Merge pull request #131 from /issues/127-safe-password

Implement secure passwords

android/src/main/java/com/wultra/android/powerauth/reactnative/Constants.java

@@ -37,4 +37,12 @@ class Constants {
      * Time interval in milliseconds to keep pre-authorized biometric key in memory.
      */
     static final int BIOMETRY_KEY_KEEP_ALIVE_TIME   = 10_000;
+    /**
+     * Time interval in milliseconds to keep password object valid in memory.
+     */
+    static final int PASSWORD_KEY_KEEP_ALIVE_TIME    = 5 * 60 * 1_000;
+    /**
+     * Upper limit for Unicode Code Point.
+     */
+    static final int CODEPOINT_MAX                   = 0x10FFFF;
 }

android/src/main/java/com/wultra/android/powerauth/reactnative/ObjectRegister.java

@@ -42,6 +42,7 @@
 
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
+import io.getlime.security.powerauth.core.Password;
 import io.getlime.security.powerauth.exception.PowerAuthErrorException;
 
 /**
@@ -670,7 +671,7 @@ WritableMap debugDump() {
                 // Note: This is not very accurate, but we're using this only for the debugging purposes
                 final long bootTime = System.currentTimeMillis() - currentTime();
                 map.putString("id", key);
-                map.putString("class", object.getClass().getSimpleName());
+                map.putString("class", object.managedInstance().getClass().getSimpleName());
                 map.putArray("policies", debugPolicies);
                 map.putBoolean("isValid", isStillValid());
                 if (tag != null) {
@@ -712,6 +713,8 @@ void debugCommand(String command, ReadableMap options, Promise promise) {
                 objectClass = byte[].class;
             } else if ("number".equals(objectType)) {
                 objectClass = Integer.class;
+            } else if ("password".equals(objectType)) {
+                objectClass = Password.class;
             }
             if ("create".equals(command)) {
                 // The "create" command creates a new instance of managed object
@@ -744,6 +747,8 @@ void debugCommand(String command, ReadableMap options, Promise promise) {
                         instance = ManagedAny.wrap("SECURE-DATA".getBytes(StandardCharsets.UTF_8));
                     } else if ("number".equals(objectType)) {
                         instance = ManagedAny.wrap(42);
+                    } else if ("password".equals(objectType)) {
+                        instance = ManagedAny.wrap(new Password(), Password::destroy);
                     }
                     if (instance != null) {
                         promise.resolve(registerObject(instance, objectTag, policies));

android/src/main/java/com/wultra/android/powerauth/reactnative/PowerAuthPasswordModule.java

