Add a warning to inform about KeyStore usage #1269

2025-12-04 15:49:33 +01:00 · 2022-03-25 13:09:08 +01:00
parent 83bc769d9e
commit 75d661f12b
5 changed files with 59 additions and 33 deletions
--- a/3
+++ b/3
@@ -1,8 +1,9 @@
 KeePassDX(3.3.3)
 * Fix shared otpauth link if database not open #1274
 * Ellipsize attachment name #1253
- * Fix URL color
+ * Add a warning to inform about KeyStore usage #1269
 * Fingerprint unlock no more by default #1273
+ * Fix URL color

 KeePassDX(3.3.2)
 * Merge KeePassDX & KeePassDX Pro #1257
--- a/app/src/main/java/com/kunzisoft/keepass/settings/NestedAppSettingsFragment.kt
+++ b/app/src/main/java/com/kunzisoft/keepass/settings/NestedAppSettingsFragment.kt
@@ -52,7 +52,7 @@ import com.kunzisoft.keepass.utils.UriUtil

 class NestedAppSettingsFragment : NestedSettingsFragment() {

-    private var deleteKeysAlertDialog: AlertDialog? = null
+    private var warningAlertDialog: AlertDialog? = null

    override fun onCreateScreenPreference(screen: Screen, savedInstanceState: Bundle?, rootKey: String?) {

@@ -262,7 +262,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                        val deviceCredentialChecked = deviceCredentialUnlockEnablePreference?.isChecked ?: false
                        if (!biometricChecked) {
                            biometricUnlockEnablePreference.isChecked = true
-                            deleteKeysMessage(activity) {
+                            warningMessage(activity, keystoreWarning = false, deleteKeys = true) {
                                biometricUnlockEnablePreference.isChecked = false
                                autoOpenPromptPreference?.isEnabled = deviceCredentialChecked
                                tempAdvancedUnlockPreference?.isEnabled = deviceCredentialChecked
@@ -270,13 +270,17 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                        } else {
                            if (deviceCredentialChecked) {
                                biometricUnlockEnablePreference.isChecked = false
-                                deleteKeysMessage(activity) {
+                                warningMessage(activity, keystoreWarning = true, deleteKeys = true) {
                                    biometricUnlockEnablePreference.isChecked = true
                                    deviceCredentialUnlockEnablePreference?.isChecked = false
                                }
                            } else {
-                                autoOpenPromptPreference?.isEnabled = true
-                                tempAdvancedUnlockPreference?.isEnabled = true
+                                biometricUnlockEnablePreference.isChecked = false
+                                warningMessage(activity, keystoreWarning = true, deleteKeys = false) {
+                                    biometricUnlockEnablePreference.isChecked = true
+                                    autoOpenPromptPreference?.isEnabled = true
+                                    tempAdvancedUnlockPreference?.isEnabled = true
+                                }
                            }
                        }
                        true
@@ -305,7 +309,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                        val biometricChecked = biometricUnlockEnablePreference?.isChecked ?: false
                        if (!deviceCredentialChecked) {
                            deviceCredentialUnlockEnablePreference.isChecked = true
-                            deleteKeysMessage(activity) {
+                            warningMessage(activity, keystoreWarning = false, deleteKeys = true) {
                                deviceCredentialUnlockEnablePreference.isChecked = false
                                autoOpenPromptPreference?.isEnabled = biometricChecked
                                tempAdvancedUnlockPreference?.isEnabled = biometricChecked
@@ -313,13 +317,17 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                        } else {
                            if (biometricChecked) {
                                deviceCredentialUnlockEnablePreference.isChecked = false
-                                deleteKeysMessage(activity) {
+                                warningMessage(activity, keystoreWarning = true, deleteKeys = true) {
                                    deviceCredentialUnlockEnablePreference.isChecked = true
                                    biometricUnlockEnablePreference?.isChecked = false
                                }
                            } else {
-                                autoOpenPromptPreference?.isEnabled = true
-                                tempAdvancedUnlockPreference?.isEnabled = true
+                                deviceCredentialUnlockEnablePreference.isChecked = false
+                                warningMessage(activity, keystoreWarning = true, deleteKeys = false) {
+                                    deviceCredentialUnlockEnablePreference.isChecked = true
+                                    autoOpenPromptPreference?.isEnabled = true
+                                    tempAdvancedUnlockPreference?.isEnabled = true
+                                }
                            }
                        }
                        true
@@ -334,7 +342,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {

            tempAdvancedUnlockPreference?.setOnPreferenceClickListener {
                tempAdvancedUnlockPreference.isChecked = !tempAdvancedUnlockPreference.isChecked
-                deleteKeysMessage(activity) {
+                warningMessage(activity, keystoreWarning = false, deleteKeys = true) {
                    tempAdvancedUnlockPreference.isChecked = !tempAdvancedUnlockPreference.isChecked
                }
                true
@@ -343,7 +351,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
            val deleteKeysFingerprints: Preference? = findPreference(getString(R.string.biometric_delete_all_key_key))
            if (biometricUnlockSupported || deviceCredentialUnlockSupported) {
                deleteKeysFingerprints?.setOnPreferenceClickListener {
-                    deleteKeysMessage(activity)
+                    warningMessage(activity, keystoreWarning = false, deleteKeys = true)
                    false
                }
            } else {
@@ -357,22 +365,36 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
        }
    }

