ahusan/fksar
1
0
Fork 0
forked from shihaam/thijooree
Code Pull Requests Activity
Files
d59a6fad8294dcbb37d0e4144f33bb18e15e90b5
fksar/app/src/main/java/sh/sar/basedbank/LockActivity.kt
T

322 lines
12 KiB
Kotlin
Raw Blame History

package sh.sar.basedbank
import android.content.Intent
import android.os.Bundle
import android.util.Base64
import android.view.View
import android.widget.LinearLayout
import androidx.activity.OnBackPressedCallback
import androidx.appcompat.app.AppCompatActivity
import androidx.biometric.BiometricManager
import androidx.biometric.BiometricPrompt
import androidx.core.content.ContextCompat
import androidx.lifecycle.lifecycleScope
import com.google.android.material.button.MaterialButton
import kotlinx.coroutines.Dispatchers
import kotlinx.coroutines.launch
import kotlinx.coroutines.withContext
import sh.sar.basedbank.databinding.ActivityLockBinding
import sh.sar.basedbank.ui.home.HomeActivity
import sh.sar.basedbank.util.CredentialStore
import java.security.MessageDigest
import java.security.SecureRandom
import javax.crypto.SecretKeyFactory
import javax.crypto.spec.PBEKeySpec
class LockActivity : AppCompatActivity() {
private lateinit var binding: ActivityLockBinding
private val pinDigits = mutableListOf<Int>()
private lateinit var method: String
private lateinit var salt: String
private lateinit var storedHash: String
private var biometricsEnabled = false
private var isLegacyFormat = false
private var isVerifying = false
private val lockPrefs get() = getSharedPreferences("lock_attempts", MODE_PRIVATE)
companion object {
private const val MAX_ATTEMPTS = 5
private const val LOCKOUT_MS = 30_000L
const val EXTRA_RESUME = "resume"
}
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
binding = ActivityLockBinding.inflate(layoutInflater)
setContentView(binding.root)
val prefs = getSharedPreferences("prefs", MODE_PRIVATE)
method = prefs.getString("security_method", "pin") ?: "pin"
biometricsEnabled = prefs.getBoolean("biometrics_enabled", false)
// Try new encrypted format first; fall back to legacy SHA-256
val stored = CredentialStore(this).loadSecurityHash()
if (stored != null) {
salt = stored.first
storedHash = stored.second
isLegacyFormat = false
} else {
salt = prefs.getString("security_salt", "") ?: ""
storedHash = prefs.getString("security_hash", "") ?: ""
isLegacyFormat = true
}
if (method == "pin") {
binding.viewPin.visibility = View.VISIBLE
buildNumpad()
updateDots()
if (biometricsEnabled) binding.btnLockBiometricFromPin.visibility = View.VISIBLE
binding.btnLockBiometricFromPin.setOnClickListener { triggerBiometric() }
} else {
binding.viewPattern.visibility = View.VISIBLE
if (biometricsEnabled) binding.btnLockBiometricFromPattern.visibility = View.VISIBLE
binding.btnLockBiometricFromPattern.setOnClickListener { triggerBiometric() }
binding.lockPatternView.onPatternComplete = { pattern -> verifyPattern(pattern) }
}
if (biometricsEnabled) triggerBiometric()
onBackPressedDispatcher.addCallback(this, object : OnBackPressedCallback(true) {
override fun handleOnBackPressed() {
moveTaskToBack(true)
}
})
}
private fun buildNumpad() {
val dp = resources.displayMetrics.density
val btnSize = (68 * dp).toInt()
val btnMarginH = (10 * dp).toInt()
val rowMarginV = (6 * dp).toInt()
val rows = listOf(
listOf("1", "2", "3"),
listOf("4", "5", "6"),
listOf("7", "8", "9"),
listOf("", "0", "")
)
rows.forEach { keys ->
val row = LinearLayout(this).apply {
orientation = LinearLayout.HORIZONTAL
gravity = android.view.Gravity.CENTER
layoutParams = LinearLayout.LayoutParams(
LinearLayout.LayoutParams.WRAP_CONTENT,
LinearLayout.LayoutParams.WRAP_CONTENT
).also { it.setMargins(0, rowMarginV, 0, rowMarginV) }
}
keys.forEach { key ->
val style = if (key == "")
com.google.android.material.R.attr.materialButtonStyle
else
com.google.android.material.R.attr.materialButtonOutlinedStyle
val btn = MaterialButton(this, null, style).apply {
text = key
textSize = 24f
insetTop = 0; insetBottom = 0
minimumWidth = 0; minimumHeight = 0
cornerRadius = btnSize / 2
layoutParams = LinearLayout.LayoutParams(btnSize, btnSize)
.also { it.setMargins(btnMarginH, 0, btnMarginH, 0) }
}
btn.setOnClickListener { handleKey(key) }
row.addView(btn)
}
binding.lockNumpadContainer.addView(row)
}
}
private fun handleKey(key: String) {
if (isVerifying) return
when (key) {
"" -> if (pinDigits.isNotEmpty()) { pinDigits.removeLast(); updateDots() }
"" -> if (pinDigits.size >= 4) verifyPin()
else -> if (pinDigits.size < 8) { pinDigits.add(key.toInt()); updateDots() }
}
}
private fun updateDots() {
val n = pinDigits.size
binding.tvLockPinDots.text = "".repeat(n) + "".repeat(maxOf(4 - n, 0))
}
private fun verifyPin() {
if (checkAndShowLockout()) return
val entered = pinDigits.joinToString("")
pinDigits.clear()
updateDots()
isVerifying = true
lifecycleScope.launch {
val ok = withContext(Dispatchers.Default) { verify(entered) }
isVerifying = false
if (ok) {
migrateIfNeeded(entered)
resetFailures()
proceed()
} else {
showFailure()
}
}
}
private fun verifyPattern(pattern: List<Int>) {
if (pattern.size < 4) {
binding.lockPatternView.showError()
binding.tvPatternHint.text = getString(R.string.pattern_min_dots)
return
}
if (checkAndShowLockout()) {
binding.lockPatternView.showError()
return
}
val entered = pattern.joinToString("")
isVerifying = true
lifecycleScope.launch {
val ok = withContext(Dispatchers.Default) { verify(entered) }
isVerifying = false
if (ok) {
migrateIfNeeded(entered)
resetFailures()
proceed()
} else {
binding.lockPatternView.showError()
val msg = failureMessage()
binding.tvPatternHint.text = msg
binding.root.postDelayed({ binding.tvPatternHint.text = "" }, 1500)
}
}
}
/** Returns true and shows the lockout message if currently locked out. */
private fun checkAndShowLockout(): Boolean {
val remaining = lockoutRemainingMs()
if (remaining <= 0) return false
val secs = ((remaining + 999L) / 1000L).toInt()
val msg = getString(R.string.unlock_locked_out, secs)
binding.tvLockPinDots.text = msg
binding.root.postDelayed({ updateDots() }, remaining)
return true
}
private fun showFailure() {
val msg = failureMessage()
binding.tvLockPinDots.text = msg
binding.root.postDelayed({ updateDots() }, 1200)
}
private fun failureMessage(): String {
val fails = incrementFailures()
val left = MAX_ATTEMPTS - fails
return if (left <= 0) {
val secs = (LOCKOUT_MS / 1000L).toInt()
getString(R.string.unlock_locked_out, secs)
} else {
getString(R.string.unlock_attempts_remaining, left)
}
}
private fun verify(input: String): Boolean {
if (storedHash.isBlank()) return false
return if (isLegacyFormat) {
sha256Legacy(salt + input) == storedHash
} else {
val saltBytes = Base64.decode(salt, Base64.NO_WRAP)
pbkdf2(input, saltBytes) == storedHash
}
}
/**
* On the first successful unlock after legacy SHA-256 format is detected,
* transparently migrate to PBKDF2 + CredentialStore.
*/
private fun migrateIfNeeded(input: String) {
if (!isLegacyFormat) return
try {
val newSalt = ByteArray(16).also { SecureRandom().nextBytes(it) }
val newHash = pbkdf2(input, newSalt)
val saltB64 = Base64.encodeToString(newSalt, Base64.NO_WRAP)
CredentialStore(this).saveSecurityHash(saltB64, newHash)
// Remove legacy plaintext fields
getSharedPreferences("prefs", MODE_PRIVATE).edit()
.remove("security_salt").remove("security_hash").apply()
isLegacyFormat = false
} catch (_: Exception) { /* migration will retry next unlock */ }
}
private fun triggerBiometric() {
val canAuth = BiometricManager.from(this)
.canAuthenticate(BiometricManager.Authenticators.BIOMETRIC_WEAK)
if (canAuth != BiometricManager.BIOMETRIC_SUCCESS) return
val prompt = BiometricPrompt(
this,
ContextCompat.getMainExecutor(this),
object : BiometricPrompt.AuthenticationCallback() {
override fun onAuthenticationSucceeded(result: BiometricPrompt.AuthenticationResult) {
resetFailures()
proceed()
}
override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
// User cancelled or error — fall back to PIN/pattern (already visible)
}
}
)
val info = BiometricPrompt.PromptInfo.Builder()
.setTitle(getString(R.string.unlock_app))
.setSubtitle(getString(R.string.biometric_prompt_subtitle))
.setNegativeButtonText(getString(R.string.biometric_negative_btn))
.setAllowedAuthenticators(BiometricManager.Authenticators.BIOMETRIC_WEAK)
.build()
prompt.authenticate(info)
}
private fun proceed() {
if (intent.getBooleanExtra(EXTRA_RESUME, false)) {
finish()
} else {
startActivity(Intent(this, HomeActivity::class.java))
finish()
}
}
// ── Brute-force tracking ──────────────────────────────────────────────────
private fun incrementFailures(): Int {
val fails = lockPrefs.getInt("fail_count", 0) + 1
lockPrefs.edit()
.putInt("fail_count", fails)
.putLong("last_fail_time", System.currentTimeMillis())
.apply()
return fails
}
private fun resetFailures() {
lockPrefs.edit().remove("fail_count").remove("last_fail_time").apply()
}
private fun lockoutRemainingMs(): Long {
val fails = lockPrefs.getInt("fail_count", 0)
if (fails < MAX_ATTEMPTS) return 0L
val lastFail = lockPrefs.getLong("last_fail_time", 0L)
return maxOf(0L, LOCKOUT_MS - (System.currentTimeMillis() - lastFail))
}
// ── Crypto ────────────────────────────────────────────────────────────────
private fun pbkdf2(input: String, salt: ByteArray): String {
val spec = PBEKeySpec(input.toCharArray(), salt, 100_000, 256)
return try {
val hash = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256").generateSecret(spec).encoded
Base64.encodeToString(hash, Base64.NO_WRAP)
} finally {
spec.clearPassword()
}
}
/** Legacy: raw SHA-256(salt + input) — only used for migration path. */
private fun sha256Legacy(input: String) = MessageDigest.getInstance("SHA-256")
.digest(input.toByteArray()).joinToString("") { "%02x".format(it) }
}
View Git Blame Copy Permalink