Android Fido2PendingIntent().launchPendingIntent fail first time, and works successive times

699 views Asked by At

Why does Google's Fido2PendingIntent().launchPendingIntent method fail (no fingerprint/passcode prompt is displayed) on the first attempt with the error code:

SECURITY_ERR - The operation is insecure. The incoming request cannot be validated.

And, successive attempts typically result in the the above call working (fingerprint/passcode is prompt displayed), and no longer getting this error.

These are the main snippets of the code:

ListenerRegistration.java:

    try {
        // Get intent for FIDO2 operation.
        Fido2ApiClient fido2ApiClient = Fido.getFido2ApiClient( this.activity );
        Task<Fido2PendingIntent> task = fido2ApiClient.getRegisterIntent( pkcco );

        // Send intent back to UI through callback.
        Log.d( TAG, "LISTENERREGISTRATION.java IS NOW ATTEMPTING TO OPEN FINGERPRINT/SECRUITY PROMPT" );
        this.fidoDelegate.launchFidoPrompt( Tasks.await( task ), FidoPromptCallback.FIDO2_REGISTRATION );

        // Wait for authenticator to complete.
        this.fidoAuthenticatorLock.acquire();
    } catch( ExecutionException e ) {
        // Threw exception while waiting for authenticator.
        // Pass Fido2AuthenticatorException back to calling class so it can handle error appropriately.
        throw new Fido2AuthenticatorException( this.sFido2AuthenticatorErrorMessage, this.fido2ErrorCode );
    } catch( InterruptedException e ) {
        // Threw exception while waiting for authenticator.
        // Pass Fido2AuthenticatorException back to calling class so it can handle error appropriately.
        throw new Fido2AuthenticatorException( this.sFido2AuthenticatorErrorMessage, this.fido2ErrorCode );
    }

MainActivity.java:

       // Instantiate class to handle VC functionality called by listener.
       this.lo = new ListenerOperations(MainActivity.this, new FidoPromptCallback() {
        @Override
        public void launchFidoPrompt(Fido2PendingIntent fido2Intent, int iOperation) {
            // Determine how to handle authenticator result.
            int iCode;
            if (iOperation == FidoPromptCallback.FIDO2_REGISTRATION) {
                iCode = MainActivity.REQUEST_FIDO2_REGISTER;
            } else if (iOperation == FidoPromptCallback.FIDO2_ASSERTION) {
                iCode = MainActivity.REQUEST_FIDO2_ASSERTION;
            } else {
                // Invalid operation.
                iCode = -1;
            }

            try {
                // Launch the fingerprint dialog by launching the intent from FIDO2 API.
                Log.d( TAG, "MAINACTIVITY.java IS NOW ATTEMPTING TO OPEN FINGERPRINT/SECRUITY PROMPT" );
                fido2Intent.launchPendingIntent( MainActivity.this, iCode );
                Log.d( TAG, "MAINACTIVITY.java HAS OPENNED FINGERPRINT/SECRUITY PROMPT WITH NO ERRORS" );

            } catch( IntentSender.SendIntentException e ) {
                // Error launching pending intent for register request.
                Log.d(TAG, "SADFACE - FAILED TO OPEN FINGERPRINT FIDO DIALOG");
            } catch (Exception e) {
                Log.d( TAG, "GENERAL EXCEPTION OCCURRED WHEN CALLING fido2Intent.launchPendingIntent" );
                e.printStackTrace();
            }
            Log.d( TAG, "MAINACTIVITY.java END OF launchFidoPrompt()" );
        }

On failure (and success) the logs look like this (because no exception is ever thrown even after getting the SECURITY_ERR error):

other logs
...
10-01 10:31:36.289 14272 15728 D MainActivity.java: LISTENERREGISTRATION.java IS NOW ATTEMPTING TO OPEN FINGERPRINT/SECRUITY PROMPT
...
10-01 10:31:37.589 14974 15728 D MainActivity.java: MAINACTIVITY.java IS NOW ATTEMPTING TO OPEN FINGERPRINT/SECRUITY PROMPT
10-01 10:31:37.602  4053  4953 I ActivityManager: START u0 {act=null typ=null flg=0x0 cmp=ComponentInfo{com.google.android.gms/com.google.android.gms.fido.fido2.ui.Fido2FullScreenActivity}} from uid 10031
10-01 10:31:37.623  4053  4953 D CustomFrequencyManagerService: acquireDVFSLockLocked : type : DVFS_MIN_LIMIT  frequency : 1560000  uid : 1000  pid : 4053  pkgName : AMS_APP_SWITCH@CPU_MIN@47
10-01 10:31:37.625  4053  4953 D ActivityManagerPerformance: AMP_acquire() APP_SWITCH
10-01 10:31:37.628  3633  3633 I SurfaceFlinger: id=56380 createSurf (3040x3040),2 flag=4, AppWindowToken{2800ead token=Token{77b3fc4 ActivityRecord{44bad7 u0 com.google.android.gms/.fido.fido2.ui.Fido2FullScreenActivity t7062}}}#0
10-01 10:31:37.636  4053  4953 D ActivityManager: Received ACTIVITY intent in key u0 {bcd25e2 act=nullstartActivity cmp=ComponentInfo{com.google.android.gms/com.google.android.gms.fido.fido2.ui.Fido2FullScreenActivity} res=0} from uid 10218
10-01 10:31:37.637 14974 15728 D MainActivity.java: MAINACTIVITY.java HAS OPENNED FINGERPRINT/SECRUITY PROMPT WITH NO ERRORS
10-01 10:31:37.637 14974 15728 D MainActivity.java: MAINACTIVITY.java END OF launchFidoPrompt()

The fact that my code does not get notified of any exceptions, leads me to believe that the issue lies inside the call to Fido2PendingIntent().launchPendingIntent.

Note that now exceptgion in this code:

0

There are 0 answers