Fix decrypting database on auto-save backup if biometric lock is enabled

2025-06-28 12:19:55 +00:00 · 2025-05-10 15:39:34 +02:00 · 2025-05-10 15:39:34 +02:00 · de27d40880
commit de27d40880
parent 66ce623e85
3 changed files with 31 additions and 12 deletions
--- a/app/src/main/java/com/philkes/notallyx/utils/backup/ExportExtensions.kt
+++ b/app/src/main/java/com/philkes/notallyx/utils/backup/ExportExtensions.kt
@ -174,7 +174,7 @@ fun ContextWrapper.autoBackupOnSave(backupPath: String, password: String, savedN
            backupFile = folder.createFile(MIME_TYPE_ZIP, ON_SAVE_BACKUP_FILE)
            exportAsZip(backupFile!!.uri, password = password)
        } else {
-            NotallyDatabase.getDatabase(this, observePreferences = false).value.checkpoint()
+            val (_, file) = copyDatabase()
            val files =
                with(savedNote) {
                    images.map {
@ -192,10 +192,7 @@ fun ContextWrapper.autoBackupOnSave(backupPath: String, password: String, savedN
                        audios.map {
                            BackupFile(SUBFOLDER_AUDIOS, File(getExternalAudioDirectory(), it.name))
                        } +
-                        BackupFile(
-                            null,
-                            NotallyDatabase.getCurrentDatabaseFile(this@autoBackupOnSave),
-                        )
+                        BackupFile(null, file)
                }
            try {
                exportToZip(backupFile.uri, files, password)
@ -417,7 +414,7 @@ fun ContextWrapper.copyDatabase(): Pair<NotallyDatabase, File> {
        val cipher = getInitializedCipherForDecryption(iv = preferences.iv.value!!)
        val passphrase = cipher.doFinal(preferences.databaseEncryptionKey.value)
        val decryptedFile = File(cacheDir, DATABASE_NAME)
-        decryptDatabase(this, passphrase, decryptedFile, databaseFile)
+        decryptDatabase(this, passphrase, databaseFile, decryptedFile)
        Pair(database, decryptedFile)
    } else {
        val dbFile = File(cacheDir, DATABASE_NAME)
--- a/app/src/main/java/com/philkes/notallyx/utils/backup/ImportExtensions.kt
+++ b/app/src/main/java/com/philkes/notallyx/utils/backup/ImportExtensions.kt
@ -28,6 +28,7 @@ import com.philkes.notallyx.data.model.parseToColorString
 import com.philkes.notallyx.presentation.getQuantityString
 import com.philkes.notallyx.presentation.showToast
 import com.philkes.notallyx.presentation.viewmodel.NotallyModel.FileType
+import com.philkes.notallyx.presentation.viewmodel.preference.NotallyXPreferences
 import com.philkes.notallyx.utils.FileError
 import com.philkes.notallyx.utils.SUBFOLDER_AUDIOS
 import com.philkes.notallyx.utils.SUBFOLDER_FILES
@ -44,6 +45,8 @@ import com.philkes.notallyx.utils.log
 import com.philkes.notallyx.utils.mimeTypeToFileExtension
 import com.philkes.notallyx.utils.rename
 import com.philkes.notallyx.utils.scheduleNoteReminders
+import com.philkes.notallyx.utils.security.SQLCipherUtils
+import com.philkes.notallyx.utils.security.decryptDatabase
 import java.io.File
 import java.io.FileInputStream
 import java.io.InputStream
@ -86,12 +89,31 @@ suspend fun ContextWrapper.importZip(
                    NotallyDatabase.DATABASE_NAME,
                )

-                val database =
-                    SQLiteDatabase.openDatabase(
-                        File(databaseFolder, NotallyDatabase.DATABASE_NAME).path,
-                        null,
-                        SQLiteDatabase.OPEN_READONLY,
+                var dbFile = File(databaseFolder, NotallyDatabase.DATABASE_NAME)
+                val state = SQLCipherUtils.getDatabaseState(dbFile)
+                if (state == SQLCipherUtils.State.ENCRYPTED) {
+                    val fallbackEncryptionKey =
+                        NotallyXPreferences.getInstance(this@importZip)
+                            .fallbackDatabaseEncryptionKey
+                            .value
+                    if (fallbackEncryptionKey != null) {
+                        val dbFileDecrypted =
+                            File(databaseFolder, "${NotallyDatabase.DATABASE_NAME}-decrypted")
+                        decryptDatabase(
+                            this@importZip,
+                            fallbackEncryptionKey,
+                            dbFile,
+                            dbFileDecrypted,
                        )
+                        dbFile = dbFileDecrypted
+                    } else {
+                        throw IllegalArgumentException(
+                            "Backup contains encrypted database and 'fallbackDatabaseEncryptionKey' has no value!"
+                        )
+                    }
+                }
+                val database =
+                    SQLiteDatabase.openDatabase(dbFile.path, null, SQLiteDatabase.OPEN_READONLY)

                val labelCursor = database.query("Label", null, null, null, null, null, null)
                val baseNoteCursor = database.query("BaseNote", null, null, null, null, null, null)
--- a/app/src/main/java/com/philkes/notallyx/utils/security/EncryptionUtils.kt
+++ b/app/src/main/java/com/philkes/notallyx/utils/security/EncryptionUtils.kt
@ -37,8 +37,8 @@ fun decryptDatabase(context: ContextWrapper, passphrase: ByteArray) {
 fun decryptDatabase(
    context: Context,
    passphrase: ByteArray,
-    decryptedFile: File,
    databaseFile: File,
+    decryptedFile: File,
 ) {
    val state = SQLCipherUtils.getDatabaseState(databaseFile)
    if (state == SQLCipherUtils.State.ENCRYPTED) {