Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Failed to delete entry: CognitoIdentityProviderCache.aesKeyStoreAlias #2891

Open
1 task done
LevGloba opened this issue Aug 9, 2024 · 4 comments
Open
1 task done
Labels
auth Related to the Auth category/plugins bug Something isn't working

Comments

@LevGloba
Copy link

LevGloba commented Aug 9, 2024

Before opening, please confirm:

Language and Async Model

Kotlin - Coroutines

Amplify Categories

Authentication

Gradle script dependencies

implementation "com.amplifyframework:aws-api:2.20.0" implementation "com.amplifyframework:aws-datastore:2.20.0" implementation "com.amplifyframework:aws-auth-cognito:2.20.0" implementation "com.amplifyframework:core-kotlin:2.20.0" implementation "com.amplifyframework:core:2.20.0" implementation "com.amplifyframework:aws-storage-s3:2.20.0"

Environment information

Gradle Version 8.7

Please include any relevant guides or documentation you're referencing

No response

Describe the bug

Failed to delete entry: CognitoIdentityProviderCache.aesKeyStoreAlias.
There was a bug once
Phone model Huawei Y5 2018, Android version 8.1.0

Reproduction steps (if applicable)

In the App class, inherited from Application, call methods:
1.Amplify.addPlugin(AWSCognitoAuthPlugin());
2.Amplify.addPlugin(AWSS3StoragePlugin());
3.Amplify.configure(
AmplifyConfiguration.fromConfigFile(
applicationContext,
R.raw.amplifyconfiguration
), applicationContext
)

Code Snippet

@HiltAndroidApp
class App : Application() {

    override fun onCreate() {
        super.onCreate()
        initAmplify()
       ...
    }
...
    private fun initAmplify() {
        Amplify.addPlugin(AWSCognitoAuthPlugin())
        Amplify.addPlugin(AWSS3StoragePlugin())
        Amplify.configure(
            AmplifyConfiguration.fromConfigFile(
                applicationContext,
                R.raw.amplifyconfiguration
            ), applicationContext
        )
    }
}

Log output

      Fatal Exception: java.security.KeyStoreException: Failed to delete entry: CognitoIdentityProviderCache.aesKeyStoreAlias
   at android.security.keystore.AndroidKeyStoreSpi.engineDeleteEntry(AndroidKeyStoreSpi.java:778)
   at java.security.KeyStore.deleteEntry(KeyStore.java:1257)
   at com.amplifyframework.auth.cognito.data.LegacyKeyProvider.deleteKey(LegacyKeyProvider.kt:82)
   at com.amplifyframework.auth.cognito.data.LegacyKeyValueRepository.retrieveEncryptionKey-IoAF18A(LegacyKeyValueRepository.kt:271)
   at com.amplifyframework.auth.cognito.data.LegacyKeyValueRepository.get(LegacyKeyValueRepository.kt:161)
   at com.amplifyframework.auth.cognito.data.AWSCognitoLegacyCredentialStore.getTokenKeys(AWSCognitoLegacyCredentialStore.kt:272)
   at com.amplifyframework.auth.cognito.data.AWSCognitoLegacyCredentialStore.retrieveSignedInData(AWSCognitoLegacyCredentialStore.kt:207)
   at com.amplifyframework.auth.cognito.data.AWSCognitoLegacyCredentialStore.retrieveCredential(AWSCognitoLegacyCredentialStore.kt:105)
   at com.amplifyframework.auth.cognito.actions.CredentialStoreCognitoActions$migrateLegacyCredentialStoreAction$$inlined$invoke$1.execute(Action.kt:69)
   at com.amplifyframework.statemachine.ConcurrentEffectExecutor$execute$1$1.invokeSuspend(ConcurrentEffectExecutor.kt:26)
   at kotlin.coroutines.jvm.internal.BaseContinuationImpl.resumeWith(ContinuationImpl.kt:33)
   at kotlinx.coroutines.DispatchedTask.run(DispatchedTask.kt:108)
   at kotlinx.coroutines.scheduling.CoroutineScheduler.runSafely(CoroutineScheduler.kt:584)
   at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.executeTask(CoroutineScheduler.kt:793)
   at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.runWorker(CoroutineScheduler.kt:697)
   at kotlinx.coroutines.scheduling.CoroutineScheduler$Worker.run(CoroutineScheduler.kt:684)

amplifyconfiguration.json

No response

GraphQL Schema

// Put your schema below this line

Additional information and screenshots

No response

@github-actions github-actions bot added the pending-triage Issue is pending triage label Aug 9, 2024
@mattcreaser
Copy link
Member

Hi @LevGloba, thanks for your report. We have seen quite a few KeyStore issues on Huawei devices 😢 This particular error may be safe to catch internally, so we'll look into making an update here.

@mattcreaser mattcreaser added bug Something isn't working auth Related to the Auth category/plugins labels Aug 9, 2024
@github-actions github-actions bot removed the pending-triage Issue is pending triage label Aug 9, 2024
@LevGloba
Copy link
Author

Will i right understand, need to wrapped methods: addPlugin, configure; in try-catch?

@tylerjroach tylerjroach added the pending-maintainer-response Issue is pending response from an Amplify team member label Aug 13, 2024
@mattcreaser
Copy link
Member

I don't believe you'll be able to catch the exception at that level - the Auth plugin operates asynchronously. This will need to be caught internally.

@github-actions github-actions bot removed the pending-maintainer-response Issue is pending response from an Amplify team member label Aug 14, 2024
@tylerjroach
Copy link
Member

tylerjroach commented Dec 4, 2024

This is something that we have begun looking at. My initial experiment is to allow a user-provided implementation of a simple interface we already used internally.

interface KeyValueRepository {
    fun put(dataKey: String, value: String?)
    fun get(dataKey: String): String?
    fun getAll(): Map<String, String?>
    fun remove(dataKey: String)
    fun removeAll() = Unit
}

Implementers would have the ability to store Amplify data however they choose, standard SharedPreferences, EncryptedSharedPreferences, or any other mechanism that implements the interface above.

Amplify.addPlugin(AWSCognitoAuthPlugin(
    options = AWSCognitoAuthPlugin.Options(
        customKeyValueRepository = object : KeyValueRepository {
            
            private val sharedPreferences = applicationContext.getSharedPreferences(
                "customAuthKeyValueRepository",
                Context.MODE_PRIVATE
            )

            override fun get(dataKey: String): String? {
                return sharedPreferences.getString(dataKey, null)
            }

            override fun getAll(): Map<String, String?> {
                return sharedPreferences.all.mapValues { it.value as String? }
            }

            override fun put(dataKey: String, value: String?) {
                sharedPreferences.edit().putString(dataKey, value).apply()
            }

            override fun remove(dataKey: String) {
                sharedPreferences.edit().remove(dataKey).apply()
            }
        }
    )
))

I'll provide further updates as work progresses. Initial progress can be tracked here: https://github.com/aws-amplify/amplify-android/tree/tjroach/allow-custom-keyvaluestore

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
auth Related to the Auth category/plugins bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants