背景:安全接入的情况下
机型:华为 Mate 50,CET-AL00
系统:Android 12,API 31,HarmonyOS 4.2.0
Soter版本:2.1.15
异常信息:
2025-05-14 09:43:19.891 31836-23720 Soter.Task...entication E soter: sign failed due to exception: com.huawei.security.keystore.HwUniversalKeyStoreException: System error
2025-05-14 09:43:19.891 31836-23720 System.err W java.security.SignatureException: com.huawei.security.keystore.HwUniversalKeyStoreException: System error
2025-05-14 09:43:19.891 31836-23720 System.err W at com.huawei.security.keystore.HwUniversalKeyStoreSignatureSpiBase.engineSign(HwUniversalKeyStoreSignatureSpiBase.java:322)
2025-05-14 09:43:19.891 31836-23720 System.err W at java.security.Signature$Delegate.engineSign(Signature.java:1418)
2025-05-14 09:43:19.891 31836-23720 System.err W at java.security.Signature.sign(Signature.java:739)
2025-05-14 09:43:19.891 31836-23720 System.err W at com.tencent.soter.wrapper.wrap_task.TaskBiometricAuthentication.executeWhenAuthenticated(TaskBiometricAuthentication.java:335)
2025-05-14 09:43:19.891 31836-23720 System.err W at com.tencent.soter.wrapper.wrap_task.TaskBiometricAuthentication.access$1000(TaskBiometricAuthentication.java:48)
2025-05-14 09:43:19.891 31836-23720 System.err W at com.tencent.soter.wrapper.wrap_task.TaskBiometricAuthentication$AuthenticationCallbackImpl$4.run(TaskBiometricAuthentication.java:469)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.Handler.handleCallback(Handler.java:966)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.Handler.dispatchMessage(Handler.java:110)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.Looper.loopOnce(Looper.java:205)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.Looper.loop(Looper.java:293)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.HandlerThread.run(HandlerThread.java:110)
初步定位:TaskBiometricAuthentication中报错
mSignatureToAuth.update(mChallenge.getBytes(Charset.forName("UTF-8")));
调用了AuthenticationParam.AuthenticationParamBuilder的setUseBiometricPrompt(true)
最终调用到了FingerprintManagerProxy的authenticate,触发authenticateApi28
`
@SuppressLint("MissingPermission")
private static void authenticateApi28(Context context, CryptoObject crypto, int flags, Object cancel,
final AuthenticationCallback callback, Handler handler, Bundle extra) {
// ...ignore
builder.build().authenticate((android.os.CancellationSignal) cancel, context.getMainExecutor(), wrapCallback2(callback));
}
`
其中CryptoObject 没有用到,BiometricPrompt的authenticate方法可以接收带CryptoObject
目前临时解决:编译期替换authenticateApi28方法,将FingerprintManagerProxy.CryptoObject转为BiometricPrompt.CryptoObject,调用BiometricPrompt带CryptoObject的authenticate
问题:
- 临时解决方案是否有潜在的其他问题
- 希望维护者能尽快处理下
背景:安全接入的情况下
机型:华为 Mate 50,CET-AL00
系统:Android 12,API 31,HarmonyOS 4.2.0
Soter版本:2.1.15
异常信息:
2025-05-14 09:43:19.891 31836-23720 Soter.Task...entication E soter: sign failed due to exception: com.huawei.security.keystore.HwUniversalKeyStoreException: System error
2025-05-14 09:43:19.891 31836-23720 System.err W java.security.SignatureException: com.huawei.security.keystore.HwUniversalKeyStoreException: System error
2025-05-14 09:43:19.891 31836-23720 System.err W at com.huawei.security.keystore.HwUniversalKeyStoreSignatureSpiBase.engineSign(HwUniversalKeyStoreSignatureSpiBase.java:322)
2025-05-14 09:43:19.891 31836-23720 System.err W at java.security.Signature$Delegate.engineSign(Signature.java:1418)
2025-05-14 09:43:19.891 31836-23720 System.err W at java.security.Signature.sign(Signature.java:739)
2025-05-14 09:43:19.891 31836-23720 System.err W at com.tencent.soter.wrapper.wrap_task.TaskBiometricAuthentication.executeWhenAuthenticated(TaskBiometricAuthentication.java:335)
2025-05-14 09:43:19.891 31836-23720 System.err W at com.tencent.soter.wrapper.wrap_task.TaskBiometricAuthentication.access$1000(TaskBiometricAuthentication.java:48)
2025-05-14 09:43:19.891 31836-23720 System.err W at com.tencent.soter.wrapper.wrap_task.TaskBiometricAuthentication$AuthenticationCallbackImpl$4.run(TaskBiometricAuthentication.java:469)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.Handler.handleCallback(Handler.java:966)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.Handler.dispatchMessage(Handler.java:110)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.Looper.loopOnce(Looper.java:205)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.Looper.loop(Looper.java:293)
2025-05-14 09:43:19.891 31836-23720 System.err W at android.os.HandlerThread.run(HandlerThread.java:110)
初步定位:TaskBiometricAuthentication中报错
mSignatureToAuth.update(mChallenge.getBytes(Charset.forName("UTF-8")));调用了AuthenticationParam.AuthenticationParamBuilder的setUseBiometricPrompt(true)
最终调用到了FingerprintManagerProxy的authenticate,触发authenticateApi28
`
`
其中CryptoObject 没有用到,BiometricPrompt的authenticate方法可以接收带CryptoObject
目前临时解决:编译期替换authenticateApi28方法,将FingerprintManagerProxy.CryptoObject转为BiometricPrompt.CryptoObject,调用BiometricPrompt带CryptoObject的authenticate
问题: