简介

FIDO BioAuthn提供本地生物特征认证能力,包括指纹认证和面容认证。对开发者提供安全易用的免密认证服务,并保障认证结果安全可信。

您将建立什么

在这个codelab中,您将使用已经创建好的Demo Project实现对华为BioAuthn的API调用,通过Demo Project你可以体验到:

您将会学到什么

其他特性

线上快速身份验证(FIDO2)

硬件要求

软件要求

集成HUAWEI HMS Core能力,需要完成以下准备工作

具体操作,请按照《HUAWEI HMS Core集成准备》中详细说明来完成。
  1. 华为开发者联盟AppGallery Connect中选择"我的项目",在项目列表中选择创建的应用,在"项目设置"页面中选择"API管理"。
  2. 打开"FIDO"服务开关。

针对Android Studio开发环境,华为提供了Maven仓集成方式的HMS Core SDK包。在开始开发前,您需要将HMS Core SDK集成到您的Android Studio开发环境中。

添加当前应用的AppGallery Connect配置文件

如果在AppGallery Connect中开通了相关服务则需要将"agconnect-services.json"文件添加到您的App中。
步骤 1 - 登录AppGallery Connect网站,点击"我的项目"。
步骤 2 - 在项目列表中找到您的项目,在项目中点击需要集成HMS Core SDK的应用。
步骤 3 - 在"项目设置 > 常规"页面的"应用"区域,点击"agconnect-services.json"下载配置文件。

步骤 4 - 将"agconnect-services.json"文件拷贝到应用级根目录下。

—-结束

配置HMS Core SDK的Maven仓地址

步骤 1 - 打开Android Studio项目级"build.gradle"文件。

步骤 2 - 添加HUAWEI agcp插件以及Maven代码库。

—-结束

添加编译依赖

步骤 1 - 打开应用级的"build.gradle"文件。

步骤 2 - 添加agcp插件配置。请根据实际情况选择:

步骤 3 - 在"dependencies"中添加如下编译依赖(Bioauthn-AndroidX和Bioauthn的依赖不能同时添加)。

  1. FIDO2
    dependencies { implementation 'com.huawei.hms:fido-fido2:{version}' }
  2. Bioauthn-AndroidX
    dependencies { implementation 'com.huawei.hms:fido-bioauthn-androidx:{version}' }
  3. Bioauthn
    dependencies { implementation 'com.huawei.hms:fido-bioauthn:{version}' }

—-结束

多语言设置

HMS Core SDK支持的语言列表请参见HMS Core SDK支持的语言。

同步工程

重新打开修改完的"build.gradle"文件,右上方出现"Sync Now"链接。点击"Sync Now"等待同步完成。

配置元数据


在"AndroidManifest.xml"的application中增加以下元数据,引导应用下载HMS Core(APK)。
<application ...> <meta-data android:name="com.huawei.hms.client.channel.androidMarket" android:value="false" /> ... </application>

下载HMS Core(APK)后,HMS Core SDK会自动安装或升级HMS Core(APK)。

配置AndroidManifest.xml文件

Android 11更改了应用查询用户在设备上已安装的其他应用以及与之交互的方式。您应用的targetSdkVersion是30或者更高版本时,需要在"AndroidManifest.xml"中manifest下添加标签,使应用可以访问HMS Core(APK)。

<manifest ...> ... <queries> <intent> <action android:name="com.huawei.hms.core.aidlservice" /> </intent> </queries> ... </manifest>

FIDO提供两个版本BioAuthn SDK。分别是:

这里分别介绍相关API的使用。

BioAuthn-AndroidX SDK

指纹认证

华为提供安全的指纹认证能力。如果系统安全存在问题,回调方法BioAuthnCallback.onAuthError(),会提供错误码BioAuthnPrompt.ERROR_SYS_INTEGRITY_FAILED。如果设备运行环境安全,则执行指纹认证。指纹认证的错误码详情,请参见接口文档。

