Merge branch 'release/4.1.8'

# Conflicts:
#	fastlane/metadata/android/hr/full_description.txt
#	fastlane/metadata/android/hr/short_description.txt
#	fastlane/metadata/android/hr/title.txt

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,49 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: bug
-assignees: ''
-
----
-
-**Describe the bug**
-
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Expected behavior**
-
-A clear and concise description of what you expected to happen.
-
-**KeePass Database**
-
- - Created with: [e.g Windows KeePass 2.42]
- - Version: [e.g. 2]
- - Location: [e.g. Remote file retrieved with GDrive app]
- - File provider (`content://` URI): [e.g. `content://com.google.android.apps.docs.storage/5`]
- - Size: [e.g. 150Mo]
- - Contains attachment: [e.g. Yes]
-
-**KeePassDX:**
-
- - Version: [e.g. 2.5.0.0beta23]
- - Build: [e.g. Free]
- - Language: [e.g. French]
-
-**Android:**
-
- - Device: [e.g. GalaxyS8]
- - Version: [e.g. 8.1]
-
-**Additional context**
-
-Add any other context about the problem here.
- - Browser for Autofill: [e.g. Chrome version X]

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -0,0 +1,62 @@
+name: Bug Report
+description: Report a bug.
+labels: ["bug"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please check out the [Wiki](https://github.com/Kunzisoft/KeePassDX/wiki) and [existing issues](https://github.com/Kunzisoft/KeePassDX/issues?q=is%3Aissue%20state%3Aopen%20label%3Abug) to see if your problem has already been reported.
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: Checks
+      options:
+        - label: I have read the Wiki, searched the open issues, and still think this is a new bug.
+          required: true
+  - type: textarea
+    id: bug
+    attributes:
+      label: "Explain the problem clearly and succinctly:"
+    validations:
+      required: true
+  - type: textarea
+    id: expected
+    attributes:
+      label: "Describe what you expected to happen:"
+  - type: input
+    id: app-version
+    attributes:
+      label: "KeePassDX version:"
+    validations:
+      required: true
+  - type: dropdown
+    id: app-build
+    attributes:
+      label: "Build:"
+      multiple: true
+      options:
+        - Free
+        - Libre
+    validations:
+      required: true
+  - type: input
+    id: database-version
+    attributes:
+      label: "Database version:"
+  - type: input
+    id: file-provider
+    attributes:
+      label: "File provider (`content://` URI)"
+  - type: input
+    id: android-version
+    attributes:
+      label: "Android version:"
+  - type: input
+    id: android-device
+    attributes:
+      label: "Android device:"
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: "Additional context:"
+

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1 @@
+blank_issues_enabled: false

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,20 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-title: ''
-labels: feature
-assignees: ''
-
----
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/feature_request.yml

@@ -0,0 +1,33 @@
+name: Feature request
+description: Suggest an idea.
+labels: ["feature"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Please check out the [Wiki](https://github.com/Kunzisoft/KeePassDX/wiki) and [existing issues](https://github.com/Kunzisoft/KeePassDX/issues?q=is%3Aissue%20state%3Aopen%20label%3Afeature) to see if your feature has already been reported.
+  - type: checkboxes
+    id: checks
+    attributes:
+      label: Checks
+      options:
+        - label: I have read the Wiki, searched the open issues, and still think this is a new feature.
+          required: true
+  - type: textarea
+    id: problem
+    attributes:
+      label: "Explain the problem clearly and succinctly:"
+  - type: textarea
+    id: solution
+    attributes:
+      label: "Describe the solution you'd like:"
+    validations:
+      required: true
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: "Describe alternatives you've considered:"
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: "Additional context:"

CHANGELOG

@@ -1,3 +1,69 @@
+KeePassDX(4.1.8)
+ * Updated to API 35 minimum SDK 19 #2073 #2138 #2067 #2133 #1687 (Thx @Dev-ClayP)
+ * Remember last read-only state #2099 #2100 (Thx @rmacklin)
+ * Fix merge deletion #1516
+ * Fix space in search #175
+ * Fix deletable recycle bin #2163
+ * Small fixes
+
+KeePassDX(4.1.7)
+ * Fix CipherDatabase for biometric states #2119
+
+KeePassDX(4.1.6)
+ * Auto open biometric prompt from database list #2113
+ * Fix Keystore errors #2114 #2115
+ * Complete biometric refactoring for better compatibility
+
+KeePassDX(4.1.5)
+ * Fix auto prompt #2111
+
+KeePassDX(4.1.4)
+ * Fix UnlockManager #2098 #2101
+ * Auto device unlock prompt #2105
+ * Small fixes ##2066
+
+KeePassDX(4.1.3)
+ * Fix Autofill Registration #2089
+ * Fix Biometric errors #2081
+ * Fixed timestamp in copy file #1981 #1983
+ * Fix Template Email #1986
+ * Fix Search #2096
+
+KeePassDX(4.1.2)
+ * Fix URL search #1940 #1946 #2003 #2040 #2044
+ * Fix Autofill popup #2054
+ * Fix Group notes #2053
+ * Fix Dialog background #2005 #2004 (Thx @codokie)
+ * Fix OTP configuration #2042 #2065 (Thx @Dev-ClayP)
+ * Fix small UI elements #1987 #2007 (Thx @ymcx)
+ * RTL layout support #2021 (Thx @codokie)
+ * App Metadata to translation #1823
+
+KeePassDX(4.1.1)
+ * Fix date parser #1933
+ * Fix domain search #1820 #1936
+
+KeePassDX(4.1.0)
+ * Generate keyfile #1290
+ * Hide template group #1894
+ * Group count sum recursively #421
+ * Fix date fields #1695 #1710
+ * Fix distinct domain names #1105 #1820
+ * Resets the advanced unlock expiration #1600
+ * Password entropy #1490 #1355
+ * Upgrade to API 34 (Android 14) #1730
+ * Small fixes #1711 #1831 #1780 #1821 #1863 #1889 #1289 #1600 #1467 #1870
+
+KeePassDX(4.0.8)
+ * Fix graphical bug that prevented databases from being opened on some versions of Android #1848 #1850
+
+KeePassDX(4.0.7)
+ * Prevent 0 Byte file with cache during a save exception #1620 #1594 #1680
+ * Fix inline suggestions in keyboard #1840
+ * Fix broken links by default #1755
+ * Fix UX by allowing validation in entry edition #1770
+ * Fix small bugs #1709
+
 KeePassDX(4.0.6)
  * Fix form filled recognition #1508 #1735 #1508 #1790 #1783 #1797 #1801 #1802 #1804 #1665
  * Fix translations #1707 #1683 #1712

Gemfile.lock

@@ -1,43 +1,49 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    CFPropertyList (3.0.6)
+    CFPropertyList (3.0.7)
+      base64
+      nkf
       rexml
-    addressable (2.8.4)
-      public_suffix (>= 2.0.2, < 6.0)
-    artifactory (3.0.15)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    artifactory (3.0.17)
     atomos (0.1.3)
-    aws-eventstream (1.2.0)
-    aws-partitions (1.794.0)
-    aws-sdk-core (3.180.0)
-      aws-eventstream (~> 1, >= 1.0.2)
-      aws-partitions (~> 1, >= 1.651.0)
-      aws-sigv4 (~> 1.5)
+    aws-eventstream (1.4.0)
+    aws-partitions (1.1146.0)
+    aws-sdk-core (3.229.0)
+      aws-eventstream (~> 1, >= 1.3.0)
+      aws-partitions (~> 1, >= 1.992.0)
+      aws-sigv4 (~> 1.9)
+      base64
+      bigdecimal
       jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.71.0)
-      aws-sdk-core (~> 3, >= 3.177.0)
-      aws-sigv4 (~> 1.1)
-    aws-sdk-s3 (1.132.0)
-      aws-sdk-core (~> 3, >= 3.179.0)
+      logger
+    aws-sdk-kms (1.110.0)
+      aws-sdk-core (~> 3, >= 3.228.0)
+      aws-sigv4 (~> 1.5)
+    aws-sdk-s3 (1.196.1)
+      aws-sdk-core (~> 3, >= 3.228.0)
       aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.6)
-    aws-sigv4 (1.6.0)
+      aws-sigv4 (~> 1.5)
+    aws-sigv4 (1.12.1)
       aws-eventstream (~> 1, >= 1.0.2)
     babosa (1.0.4)
+    base64 (0.3.0)
+    bigdecimal (3.2.2)
     claide (1.1.0)
     colored (1.2)
     colored2 (3.1.2)
     commander (4.6.0)
       highline (~> 2.0.0)
     declarative (0.0.20)
-    digest-crc (0.6.5)
+    digest-crc (0.7.0)
       rake (>= 12.0.0, < 14.0.0)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
+    domain_name (0.6.20240107)
     dotenv (2.8.1)
     emoji_regex (3.2.3)
-    excon (0.100.0)
-    faraday (1.10.3)
+    excon (0.112.0)
+    faraday (1.10.4)
       faraday-em_http (~> 1.0)
       faraday-em_synchrony (~> 1.0)
       faraday-excon (~> 1.1)
@@ -53,27 +59,27 @@ GEM
       faraday (>= 0.8.0)
       http-cookie (~> 1.0.0)
     faraday-em_http (1.0.0)
-    faraday-em_synchrony (1.0.0)
+    faraday-em_synchrony (1.0.1)
     faraday-excon (1.1.0)
     faraday-httpclient (1.0.1)
-    faraday-multipart (1.0.4)
-      multipart-post (~> 2)
-    faraday-net_http (1.0.1)
+    faraday-multipart (1.1.1)
+      multipart-post (~> 2.0)
+    faraday-net_http (1.0.2)
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    faraday_middleware (1.2.0)
+    faraday_middleware (1.2.1)
       faraday (~> 1.0)
-    fastimage (2.2.7)
-    fastlane (2.214.0)
+    fastimage (2.4.0)
+    fastlane (2.228.0)
       CFPropertyList (>= 2.3, < 4.0.0)
       addressable (>= 2.8, < 3.0.0)
       artifactory (~> 3.0)
       aws-sdk-s3 (~> 1.0)
       babosa (>= 1.0.3, < 2.0.0)
       bundler (>= 1.12.0, < 3.0.0)
-      colored
+      colored (~> 1.2)
       commander (~> 4.6)
       dotenv (>= 2.1.1, < 3.0.0)
       emoji_regex (>= 0.1, < 4.0)
@@ -82,34 +88,39 @@ GEM
       faraday-cookie_jar (~> 0.0.6)
       faraday_middleware (~> 1.0)
       fastimage (>= 2.1.0, < 3.0.0)
+      fastlane-sirp (>= 1.0.0)
       gh_inspector (>= 1.1.2, < 2.0.0)
       google-apis-androidpublisher_v3 (~> 0.3)
       google-apis-playcustomapp_v1 (~> 0.1)
+      google-cloud-env (>= 1.6.0, < 2.0.0)
       google-cloud-storage (~> 1.31)
       highline (~> 2.0)
+      http-cookie (~> 1.0.5)
       json (< 3.0.0)
       jwt (>= 2.1.0, < 3)
       mini_magick (>= 4.9.4, < 5.0.0)
       multipart-post (>= 2.0.0, < 3.0.0)
       naturally (~> 2.2)
-      optparse (~> 0.1.1)
+      optparse (>= 0.1.1, < 1.0.0)
       plist (>= 3.1.0, < 4.0.0)
       rubyzip (>= 2.0.0, < 3.0.0)
-      security (= 0.1.3)
+      security (= 0.1.5)
       simctl (~> 1.6.3)
       terminal-notifier (>= 2.0.0, < 3.0.0)
-      terminal-table (>= 1.4.5, < 2.0.0)
+      terminal-table (~> 3)
       tty-screen (>= 0.6.3, < 1.0.0)
       tty-spinner (>= 0.8.0, < 1.0.0)
       word_wrap (~> 1.0.0)
       xcodeproj (>= 1.13.0, < 2.0.0)
-      xcpretty (~> 0.3.0)
-      xcpretty-travis-formatter (>= 0.0.3)
+      xcpretty (~> 0.4.1)
+      xcpretty-travis-formatter (>= 0.0.3, < 2.0.0)
     fastlane-plugin-versioning_android (0.1.1)
+    fastlane-sirp (1.0.0)
+      sysrandom (~> 1.0)
     gh_inspector (1.1.3)
-    google-apis-androidpublisher_v3 (0.46.0)
+    google-apis-androidpublisher_v3 (0.54.0)
       google-apis-core (>= 0.11.0, < 2.a)
-    google-apis-core (0.11.1)
+    google-apis-core (0.11.3)
       addressable (~> 2.5, >= 2.5.1)
       googleauth (>= 0.16.2, < 2.a)
       httpclient (>= 2.8.1, < 3.a)
@@ -117,64 +128,66 @@ GEM
       representable (~> 3.0)
       retriable (>= 2.0, < 4.a)
       rexml
-      webrick
     google-apis-iamcredentials_v1 (0.17.0)
       google-apis-core (>= 0.11.0, < 2.a)
     google-apis-playcustomapp_v1 (0.13.0)
       google-apis-core (>= 0.11.0, < 2.a)
-    google-apis-storage_v1 (0.19.0)
-      google-apis-core (>= 0.9.0, < 2.a)
-    google-cloud-core (1.6.0)
-      google-cloud-env (~> 1.0)
+    google-apis-storage_v1 (0.31.0)
+      google-apis-core (>= 0.11.0, < 2.a)
+    google-cloud-core (1.8.0)
+      google-cloud-env (>= 1.0, < 3.a)
       google-cloud-errors (~> 1.0)
     google-cloud-env (1.6.0)
       faraday (>= 0.17.3, < 3.0)
-    google-cloud-errors (1.3.1)
-    google-cloud-storage (1.44.0)
+    google-cloud-errors (1.5.0)
+    google-cloud-storage (1.47.0)
       addressable (~> 2.8)
       digest-crc (~> 0.4)
       google-apis-iamcredentials_v1 (~> 0.1)
-      google-apis-storage_v1 (~> 0.19.0)
+      google-apis-storage_v1 (~> 0.31.0)
       google-cloud-core (~> 1.6)
       googleauth (>= 0.16.2, < 2.a)
       mini_mime (~> 1.0)
-    googleauth (1.7.0)
+    googleauth (1.8.1)
       faraday (>= 0.17.3, < 3.a)
       jwt (>= 1.4, < 3.0)
-      memoist (~> 0.16)
       multi_json (~> 1.11)
       os (>= 0.9, < 2.0)
       signet (>= 0.16, < 2.a)
     highline (2.0.3)
-    http-cookie (1.0.5)
+    http-cookie (1.0.8)
       domain_name (~> 0.5)
-    httpclient (2.8.3)
+    httpclient (2.9.0)
+      mutex_m
     jmespath (1.6.2)
-    json (2.6.3)
-    jwt (2.7.1)
-    memoist (0.16.2)
-    mini_magick (4.12.0)
-    mini_mime (1.1.2)
-    multi_json (1.15.0)
-    multipart-post (2.3.0)
-    nanaimo (0.3.0)
-    naturally (2.2.1)
-    optparse (0.1.1)
+    json (2.13.2)
+    jwt (2.10.2)
+      base64
+    logger (1.7.0)
+    mini_magick (4.13.2)
+    mini_mime (1.1.5)
+    multi_json (1.17.0)
+    multipart-post (2.4.1)
+    mutex_m (0.3.0)
+    nanaimo (0.4.0)
+    naturally (2.3.0)
+    nkf (0.2.0)
+    optparse (0.6.0)
     os (1.1.4)
-    plist (3.7.0)
-    public_suffix (5.0.3)
-    rake (13.0.6)
+    plist (3.7.2)
+    public_suffix (6.0.2)
+    rake (13.3.0)
     representable (3.2.0)
       declarative (< 0.1.0)
       trailblazer-option (>= 0.1.1, < 0.2.0)
       uber (< 0.2.0)
     retriable (3.1.2)
-    rexml (3.2.6)
-    rouge (2.0.7)
+    rexml (3.4.1)
+    rouge (3.28.0)
     ruby2_keywords (0.0.5)
-    rubyzip (2.3.2)
-    security (0.1.3)
-    signet (0.17.0)
+    rubyzip (2.4.1)
+    security (0.1.5)
+    signet (0.20.0)
       addressable (~> 2.8)
       faraday (>= 0.17.5, < 3.a)
       jwt (>= 1.5, < 3.0)
@@ -182,30 +195,27 @@ GEM
     simctl (1.6.10)
       CFPropertyList
       naturally
+    sysrandom (1.0.5)
     terminal-notifier (2.0.0)
-    terminal-table (1.8.0)
-      unicode-display_width (~> 1.1, >= 1.1.1)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
     trailblazer-option (0.1.2)
     tty-cursor (0.7.1)
-    tty-screen (0.8.1)
+    tty-screen (0.8.2)
     tty-spinner (0.9.3)
       tty-cursor (~> 0.7)
     uber (0.1.0)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.8.2)
-    unicode-display_width (1.8.0)
-    webrick (1.8.1)
+    unicode-display_width (2.6.0)
     word_wrap (1.0.0)
-    xcodeproj (1.22.0)
+    xcodeproj (1.27.0)
       CFPropertyList (>= 2.3.3, < 4.0)
       atomos (~> 0.1.3)
       claide (>= 1.0.2, < 2.0)
       colored2 (~> 3.1)
-      nanaimo (~> 0.3.0)
-      rexml (~> 3.2.4)
-    xcpretty (0.3.0)
-      rouge (~> 2.0.7)
+      nanaimo (~> 0.4.0)
+      rexml (>= 3.3.6, < 4.0)
+    xcpretty (0.4.1)
+      rouge (~> 3.28.0)
     xcpretty-travis-formatter (1.0.1)
       xcpretty (~> 0.2, >= 0.0.7)
 
@@ -217,4 +227,4 @@ DEPENDENCIES
   fastlane-plugin-versioning_android
 
 BUNDLED WITH
-   2.1.4
+   2.6.9

README.md

@@ -1,8 +1,8 @@
 # Android KeePassDX
 
-<img src="https://raw.githubusercontent.com/Kunzisoft/KeePassDX/master/art/icon.png"> **Lightweight password manager for Android**, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
+<img alt="KeePassDX Icon" src="https://raw.githubusercontent.com/Kunzisoft/KeePassDX/master/art/icon.png"> **Lightweight password safe and manager for Android**, KeePassDX allows editing encrypted data in a single file in KeePass format and fill in the forms in a secure way.
 
-<img src="https://raw.githubusercontent.com/Kunzisoft/KeePassDX/master/art/screen.jpg" width="220">
+<img alt="KeePassDX Screenshot" src="https://raw.githubusercontent.com/Kunzisoft/KeePassDX/master/art/screen.jpg" width="220">
 
 ### Features
 
@@ -48,34 +48,40 @@ Optional visual styles are accessible after a contribution (and a congratulatory
 
 ## Download
 
-*[F-Droid](https://f-droid.org/packages/com.kunzisoft.keepass.libre/) is the recommended way of installing, a libre software project that verifies that all the libraries and app code is libre software.*
+*[F-Droid](https://f-droid.org/packages/com.kunzisoft.keepass.libre/) is the recommended way of installing, a libre software project that verifies all the libraries and app code is libre software.*
 
-[<img src="https://f-droid.org/badge/get-it-on.png"
-      alt="Get it on F-Droid"
-      height="80">](https://f-droid.org/packages/com.kunzisoft.keepass.libre/)
-[<img src="https://play.google.com/intl/en_us/badges/images/generic/en_badge_web_generic.png"
-      alt="Get it on Google Play"
-	height="80">](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free)
-[<img src="https://raw.githubusercontent.com/Kunzisoft/Github-badge/main/get-it-on-github.png"
-      alt="Get it on Github"
-	height="80">](https://github.com/Kunzisoft/KeePassDX/releases)
+| Source | Status | [Version](https://github.com/Kunzisoft/KeePassDX/wiki/FAQ#why-a-libre-and-free-version) |
+|--------|--------|---------|
+| [Google Play](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.free) | ![Google Play Release](https://img.shields.io/endpoint?color=blue&logo=google-play&logoColor=green&url=https%3A%2F%2Fplay.cuzi.workers.dev%2Fplay%3Fi%3Dcom.kunzisoft.keepass.free%26gl%3DUS%26hl%3Den%26l%3DGoogle%2520Play%26m%3D%24version) | Free + [Pro](https://play.google.com/store/apps/details?id=com.kunzisoft.keepass.pro) |
+| [F-Droid](https://f-droid.org/en/packages/com.kunzisoft.keepass.libre/) | ![F-Droid Version](https://img.shields.io/f-droid/v/com.kunzisoft.keepass.libre?logo=F-Droid&label=F-Droid) | Libre |
+| [IzzyOnDroid](https://apt.izzysoft.de/fdroid/index/apk/com.kunzisoft.keepass.free) | ![IzzyOnDroid Version](https://img.shields.io/endpoint?&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAMAAABg3Am1AAADAFBMVEUA0////wAA0v8A0v8A0////wD//wAFz/QA0/8A0/8A0/8A0/8A0v///wAA0/8A0/8A0/8A0/8A0//8/gEA0/8A0/8B0/4A0/8A0/8A0/+j5QGAwwIA0//C9yEA0/8A0/8A0/8A0/8A0/8A0/+n4SAA0/8A0/8A0/+o6gCw3lKt7QCv5SC+422b3wC19AC36zAA0/+d1yMA0/8A0/+W2gEA0/+w8ACz8gCKzgG7+QC+9CFLfwkA0/8A0////wAA0/8A0/8A0/8A0/+f2xym3iuHxCGq5BoA1P+m2joI0vONyiCz3mLO7oYA0/8M1Piq3Ei78CbB8EPe8LLj9Ly751G77zWQ1AC96UYC0fi37CL//wAA0/8A0////wD//wCp3jcA0/+j3SGj2i/I72Sx4zHE8FLB8zak1kYeycDI6nRl3qEA0/7V7psA0v6WzTa95mGi2RvB5XkPy9zH5YJ3uwGV1yxVihRLiwdxtQ1ZkAf//wD//wD//wD//wD//wCn5gf//wD//wD//wD//wD//wAA0/+h4A3R6p8A0/+X1w565OD6/ARg237n9csz2vPz+gNt37V/vifO8HW68B/L6ZOCwxXY8KRQsWRzhExAtG/E612a1Rd/pTBpmR9qjysduKVhmxF9mTY51aUozK+CsDSA52T//wD//wAA0////wD//wBJ1JRRxFWjzlxDyXRc0pGT1wCG0CWB3VGUzSTh8h6c0TSr5CCJ5FFxvl6s4H3m8xML0/DA5CvK51EX1N+Y2gSt4Dag3ChE3fax2ki68yO57NF10FRZnUPl88eJxhuCxgCz5EOLwEGf1DFutmahzGW98x0W1PGk3R154MHE6bOn69qv3gy92oG90o+Hn07B7rhCmiyMwECv1nO+0pQfwrCo57xF2daXsVhKrEdenQAduaee1Bsjr42z5D9RoCXy+QNovXpy2Z5MtWDO/TiSukaF3UtE1K6j3B4YwLc5wXlzpyIK0u5zy3uJqg4pu5RTpkZmpVKyAP8A0wBHcExHcEyBUSeEAAABAHRSTlP///9F9wjAAxD7FCEGzBjd08QyEL39abMd6///8P/ZWAnipIv/cC6B//7////////L/1Dz/0D///////86/vYnquY3/v///5T//v///17///////////////84S3QNB/8L/////////////7r/////NP////9l/////wPD4yis/x7Ym2lWSP+em////0n////////v///////////////////7//7pdGN3Urr6/+v/6aT////+//H/o2P/1v+7r7jp4PM/3p4g////g///K///481LxO///v////9w////8v/////9/p3J///a+P9v/5KR/+n///+p/xf//8P//wAAe7FyaAAABCZJREFUSMdj+E8iYKBUgwIHnwQ3N7cEHxcH+///VayoAE0Dh41qR7aBnCIQ8MsJKHH9/99czYYMWlA0cIkJGjMgAKfq//9RNYzIgLcBWYOTiCgDMhDn+B9bh6LebiWyH6L5UZQzONoAHWSHoqEpDkkDsyKqelv1//9rG1HUN9YihZK9AKp6BkG+/6xNqA5ajhSsCkrIipmYGGRa//9vQXVQXSySBnkWJOUMfn5Myuz/G3hR1NdEIUUchwiy+bkTsg4dbW/fu6W/e1c3XMMy5JiOZkFxUFZo74mgKTqaKXu0+2HqVwkja3BH9kFu361JwcHTfPJD4mdfe8ULAdVRyGlJAcVFfg+CQOozZ4XrJ85+JgwBsVXIGriQw5Tp4ZScezd8JiWnBupru30qwJZa+ZAjmWlC8fUZM4qB6kPnLNSPLMWqQQ5ZQ5aOzs1HmamBaQHzFs6y+qAmJCTE8f9/QgKSBg4DJPWc6zVDQkIC09JkZSPD38kukpExFpT4z67uYI/QwCOOCCK/izvu5CWl6AcEWMnKWml7LWbKZfH9/99UkknQHhGsynDz+65eWXv3/JmJrq5eXienVlRUfH/z8VvCf45soKQIH1yDEQsszrp6gwq9C73T87xcXadKl5TkFev4A/2tygmSBqYXqAYJmK+ZuoJydDR1vP09DA0NOy2kpdML81+U/heCpH1JU3jig7lJ5nKOT4i/t6ZHkqGzs4lJmIVHfrj+JR4HqLQSD0yDkCNEpGNn5ix9D03/eJdElTZdKV2TpNOhkwt8YUlNUgimgV0dLMBvf1gz1MolPd5FRcVNSkpDQ8owJeBCDyIhrIDnOD5QcuIU+3/2QKSs9laQ+noNLS0zLWdtqyP7mBAFAw88TwsJgMuJYweBGjYngtWbmeuZOW+bvNQToUFOAlFqOBk4Ov3/L7Z60/aN0p1tUhpa5nqWlub7C3p2I9QzyAghlUvczOz/1fhzPT3XSIfpSmmYAdVbmm1gV0dSz8DSilpUQsqCddIWIA3meuZaJqdMJZEzl6gRqgZIWZAxUdoizERXN8yi5MltcZTChzMaRQM3JNUWHS8rL/+yaPGvMmvr5ywoGoxtkDWwQ+Pb89ycBeWfGSJeL/la+RS1eOPnRtbQKgMRjZg+t8x6PkP273nWQAoFOPAgaeAThKXAmXMrK39Kmr5fsuBlBqoXfJGLe3VbmHjG9Mczi9T//3h7vygXtcDlQtJg44iQiIjIBRbGPO7gghPJy0ZIxT2HOLIUgwxQzsgYrUR350HSIMaJLidhgKY+mw+pflBDrX8E7OGBjPCAPc76gQFSTqAIiYrb/8dRP4CyosJ/rmwU5XIxHMilt4QBJwsSkBMClxOQULBlkRRwEONmR2kJcDGjADX2/+xO8r5iqjExqmLyrWpcPFRta1BfAwCtyN3XpuJ4RgAAAABJRU5ErkJggg==&url=https://apt.izzysoft.de/fdroid/api/v1/shield/com.kunzisoft.keepass.free&label=IzzyOnDroid) | Free & [Libre](https://apt.izzysoft.de/fdroid/index/apk/com.kunzisoft.keepass.libre) |
+| [GitHub](https://github.com/Kunzisoft/KeePassDX/releases) / [Obtainium](https://github.com/ImranR98/Obtainium) | ![GitHub Release](https://img.shields.io/github/v/release/Kunzisoft/KeePassDX?include_prereleases&logo=GitHub&label=GitHub) | Free & Libre |
 
-## Verify the authenticity of the downloaded app from GitHub
-1- Download the latest app from [GitHub releases](https://github.com/Kunzisoft/KeePassDX/releases/latest). <br>
-2- Open the directory where you saved the downloaded file in the Terminal on Linux/MacOS. <br>
-3- You must have `keytool` command installed. <br>
-4- Depending on the flavor you downloaded, run:
+## Package authenticity from GitHub
+- Download the app from [GitHub releases](https://github.com/Kunzisoft/KeePassDX/releases/latest)
+- Install [`apksigner`](https://developer.android.com/tools/apksigner) from [Android Studio](https://developer.android.com/studio)
+- Open the directory where you saved the downloaded file in the Terminal
+- Make sure that you have `apksigner` installed by running:
+```shell
+apksigner --version
 ```
-keytool -printcert -jarfile KeePassDX-*-libre.apk | grep '7D:55:B8:AF:21:03:81:AA:BF:96:0F:07:E1:7C:F7:85:7B:6D:2A:64:2C:A2:DA:6B:F0:BD:F1:B2:00:36:2F:04'
+- Depending on the APK file you downloaded, run:
+
+```shell
+apksigner verify --verbose --print-certs -min-sdk-version 24 KeePassDX-*.apk
 ```
-Or:
-```
-keytool -printcert -jarfile KeePassDX-*-free.apk | grep '7D:55:B8:AF:21:03:81:AA:BF:96:0F:07:E1:7C:F7:85:7B:6D:2A:64:2C:A2:DA:6B:F0:BD:F1:B2:00:36:2F:04'
-```
-You should get this output:
-```
-SHA256: 7D:55:B8:AF:21:03:81:AA:BF:96:0F:07:E1:7C:F7:85:7B:6D:2A:64:2C:A2:DA:6B:F0:BD:F1:B2:00:36:2F:04
+
+You should get this output :
+```shell
+Verified using v2 scheme (APK Signature Scheme v2): true
+...
+Number of signers: 1
+Signer #1 certificate SHA-256 digest: 7d55b8af210381aabf960f07e17cf7857b6d2a642ca2da6bf0bdf1b200362f04
+...
+Signer #1 public key SHA-256 digest: 5d261d3176db1e077b80112824d9390167f3be0561827e42112ed6b71192db81
 ```
+If it's the case, this means that the APK was well built by the author of KeePassDX.
+
 ## Frequently Asked Questions
 
 Other questions? You can read the [FAQ](https://github.com/Kunzisoft/KeePassDX/wiki/FAQ) 
@@ -90,7 +96,7 @@ Other questions? You can read the [FAQ](https://github.com/Kunzisoft/KeePassDX/w
 
 ## License
 
-  Copyright © 2023 Jeremy Jamet / [Kunzisoft](https://www.kunzisoft.com).
+  Copyright © 2025 Jeremy Jamet / [Kunzisoft](https://www.kunzisoft.com).
 
   This file is part of KeePassDX.
 

app/build.gradle

@@ -5,15 +5,14 @@ apply plugin: 'kotlin-kapt'
 
 android {
     namespace 'com.kunzisoft.keepass'
-    compileSdkVersion 33
-    buildToolsVersion "33.0.2"
+    compileSdkVersion 36
 
     defaultConfig {
         applicationId "com.kunzisoft.keepass"
-        minSdkVersion 15
-        targetSdkVersion 33
-        versionCode = 129
-        versionName = "4.0.6"
+        minSdkVersion 19
+        targetSdkVersion 35
+        versionCode = 141
+        versionName = "4.1.8"
         multiDexEnabled true
 
         testApplicationId = "com.kunzisoft.keepass.tests"
@@ -36,6 +35,13 @@ android {
         }
     }
 
+    dependenciesInfo {
+        // Disables dependency metadata when building APKs.
+        includeInApk = false
+        // Disables dependency metadata when building Android App Bundles.
+        includeInBundle = false
+    }
+
     flavorDimensions "version"
     productFlavors {
         libre {
@@ -85,12 +91,15 @@ android {
     }
 
     compileOptions {
-        targetCompatibility JavaVersion.VERSION_1_8
-        sourceCompatibility JavaVersion.VERSION_1_8
+        targetCompatibility JavaVersion.VERSION_17
+        sourceCompatibility JavaVersion.VERSION_17
     }
 
     kotlinOptions {
-        jvmTarget = "1.8"
+        jvmTarget = "17"
+    }
+    buildFeatures {
+        buildConfig true
     }
 }
 
@@ -109,6 +118,7 @@ dependencies {
     implementation 'androidx.media:media:1.6.0'
     // Lifecycle - LiveData - ViewModel - Coroutines
     implementation "androidx.core:core-ktx:$android_core_version"
+    implementation "androidx.lifecycle:lifecycle-process:2.6.2"
     implementation 'androidx.fragment:fragment-ktx:1.6.0'
     implementation "com.google.android.material:material:$android_material_version"
     // Token auto complete
@@ -120,7 +130,7 @@ dependencies {
     // Autofill
     implementation "androidx.autofill:autofill:1.1.0"
     // Time
-    implementation 'joda-time:joda-time:2.10.13'
+    implementation 'joda-time:joda-time:2.13.0'
     // Color
     implementation 'com.github.Kunzisoft:AndroidClearChroma:2.6'
     // Education
@@ -137,5 +147,4 @@ dependencies {
 
     // Tests
     androidTestImplementation "androidx.test:runner:$android_test_version"
-    androidTestImplementation "androidx.test:rules:$android_test_version"
 }

app/schemas/com.kunzisoft.keepass.app.database.AppDatabase/3.json

@@ -0,0 +1,96 @@
+{
+  "formatVersion": 1,
+  "database": {
+    "version": 3,
+    "identityHash": "a20aec7cf09664b1102ec659fa51160a",
+    "entities": [
+      {
+        "tableName": "file_database_history",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`database_uri` TEXT NOT NULL, `database_alias` TEXT NOT NULL, `keyfile_uri` TEXT, `hardware_key` TEXT, `read_only` INTEGER, `updated` INTEGER NOT NULL, PRIMARY KEY(`database_uri`))",
+        "fields": [
+          {
+            "fieldPath": "databaseUri",
+            "columnName": "database_uri",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "databaseAlias",
+            "columnName": "database_alias",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "keyFileUri",
+            "columnName": "keyfile_uri",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "hardwareKey",
+            "columnName": "hardware_key",
+            "affinity": "TEXT",
+            "notNull": false
+          },
+          {
+            "fieldPath": "readOnly",
+            "columnName": "read_only",
+            "affinity": "INTEGER",
+            "notNull": false
+          },
+          {
+            "fieldPath": "updated",
+            "columnName": "updated",
+            "affinity": "INTEGER",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "database_uri"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      },
+      {
+        "tableName": "cipher_database",
+        "createSql": "CREATE TABLE IF NOT EXISTS `${TABLE_NAME}` (`database_uri` TEXT NOT NULL, `encrypted_value` TEXT NOT NULL, `specs_parameters` TEXT NOT NULL, PRIMARY KEY(`database_uri`))",
+        "fields": [
+          {
+            "fieldPath": "databaseUri",
+            "columnName": "database_uri",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "encryptedValue",
+            "columnName": "encrypted_value",
+            "affinity": "TEXT",
+            "notNull": true
+          },
+          {
+            "fieldPath": "specParameters",
+            "columnName": "specs_parameters",
+            "affinity": "TEXT",
+            "notNull": true
+          }
+        ],
+        "primaryKey": {
+          "autoGenerate": false,
+          "columnNames": [
+            "database_uri"
+          ]
+        },
+        "indices": [],
+        "foreignKeys": []
+      }
+    ],
+    "views": [],
+    "setupQueries": [
+      "CREATE TABLE IF NOT EXISTS room_master_table (id INTEGER PRIMARY KEY,identity_hash TEXT)",
+      "INSERT OR REPLACE INTO room_master_table (id,identity_hash) VALUES(42, 'a20aec7cf09664b1102ec659fa51160a')"
+    ]
+  }
+}

app/src/main/AndroidManifest.xml

@@ -9,6 +9,10 @@
       android:anyDensity="true" />
     <uses-permission
         android:name="android.permission.FOREGROUND_SERVICE" />
+    <uses-permission
+        android:name="android.permission.FOREGROUND_SERVICE_DATA_SYNC" />
+    <uses-permission
+        android:name="android.permission.FOREGROUND_SERVICE_SPECIAL_USE"/>
     <uses-permission
         android:name="android.permission.POST_NOTIFICATIONS" />
     <uses-permission
@@ -39,6 +43,7 @@
         android:backupAgent="com.kunzisoft.keepass.backup.SettingsBackupAgent"
         android:largeHeap="true"
         android:resizeableActivity="true"
+        android:supportsRtl="true"
         android:theme="@style/KeepassDXStyle.Night"
         tools:targetApi="s">
         <meta-data
@@ -118,7 +123,7 @@
             android:name="com.kunzisoft.keepass.activities.GroupActivity"
             android:exported="false"
             android:configChanges="keyboardHidden"
-            android:windowSoftInputMode="adjustPan">
+            android:windowSoftInputMode="adjustResize">
             <meta-data
                 android:name="android.app.default_searchable"
                 android:value="com.kunzisoft.keepass.search.SearchResults"
@@ -145,7 +150,7 @@
             android:configChanges="keyboardHidden" />
         <activity
             android:name="com.kunzisoft.keepass.activities.EntryEditActivity"
-            android:windowSoftInputMode="adjustPan" />
+            android:windowSoftInputMode="adjustResize" />
         <!-- About and Settings -->
         <activity
             android:name="com.kunzisoft.keepass.activities.AboutActivity"
@@ -159,7 +164,7 @@
             android:configChanges="keyboardHidden"
             android:excludeFromRecents="true"/>
         <activity
-            android:name="com.kunzisoft.keepass.settings.AdvancedUnlockSettingsActivity" />
+            android:name="com.kunzisoft.keepass.settings.DeviceUnlockSettingsActivity" />
         <activity
             android:name="com.kunzisoft.keepass.settings.AutofillSettingsActivity" />
         <activity
@@ -197,18 +202,27 @@
 
         <service
             android:name="com.kunzisoft.keepass.services.DatabaseTaskNotificationService"
+            android:foregroundServiceType="dataSync"
             android:enabled="true"
             android:exported="false" />
         <service
             android:name="com.kunzisoft.keepass.services.AttachmentFileNotificationService"
+            android:foregroundServiceType="dataSync"
             android:enabled="true"
             android:exported="false" />
         <service
             android:name="com.kunzisoft.keepass.services.ClipboardEntryNotificationService"
+            android:foregroundServiceType="specialUse"
             android:enabled="true"
             android:exported="false" />
         <service
-            android:name="com.kunzisoft.keepass.services.AdvancedUnlockNotificationService"
+            android:name="com.kunzisoft.keepass.services.KeyboardEntryNotificationService"
+            android:foregroundServiceType="specialUse"
+            android:enabled="true"
+            android:exported="false" />
+        <service
+            android:name="com.kunzisoft.keepass.services.DeviceUnlockNotificationService"
+            android:foregroundServiceType="specialUse"
             android:enabled="true"
             android:exported="false" />
         <!-- Receiver for Autofill -->
@@ -235,10 +249,6 @@
                 <action android:name="android.view.InputMethod" />
             </intent-filter>
         </service>
-        <service
-            android:name="com.kunzisoft.keepass.services.KeyboardEntryNotificationService"
-            android:enabled="true"
-            android:exported="false" />
         <receiver
             android:name="com.kunzisoft.keepass.receivers.DexModeReceiver"
             android:exported="true">

app/src/main/java/com/igreenwood/loupe/Loupe.kt

@@ -38,7 +38,11 @@ import android.graphics.RectF
 import android.graphics.drawable.BitmapDrawable
 import android.os.Build
 import android.util.TypedValue
-import android.view.*
+import android.view.GestureDetector
+import android.view.MotionEvent
+import android.view.ScaleGestureDetector
+import android.view.View
+import android.view.ViewGroup
 import android.view.animation.AccelerateDecelerateInterpolator
 import android.view.animation.DecelerateInterpolator
 import android.view.animation.Interpolator
@@ -202,7 +206,7 @@ class Loupe(imageView: ImageView, container: ViewGroup) : View.OnTouchListener,
             override fun onDown(e: MotionEvent): Boolean = true
 
             override fun onScroll(
-                e1: MotionEvent,
+                e1: MotionEvent?,
                 e2: MotionEvent,
                 distanceX: Float,
                 distanceY: Float
@@ -220,7 +224,7 @@ class Loupe(imageView: ImageView, container: ViewGroup) : View.OnTouchListener,
             }
 
             override fun onFling(
-                e1: MotionEvent,
+                e1: MotionEvent?,
                 e2: MotionEvent,
                 velocityX: Float,
                 velocityY: Float
@@ -354,78 +358,41 @@ class Loupe(imageView: ImageView, container: ViewGroup) : View.OnTouchListener,
         val imageView = imageViewRef.get() ?: return
 
         isViewTranslateAnimationRunning = true
-
-
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
-            imageView.run {
-                val translationY = if (velY > 0) {
