From 55e32e4ac5ca5913b29df428a18056c8ba50094b Mon Sep 17 00:00:00 2001
From: J-Jamet <jeremy.jamet@kunzisoft.com>
Date: Mon, 8 Sep 2025 14:19:30 +0200
Subject: [PATCH] fix: Web Origin

---
 .../passkey/util/PasskeyHelper.kt             |  2 +-
 .../com/kunzisoft/keepass/model/AppOrigin.kt  | 25 ++++++++++++-------
 .../keepass/model/AppOriginEntryField.kt      | 11 +++-----
 3 files changed, 20 insertions(+), 18 deletions(-)

diff --git a/app/src/main/java/com/kunzisoft/keepass/credentialprovider/passkey/util/PasskeyHelper.kt b/app/src/main/java/com/kunzisoft/keepass/credentialprovider/passkey/util/PasskeyHelper.kt
index 5e9f66aae..850f189a8 100644
--- a/app/src/main/java/com/kunzisoft/keepass/credentialprovider/passkey/util/PasskeyHelper.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/credentialprovider/passkey/util/PasskeyHelper.kt
@@ -374,7 +374,7 @@ object PasskeyHelper {
                         AppOrigin(verified = false).apply {
                             addAndroidOrigin(androidOrigin)
                         },
-                        androidOrigin.toAndroidOrigin()
+                        androidOrigin.toOriginValue()
                     )
                 }
             }
diff --git a/database/src/main/java/com/kunzisoft/keepass/model/AppOrigin.kt b/database/src/main/java/com/kunzisoft/keepass/model/AppOrigin.kt
index b9878b2f8..4dce325a4 100644
--- a/database/src/main/java/com/kunzisoft/keepass/model/AppOrigin.kt
+++ b/database/src/main/java/com/kunzisoft/keepass/model/AppOrigin.kt
@@ -22,7 +22,7 @@ package com.kunzisoft.keepass.model
 import android.os.Parcelable
 import android.util.Log
 import com.kunzisoft.encrypt.Signature.fingerprintToUrlSafeBase64
-import com.kunzisoft.keepass.model.WebOrigin.Companion.RELYING_PARTY_DEFAULT_PROTOCOL
+import com.kunzisoft.keepass.model.WebOrigin.Companion.WEB_ORIGIN_DEFAULT_SCHEME
 import kotlinx.parcelize.Parcelize
 
 /**
@@ -58,7 +58,7 @@ data class AppOrigin(
             AndroidOrigin(
                 packageName = it.packageName,
                 fingerprint = it.fingerprint
-            ).toAndroidOrigin()
+            ).toOriginValue()
         } ?: throw SecurityException("Wrong signature for ${toName()}")
     }
 
@@ -85,7 +85,7 @@ data class AppOrigin(
 
         fun fromOrigin(origin: String, androidOrigin: AndroidOrigin, verified: Boolean): AppOrigin {
             val appOrigin = AppOrigin(verified)
-            if (origin.startsWith(RELYING_PARTY_DEFAULT_PROTOCOL)) {
+            if (origin.startsWith(WEB_ORIGIN_DEFAULT_SCHEME)) {
                 appOrigin.apply {
                     addWebOrigin(WebOrigin(origin))
                 }
@@ -121,7 +121,7 @@ data class AndroidOrigin(
      * @throws IllegalArgumentException if the hex string (after removing colons) has an odd length
      *         or contains non-hex characters.
      */
-    fun toAndroidOrigin(): String {
+    fun toOriginValue(): String {
         if (fingerprint == null) {
             throw IllegalArgumentException("Fingerprint $fingerprint cannot be null")
         }
@@ -138,7 +138,7 @@ data class WebOrigin(
     val origin: String
 ) : Parcelable {
 
-    fun toWebOrigin(): String {
+    fun toOriginValue(): String {
         return origin
     }
 
@@ -151,9 +151,16 @@ data class WebOrigin(
     }
 
     companion object {
-        const val RELYING_PARTY_DEFAULT_PROTOCOL = "https"
-        fun fromRelyingParty(relyingParty: String): WebOrigin = WebOrigin(
-            origin ="$RELYING_PARTY_DEFAULT_PROTOCOL://$relyingParty"
-        )
+        const val WEB_ORIGIN_DEFAULT_SCHEME = "https"
+        const val WEB_ORIGIN_SCHEME_SEPARATOR = "://"
+
+        fun fromDomain(domain: String, scheme: String? = null): WebOrigin {
+            return if (domain.contains(WEB_ORIGIN_SCHEME_SEPARATOR)) {
+                WebOrigin(domain)
+            } else {
+                val webScheme = if (scheme.isNullOrEmpty()) WEB_ORIGIN_DEFAULT_SCHEME else scheme
+                WebOrigin("$webScheme$WEB_ORIGIN_SCHEME_SEPARATOR$domain")
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/database/src/main/java/com/kunzisoft/keepass/model/AppOriginEntryField.kt b/database/src/main/java/com/kunzisoft/keepass/model/AppOriginEntryField.kt
index e5122af42..1799848f6 100644
--- a/database/src/main/java/com/kunzisoft/keepass/model/AppOriginEntryField.kt
+++ b/database/src/main/java/com/kunzisoft/keepass/model/AppOriginEntryField.kt
@@ -82,21 +82,16 @@ object AppOriginEntryField {
     fun EntryInfo.setWebDomain(webDomain: String?, scheme: String?, customFieldsAllowed: Boolean) {
         // If unable to save web domain in custom field or URL not populated, save in URL
         webDomain?.let {
-            val webScheme = if (scheme.isNullOrEmpty()) "https" else scheme
-            val webDomainToStore = if (webDomain.contains("://")) {
-                webDomain
-            } else {
-                "$webScheme://$webDomain"
-            }
+            val webOrigin = WebOrigin.fromDomain(webDomain, scheme).toOriginValue()
             if (!containsDomainOrApplicationId(webDomain)) {
                 if (!customFieldsAllowed || url.isEmpty()) {
-                    url = webDomainToStore
+                    url = webOrigin
                 } else {
                     // Save web domain in custom field
                     addUniqueField(
                         Field(
                             WEB_DOMAIN_FIELD_NAME,
-                            ProtectedString(false, webDomainToStore)
+                            ProtectedString(false, webOrigin)
                         ),
                         1 // Start to one because URL is a standard field name
                     )