-----BEGIN CERTIFICATE-----)验证签名正常:
ask_json
{"certs":["-----BEGIN CERTIFICATE-----\nMIIEVjCCA0CgAwIBAgIBATALBgkqhkiG9w0BAQswHTEbMBkGA1UEAxMSSHVhd2Vp\nIEtleVN0b3JlICAgMB4XDTIwMDYwNDAzNTQ1MloXDTMwMDYwNDAzNTQ1MlowGjEY\nMBYGA1UEAxMPQSBLZXltYXN0ZXIgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEAnhhjYipmpgIssGWkItAR6EUWsNURSu1nodS1SG9GmOWe6hygiffK\nC+pdtQjcCZ5h+1+a3FKSgC5sTh1O4pMWJi4ETZFlfL71ypLjU80ygJCaDiQmU9G4\nkOc\/yTYCo4tHsLqIm6pmYfc9k2FzVxr7\/Kw+1XcNUSvktKPu14EBX7pmZDniik1T\nIX+jgsfbzhcjGNDvMKeMMwyBFOGIkq6cP3m8IgcVBRCYGHtVIPL+CgfIxxdhQjCc\n3osRj3AO97+\/Jhdz6l49iNhCRDWjORENcLJFgRWCwYpJ4T+ZhsvyOjYFXRbxuGWO\nhnDKhsHbIPw1v6tDfhXzThL6p9RTWv4llwIDAQABo4IBpjCCAaIwCwYDVR0PBAQD\nAgAAMAgGA1UdHwQBADCCAVwGCisGAQQB1nkCAREEggFMMIIBSAIBAgoBAQIBAwoB\nAQR5eyJjcHVfaWQiOiJIVUFXRUlfSFdITUFfYzQ1MGM1MzItNjg1NS00ZmY2LTkw\nYTItMTdlOGFmZTFhYmViLWFjNzdmMGJlIiwiY291bnRlciI6MTM3NiwidWlkIjoi\nMTAxNTIiLCJyc2FfcHNzX3NhbHRsZW4iOjMyfQQAMHW\/g3cCBQC\/hT0IAgYBcn13\npcW\/hUVfBF0wWzEVMBMEDmNvbS5oeWhrLnN0b2NrAgFEMUIEQDAzZmQ0YzgwNmYz\nOGY4MDI5NjJlMTVlOWU5MzBlNzllMzNhN2FkYzNmYjBjODU3NWI0NzVmNjRjYTUw\nOTJiZGYwRqEJMQcCBQD\/AQABogMCAQGjBAICCAClBTEDAgEEpgUxAwIBA7+BSAUC\nAwEAAb+FPgMCAQC\/hUEFAgMBhqC\/hUIFAgMDFRQwKQYJKwYBBAGPWx4CAQEABBkw\nFwIBAKIDAQEBv4FICzAJoQcDBQAGgACAMAsGCSqGSIb3DQEBCwOCAQEATIhZTFTK\nQEsSbvwjqlqPRfvW\/TGYD4zWmz5+jHG0xph0CMcHl3k9bH017rEWpg8x6be0HZFQ\nRHd0nY9XCXwdE2LSL2f1R6YiVgrw5st2ywaCQGQPGyNKXsrye8yDW4fh028oYP73\nzrVqG9CQTPly2uchfKKDNTyOgE+sT5ajmIMuObLsMYgIxdI\/IT3262d\/EvmvxSIP\ntwIK28+wufPVRwX8G92Xqul5pPtzuvnWgXZfxbdrUN3jEwbn8WqZiceFuxEGBrz3\n\/ua4Yn500AybDCA5VU5BW2eLOPQlqMmId4wVkG7RHrQDrRKd8RRnetQLOcGT3uvm\nAgWp7idHNE4V1A==\n-----END CERTIFICATE-----\n","-----BEGIN CERTIFICATE-----\nMIIEQDCCAyigAwIBAgIQIBgJIBkZUykECocrF\/c2vTANBgkqhkiG9w0BAQsFADBc\nMQswCQYDVQQGEwJDTjEPMA0GA1UECgwGSHVhd2VpMRMwEQYDVQQLDApIdWF3ZWkg\nQ0JHMScwJQYDVQQDDB5IdWF3ZWkgQ0JHIE1vYmlsZSBFcXVpcG1lbnQgQ0EwHhcN\nMTgwOTIwMTExOTUzWhcNMjgwOTE3MTExOTUzWjBvMQswCQYDVQQGEwJDTjEPMA0G\nA1UECgwGSHVhd2VpMRMwEQYDVQQLDApIdWF3ZWkgQ0JHMTowOAYDVQQDDDFIVUFX\nRUlfSFdITUFfYzQ1MGM1MzItNjg1NS00ZmY2LTkwYTItMTdlOGFmZTFhYmViMIIB\nIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxIr5QQPjOzj+oMGD37qDaZI\nH1kCy+p+LnDhsBACuvSYPtThr16zu7aVxmlblTt7xJ5aSRHupt3h4\/Dts\/MGLNYb\nUpyqFJYUtfTPA4B2N13SN2PFkxitKG5PjRgBFIeMVeVY7ayjYXoZLF1nbo3A0TJh\nVSHcX5H3Glj057xGwp\/TJiLBsgoQA6ZCrR1Om35zqMBcCpehh4v990Tpbe1v7VN3\nekTYi8v8rD00Stp3LlLS\/LARuhlXCNsY\/a5bm4OqZf5E\/tnTvSSVYBOss5n0S1R+\nMLJtwEFF6VDTL8I6VjINwD4DTCV+qn6u4ExuOmVuRw7tsnSHtFnahBp+KCsy+wID\nAQABo4HqMIHnMB8GA1UdIwQYMBaAFDXT2UhPcFFNI7Ey1dXdJSHOBS7dMB0GA1Ud\nDgQWBBQBmoxsDWD6TEb8Wvat3ZhLObcRpDARBglghkgBhvhCAQEEBAMCBsAwCwYD\nVR0PBAQDAgTwMGYGA1UdHwRfMF0wW6BZoFeGVWh0dHA6Ly9jcGtpLWNhd2ViLmh1\nYXdlaS5jb20vY3BraS9zZXJ2bGV0L2NybEZpbGVEb3duLmNybD9jZXJ0eXBlPTQm\neWVhcj0vY3JsMjAxOC5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC\nMA0GCSqGSIb3DQEBCwUAA4IBAQBAgpv2PcbKn\/uQag1EnOwil3nyhDkqib6CzgFO\npH3\/ELivrbMlUPzc4J\/r4P7BrQSEWJ+OquwFGGVRX88ytHcbiB6bwAhouQji4jpC\njauIdtbdxTS27m5dvF3zO8PuJBahCEvpcKxqWbh4EeKVZBJVxw6B8HYWI9Bjgc3L\nH2xJA0RV6U6WtSWDfklkXz60Q1PcjC1\/yn6T5hi8UKq\/qj8MYvPcvvhgfMVTg\/rA\nCXEInaCAL1nVQJd0YPK+ZHdC+pv0zYXp5+lR9FXNKN+hGNFStkld9Jytm4mQkCm+\n\/1LQqQIOw2HcEip4lQ7qBcZw8RuplbIkEfk0+Sx6TMPAm7DP\n-----END CERTIFICATE-----\n","-----BEGIN CERTIFICATE-----\nMIIE9jCCAt6gAwIBAgIIGLiVkB1V\/dowDQYJKoZIhvcNAQELBQAwUDELMAkGA1UE\nBhMCQ04xDzANBgNVBAoMBkh1YXdlaTETMBEGA1UECwwKSHVhd2VpIENCRzEbMBkG\nA1UEAwwSSHVhd2VpIENCRyBSb290IENBMB4XDTE3MDgyMTExMTE1NFoXDTM3MDgx\nNjExMTE1NFowXDELMAkGA1UEBhMCQ04xDzANBgNVBAoMBkh1YXdlaTETMBEGA1UE\nCwwKSHVhd2VpIENCRzEnMCUGA1UEAwweSHVhd2VpIENCRyBNb2JpbGUgRXF1aXBt\nZW50IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzFwCSSlfQ\/sM\nyGs534kxNYPWFWSlNsduoSXHHDYmDqHoRON7dw256Ly4vQfz+YLcTqGh8Zkaqh+9\nlOb5Qj2N0dxrPqyxa8kMNdqtWyMRQC2JGrd1+stOVOTJ1zjsxABpL+9BOjO43Q4J\nsZH9xLK\/Y7ObSCZPd+fKGLzw2SxjC031n40w0M2tAyKMqnPoxhWT7xJbZO1vXX1r\niBFVCbGYHviA0nJm7YIyepxvfvzELdp9c+IMNYSzvHQrpHMkHJxobiDnw289rZLK\n5RYuWxhzWaD5tafWeAgH8wqr7a8Z75f+4ZESkYWvQu\/glyDAAUPn+\/pQX2S3OSp2\nj9UZtNQHTQIDAQABo4HHMIHEMB8GA1UdIwQYMBaAFKrE03lH6G4ja+\/wqWwicz16\nGWmhMB0GA1UdDgQWBBQ109lIT3BRTSOxMtXV3SUhzgUu3TAPBgNVHRMBAf8EBTAD\nAQH\/MA4GA1UdDwEB\/wQEAwIBBjBhBgNVHR8EWjBYMFagVKBShlBodHRwOi8vY3Br\naS1jYXdlYi5odWF3ZWkuY29tL2Nwa2kvc2VydmxldC9jcmxGaWxlRG93bi5jcmw\/\nY2VydHlwZT0xJi9yb290Y3JsLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAW\/ZYMPfM\nsxWoPUaG2rOk4FmdL8Jz2cxWKOIUvmG6qQ\/4ITWthYJOS3SjTbDyhwQM6tPBCl67\nHlMhqgfstUTqU1byT7QneBmG4XndfyjlTs3yC3TRkfr4ySV21mddTvNMU2BCJtJQ\nTqISeLvjxLKwxX\/syBRB5S2MdWQLPLaU2jvCWGM\/qHoI3u5FVoCmtrgx\/tncK1g\/\nJ\/8PRD4fYt4S2VpQqIzvqvoZSEdQuuP5FETTEo9Glc7UyDh4heqZovwDdla54E4i\nAtq09w4yYhqz1w3eis3csZFoUUKm9sLCXxDS9WFBYNtOnckmyu9uoJ8z2Sx2E\/2c\nEF8DcbM9LB19BpR4PEEV6tXTNOD6doHJ9igF22UvHrWgiLHWcfTl7LLhfVxZuugE\n9GfJSKEID8WaKYxbR\/FiwJfLXC4\/mTtGevmV\/NVKrMZ8t4WjXJCbSNQzvS4rZZ4W\n43yyXzlMJDDaQCujKNt5BcgyLKeT5QjY7I8fy33ODIZF8muYnpwE9iBYOy7BRyvV\nucN2p9uYJlfIvrHy4KZ2ik0jjcljlMqjDvmulnjPB+2OukKwoL2Hg+zKBVkfnIMF\nWpddI3wLQMJYfb7AnWyd1Dp\/LvMJass3bLFV0dSmFe9NMB\/\/EcyVeqKLFA3SRNqa\n0uVSOEYODEFGUT6oeTs6DvM+96q7tKi\/Jt8=\n-----END CERTIFICATE-----\n","-----BEGIN CERTIFICATE-----\nMIIFZDCCA0ygAwIBAgIIYsLLTehAXpYwDQYJKoZIhvcNAQELBQAwUDELMAkGA1UE\nBhMCQ04xDzANBgNVBAoMBkh1YXdlaTETMBEGA1UECwwKSHVhd2VpIENCRzEbMBkG\nA1UEAwwSSHVhd2VpIENCRyBSb290IENBMB4XDTE3MDgyMTEwNTYyN1oXDTQyMDgx\nNTEwNTYyN1owUDELMAkGA1UEBhMCQ04xDzANBgNVBAoMBkh1YXdlaTETMBEGA1UE\nCwwKSHVhd2VpIENCRzEbMBkGA1UEAwwSSHVhd2VpIENCRyBSb290IENBMIICIjAN\nBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1OyKm3Ig\/6eibB7Uz2o93UqGk2M7\n84WdfF8mvffvu218d61G5M3Px54E3kefUTk5Ky1ywHvw7Rp9KDuYv7ktaHkk+yr5\n9Ihseu3a7iM\/C6SnMSGt+LfB\/Bcob9Abw95EigXQ4yQddX9hbNrin3AwZw8wMjEI\nSYYDo5GuYDL0NbAiYg2Y5GpfYIqRzoi6GqDz+evLrsl20kJeCEPgJZN4Jg00Iq9k\n++EKOZ5Jc\/Zx22ZUgKpdwKABkvzshEgG6WWUPB+gosOiLv++inu\/9blDpEzQZhjZ\n9WVHpURHDK1YlCvubVAMhDpnbqNHZ0AxlPletdoyugrH\/OLKl5inhMXNj3Re7Hl8\nWsBWLUKp6sXFf0dvSFzqnr2jkhicS+K2IYZnjghC9cOBRO8fnkonh0EBt0evjUIK\nr5ClbCKioBX8JU+d4ldtWOpp2FlxeFTLreDJ5ZBU4\/\/bQpTwYMt7gwMK+MO5Wtok\nUx3UF98Z6GdUgbl6nBjBe82c7oIQXhHGHPnURQO7DDPgyVnNOnTPIkmiHJh\/e3vk\nVhiZNHFCCLTip6GoJVrLxwb9i4q+d0thw4doxVJ5NB9OfDMV64\/ybJgpf7m3Ld2y\nE0gsf1prrRlDFDXjlYyqqpf1l9Y0u3ctXo7UpXMgbyDEpUQhq3a7txZQO\/17luTD\noA6Tz1ADavvBwHkCAwEAAaNCMEAwDgYDVR0PAQH\/BAQDAgEGMA8GA1UdEwEB\/wQF\nMAMBAf8wHQYDVR0OBBYEFKrE03lH6G4ja+\/wqWwicz16GWmhMA0GCSqGSIb3DQEB\nCwUAA4ICAQC1d3TMB+VHZdGrWJbfaBShFNiCTN\/MceSHOpzBn6JumQP4N7mxCOwd\nRSsGKQxV2NPH7LTXWNhUvUw5Sek96FWx\/+Oa7jsj3WNAVtmS3zKpCQ5iGb08WIRO\ncFnx3oUQ5rcO8r\/lUk7Q2cN0E+rF4xsdQrH9k2cd3kAXZXBjfxfKPJTdPy1XnZR\/\nh8H5EwEK5DWjSzK1wKd3G\/Fxdm3E23pcr4FZgdYdOlFSiqW2TJ3Qe6lF4GOKOOyd\nWHkpu54ieTsqoYcuMKnKMjT2SLNNgv9Gu5ipaG8Olz6g9C7Htp943lmK\/1Vtnhgg\npL3rDTsFX\/+ehk7OtxuNzRMD9lXUtEfok7f8XB0dcL4ZjnEhDmp5QZqC1kMubHQt\nQnTauEiv0YkSGOwJAUZpK1PIff5GgxXYfaHfBC6Op4q02ppl5Q3URl7XIjYLjvs9\nt4S9xPe8tb6416V2fe1dZ62vOXMMKHkZjVihh+IceYpJYHuyfKoYJyahLOQXZykG\nK5iPAEEtq3HPfMVF43RKHOwfhrAH5KwelUA\/0EkcR4Gzth1MKEqojdnYNemkkSy7\naNPPT4LEm5R7sV6vG1CjwbgvQrWCgc4nMb8ngdfnVF7Ydqjqi9SAqUzIk4+Uf0ZY\n+6RY5IcHdCaiPaWIE1xURQ8B0DRUURsQwXdjZhgLN\/DKJpCl5aCCxg==\n-----END CERTIFICATE-----\n"],"cpu_id":"HUAWEI_HWHMA_c450c532-6855-4ff6-90a2-17e8afe1abeb-ac77f0be","uid":10152,"counter":1376}

authkey_json
{"pub_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kyr7H2V9lG50GxbDSSaLPKiQUN9U+wUTI6+Ur2HAfIAJSfOpcgh6g5jexyV+MlaUUqmCITQDEdMwPOrLE85p/25u1uzovGA6jpN++0TRnV7aQklgfDm84xBSiPzksvO1FrrNWBzDig3sdkBOH0Qha432PC78Ws+DS0fnhHpg6NXanyILw+kEucz0Cn4Zcw5XpQkEfVCVitOhvqYx4IgFsoUF3RzNe9tmVNXhKC1NiBE0lym+EmZlmQDxQlDW1rtiyxqlp012koq/mvPLML2BXKROHjmku75pWe3iafEhuJ8lRZfhFBfB3c/zRB/b+AgABpMzemMl5hF4YwxlOlImQIDAQAB\n-----END PUBLIC KEY-----","cpu_id":"HUAWEI_HWHMA_c450c532-6855-4ff6-90a2-17e8afe1abeb-ac77f0be","counter":1377,"uid":"10152","rsa_pss_saltlen":32}
authkey_json_sign
a2osg0FcsrqdtjHjpAz9u+f5pwwBQmkqeK+rioD6PCSozF0cPCHyhYMMwmWYbnREYevtdwVWO50IyObj6p/nWJxI75wc5G+dsf8Yr04SXJ73jbZVZl4ktOIPjYE5/WMfxRZgenzosPdWg74+t8CA6CfFx+0333MkRjFNV82BtiB/rYj9Su5c8Ol4jW3o87jfy5N0gAsWqmCZywMPQpICyh+JiOmVhAy84pSWVGDDONypoWFcuhG41Gbo3T/qlaPwyzNF+VToHd08oY81BrVFbtyoUPNg7mbzKBn1LyMXLREBE0iEWm30wyKVafGwd7yFE39vOFhZKSybHQJjHX6AEA==

2、对于ask结构体为pub_key(-----BEGIN PUBLIC KEY-----)的验签则通不过
ask_json
{"pub_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6FplB+Vj+BSbc3Nb\/aV\n+aWYUpJY4p7W80ZwLlJE9q9WZ61Tp34GDKG0FvZKQklXwQuWP0169IcnHfJH8EXd\nmwDq4ZqQ6b74HJFlZYh88dMzTfUQgTFOHhdNstVcSaM3QngCcyQh0SILbVl9oxck\nYODqbruk\/fMARbWXsYmmKEitcalXMJdjywWZixtjFniWY+iJitAhouAlCKhjssB6\nDsXWA0gYg1E238lD2ZdIk0v2dsmQLhBcyNZUI4iyw7GLVeZ3qQk5iq+DoRjSfYM4\niZ+xZwXChZKYYlzOZPTxFDEKzSa32QXN3NG5m4tq4a8qNMTfjTei4JdXa7hsT+Gi\nvQIDAQAB\n-----END PUBLIC KEY-----","cpu_id":"000000000008c0e13d1ecb1309774b4f","counter":310,"uid":"10361"}

authkey_json
{"pub_key":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtw5r7hE4iNZkM4opWhDG\nne608L+vD0OggeC6JTJVFACJ0gORI4nNWhd9Rvbpb0XKYWt4BlypfeOaqYqD9WuT\nLEBmUXfCt956J6pK5H2Lgu5iTmBf02ZAAZt0VXYOSUNMplimunnerFT\/L\/YEHzLV\nFoL5HywNP25wiFGPNJfrSKo0\/ZJE3Zm6hydqytK\/9+OgBSR5rohDlUPOTauGmYFq\nik2qDDrTzyldGYogRTgG2709beNg0qSH+D8m1DcN\/l\/9\/Rev\/I9aKhCQF\/98ZE4n\nPjHnxHocNhLqU0bTH2fnaJGJJeX4H74Accf3750anQYtgg\/D8SRclUuCbF9gBt9O\n8QIDAQAB\n-----END PUBLIC KEY-----","cpu_id":"000000000008c0e13d1ecb1309774b4f","counter":313,"uid":"10361"}

authkey_json_sign
ROqkgMZmGt9TPFpQlGtdfJD3f2PyjZQOIedKoKeuvXKY4upO9abnuG93KS1YMRglL/Flgy+/NRTJSZaBljGnauikwW5YYu60ZnHriMInZirxeU19r+dvRjwJgnd5by6Ak71iCSMVxaSFqSFOrqj4pI3tIpZooRP5qTSGAPGpb+Suceh+LH6EDHYBecQLB0tyO7WD5wV0n6wNTvesAlQEmeUty3DtilvDibbPiznvnXETFMPItP3a3RoFC1wGu+XeRF0CXbvCZXC/IQTBTPHk/6XbENL+mKV9Tf6I5/XKjYEDDpXKZUq3DfxZzfKlA1/JbuB+R5hkTR75yxQlL0XVIg==

后端是使用C#语言,.Net Core 3.0框架,使用BouncyCastle.NetCore组件包
public static bool Verify(string data, string signature, string publicKey)
{
using (var sr = GetStreamReader(publicKey))
{
var keyParameter = (AsymmetricKeyParameter)new PemReader(sr).ReadObject();

            ISigner signer = SignerUtilities.GetSigner("SHA256WITHRSA/PSS");
            signer.Init(true, keyParameter);

            var expectedSig = Convert.FromBase64String(signature);
            var msgBytes = Encoding.UTF8.GetBytes(data);
            signer.BlockUpdate(msgBytes, 0, msgBytes.Length);

            return signer.VerifySignature(expectedSig);
        }
    }

耗时问题

请问生成Ask和AuthKey(也就是开启指纹识别)的耗时问题怎么解决?平均在8s左右,能否优化一下?

创建ask的时候发生OOM

如题,以下是堆栈日志信息

java.lang.OutOfMemoryError: Failed to allocate a 570524220 byte allocation with 4182256 free bytes and 224MB until OOM
at android.security.keystore.SoterUtil.retriveJsonFromExportedData(SoterUtil.java:186)
at android.security.keystore.SoterUtil.getDataFromRaw(SoterUtil.java:154)
at android.security.keystore.SoterKeyStoreProvider.getAndroidKeyStorePublicKey(SoterKeyStoreProvider.java:139)
at android.security.keystore.SoterKeyStoreProvider.loadAndroidKeyStorePublicKeyFromKeystore(SoterKeyStoreProvider.java:115)
at android.security.keystore.SoterKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(SoterKeyStoreProvider.java:125)
at android.security.keystore.SoterKeyStoreKeyPairRSAGeneratorSpi.generateKeyPair(SoterKeyStoreKeyPairRSAGeneratorSpi.java:348)
at java.security.KeyPairGenerator$KeyPairGeneratorImpl.generateKeyPair(KeyPairGenerator.java:276)
at com.tencent.soter.core.SoterCore.generateAppGlobalSecureKey(SourceFile:122)
at com.tencent.soter.wrapper.wrap_key.SoterKeyGenerateEngine$1.run(SourceFile:111)
at android.os.Handler.handleCallback(Handler.java:815)
at android.os.Handler.dispatchMessage(Handler.java:104)
at android.os.Looper.loop(Looper.java:207)
at android.os.HandlerThread.run(HandlerThread.java:61)

cpu_id是怎么生成的?