-                    originalViewBounds.top + height - top
-                } else {
-                    originalViewBounds.top - height - top
-                }
-                animate()
-                        .setDuration(dismissAnimationDuration)
-                        .setInterpolator(dismissAnimationInterpolator)
-                        .translationY(translationY.toFloat())
-                        .setUpdateListener {
-                            val amount = calcTranslationAmount()
-                            changeBackgroundAlpha(amount)
-                            onViewTranslateListener?.onViewTranslate(imageView, amount)
-                        }
-                        .setListener(object : Animator.AnimatorListener {
-                            override fun onAnimationStart(p0: Animator) {
-
-                            }
-
-                            override fun onAnimationEnd(p0: Animator) {
-                                isViewTranslateAnimationRunning = false
-                                onViewTranslateListener?.onDismiss(imageView)
-                                cleanup()
-                            }
-
-                            override fun onAnimationCancel(p0: Animator) {
-                                isViewTranslateAnimationRunning = false
-                            }
-
-                            override fun onAnimationRepeat(p0: Animator) {
-                                // no op
-                            }
-                        })
-            }
-        } else {
-            ObjectAnimator.ofFloat(imageView, View.TRANSLATION_Y, if (velY > 0) {
-                originalViewBounds.top + imageView.height - imageView.top
+        
+        imageView.run {
+            val translationY = if (velY > 0) {
+                originalViewBounds.top + height - top
             } else {
-                originalViewBounds.top - imageView.height - imageView.top
-            }.toFloat()).apply {
-                duration = dismissAnimationDuration
-                interpolator = dismissAnimationInterpolator
-                addUpdateListener {
-                    val amount = calcTranslationAmount()
-                    changeBackgroundAlpha(amount)
-                    onViewTranslateListener?.onViewTranslate(imageView, amount)
-                }
-                addListener(object : Animator.AnimatorListener {
-                    override fun onAnimationStart(p0: Animator) {
-                        // no op
-                    }
-
-                    override fun onAnimationEnd(p0: Animator) {
-                        isViewTranslateAnimationRunning = false
-                        onViewTranslateListener?.onDismiss(imageView)
-                        cleanup()
-                    }
-
-                    override fun onAnimationCancel(p0: Animator) {
-                        isViewTranslateAnimationRunning = false
-                    }
-
-                    override fun onAnimationRepeat(p0: Animator) {
-                        // no op
-                    }
-                })
-                start()
+                originalViewBounds.top - height - top
             }
+            animate()
+                    .setDuration(dismissAnimationDuration)
+                    .setInterpolator(dismissAnimationInterpolator)
+                    .translationY(translationY.toFloat())
+                    .setUpdateListener {
+                        val amount = calcTranslationAmount()
+                        changeBackgroundAlpha(amount)
+                        onViewTranslateListener?.onViewTranslate(imageView, amount)
+                    }
+                    .setListener(object : Animator.AnimatorListener {
+                        override fun onAnimationStart(p0: Animator) {
+
+                        }
+
+                        override fun onAnimationEnd(p0: Animator) {
+                            isViewTranslateAnimationRunning = false
+                            onViewTranslateListener?.onDismiss(imageView)
+                            cleanup()
+                        }
+
+                        override fun onAnimationCancel(p0: Animator) {
+                            isViewTranslateAnimationRunning = false
+                        }
+
+                        override fun onAnimationRepeat(p0: Animator) {
+                            // no op
+                        }
+                    })
         }
     }
 
@@ -653,137 +620,76 @@ class Loupe(imageView: ImageView, container: ViewGroup) : View.OnTouchListener,
 
     private fun restoreViewTransform() {
         val imageView = imageViewRef.get() ?: return
-
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
-            imageView.run {
-                animate()
-                        .setDuration(restoreAnimationDuration)
-                        .setInterpolator(restoreAnimationInterpolator)
-                        .translationY((originalViewBounds.top - top).toFloat())
-                        .setUpdateListener {
-                            val amount = calcTranslationAmount()
-                            changeBackgroundAlpha(amount)
-                            onViewTranslateListener?.onViewTranslate(this, amount)
+        imageView.run {
+            animate()
+                    .setDuration(restoreAnimationDuration)
+                    .setInterpolator(restoreAnimationInterpolator)
+                    .translationY((originalViewBounds.top - top).toFloat())
+                    .setUpdateListener {
+                        val amount = calcTranslationAmount()
+                        changeBackgroundAlpha(amount)
+                        onViewTranslateListener?.onViewTranslate(this, amount)
+                    }
+                    .setListener(object : Animator.AnimatorListener {
+                        override fun onAnimationStart(p0: Animator) {
+                            // no op
                         }
-                        .setListener(object : Animator.AnimatorListener {
-                            override fun onAnimationStart(p0: Animator) {
-                                // no op
-                            }
 
-                            override fun onAnimationEnd(p0: Animator) {
-                                onViewTranslateListener?.onRestore(imageView)
-                            }
+                        override fun onAnimationEnd(p0: Animator) {
+                            onViewTranslateListener?.onRestore(imageView)
+                        }
 
-                            override fun onAnimationCancel(p0: Animator) {
-                                // no op
-                            }
+                        override fun onAnimationCancel(p0: Animator) {
+                            // no op
+                        }
 
-                            override fun onAnimationRepeat(p0: Animator) {
-                                // no op
-                            }
-                        })
-            }
-        } else {
-            ObjectAnimator.ofFloat(imageView, View.TRANSLATION_Y, (originalViewBounds.top - imageView.top).toFloat()).apply {
-                duration = restoreAnimationDuration
-                interpolator = restoreAnimationInterpolator
-                addUpdateListener {
-                    val amount = calcTranslationAmount()
-                    changeBackgroundAlpha(amount)
-                    onViewTranslateListener?.onViewTranslate(imageView, amount)
-                }
-                addListener(object : Animator.AnimatorListener {
-                    override fun onAnimationStart(p0: Animator) {
-                        // no op
-                    }
-
-                    override fun onAnimationEnd(p0: Animator) {
-                        onViewTranslateListener?.onRestore(imageView)
-                    }
-
-                    override fun onAnimationCancel(p0: Animator) {
-                        // no op
-                    }
-
-                    override fun onAnimationRepeat(p0: Animator) {
-                        // no op
-                    }
-                })
-                start()
-            }
+                        override fun onAnimationRepeat(p0: Animator) {
+                            // no op
+                        }
+                    })
         }
+        
     }
 
     private fun startDragToDismissAnimation() {
         val imageView = imageViewRef.get() ?: return
-
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
-            imageView.run {
-                val translationY = if (y - initialY > 0) {
-                    originalViewBounds.top + height - top
-                } else {
-                    originalViewBounds.top - height - top
-                }
-                animate()
-                        .setDuration(dismissAnimationDuration)
-                        .setInterpolator(AccelerateDecelerateInterpolator())
-                        .translationY(translationY.toFloat())
-                        .setUpdateListener {
-                            val amount = calcTranslationAmount()
-                            changeBackgroundAlpha(amount)
-                            onViewTranslateListener?.onViewTranslate(this, amount)
+        
+        imageView.run {
+            val translationY = if (y - initialY > 0) {
+                originalViewBounds.top + height - top
+            } else {
+                originalViewBounds.top - height - top
+            }
+            animate()
+                    .setDuration(dismissAnimationDuration)
+                    .setInterpolator(AccelerateDecelerateInterpolator())
+                    .translationY(translationY.toFloat())
+                    .setUpdateListener {
+                        val amount = calcTranslationAmount()
+                        changeBackgroundAlpha(amount)
+                        onViewTranslateListener?.onViewTranslate(this, amount)
+                    }
+                    .setListener(object : Animator.AnimatorListener {
+                        override fun onAnimationStart(p0: Animator) {
+                            isViewTranslateAnimationRunning = true
                         }
-                        .setListener(object : Animator.AnimatorListener {
-                            override fun onAnimationStart(p0: Animator) {
-                                isViewTranslateAnimationRunning = true
-                            }
 
-                            override fun onAnimationEnd(p0: Animator) {
-                                isViewTranslateAnimationRunning = false
-                                onViewTranslateListener?.onDismiss(imageView)
-                                cleanup()
-                            }
+                        override fun onAnimationEnd(p0: Animator) {
+                            isViewTranslateAnimationRunning = false
+                            onViewTranslateListener?.onDismiss(imageView)
+                            cleanup()
+                        }
 
-                            override fun onAnimationCancel(p0: Animator) {
-                                isViewTranslateAnimationRunning = false
-                            }
+                        override fun onAnimationCancel(p0: Animator) {
+                            isViewTranslateAnimationRunning = false
+                        }
 
-                            override fun onAnimationRepeat(p0: Animator) {
-                                // no op
-                            }
-                        })
-            }
-        } else {
-            ObjectAnimator.ofFloat(imageView, View.TRANSLATION_Y, imageView.translationY).apply {
-                duration = dismissAnimationDuration
-                interpolator = AccelerateDecelerateInterpolator()
-                addUpdateListener {
-                    val amount = calcTranslationAmount()
-                    changeBackgroundAlpha(amount)
-                    onViewTranslateListener?.onViewTranslate(imageView, amount)
-                }
-                addListener(object : Animator.AnimatorListener {
-                    override fun onAnimationStart(p0: Animator) {
-                        isViewTranslateAnimationRunning = true
-                    }
-
-                    override fun onAnimationEnd(p0: Animator) {
-                        isViewTranslateAnimationRunning = false
-                        onViewTranslateListener?.onDismiss(imageView)
-                        cleanup()
-                    }
-
-                    override fun onAnimationCancel(p0: Animator) {
-                        isViewTranslateAnimationRunning = false
-                    }
-
-                    override fun onAnimationRepeat(p0: Animator) {
-                        // no op
-                    }
-                })
-                start()
-            }
+                        override fun onAnimationRepeat(p0: Animator) {
+                            // no op
+                        }
+                    })
         }
+        
     }
 
     private fun processFlingToDismiss(velocityY: Float) {

app/src/main/java/com/kunzisoft/keepass/activities/AboutActivity.kt

@@ -20,10 +20,12 @@
 package com.kunzisoft.keepass.activities
 
 import android.content.pm.PackageManager.NameNotFoundException
+import android.os.Build
 import android.os.Bundle
 import android.text.method.LinkMovementMethod
 import android.util.Log
 import android.view.MenuItem
+import android.view.View
 import android.widget.TextView
 import androidx.appcompat.widget.Toolbar
 import androidx.core.text.HtmlCompat
@@ -56,7 +58,7 @@ class AboutActivity : StylishActivity() {
         var version: String
         var build: String
         try {
-            version = packageManager.getPackageInfoCompat(packageName).versionName
+            version = packageManager.getPackageInfoCompat(packageName).versionName ?: ""
             build = BuildConfig.BUILD_VERSION
         } catch (e: NameNotFoundException) {
             Log.w(javaClass.simpleName, "Unable to get the app or the build version", e)
@@ -76,6 +78,8 @@ class AboutActivity : StylishActivity() {
             movementMethod = LinkMovementMethod.getInstance()
             text = HtmlCompat.fromHtml(getString(R.string.html_about_licence, DateTime().year),
                     HtmlCompat.FROM_HTML_MODE_LEGACY)
+            textDirection = View.TEXT_DIRECTION_ANY_RTL
+            
         }
 
         findViewById<TextView>(R.id.activity_about_privacy_text).apply {

app/src/main/java/com/kunzisoft/keepass/activities/AutofillLauncherActivity.kt

@@ -41,11 +41,9 @@ import com.kunzisoft.keepass.database.ContextualDatabase
 import com.kunzisoft.keepass.database.helper.SearchHelper
 import com.kunzisoft.keepass.model.RegisterInfo
 import com.kunzisoft.keepass.model.SearchInfo
-import com.kunzisoft.keepass.settings.PreferencesUtil
+import com.kunzisoft.keepass.utils.WebDomain
 import com.kunzisoft.keepass.utils.getParcelableCompat
 import com.kunzisoft.keepass.utils.getParcelableExtraCompat
-import com.kunzisoft.keepass.utils.WebDomain
-import java.lang.RuntimeException
 
 @RequiresApi(api = Build.VERSION_CODES.O)
 class AutofillLauncherActivity : DatabaseModeActivity() {
@@ -126,83 +124,85 @@ class AutofillLauncherActivity : DatabaseModeActivity() {
         if (autofillComponent == null) {
             setResult(Activity.RESULT_CANCELED)
             finish()
-        } else if (!KeeAutofillService.autofillAllowedFor(searchInfo.applicationId,
-                        PreferencesUtil.applicationIdBlocklist(this))
-                || !KeeAutofillService.autofillAllowedFor(searchInfo.webDomain,
-                        PreferencesUtil.webDomainBlocklist(this))) {
+        } else if (KeeAutofillService.autofillAllowedFor(
+            applicationId = searchInfo.applicationId,
+            webDomain = searchInfo.webDomain,
+            context = this
+        )) {
+            // If database is open
+            SearchHelper.checkAutoSearchInfo(this,
+                database,
+                searchInfo,
+                { openedDatabase, items ->
+                    // Items found
+                    AutofillHelper.buildResponseAndSetResult(this, openedDatabase, items)
+                    finish()
+                },
+                { openedDatabase ->
+                    // Show the database UI to select the entry
+                    GroupActivity.launchForAutofillResult(this,
+                        openedDatabase,
+                        mAutofillActivityResultLauncher,
+                        autofillComponent,
+                        searchInfo,
+                        false)
+                },
+                {
+                    // If database not open
+                    FileDatabaseSelectActivity.launchForAutofillResult(this,
+                        mAutofillActivityResultLauncher,
+                        autofillComponent,
+                        searchInfo)
+                }
+            )
+        } else {
             showBlockRestartMessage()
             setResult(Activity.RESULT_CANCELED)
             finish()
-        } else {
-            // If database is open
-            SearchHelper.checkAutoSearchInfo(this,
-                    database,
-                    searchInfo,
-                    { openedDatabase, items ->
-                        // Items found
-                        AutofillHelper.buildResponseAndSetResult(this, openedDatabase, items)
-                        finish()
-                    },
-                    { openedDatabase ->
-                        // Show the database UI to select the entry
-                        GroupActivity.launchForAutofillResult(this,
-                            openedDatabase,
-                            mAutofillActivityResultLauncher,
-                            autofillComponent,
-                            searchInfo,
-                            false)
-                    },
-                    {
-                        // If database not open
-                        FileDatabaseSelectActivity.launchForAutofillResult(this,
-                                mAutofillActivityResultLauncher,
-                                autofillComponent,
-                                searchInfo)
-                    }
-            )
         }
     }
 
     private fun launchRegistration(database: ContextualDatabase?,
                                    searchInfo: SearchInfo,
                                    registerInfo: RegisterInfo?) {
-        if (!KeeAutofillService.autofillAllowedFor(searchInfo.applicationId,
-                        PreferencesUtil.applicationIdBlocklist(this))
-                || !KeeAutofillService.autofillAllowedFor(searchInfo.webDomain,
-                        PreferencesUtil.webDomainBlocklist(this))) {
-            showBlockRestartMessage()
-            setResult(Activity.RESULT_CANCELED)
-        } else {
+        if (KeeAutofillService.autofillAllowedFor(
+                applicationId = searchInfo.applicationId,
+                webDomain = searchInfo.webDomain,
+                context = this
+        )) {
             val readOnly = database?.isReadOnly != false
             SearchHelper.checkAutoSearchInfo(this,
-                    database,
-                    searchInfo,
-                    { openedDatabase, _ ->
-                        if (!readOnly) {
-                            // Show the database UI to select the entry
-                            GroupActivity.launchForRegistration(this,
-                                openedDatabase,
-                                registerInfo)
-                        } else {
-                            showReadOnlySaveMessage()
-                        }
-                    },
-                    { openedDatabase ->
-                        if (!readOnly) {
-                            // Show the database UI to select the entry
-                            GroupActivity.launchForRegistration(this,
-                                openedDatabase,
-                                registerInfo)
-                        } else {
-                            showReadOnlySaveMessage()
-                        }
-                    },
-                    {
-                        // If database not open
-                        FileDatabaseSelectActivity.launchForRegistration(this,
-                                registerInfo)
+                database,
+                searchInfo,
+                { openedDatabase, _ ->
+                    if (!readOnly) {
+                        // Show the database UI to select the entry
+                        GroupActivity.launchForRegistration(this,
+                            openedDatabase,
+                            registerInfo)
+                    } else {
+                        showReadOnlySaveMessage()
                     }
+                },
+                { openedDatabase ->
+                    if (!readOnly) {
+                        // Show the database UI to select the entry
+                        GroupActivity.launchForRegistration(this,
+                            openedDatabase,
+                            registerInfo)
+                    } else {
+                        showReadOnlySaveMessage()
+                    }
+                },
+                {
+                    // If database not open
+                    FileDatabaseSelectActivity.launchForRegistration(this,
+                        registerInfo)
+                }
             )
+        } else {
+            showBlockRestartMessage()
+            setResult(Activity.RESULT_CANCELED)
         }
         finish()
     }

app/src/main/java/com/kunzisoft/keepass/activities/EntryEditActivity.kt

@@ -30,7 +30,6 @@ import android.util.Log
 import android.view.Menu
 import android.view.MenuItem
 import android.view.View
-import android.view.ViewGroup
 import android.widget.AdapterView
 import android.widget.ProgressBar
 import android.widget.Spinner
@@ -73,6 +72,7 @@ import com.kunzisoft.keepass.database.element.template.Template
 import com.kunzisoft.keepass.education.EntryEditActivityEducation
 import com.kunzisoft.keepass.magikeyboard.MagikeyboardService
 import com.kunzisoft.keepass.model.AttachmentState
+import com.kunzisoft.keepass.model.DataTime
 import com.kunzisoft.keepass.model.EntryAttachmentState
 import com.kunzisoft.keepass.model.RegisterInfo
 import com.kunzisoft.keepass.model.SearchInfo
@@ -87,6 +87,7 @@ import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.tasks.AttachmentFileBinderManager
 import com.kunzisoft.keepass.timeout.TimeoutHelper
+import com.kunzisoft.keepass.utils.TimeUtil.datePickerToDataDate
 import com.kunzisoft.keepass.utils.UriUtil.getDocumentFile
 import com.kunzisoft.keepass.utils.getParcelableExtraCompat
 import com.kunzisoft.keepass.view.ToolbarAction
@@ -96,7 +97,7 @@ import com.kunzisoft.keepass.view.asError
 import com.kunzisoft.keepass.view.hideByFading
 import com.kunzisoft.keepass.view.setTransparentNavigationBar
 import com.kunzisoft.keepass.view.showActionErrorIfNeeded
-import com.kunzisoft.keepass.view.updateLockPaddingLeft
+import com.kunzisoft.keepass.view.updateLockPaddingStart
 import com.kunzisoft.keepass.viewmodels.ColorPickerViewModel
 import com.kunzisoft.keepass.viewmodels.EntryEditViewModel
 import java.util.UUID
@@ -108,8 +109,8 @@ class EntryEditActivity : DatabaseLockActivity(),
         ReplaceFileDialogFragment.ActionChooseListener {
 
     // Views
-    private var footer: ViewGroup? = null
-    private var container: ViewGroup? = null
+    private var footer: View? = null
+    private var container: View? = null
     private var coordinatorLayout: CoordinatorLayout? = null
     private var scrollView: NestedScrollView? = null
     private var templateSelectorSpinner: Spinner? = null
@@ -179,8 +180,8 @@ class EntryEditActivity : DatabaseLockActivity(),
 
         // To apply fit window with transparency
         setTransparentNavigationBar(applyToStatusBar = true) {
-            container?.applyWindowInsets(WindowInsetPosition.TOP)
-            footer?.applyWindowInsets(WindowInsetPosition.BOTTOM)
+            container?.applyWindowInsets(WindowInsetPosition.TOP_BOTTOM_IME)
+            footer?.applyWindowInsets(WindowInsetPosition.BOTTOM_IME)
         }
 
         stopService(Intent(this, ClipboardEntryNotificationService::class.java))
@@ -301,7 +302,7 @@ class EntryEditActivity : DatabaseLockActivity(),
                 // Launch the time picker
                 MaterialTimePicker.Builder().build().apply {
                     addOnPositiveButtonClickListener {
-                        mEntryEditViewModel.selectTime(this.hour, this.minute)
+                        mEntryEditViewModel.selectTime(DataTime(this.hour, this.minute))
                     }
                     show(supportFragmentManager, "TimePickerFragment")
                 }
@@ -309,7 +310,7 @@ class EntryEditActivity : DatabaseLockActivity(),
                 // Launch the date picker
                 MaterialDatePicker.Builder.datePicker().build().apply {
                     addOnPositiveButtonClickListener {
-                        mEntryEditViewModel.selectDate(it)
+                        mEntryEditViewModel.selectDate(datePickerToDataDate(it))
                     }
                     show(supportFragmentManager, "DatePickerFragment")
                 }
@@ -502,7 +503,7 @@ class EntryEditActivity : DatabaseLockActivity(),
         }
 
         // Padding if lock button visible
-        entryEditAddToolBar?.updateLockPaddingLeft()