-    private fun deleteKeysMessage(activity: FragmentActivity, validate: (()->Unit)? = null) {
-        deleteKeysAlertDialog = AlertDialog.Builder(activity)
-                .setMessage(resources.getString(R.string.advanced_unlock_delete_all_key_warning))
-                .setIcon(android.R.drawable.ic_dialog_alert)
-                .setPositiveButton(resources.getString(android.R.string.ok)
-                ) { _, _ ->
-                    validate?.invoke()
-                    deleteKeysAlertDialog?.setOnDismissListener(null)
-                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                        AdvancedUnlockManager.deleteAllEntryKeysInKeystoreForBiometric(activity)
-                    }
+    private fun warningMessage(activity: FragmentActivity,
+                               keystoreWarning: Boolean,
+                               deleteKeys: Boolean,
+                               validate: (()->Unit)? = null) {
+        var message = ""
+        if (keystoreWarning) {
+            message += resources.getString(R.string.advanced_unlock_prompt_store_credential_message)
+            message += "\n\n" + resources.getString(R.string.advanced_unlock_keystore_warning)
+        }
+        if (keystoreWarning && deleteKeys) {
+            message += "\n\n"
+        }
+        if (deleteKeys) {
+            message += resources.getString(R.string.advanced_unlock_delete_all_key_warning)
+        }
+        warningAlertDialog = AlertDialog.Builder(activity)
+            .setMessage(message)
+            .setIcon(android.R.drawable.ic_dialog_alert)
+            .setPositiveButton(resources.getString(android.R.string.ok)
+            ) { _, _ ->
+                validate?.invoke()
+                warningAlertDialog?.setOnDismissListener(null)
+                if (deleteKeys && Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+                    AdvancedUnlockManager.deleteAllEntryKeysInKeystoreForBiometric(activity)
                }
-                .setNegativeButton(resources.getString(android.R.string.cancel)
-                ) { _, _ ->}
-                .create()
-        deleteKeysAlertDialog?.show()
+            }
+            .setNegativeButton(resources.getString(android.R.string.cancel)
+            ) { _, _ ->}
+            .create()
+        warningAlertDialog?.show()
    }

    private fun onCreateAppearancePreferences(rootKey: String?) {
@@ -509,7 +531,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
    }

    override fun onPause() {
-        deleteKeysAlertDialog?.dismiss()
+        warningAlertDialog?.dismiss()
        super.onPause()
    }

--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@@ -358,7 +358,7 @@
    <string name="open_advanced_unlock_prompt_unlock_database">Open the advanced unlock prompt to unlock the database</string>
    <string name="open_advanced_unlock_prompt_store_credential">Open the advanced unlock prompt to store credentials</string>
    <string name="advanced_unlock_prompt_store_credential_title">Advanced unlock recognition</string>
-    <string name="advanced_unlock_prompt_store_credential_message">Warning: You still need to remember your master password if you use advanced unlock recognition.</string>
+    <string name="advanced_unlock_prompt_store_credential_message">You still need to remember your main credential if you use advanced unlock recognition.</string>
    <string name="advanced_unlock_prompt_extract_credential_title">Open database with advanced unlock recognition</string>
    <string name="advanced_unlock_prompt_extract_credential_message">Extract database credential with advanced unlock data</string>
    <string name="encrypted_value_stored">Encrypted password stored</string>
@@ -416,6 +416,7 @@
    <string name="biometric_delete_all_key_title">Delete encryption keys</string>
    <string name="biometric_delete_all_key_summary">Delete all encryption keys related to advanced unlock recognition</string>
    <string name="advanced_unlock_delete_all_key_warning">Delete all encryption keys related to advanced unlock recognition?</string>
+    <string name="advanced_unlock_keystore_warning">This feature will store encrypted credential data in the secure KeyStore of your device.\n\nDepending on the native API implementation of the operating system, it may not be fully functional.\nCheck the compatibility and security of the KeyStore with the manufacturer of your device and the creator of the ROM you are using.</string>
    <string name="unavailable_feature_text">Could not start this feature.</string>
    <string name="unavailable_feature_version">The device is running Android %1$s, but needs %2$s or later.</string>
    <string name="unavailable_feature_hardware">Could not find the corresponding hardware.</string>
--- a/fastlane/metadata/android/en-US/changelogs/105.txt
+++ b/fastlane/metadata/android/en-US/changelogs/105.txt
@@ -1,4 +1,5 @@
 * Fix shared otpauth link if database not open #1274
 * Ellipsize attachment name #1253
- * Fix URL color
- * Fingerprint unlock no more by default #1273
+ * Add a warning to inform about KeyStore usage #1269
+ * Fingerprint unlock no more by default #1273
+ * Fix URL color
--- a/fastlane/metadata/android/fr-FR/changelogs/105.txt
+++ b/fastlane/metadata/android/fr-FR/changelogs/105.txt
@@ -1,4 +1,5 @@
 * Correction du partage d'un lien otpauth si la base de données n'est pas ouverte #1274
 * Ellipsize le nom d'attachment #1253
- * Correction de couleur d'URL
- * Déblocage par empreinte n'est plus par défaut #1273
+ * Ajouter un avertissement pour informer de l'utilisation de KeyStore #1269
+ * Déblocage par empreinte n'est plus par défaut #1273
+ * Correction de couleur d'URL