@@ -0,0 +1,190 @@
+/*
+ * Copyright 2022 Wultra s.r.o.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.wultra.android.powerauth.reactnative;
+
+import com.facebook.react.bridge.BaseJavaModule;
+import com.facebook.react.bridge.Promise;
+import com.facebook.react.bridge.ReactApplicationContext;
+import com.facebook.react.bridge.ReactContextBaseJavaModule;
+import com.facebook.react.bridge.ReactMethod;
+import com.facebook.react.module.annotations.ReactModule;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import androidx.annotation.NonNull;
+import androidx.annotation.Nullable;
+import io.getlime.security.powerauth.core.Password;
+
+@SuppressWarnings("unused")
+@ReactModule(name = "PowerAuthPassword")
+public class PowerAuthPasswordModule extends BaseJavaModule {
+
+    private final ObjectRegister objectRegister;
+
+    public PowerAuthPasswordModule(@NonNull ObjectRegister objectRegister) {
+        super();
+        this.objectRegister = objectRegister;
+    }
+
+    @NonNull
+    @Override
+    public String getName() {
+        return "PowerAuthPassword";
+    }
+
+    @ReactMethod
+    public void initialize(boolean destroyOnUse, @Nullable String ownerId, int autoreleaseTime, Promise promise) {
+        if (ownerId != null && !objectRegister.containsObject(ownerId)) {
+            promise.reject(Errors.EC_INSTANCE_NOT_CONFIGURED, "PowerAuth instance is not configured");
+            return;
+        }
+        int releaseTime = Constants.PASSWORD_KEY_KEEP_ALIVE_TIME;
+        if (BuildConfig.DEBUG) {
+            if (autoreleaseTime != 0) {
+                releaseTime = Math.min(autoreleaseTime, Constants.PASSWORD_KEY_KEEP_ALIVE_TIME);
+            }
+        }
+        final ManagedAny<Password> instance = ManagedAny.wrap(new Password(), Password::destroy);
+        final List<ReleasePolicy> releasePolicies = destroyOnUse
+                ? Arrays.asList(ReleasePolicy.afterUse(1), ReleasePolicy.keepAlive(releaseTime))
+                : Collections.singletonList(ReleasePolicy.keepAlive(releaseTime));
+        promise.resolve(objectRegister.registerObject(instance, ownerId, releasePolicies));
+    }
+
+    @ReactMethod
+    public void release(String objectId, Promise promise) {
+        objectRegister.removeObject(objectId, Password.class);
+        promise.resolve(null);
+    }
+
+    @ReactMethod
+    public void clear(String objectId, Promise promise) {
+        withPassword(objectId, promise, password -> {
+            password.clear();
+            promise.resolve(null);
+        });
+    }
+
+    @ReactMethod
+    public void length(String objectId, Promise promise) {
+        withPassword(objectId, promise, password -> {
+            promise.resolve(password.length());
+        });
+    }
+
+    @ReactMethod
+    public void isEqual(String id1, String id2, Promise promise) {
+        withPassword(id1, promise, p1 -> {
+            withPassword(id2, promise, p2 -> {
+                promise.resolve(p1.isEqualToPassword(p2));
+            });
+        });
+    }
+
+    @ReactMethod
+    public void addCharacter(String objectId, int character, Promise promise) {
+        withPassword(objectId, character, promise, (password, codePoint) -> {
+            password.addCharacter(codePoint);
+            promise.resolve(password.length());
+        });
+    }
+
+    @ReactMethod
+    public void insertCharacter(String objectId, int character, int position, Promise promise) {
+        withPassword(objectId, character, promise, (password, codePoint) -> {
+            if (position >= 0 && position <= password.length()) {
+                password.insertCharacter(codePoint, position);
+                promise.resolve(password.length());
+            } else {
+                promise.reject(Errors.EC_WRONG_PARAMETER, "Position is out of range");
+            }
+        });
+    }
+
+    @ReactMethod
+    public void removeCharacter(String objectId, int position, Promise promise) {
+        withPassword(objectId, promise, password -> {
+            if (position >= 0 && position < password.length()) {
+                password.removeCharacter(position);
+                promise.resolve(password.length());
+            } else {
+                promise.reject(Errors.EC_WRONG_PARAMETER, "Position is out of range");
+            }
+        });
+    }
+
+    @ReactMethod
+    public void removeLastCharacter(String objectId, Promise promise) {
+        withPassword(objectId, promise, password -> {
+            password.removeLastCharacter();
+            promise.resolve(password.length());
+        });
+    }
+
+    // Private methods
+
+    /**
+     * Action to execute when password object is found in object register.
+     */
+    private interface Action {
+        void action(@NonNull Password password);
+    }
+
+    /**
+     * Execute action when Password is found in object register.
+     * @param objectId Password object identifier.
+     * @param promise Promise to reject or resolve.
+     * @param action Action to execute.
+     */
+    private void withPassword(String objectId, final Promise promise, final @NonNull Action action) {
+        final Password password = objectRegister.touchObject(objectId, Password.class);
+        if (password != null) {
+            action.action(password);
+        } else {
+            promise.reject(Errors.EC_INVALID_NATIVE_OBJECT, "Password object is no longer valid");
+        }
+    }
+
+    /**
+     * Action to execute with valid code point, when password object is found in object register.
+     */
+    private interface CharacterAction {
+        void action(@NonNull Password password, int codePoint);
+    }
+
+    /**
+     * Execute action when Password is found in object register.
+     * @param objectId Password object identifier.
+     * @param character Character that represents an unicode code point.
+     * @param promise Promise to reject or resolve.
+     * @param action Action to execute.
+     */
+    private void withPassword(String objectId, int character, final Promise promise, final @NonNull CharacterAction action) {
+        if (character < 0 || character > Constants.CODEPOINT_MAX) {
+            promise.reject(Errors.EC_WRONG_PARAMETER, "Invalid CodePoint");
+            return;
+        }
+        final Password password = objectRegister.touchObject(objectId, Password.class);
+        if (password != null) {
+            action.action(password, character);
+        } else {
+            promise.reject(Errors.EC_INVALID_NATIVE_OBJECT, "Password object is no longer valid");
+        }
+    }
+}

android/src/main/java/com/wultra/android/powerauth/reactnative/PowerAuthRNPackage.java → android/src/main/java/com/wultra/android/powerauth/reactnative/PowerAuthReactPackage.java

@@ -28,7 +28,7 @@
 import java.util.List;
 
 @SuppressWarnings("unused")
-public class PowerAuthRNPackage implements ReactPackage {
+public class PowerAuthReactPackage implements ReactPackage {
 
     @NonNull
     @Override
@@ -40,8 +40,10 @@ public List<ViewManager> createViewManagers(@NonNull ReactApplicationContext rea
     @Override
     public List<NativeModule> createNativeModules(@NonNull ReactApplicationContext reactContext) {
         List<NativeModule> modules = new ArrayList<>();
-        modules.add(new PowerAuthRNModule(reactContext));
-        modules.add(new ObjectRegister());
+        final ObjectRegister objectRegister = new ObjectRegister();
+        modules.add(new PowerAuthModule(reactContext, objectRegister));
+        modules.add(new PowerAuthPasswordModule(objectRegister));
+        modules.add(objectRegister);
         return modules;
     }
 }

docs/Password-Change.md

@@ -61,4 +61,4 @@ try {
 
 ## Read Next
 
-- [Biometry Setup](./Biometry-Setup.md)
+- [Working with passwords securely](Secure-Password.md)

docs/Readme.md

@@ -11,6 +11,7 @@ In order to connect to the [PowerAuth](https://www.wultra.com/product/powerauth-
 - [Requesting Device Activation Status](Requesting-Device-Activation-Status.md)
 - [Data Signing](Data-Signing.md)
 - [Password Change](Password-Change.md)
+- [Working with passwords securely](Secure-Password.md)
 - [Biometry Setup](Biometry-Setup.md)
 - [Device Activation Removal](Device-Activation-Removal.md)
 - [Secure Vault](Secure-Vault.md)