BiometricAuthenticator: implement biometric authentication for sensitive operations

When biometric hardware is available, it will be used to authenticate the user before private keys are shown on screen or when zip exports are executed. Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
author: Harsh Shandilya <me@msfjarvis.dev> 2020-03-30 10:45:49 +0530
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2020-03-30 03:23:32 -0600
commit: d2721f2d7dd5b9660bba1fe59b91bb5f3122cd76 (patch)
tree: bc9894a8d176969443658a56e29f540efb819654 /ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt
parent: ObservableTunnel: Don't cache configAsync (diff)
download: wireguard-android-d2721f2d7dd5b9660bba1fe59b91bb5f3122cd76.tar.xz
wireguard-android-d2721f2d7dd5b9660bba1fe59b91bb5f3122cd76.zip
1 files changed, 20 insertions, 5 deletions
diff --git a/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt b/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt
index 9ac2473c..1b8af50e 100644
--- a/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt
+++ b/ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt
@@ -25,6 +25,7 @@ import com.wireguard.android.backend.Tunnel
 import com.wireguard.android.databinding.TunnelEditorFragmentBinding
 import com.wireguard.android.fragment.AppListDialogFragment.AppExclusionListener
 import com.wireguard.android.model.ObservableTunnel
+import com.wireguard.android.util.BiometricAuthenticator
 import com.wireguard.android.util.ErrorMessages
 import com.wireguard.android.viewmodel.ConfigProxy
 import com.wireguard.android.widget.EdgeToEdge.setUpRoot
@@ -233,13 +234,27 @@ class TunnelEditorFragment : BaseFragment(), AppExclusionListener {
         if (!isFocused) return
         val edit = view as? EditText ?: return
         if (!haveShownKeys && edit.text.isNotEmpty()) {
-            if (true /* TODO: do biometric auth prompt */) {
-                haveShownKeys = true
-            } else {
-                /* Unauthorized, so return and don't change visibility. */
-                return
+            BiometricAuthenticator.authenticate(R.string.biometric_prompt_private_key_title, requireActivity()) {
+                when (it) {
+                    is BiometricAuthenticator.Result.Success, is BiometricAuthenticator.Result.HardwareUnavailableOrDisabled -> {
+                        haveShownKeys = true
+                        showPrivateKey(edit)
+                    }
+                    is BiometricAuthenticator.Result.Failure -> {
+                        Snackbar.make(
+                                binding!!.mainContainer,
+                                it.message,
+                                Snackbar.LENGTH_SHORT
+                        ).show()
+                    }
+                }
             }
+        } else {
+            showPrivateKey(edit)
         }
+    }
+
+    private fun showPrivateKey(edit: EditText) {
         requireActivity().window.addFlags(WindowManager.LayoutParams.FLAG_SECURE)
         edit.inputType = InputType.TYPE_TEXT_FLAG_NO_SUGGESTIONS or InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD
     }
author	Harsh Shandilya <me@msfjarvis.dev>	2020-03-30 10:45:49 +0530
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2020-03-30 03:23:32 -0600
commit	d2721f2d7dd5b9660bba1fe59b91bb5f3122cd76 (patch)
tree	bc9894a8d176969443658a56e29f540efb819654 /ui/src/main/java/com/wireguard/android/fragment/TunnelEditorFragment.kt
parent	ObservableTunnel: Don't cache configAsync (diff)
download	wireguard-android-d2721f2d7dd5b9660bba1fe59b91bb5f3122cd76.tar.xz wireguard-android-d2721f2d7dd5b9660bba1fe59b91bb5f3122cd76.zip