{"raw":"I'm a demo challenge string","fid":"2313170","counter":246,"tee_n":"t-base-Mediatek-Armv8-Android-302A-V012-20160705_104258_41","tee_v":"10010","fp_n":"FPC","fp_v":"6516","cpu_id":"0900000026030000241a1e8e9e44c3a8e05b9c0c","uid":"10115"}

如题。

soter验证问题

soter 开启指纹 弹出的弹窗都能验证指纹,使用指纹支付的时候 一按指纹就返回桌面了。

Demo运行失败原因

请问下,Application的初始化处,该处的Log打印的结果为
soterdemo: get is support soter done. result: SoterCoreResult{errCode=2, errMsg=''}是说明我这个机型不支持soter吗?

private SoterProcessCallback<SoterProcessNoExtResult> mGetIsSupportCallback = new SoterProcessCallback<SoterProcessNoExtResult>() {
        @Override
        public void onResult(@NonNull SoterProcessNoExtResult result) {
            DemoLogger.d(TAG, "soterdemo: get is support soter done. result: %s", result.toString());
            // 建议尽早准备ASK。主要有两个时机:1. 进程初始化时 2. 第一次使用业务任何一个业务时。这里在程序进程初始化的时候准备 ASK

            if(result.errCode == SoterProcessErrCode.ERR_OK) {
                prepareASK();
            }
        }
    };

AndroidKeyStore的问题

我看到代码里面有用到AndroidKeyStore,AndroidKeyStore里秘钥是否在TEE里面操作和存储,手机Root之后是否存在会被获取到的风险?(6.0之前或者6.0之后)

证书链格式authkey校验无法通过

soter升级2.0版本之后证书链格式的ask_info解析出来的公钥校验authkey无法通过,把数据文件替换为后端收到的数据使用demo中的代码也校验不通过。

关于人脸识别如何实现的问题

尊敬的开发者们好!
我在做人脸识别时,没有找到关于Soter中人脸识别是如何实现的文档。源码中只有一段通过反射获取FaceManager的代码,但类名(com.tencent.soter.core.biometric.SoterFaceManagerFactory)看上并不是原生的。
在我找到的可以使用Soter调用人脸识别的设备上,没有办法通过系统原生的方式调用人脸识别,我想知道Soter是获取了系统/设备的特殊支持所以才可以实现人脸识别吗?能说明一下如何实现的吗?

SoterCoreResult{errCode=18, errMsg='there must be at least 1 biometric enrolled in system to complete this process. please check it previously'}