+        entryEditAddToolBar?.updateLockPaddingStart()
 
         mAttachmentFileBinderManager?.apply {
             registerProgressTask()
@@ -603,16 +604,12 @@ class EntryEditActivity : DatabaseLockActivity(),
             isVisible = isEnabled
         }
         menu?.findItem(R.id.menu_add_attachment)?.apply {
-            // Attachment not compatible below KitKat
             isEnabled = !mIsTemplate
-                    && Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT
             isVisible = isEnabled
         }
         menu?.findItem(R.id.menu_add_otp)?.apply {
-            // OTP not compatible below KitKat
             isEnabled = mAllowOTP
                     && !mIsTemplate
-                    && Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT
             isVisible = isEnabled
         }
         return super.onPrepareOptionsMenu(menu)

app/src/main/java/com/kunzisoft/keepass/activities/FileDatabaseSelectActivity.kt

@@ -68,11 +68,9 @@ import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.utils.DexUtil
 import com.kunzisoft.keepass.utils.MagikeyboardUtil
 import com.kunzisoft.keepass.utils.MenuUtil
-import com.kunzisoft.keepass.utils.getParcelableCompat
-import com.kunzisoft.keepass.utils.parseUri
 import com.kunzisoft.keepass.utils.UriUtil.isContributingUser
 import com.kunzisoft.keepass.utils.UriUtil.openUrl
-import com.kunzisoft.keepass.utils.allowCreateDocumentByStorageAccessFramework
+import com.kunzisoft.keepass.utils.getParcelableCompat
 import com.kunzisoft.keepass.view.asError
 import com.kunzisoft.keepass.view.showActionErrorIfNeeded
 import com.kunzisoft.keepass.viewmodels.DatabaseFilesViewModel
@@ -180,17 +178,9 @@ class FileDatabaseSelectActivity : DatabaseModeActivity(),
         }
         fileDatabaseHistoryRecyclerView.adapter = mAdapterDatabaseHistory
 
-        // Load default database if not an orientation change
-        if (!(savedInstanceState != null
-                        && savedInstanceState.containsKey(EXTRA_STAY)
-                        && savedInstanceState.getBoolean(EXTRA_STAY, false))) {
-            val databasePath = PreferencesUtil.getDefaultDatabasePath(this)
-
-            databasePath?.parseUri()?.let { databaseFileUri ->
-                launchPasswordActivityWithPath(databaseFileUri)
-            } ?: run {
-                Log.i(TAG, "No default database to prepare")
-            }
+        // Load default database the first time
+        databaseFilesViewModel.doForDefaultDatabase { databaseFileUri ->
+            launchPasswordActivityWithPath(databaseFileUri)
         }
 
         // Retrieve the database URI provided by file manager after an orientation change
@@ -272,7 +262,7 @@ class FileDatabaseSelectActivity : DatabaseModeActivity(),
                     GroupActivity.launch(
                         this@FileDatabaseSelectActivity,
                         database,
-                        PreferencesUtil.enableReadOnlyDatabase(this@FileDatabaseSelectActivity)
+                        false
                     )
                 }
                 ACTION_DATABASE_LOAD_TASK -> {
@@ -325,6 +315,7 @@ class FileDatabaseSelectActivity : DatabaseModeActivity(),
     private fun launchPasswordActivityWithPath(databaseUri: Uri) {
         launchPasswordActivity(databaseUri, null, null)
         // Delete flickering for kitkat <=
+        @Suppress("DEPRECATION")
         if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP)
             overridePendingTransition(0, 0)
     }
@@ -338,13 +329,7 @@ class FileDatabaseSelectActivity : DatabaseModeActivity(),
         // Show open and create button or special mode
         when (mSpecialMode) {
             SpecialMode.DEFAULT -> {
-                if (packageManager.allowCreateDocumentByStorageAccessFramework()) {
-                    // There is an activity which can handle this intent.
-                    createDatabaseButtonView?.visibility = View.VISIBLE
-                } else{
-                    // No Activity found that can handle this intent.
-                    createDatabaseButtonView?.visibility = View.GONE
-                }
+                createDatabaseButtonView?.visibility = View.VISIBLE
             }
             else -> {
                 // Disable create button if in selection mode or request for autofill
@@ -366,8 +351,6 @@ class FileDatabaseSelectActivity : DatabaseModeActivity(),
 
     override fun onSaveInstanceState(outState: Bundle) {
         super.onSaveInstanceState(outState)
-        // only to keep the current activity
-        outState.putBoolean(EXTRA_STAY, true)
         // to retrieve the URI of a created database after an orientation change
         outState.putParcelable(EXTRA_DATABASE_URI, mDatabaseFileUri)
     }
@@ -442,7 +425,6 @@ class FileDatabaseSelectActivity : DatabaseModeActivity(),
     companion object {
 
         private const val TAG = "FileDbSelectActivity"
-        private const val EXTRA_STAY = "EXTRA_STAY"
         private const val EXTRA_DATABASE_URI = "EXTRA_DATABASE_URI"
 
         /*

app/src/main/java/com/kunzisoft/keepass/activities/GroupActivity.kt

@@ -84,6 +84,7 @@ import com.kunzisoft.keepass.database.helper.SearchHelper
 import com.kunzisoft.keepass.database.search.SearchParameters
 import com.kunzisoft.keepass.education.GroupActivityEducation
 import com.kunzisoft.keepass.magikeyboard.MagikeyboardService
+import com.kunzisoft.keepass.model.DataTime
 import com.kunzisoft.keepass.model.GroupInfo
 import com.kunzisoft.keepass.model.RegisterInfo
 import com.kunzisoft.keepass.model.SearchInfo
@@ -96,6 +97,7 @@ import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.timeout.TimeoutHelper
 import com.kunzisoft.keepass.utils.BACK_PREVIOUS_KEYBOARD_ACTION
 import com.kunzisoft.keepass.utils.KeyboardUtil.showKeyboard
+import com.kunzisoft.keepass.utils.TimeUtil.datePickerToDataDate
 import com.kunzisoft.keepass.utils.UriUtil.openUrl
 import com.kunzisoft.keepass.utils.getParcelableCompat
 import com.kunzisoft.keepass.utils.getParcelableExtraCompat
@@ -111,9 +113,10 @@ import com.kunzisoft.keepass.view.applyWindowInsets
 import com.kunzisoft.keepass.view.hideByFading
 import com.kunzisoft.keepass.view.setTransparentNavigationBar
 import com.kunzisoft.keepass.view.showActionErrorIfNeeded
-import com.kunzisoft.keepass.view.updateLockPaddingLeft
+import com.kunzisoft.keepass.view.updateLockPaddingStart
 import com.kunzisoft.keepass.viewmodels.GroupEditViewModel
 import com.kunzisoft.keepass.viewmodels.GroupViewModel
+import org.joda.time.LocalDateTime
 
 
 class GroupActivity : DatabaseLockActivity(),
@@ -292,10 +295,9 @@ class GroupActivity : DatabaseLockActivity(),
         loadingView = findViewById(R.id.loading)
 
         // To apply fit window with transparency
-        setTransparentNavigationBar {
-            header?.applyWindowInsets(WindowInsetPosition.TOP)
-            coordinatorLayout?.applyWindowInsets(WindowInsetPosition.LEGIT_TOP)
-            footer?.applyWindowInsets(WindowInsetPosition.BOTTOM)
+        setTransparentNavigationBar(applyToStatusBar = true) {
+            drawerLayout?.applyWindowInsets(WindowInsetPosition.TOP_BOTTOM_IME)
+            footer?.applyWindowInsets(WindowInsetPosition.BOTTOM_IME)
         }
 
         lockView?.setOnClickListener {
@@ -340,8 +342,9 @@ class GroupActivity : DatabaseLockActivity(),
                     R.id.menu_save_copy_to -> {
                         mExternalFileHelper?.createDocument(
                             getString(R.string.database_file_name_default) +
-                            getString(R.string.database_file_name_copy) +
-                            mDatabase?.defaultFileExtension)
+                                    "_" +
+                                    LocalDateTime.now().toString() +
+                                    mDatabase?.defaultFileExtension)
                     }
                     R.id.menu_lock_all -> {
                         lockAndExit()
@@ -359,43 +362,6 @@ class GroupActivity : DatabaseLockActivity(),
 
         searchFiltersView?.closeAdvancedFilters()
 
-        mBreadcrumbAdapter = BreadcrumbAdapter(this).apply {
-            // Open group on breadcrumb click
-            onItemClickListener = { node, _ ->
-                // If last item & not a virtual root group
-                val currentGroup = mMainGroup
-                if (currentGroup != null && node == currentGroup
-                    && (currentGroup != mDatabase?.rootGroup
-                            || mDatabase?.rootGroupIsVirtual == false)
-                ) {
-                    finishNodeAction()
-                    launchDialogToShowGroupInfo(currentGroup)
-                } else {
-                    if (mGroupFragment?.nodeActionSelectionMode == true) {
-                        finishNodeAction()
-                    }
-                    mDatabase?.let { database ->
-                        onNodeClick(database, node)
-                    }
-                }
-            }
-            onLongItemClickListener = { node, position ->
-                val currentGroup = mMainGroup
-                if (currentGroup != null && node == currentGroup
-                    && (currentGroup != mDatabase?.rootGroup
-                            || mDatabase?.rootGroupIsVirtual == false)
-                ) {
-                    finishNodeAction()
-                    launchDialogForGroupUpdate(currentGroup)
-                } else {
-                    onItemClickListener?.invoke(node, position)
-                }
-            }
-        }
-        breadcrumbListView?.apply {
-            adapter = mBreadcrumbAdapter
-        }
-
         // Retrieve group if defined at launch
         manageIntent(intent)
 
@@ -476,7 +442,7 @@ class GroupActivity : DatabaseLockActivity(),
                 // Launch the time picker
                 MaterialTimePicker.Builder().build().apply {
                     addOnPositiveButtonClickListener {
-                        mGroupEditViewModel.selectTime(this.hour, this.minute)
+                        mGroupEditViewModel.selectTime(DataTime(this.hour, this.minute))
                     }
                     show(supportFragmentManager, "TimePickerFragment")
                 }
@@ -484,7 +450,7 @@ class GroupActivity : DatabaseLockActivity(),
                 // Launch the date picker
                 MaterialDatePicker.Builder.datePicker().build().apply {
                     addOnPositiveButtonClickListener {
-                        mGroupEditViewModel.selectDate(it)
+                        mGroupEditViewModel.selectDate(datePickerToDataDate(it))
                     }
                     show(supportFragmentManager, "DatePickerFragment")
                 }
@@ -617,6 +583,43 @@ class GroupActivity : DatabaseLockActivity(),
     override fun onDatabaseRetrieved(database: ContextualDatabase?) {
         super.onDatabaseRetrieved(database)
 
+        mBreadcrumbAdapter = BreadcrumbAdapter(this, database).apply {
+            // Open group on breadcrumb click
+            onItemClickListener = { node, _ ->
+                // If last item & not a virtual root group
+                val currentGroup = mMainGroup
+                if (currentGroup != null && node == currentGroup
+                    && (currentGroup != mDatabase?.rootGroup
+                            || mDatabase?.rootGroupIsVirtual == false)
+                ) {
+                    finishNodeAction()
+                    launchDialogToShowGroupInfo(currentGroup)
+                } else {
+                    if (mGroupFragment?.nodeActionSelectionMode == true) {
+                        finishNodeAction()
+                    }
+                    mDatabase?.let { database ->
+                        onNodeClick(database, node)
+                    }
+                }
+            }
+            onLongItemClickListener = { node, position ->
+                val currentGroup = mMainGroup
+                if (currentGroup != null && node == currentGroup
+                    && (currentGroup != mDatabase?.rootGroup
+                            || mDatabase?.rootGroupIsVirtual == false)
+                ) {
+                    finishNodeAction()
+                    launchDialogForGroupUpdate(currentGroup)
+                } else {
+                    onItemClickListener?.invoke(node, position)
+                }
+            }
+        }
+        breadcrumbListView?.apply {
+            adapter = mBreadcrumbAdapter
+        }
+
         mGroupEditViewModel.setGroupNamesNotAllowed(database?.groupNamesNotAllowed)
 
         mRecyclingBinEnabled = !mDatabaseReadOnly
@@ -1127,7 +1130,7 @@ class GroupActivity : DatabaseLockActivity(),
             View.GONE
         }
         // Padding if lock button visible
-        toolbarAction?.updateLockPaddingLeft()