华为指纹认证能力使用方法,如以下代码片段所示:
  1. 创建BioAuthnPrompt,BioAuthnCallback。
    “Java” private BioAuthnPrompt createBioAuthnPrompt() { // call back BioAuthnCallback callback = new BioAuthnCallback() { @Override public void onAuthError(int errMsgId, CharSequence errString) { showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString); } @Override public void onAuthSucceeded(BioAuthnResult result) { showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject()); } @Override public void onAuthFailed() { showResult("Authentication failed."); } }; return new BioAuthnPrompt(this, ContextCompat.getMainExecutor(this), callback); } “Kotlin” private fun createBioAuthnPrompt(): BioAuthnPrompt { // call back val callback = object : BioAuthnCallback() { override fun onAuthError(errMsgId: Int, errString: CharSequence) { showResult("Authentication error. errorCode=$errMsgId,errorMessage=$errString") } override fun onAuthSucceeded(result: BioAuthnResult) { if (result.cryptoObject != null) { showResult("Authentication succeeded. CryptoObject=" + result.cryptoObject!!) } else { showResult("Authentication succeeded. CryptoObject=null") } } override fun onAuthFailed() { showResult("Authentication failed.") } } return BioAuthnPrompt(this, ContextCompat.getMainExecutor(this), callback) }
  2. 创建提示信息,并进行认证。
“Java” // build prompt info BioAuthnPrompt.PromptInfo.Builder builder = new BioAuthnPrompt.PromptInfo.Builder().setTitle("This is the title.") .setSubtitle("This is the subtitle") .setDescription("This is the description"); // The user will first be prompted to authenticate with biometrics, but also given the option to // authenticate with their device PIN, pattern, or password. setNegativeButtonText(CharSequence) should // not be set if this is set to true. builder.setDeviceCredentialAllowed(true); // Set the text for the negative button. setDeviceCredentialAllowed(true) should not be set if this button text // is set. // builder.setNegativeButtonText("This is the 'Cancel' button."); BioAuthnPrompt.PromptInfo info = builder.build(); resultTextView.setText("Start fingerprint authentication without CryptoObject.\nAuthenticating......\n"); bioAuthnPrompt.auth(info); “Kotlin” // build prompt info val builder = BioAuthnPrompt.PromptInfo.Builder().setTitle("This is the title.") .setSubtitle("This is the subtitle") .setDescription("This is the description") // The user will first be prompted to authenticate with biometrics, but also given the option to // authenticate with their device PIN, pattern, or password. setNegativeButtonText(CharSequence) should // not be set if this is set to true. builder.setDeviceCredentialAllowed(true) // Set the text for the negative button. setDeviceCredentialAllowed(true) should not be set if this button text // is set. // builder.setNegativeButtonText("This is the 'Cancel' button."); val info = builder.build() resultTextView!!.text = "Start fingerprint authentication without CryptoObject.\nAuthenticating......\n" bioAuthnPrompt!!.auth(info)

面容认证

华为提供安全的面容认证能力。如果系统安全存在问题,回调函数BioAuthnCallback.onAuthError,会提供错误码FaceManager.FACE_ERROR_SYS_INTEGRITY_FAILED。如果设备运行环境安全,则执行面容认证。面容认证的错误码详情,请参见接口文档。

华为面容认证能力使用方法,如以下代码片段所示:

  1. 构造BioAuthnCallback。
    “Java” // call back BioAuthnCallback callback = new BioAuthnCallback() { @Override public void onAuthError(int errMsgId, CharSequence errString) { showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString + (errMsgId == 1012 ? " The camera permission may not be enabled." : "")); } @Override public void onAuthHelp(int helpMsgId, CharSequence helpString) { resultTextView .append("Authentication help. helpMsgId=" + helpMsgId + ",helpString=" + helpString + "\n"); } @Override public void onAuthSucceeded(BioAuthnResult result) { showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject()); } @Override public void onAuthFailed() { showResult("Authentication failed."); } }; “Kotlin” // call back val callback = object : BioAuthnCallback() { override fun onAuthError(errMsgId: Int, errString: CharSequence) { showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString + if (errMsgId == 1012) " The camera permission may not be enabled." else "") } override fun onAuthHelp(helpMsgId: Int, helpString: CharSequence) { resultTextView!! .append("Authentication help. helpMsgId=$helpMsgId,helpString=$helpString\n") } override fun onAuthSucceeded(result: BioAuthnResult) { showResult("Authentication succeeded.") } override fun onAuthFailed() { showResult("Authentication failed.") } }
  2. 构造FaceManager,调用auth方法。
    “Java” // Cancellation Signal CancellationSignal cancellationSignal = new CancellationSignal(); FaceManager faceManager = new FaceManager(this); // flags int flags = 0; // Authentication messsage handler. Handler handler = null; // Recommended CryptoObject to be set to null. KeyStore is not associated with face authentication in current // version. KeyGenParameterSpec.Builder.setUserAuthenticationRequired() must be set false in this scenario. CryptoObject crypto = null; faceManager.auth(crypto, cancellationSignal, flags, callback, handler); “Kotlin” // Cancellation Signal val cancellationSignal = CancellationSignal() val faceManager = FaceManager(this) // flags val flags = 0 // Authentication messsage handler. val handler: Handler? = null // Recommended CryptoObject to be set to null. KeyStore is not associated with face authentication in current // version. KeyGenParameterSpec.Builder.setUserAuthenticationRequired() must be set false in this scenario. val crypto: CryptoObject? = null faceManager.auth(crypto, cancellationSignal, flags, callback, handler)