xiao mi 6 出现开启人脸支付时失效,手机已经设置人脸识别了。下面是日志
2019-08-13 09:22:30.103 16315-16315/com.tencent.soter.demo I/SoterDemo.SoterDemoUI: soterdemo: start authentication: title: 开通人脸支付 2019-08-13 09:22:30.103 16315-16315/com.tencent.soter.demo D/SoterDemo.SoterDemoUI: soterdemo: already showing. change title only 2019-08-13 09:22:30.104 16315-16315/com.tencent.soter.demo I/Soter.SoterWrapperApi: soter: request authorize provide challenge. scene: 1 2019-08-13 09:22:30.105 16315-16315/com.tencent.soter.demo I/Soter.SoterCoreTreble: soter: hasAuthKey in 2019-08-13 09:22:30.105 16315-16315/com.tencent.soter.demo I/Soter.TaskInit: soter: is triggered OOM: false 2019-08-13 09:22:30.112 16315-16315/com.tencent.soter.demo I/Soter.BiometricManagerCompat: soter: Biometric provider not initialized type[2] 2019-08-13 09:22:30.112 16315-16315/com.tencent.soter.demo W/Soter.TaskBiometricAuthentication: soter: user has not enrolled any biometric in system. 2019-08-13 09:22:30.112 16315-16315/com.tencent.soter.demo I/Soter.SoterTaskManager: soter: removing task: 191571638 2019-08-13 09:22:30.113 16315-16315/com.tencent.soter.demo I/Soter.SoterTaskManager: soter: no such task: 191571638. maybe this task did not pass preExecute 2019-08-13 09:22:30.113 16315-16315/com.tencent.soter.demo D/Soter.SoterTaskManager: soter: prepare eat execute. 2019-08-13 09:22:30.113 16315-16315/com.tencent.soter.demo D/Soter.SoterWrapperApi: soter: add 2.0 requestAuthorizeAndSign task failed. 2019-08-13 09:22:30.119 16315-16315/com.tencent.soter.demo I/SoterDemo.SoterDemoUI: soterdemo: open finished: result: SoterCoreResult{errCode=18, errMsg='there must be at least 1 biometric enrolled in system to complete this process. please check it previously'}, signature data is: null 2019-08-13 09:22:30.159 16315-16315/com.tencent.soter.demo I/Toast: Show toast from OpPackageName:com.tencent.soter.demo, PackageName:com.tencent.soter.demo

Mi5出现OOM现象

SoterGenKeyHandlerThreadName(1589)

java.lang.OutOfMemoryError
Failed to allocate a 570524220 byte allocation with 16777216 free bytes and 212MB until OOM
`

android.security.keystore.SoterUtil.retriveJsonFromExportedData(SoterUtil.java:189)

2 android.security.keystore.SoterUtil.getDataFromRaw(SoterUtil.java:152)
3 android.security.keystore.SoterKeyStoreProvider.getAndroidKeyStorePublicKey(SoterKeyStoreProvider.java:137)
4 android.security.keystore.SoterKeyStoreProvider.loadAndroidKeyStorePublicKeyFromKeystore(SoterKeyStoreProvider.java:114)
5 android.security.keystore.SoterKeyStoreProvider.loadAndroidKeyStoreKeyPairFromKeystore(SoterKeyStoreProvider.java:123)
6 android.security.keystore.SoterKeyStoreKeyPairRSAGeneratorSpi.generateKeyPair(SoterKeyStoreKeyPairRSAGeneratorSpi.java:364)
7 java.security.KeyPairGenerator$Delegate.generateKeyPair(KeyPairGenerator.java:699)
8 com.tencent.a.a.a.c(SourceFile:122)
9 com.tencent.a.b.d.b$1.run(SourceFile:111)
10 android.os.Handler.handleCallback(Handler.java:754)
11 android.os.Handler.dispatchMessage(Handler.java:95)
12 android.os.Looper.loop(Looper.java:160)
13 android.os.HandlerThread.run(HandlerThread.java:61)

`

如何做屏下指纹的适配(像微信一样)

在有屏下指纹的手机,会调起系统提供的指纹界面,有提供修改界面的方法吗?可以做到带自己的业务UI,像微信指纹支付一样(PS:能说说微信实现的思路吗)

Failed to generate Auth Key

调用SoterWrapperApi.prepareAuthKey去生成Auth Key,在很多手机上都报错返回错误码ERR_AUTH_KEY_GEN_FAILED ; 不是个例了,support接口返回手机是支持的,请问是怎么回事?

mate20pro人脸验证失败

mate20pro手机,已经在设备中录入了人脸数据,但使用soterDemo始终回调onAuthenticationError,回调code=1017,在BiometricManagerCompat中断点看到回调的code为1012,未录入指纹数据,请问是怎么回事?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.