BioAuthn SDK

指纹认证

华为提供安全的指纹认证能力。如果系统安全存在问题,回调函数BioAuthnCallback.onAuthError(),会提供错误码FingerprintManager.FINGERPRINT_ERROR_SYS_INTEGRITY_FAILED。如果设备运行环境安全,则执行指纹认证。指纹认证的错误码详情,请参见接口文档。

华为指纹认证能力使用方法,如以下代码片段所示:

  1. 创建FingerprintManager,BioAuthnCallback。
    “Java” private FingerprintManager createFingerprintManager() { // call back BioAuthnCallback callback = new BioAuthnCallback() { @Override public void onAuthError(int errMsgId, CharSequence errString) { showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString); } @Override public void onAuthSucceeded(BioAuthnResult result) { showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject()); } @Override public void onAuthFailed() { showResult("Authentication failed."); } }; return new FingerprintManager(this, Executors.newSingleThreadExecutor(), callback); } “Kotlin” // call back val callback = object : BioAuthnCallback() { override fun onAuthError(errMsgId: Int, errString: CharSequence?) { showResult("Authentication error. errorCode=$errMsgId,errorMessage=$errString") } override fun onAuthSucceeded(result: BioAuthnResult) { showResult("Authentication succeeded. CryptoObject=" + result.cryptoObject) } override fun onAuthFailed() { showResult("Authentication failed.") } } return FingerprintManager(this, Executors.newSingleThreadExecutor(), callback) }
  2. 进行认证。
    “Java” fingerprintManager.auth(); “Kotlin” fingerprintManager!!.auth()

面容认证

华为提供安全的面容认证能力。如果系统安全存在问题,回调函数BioAuthnCallback.onAuthError,会提供错误码FaceManager.FACE_ERROR_SYS_INTEGRITY_FAILED。如果设备运行环境安全,则执行面容认证。面容认证的错误码详情,请参见接口文档。

华为面容认证能力使用方法,如以下代码片段所示:

  1. 构造BioAuthnCallback。
    “Java” // call back BioAuthnCallback callback = new BioAuthnCallback() { @Override public void onAuthError(int errMsgId, CharSequence errString) { showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString + (errMsgId == 1012 ? " The camera permission may not be enabled." : "")); } @Override public void onAuthHelp(int helpMsgId, CharSequence helpString) { resultTextView .append("Authentication help. helpMsgId=" + helpMsgId + ",helpString=" + helpString + "\n"); } @Override public void onAuthSucceeded(BioAuthnResult result) { showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject()); } @Override public void onAuthFailed() { showResult("Authentication failed."); } }; “Kotlin” // call back val callback = object : BioAuthnCallback() { override fun onAuthError(errMsgId: Int, errString: CharSequence?) { showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString + if (errMsgId == 1012) " The camera permission may not be enabled." else "") } override fun onAuthHelp(helpMsgId: Int, helpString: CharSequence?) { resultTextView!! .append("Authentication help. helpMsgId=$helpMsgId,helpString=$helpString\n") } override fun onAuthSucceeded(result: BioAuthnResult) { showResult("Authentication succeeded. CryptoObject=" + result.cryptoObject) } override fun onAuthFailed() { showResult("Authentication failed.") } }
  2. 构造FaceManager,调用auth方法。
    “Java” // Cancellation Signal CancellationSignal cancellationSignal = new CancellationSignal(); FaceManager faceManager = new FaceManager(this); // flags int flags = 0; // Authentication messsage handler. Handler handler = null; // Recommended CryptoObject to be set to null. KeyStore is not associated with face authentication in current // version. KeyGenParameterSpec.Builder.setUserAuthenticationRequired() must be set false in this scenario. CryptoObject crypto = null; faceManager.auth(crypto, cancellationSignal, flags, callback, handler); “Kotlin” // Cancellation Signal val cancellationSignal = CancellationSignal() val faceManager = FaceManager(this) // flags val flags = 0 // Authentication messsage handler. val handler: Handler? = null // Recommended CryptoObject to be set to null. KeyStore is not associated with face authentication in current // version. KeyGenParameterSpec.Builder.setUserAuthenticationRequired() must be set false in this scenario. val crypto: CryptoObject? = null resultTextView!!.text = "Start face authentication.\nAuthenticating......\n" faceManager.auth(crypto, cancellationSignal, flags, callback, handler)

安装测试APK,点击测试按钮,触发指纹或面容认证。

干得好,您已经成功完成了codelab并学到了:

您可以阅读下面链接,了解更多相关的信息。
相关文档.

BioAuthn-AndroidX SDK

也可以点击下方按钮下载源码。

源码下载

BioAuthn SDK

也可以点击下方按钮下载源码。

源码下载

Code copied