+        toolbarAction?.updateLockPaddingStart()
 
         loadGroup()
     }
@@ -1370,7 +1373,8 @@ class GroupActivity : DatabaseLockActivity(),
                     }
                     else -> {
                         // Load the previous group
-                        loadMainGroup(mPreviousGroupsIds.removeLast())
+                        loadMainGroup(mPreviousGroupsIds
+                            .removeAt(mPreviousGroupsIds.lastIndex))
                     }
                 }
             }

app/src/main/java/com/kunzisoft/keepass/activities/IconPickerActivity.kt

@@ -51,7 +51,7 @@ import com.kunzisoft.keepass.utils.getParcelableExtraCompat
 import com.kunzisoft.keepass.utils.UriUtil.getDocumentFile
 import com.kunzisoft.keepass.utils.UriUtil.openUrl
 import com.kunzisoft.keepass.view.asError
-import com.kunzisoft.keepass.view.updateLockPaddingLeft
+import com.kunzisoft.keepass.view.updateLockPaddingStart
 import com.kunzisoft.keepass.viewmodels.IconPickerViewModel
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Deferred
@@ -212,7 +212,7 @@ class IconPickerActivity : DatabaseLockActivity() {
         }
 
         // Padding if lock button visible
-        toolbar.updateLockPaddingLeft()
+        toolbar.updateLockPaddingStart()
     }
 
     override fun onCreateOptionsMenu(menu: Menu?): Boolean {

app/src/main/java/com/kunzisoft/keepass/activities/KeyGeneratorActivity.kt

@@ -18,7 +18,7 @@ import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.fragments.KeyGeneratorFragment
 import com.kunzisoft.keepass.activities.legacy.DatabaseLockActivity
 import com.kunzisoft.keepass.settings.PreferencesUtil
-import com.kunzisoft.keepass.view.updateLockPaddingLeft
+import com.kunzisoft.keepass.view.updateLockPaddingStart
 import com.kunzisoft.keepass.viewmodels.KeyGeneratorViewModel
 
 class KeyGeneratorActivity : DatabaseLockActivity() {
@@ -84,7 +84,7 @@ class KeyGeneratorActivity : DatabaseLockActivity() {
         }
 
         // Padding if lock button visible
-        toolbar.updateLockPaddingLeft()
+        toolbar.updateLockPaddingStart()
     }
 
     override fun onCreateOptionsMenu(menu: Menu?): Boolean {

app/src/main/java/com/kunzisoft/keepass/activities/MainCredentialActivity.kt

@@ -32,7 +32,6 @@ import android.view.MenuItem
 import android.view.View
 import android.view.ViewGroup
 import android.widget.Button
-import android.widget.CompoundButton
 import android.widget.TextView
 import android.widget.Toast
 import androidx.activity.result.ActivityResultLauncher
@@ -43,32 +42,42 @@ import androidx.appcompat.widget.Toolbar
 import androidx.biometric.BiometricManager
 import androidx.coordinatorlayout.widget.CoordinatorLayout
 import androidx.fragment.app.commit
+import androidx.lifecycle.Lifecycle
+import androidx.lifecycle.ViewModelProvider
+import androidx.lifecycle.lifecycleScope
+import androidx.lifecycle.repeatOnLifecycle
 import com.google.android.material.snackbar.Snackbar
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.dialogs.DuplicateUuidDialog
 import com.kunzisoft.keepass.activities.helpers.EntrySelectionHelper
 import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.helpers.SpecialMode
-import com.kunzisoft.keepass.activities.legacy.DatabaseLockActivity
 import com.kunzisoft.keepass.activities.legacy.DatabaseModeActivity
+import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
 import com.kunzisoft.keepass.autofill.AutofillComponent
 import com.kunzisoft.keepass.autofill.AutofillHelper
-import com.kunzisoft.keepass.biometric.AdvancedUnlockFragment
-import com.kunzisoft.keepass.biometric.AdvancedUnlockManager
+import com.kunzisoft.keepass.biometric.DeviceUnlockFragment
+import com.kunzisoft.keepass.biometric.DeviceUnlockManager
+import com.kunzisoft.keepass.biometric.deviceUnlockError
 import com.kunzisoft.keepass.database.ContextualDatabase
 import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.exception.DuplicateUuidDatabaseException
 import com.kunzisoft.keepass.database.exception.FileNotFoundDatabaseException
 import com.kunzisoft.keepass.education.PasswordActivityEducation
 import com.kunzisoft.keepass.hardware.HardwareKey
-import com.kunzisoft.keepass.model.*
+import com.kunzisoft.keepass.model.CipherDecryptDatabase
+import com.kunzisoft.keepass.model.CipherEncryptDatabase
+import com.kunzisoft.keepass.model.CredentialStorage
+import com.kunzisoft.keepass.model.DatabaseFile
+import com.kunzisoft.keepass.model.RegisterInfo
+import com.kunzisoft.keepass.model.SearchInfo
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_LOAD_TASK
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.CIPHER_DATABASE_KEY
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.DATABASE_URI_KEY
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.MAIN_CREDENTIAL_KEY
 import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.READ_ONLY_KEY
-import com.kunzisoft.keepass.settings.AdvancedUnlockSettingsActivity
 import com.kunzisoft.keepass.settings.AppearanceSettingsActivity
+import com.kunzisoft.keepass.settings.DeviceUnlockSettingsActivity
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.utils.BACK_PREVIOUS_KEYBOARD_ACTION
@@ -79,26 +88,31 @@ import com.kunzisoft.keepass.utils.getParcelableExtraCompat
 import com.kunzisoft.keepass.view.MainCredentialView
 import com.kunzisoft.keepass.view.asError
 import com.kunzisoft.keepass.view.showActionErrorIfNeeded
-import com.kunzisoft.keepass.viewmodels.AdvancedUnlockViewModel
 import com.kunzisoft.keepass.viewmodels.DatabaseFileViewModel
+import com.kunzisoft.keepass.viewmodels.DeviceUnlockViewModel
+import kotlinx.coroutines.launch
 import java.io.FileNotFoundException
 
 
-class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.BuilderListener {
+class MainCredentialActivity : DatabaseModeActivity() {
 
     // Views
     private var toolbar: Toolbar? = null
     private var filenameView: TextView? = null
     private var logotypeButton: View? = null
-    private var advancedUnlockButton: View? = null
+    private var deviceUnlockButton: View? = null
     private var mainCredentialView: MainCredentialView? = null
     private var confirmButtonView: Button? = null
     private var infoContainerView: ViewGroup? = null
     private lateinit var coordinatorLayout: CoordinatorLayout
-    private var advancedUnlockFragment: AdvancedUnlockFragment? = null
+    private var deviceUnlockFragment: DeviceUnlockFragment? = null
 
     private val mDatabaseFileViewModel: DatabaseFileViewModel by viewModels()
-    private val mAdvancedUnlockViewModel: AdvancedUnlockViewModel by viewModels()
+    private val mDeviceUnlockViewModel: DeviceUnlockViewModel? by lazy {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+            ViewModelProvider(this)[DeviceUnlockViewModel::class.java]
+        } else null
+    }
 
     private val mPasswordActivityEducation = PasswordActivityEducation(this)
 
@@ -131,7 +145,7 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
 
         filenameView = findViewById(R.id.filename)
         logotypeButton = findViewById(R.id.activity_password_logotype)
-        advancedUnlockButton = findViewById(R.id.fragment_advanced_unlock_container_view)
+        deviceUnlockButton = findViewById(R.id.fragment_device_unlock_container_view)
         mainCredentialView = findViewById(R.id.activity_password_credentials)
         confirmButtonView = findViewById(R.id.activity_password_open_button)
         infoContainerView = findViewById(R.id.activity_password_info_container)
@@ -140,7 +154,7 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
         mReadOnly = if (savedInstanceState != null && savedInstanceState.containsKey(KEY_READ_ONLY)) {
             savedInstanceState.getBoolean(KEY_READ_ONLY)
         } else {
-            PreferencesUtil.enableReadOnlyDatabase(this)
+            false
         }
         mRememberKeyFile = PreferencesUtil.rememberKeyFileLocations(this)
         mRememberHardwareKey = PreferencesUtil.rememberHardwareKey(this)
@@ -166,21 +180,15 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
         }
 
         // Listen password checkbox to init advanced unlock and confirmation button
-        mainCredentialView?.onPasswordChecked =
-            CompoundButton.OnCheckedChangeListener { _, _ ->
-                mAdvancedUnlockViewModel.checkUnlockAvailability()
-                enableConfirmationButton()
-            }
-        mainCredentialView?.onKeyFileChecked =
-            CompoundButton.OnCheckedChangeListener { _, _ ->
-                // TODO mAdvancedUnlockViewModel.checkUnlockAvailability()
-                enableConfirmationButton()
-            }
-        mainCredentialView?.onHardwareKeyChecked =
-            CompoundButton.OnCheckedChangeListener { _, _ ->
-                // TODO mAdvancedUnlockViewModel.checkUnlockAvailability()
-                enableConfirmationButton()
+        mainCredentialView?.onConditionToStoreCredentialChanged = { _, verified ->
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+                mDeviceUnlockViewModel?.checkConditionToStoreCredential(
+                    condition = verified
+                )
             }
+            // TODO Async by ViewModel
+            enableConfirmationButton()
+        }
 
         // Observe if default database
         mDatabaseFileViewModel.isDefaultDatabase.observe(this) { isDefaultDatabase ->
@@ -202,6 +210,13 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
             }
             mForceReadOnly = databaseFileNotExists
 
+            // Restore read-only state from database file if not forced
+            if (!mForceReadOnly) {
+                databaseFile?.readOnly?.let { savedReadOnlyState ->
+                    mReadOnly = savedReadOnlyState
+                }
+            }
+
             invalidateOptionsMenu()
 
             // Post init uri with KeyFile only if needed
@@ -228,20 +243,55 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
 
             onDatabaseFileLoaded(databaseFile?.databaseUri, keyFileUri, hardwareKey)
         }
+
+        lifecycleScope.launch {
+            repeatOnLifecycle(Lifecycle.State.STARTED) {
+                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+                    mDeviceUnlockViewModel?.let { deviceUnlockViewModel ->
+                        deviceUnlockViewModel.uiState.collect { uiState ->
+                            // New value received
+                            uiState.credentialRequiredCipher?.let { cipher ->
+                                deviceUnlockViewModel.encryptCredential(
+                                    credential = getCredentialForEncryption(),
+                                    cipher = cipher
+                                )
+                            }
+                            uiState.cipherEncryptDatabase?.let { cipherEncryptDatabase ->
+                                onCredentialEncrypted(cipherEncryptDatabase)
+                                deviceUnlockViewModel.consumeCredentialEncrypted()
+                            }
+                            uiState.cipherDecryptDatabase?.let { cipherDecryptDatabase ->
+                                onCredentialDecrypted(cipherDecryptDatabase)
+                                deviceUnlockViewModel.consumeCredentialDecrypted()
+                            }
+                            uiState.exception?.let { error ->
+                                Snackbar.make(
+                                    coordinatorLayout,
+                                    deviceUnlockError(error, this@MainCredentialActivity),
+                                    Snackbar.LENGTH_LONG
+                                ).asError().show()
+                                deviceUnlockViewModel.exceptionShown()
+                            }
+                        }
+                    }
+                }
+            }
+        }
     }
 
     override fun onResume() {
         super.onResume()
 
         // Init Biometric elements only if allowed
-        if (PreferencesUtil.isAdvancedUnlockEnable(this)) {
-            advancedUnlockFragment = supportFragmentManager
-                .findFragmentByTag(UNLOCK_FRAGMENT_TAG) as? AdvancedUnlockFragment?
-            if (advancedUnlockFragment == null) {
-                advancedUnlockFragment = AdvancedUnlockFragment().also {
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M
+            && PreferencesUtil.isDeviceUnlockEnable(this)) {
+            deviceUnlockFragment = supportFragmentManager
+                .findFragmentByTag(UNLOCK_FRAGMENT_TAG) as? DeviceUnlockFragment?
+            if (deviceUnlockFragment == null) {
+                deviceUnlockFragment = DeviceUnlockFragment().also {
                     supportFragmentManager.commit {
                         replace(
-                            R.id.fragment_advanced_unlock_container_view,
+                            R.id.fragment_device_unlock_container_view,
                             it,
                             UNLOCK_FRAGMENT_TAG
                         )
@@ -258,11 +308,6 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
             sendBroadcast(Intent(BACK_PREVIOUS_KEYBOARD_ACTION))
         }
 
-        // Don't allow auto open prompt if lock become when UI visible
-        if (DatabaseLockActivity.LOCKING_ACTIVITY_UI_VISIBLE_DURING_LOCK == true) {
-            mAdvancedUnlockViewModel.allowAutoOpenBiometricPrompt = false
-        }
-
         mDatabaseFileUri?.let { databaseFileUri ->
             mDatabaseFileViewModel.loadDatabaseFile(databaseFileUri)
         }
@@ -296,9 +341,6 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
         super.onDatabaseActionFinished(database, actionTask, result)
         when (actionTask) {
             ACTION_DATABASE_LOAD_TASK -> {
-                // Recheck advanced unlock if error
-                mAdvancedUnlockViewModel.initAdvancedUnlockMode()
-
                 if (result.isSuccess) {
                     launchGroupActivityIfLoaded(database)
                 } else {
@@ -400,23 +442,6 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
         }
     }
 
-    override fun retrieveCredentialForEncryption(): ByteArray {
-        return mainCredentialView?.retrieveCredentialForStorage(credentialStorageListener)
-            ?: byteArrayOf()
-    }
-
-    override fun conditionToStoreCredential(): Boolean {
-        return mainCredentialView?.conditionToStoreCredential() == true
-    }
-
-    override fun onCredentialEncrypted(cipherEncryptDatabase: CipherEncryptDatabase) {
-        // Load the database if password is registered with biometric
-        loadDatabase(mDatabaseFileUri,
-            mainCredentialView?.getMainCredential(),
-            cipherEncryptDatabase
-        )
-    }
-
     private val credentialStorageListener = object: MainCredentialView.CredentialStorageListener {
         override fun passwordToStore(password: String?): ByteArray? {
             return password?.toByteArray()
@@ -433,7 +458,20 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
         }
     }
 
-    override fun onCredentialDecrypted(cipherDecryptDatabase: CipherDecryptDatabase) {
+    private fun getCredentialForEncryption(): ByteArray {
+        return mainCredentialView?.retrieveCredentialForStorage(credentialStorageListener)
+            ?: byteArrayOf()
+    }
+
+    private fun onCredentialEncrypted(cipherEncryptDatabase: CipherEncryptDatabase) {
+        // Load the database if password is registered with biometric
+        loadDatabase(mDatabaseFileUri,
+            mainCredentialView?.getMainCredential(),
+            cipherEncryptDatabase
+        )
+    }
+
+    private fun onCredentialDecrypted(cipherDecryptDatabase: CipherDecryptDatabase) {
         // Load the database if password is retrieve from biometric
         // Retrieve from biometric
         val mainCredential = mainCredentialView?.getMainCredential() ?: MainCredential()
@@ -485,7 +523,9 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
             loadDatabase()
         } else {
             // Init Biometric elements
-            mAdvancedUnlockViewModel.databaseFileLoaded(databaseFileUri)
+            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+                mDeviceUnlockViewModel?.connect(databaseFileUri)
+            }
         }
 
         enableConfirmationButton()
@@ -513,13 +553,6 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
         }
     }
 
-    override fun onPause() {
-        // Reinit locking activity UI variable
-        DatabaseLockActivity.LOCKING_ACTIVITY_UI_VISIBLE_DURING_LOCK = null
-
-        super.onPause()
-    }
-
     override fun onSaveInstanceState(outState: Bundle) {
         outState.putBoolean(KEY_READ_ONLY, mReadOnly)
         super.onSaveInstanceState(outState)
@@ -635,7 +668,7 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
                         try {
                             menu.findItem(R.id.menu_open_file_read_mode_key)
                         } catch (e: Exception) {
-                            Log.e(TAG, "Unable to find read mode menu")
+                            Log.e(TAG, "Unable to find read mode menu", e)
                         }
                         performedNextEducation(menu)
                     },
@@ -645,17 +678,17 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
             try {
                 if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M
                     && !readOnlyEducationPerformed) {
-                    val biometricCanAuthenticate = AdvancedUnlockManager.canAuthenticate(this)
+                    val biometricCanAuthenticate = DeviceUnlockManager.canAuthenticate(this)
                     if ((biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED
                             || biometricCanAuthenticate == BiometricManager.BIOMETRIC_SUCCESS)
-                            && advancedUnlockButton != null) {
+                            && deviceUnlockButton != null) {
                         mPasswordActivityEducation.checkAndPerformedBiometricEducation(
-                            advancedUnlockButton!!,
+                            deviceUnlockButton!!,
                             {
                                 startActivity(
                                     Intent(
                                         this,
-                                        AdvancedUnlockSettingsActivity::class.java
+                                        DeviceUnlockSettingsActivity::class.java
                                     )
                                 )
                             },
@@ -664,7 +697,7 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
                             })
                     }
                 }
-            } catch (ignored: Exception) {}
+            } catch (_: Exception) {}
         }
     }
 
@@ -685,6 +718,12 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
             R.id.menu_open_file_read_mode_key -> {
                 mReadOnly = !mReadOnly
                 changeOpenFileReadIcon(item)
+                // Save the read-only state to database
+                mDatabaseFileUri?.let { databaseUri ->
+                    FileDatabaseHistoryAction.getInstance(applicationContext).addOrUpdateDatabaseFile(
+                        DatabaseFile(databaseUri = databaseUri, readOnly = mReadOnly)
+                    )
+                }
             }
             else -> MenuUtil.onDefaultMenuOptionsItemSelected(this, item)
         }
@@ -692,6 +731,13 @@ class MainCredentialActivity : DatabaseModeActivity(), AdvancedUnlockFragment.Bu
         return super.onOptionsItemSelected(item)
     }
 
+    override fun onDestroy() {
+        super.onDestroy()
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
+            mDeviceUnlockViewModel?.disconnect()
+        }
+    }
+
     companion object {
 
         private val TAG = MainCredentialActivity::class.java.name

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/DatabaseChangedDialogFragment.kt

@@ -43,6 +43,7 @@ class DatabaseChangedDialogFragment : DatabaseDialogFragment() {
 
             val oldSnapFileDatabaseInfo: SnapFileDatabaseInfo? = arguments?.getParcelableCompat(OLD_FILE_DATABASE_INFO)
             val newSnapFileDatabaseInfo: SnapFileDatabaseInfo? = arguments?.getParcelableCompat(NEW_FILE_DATABASE_INFO)
+            val readOnlyDatabase: Boolean = arguments?.getBoolean(READ_ONLY_DATABASE) ?: true
 
             if (oldSnapFileDatabaseInfo != null && newSnapFileDatabaseInfo != null) {
                 // Use the Builder class for convenient dialog construction
@@ -54,7 +55,13 @@ class DatabaseChangedDialogFragment : DatabaseDialogFragment() {
                     stringBuilder.append("\n\n" +oldSnapFileDatabaseInfo.toString(activity)
                             + "\n→\n" +
                             newSnapFileDatabaseInfo.toString(activity) + "\n\n")
-                    stringBuilder.append(getString(R.string.warning_database_info_changed_options))
+                    stringBuilder.append(getString(
+                        if (readOnlyDatabase) {
+                            R.string.warning_database_info_changed_options_read_only
+                        } else {
+                            R.string.warning_database_info_changed_options
+                        }
+                    ))
                 } else {
                     stringBuilder.append(getString(R.string.warning_database_revoked))
                 }
@@ -77,15 +84,18 @@ class DatabaseChangedDialogFragment : DatabaseDialogFragment() {
         const val DATABASE_CHANGED_DIALOG_TAG = "databaseChangedDialogFragment"
         private const val OLD_FILE_DATABASE_INFO = "OLD_FILE_DATABASE_INFO"
         private const val NEW_FILE_DATABASE_INFO = "NEW_FILE_DATABASE_INFO"
+        private const val READ_ONLY_DATABASE = "READ_ONLY_DATABASE"
 
         fun getInstance(oldSnapFileDatabaseInfo: SnapFileDatabaseInfo,
-                        newSnapFileDatabaseInfo: SnapFileDatabaseInfo
+                        newSnapFileDatabaseInfo: SnapFileDatabaseInfo,
+                        readOnly: Boolean
         )
         : DatabaseChangedDialogFragment {
             val fragment = DatabaseChangedDialogFragment()
             fragment.arguments = Bundle().apply {
                 putParcelable(OLD_FILE_DATABASE_INFO, oldSnapFileDatabaseInfo)
                 putParcelable(NEW_FILE_DATABASE_INFO, newSnapFileDatabaseInfo)
+                putBoolean(READ_ONLY_DATABASE, readOnly)
             }
             return fragment
         }

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/DatabaseDialogFragment.kt

@@ -1,11 +1,14 @@
 package com.kunzisoft.keepass.activities.dialogs
 
 import android.os.Bundle
+import android.view.View
+import android.view.WindowManager.LayoutParams.FLAG_SECURE
 import androidx.fragment.app.DialogFragment
 import androidx.fragment.app.activityViewModels
 import com.kunzisoft.keepass.activities.legacy.DatabaseRetrieval
 import com.kunzisoft.keepass.activities.legacy.resetAppTimeoutWhenViewTouchedOrFocused
 import com.kunzisoft.keepass.database.ContextualDatabase
+import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.timeout.TimeoutHelper
 import com.kunzisoft.keepass.viewmodels.DatabaseViewModel
@@ -29,6 +32,18 @@ abstract class DatabaseDialogFragment : DialogFragment(), DatabaseRetrieval {
         }
     }
 
+    override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
+        super.onViewCreated(view, savedInstanceState)
+        // Screenshot mode or hide views
+        context?.let {
+            if (PreferencesUtil.isScreenshotModeEnabled(it)) {
+                dialog?.window?.clearFlags(FLAG_SECURE)
+            } else {
+                dialog?.window?.setFlags(FLAG_SECURE, FLAG_SECURE)
+            }
+        }
+    }
+
     @Suppress("DEPRECATION")
     override fun onActivityCreated(savedInstanceState: Bundle?) {
         super.onActivityCreated(savedInstanceState)

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/GroupEditDialogFragment.kt

@@ -45,7 +45,6 @@ import com.kunzisoft.keepass.view.InheritedCompletionView
 import com.kunzisoft.keepass.view.TagsCompletionView
 import com.kunzisoft.keepass.viewmodels.GroupEditViewModel
 import com.tokenautocomplete.FilteredArrayAdapter
-import org.joda.time.DateTime
 
 class GroupEditDialogFragment : DatabaseDialogFragment() {
 
@@ -90,27 +89,21 @@ class GroupEditDialogFragment : DatabaseDialogFragment() {
             mPopulateIconMethod?.invoke(iconButtonView, mGroupInfo.icon)
         }
 
-        mGroupEditViewModel.onDateSelected.observe(this) { dateMilliseconds ->
+        mGroupEditViewModel.onDateSelected.observe(this) { date ->
             // Save the date
-            mGroupInfo.expiryTime = DateInstant(
-                DateTime(mGroupInfo.expiryTime.date)
-                    .withMillis(dateMilliseconds)
-                    .toDate())
+            mGroupInfo.expiryTime.setDate(date.year, date.month, date.day)
             expirationView.dateTime = mGroupInfo.expiryTime
             if (expirationView.dateTime.type == DateInstant.Type.DATE_TIME) {
-                val instantTime = DateInstant(mGroupInfo.expiryTime.date, DateInstant.Type.TIME)
                 // Trick to recall selection with time
-                mGroupEditViewModel.requestDateTimeSelection(instantTime)
+                mGroupEditViewModel.requestDateTimeSelection(
+                    DateInstant(mGroupInfo.expiryTime.instant, DateInstant.Type.TIME)
+                )
             }
         }
 
         mGroupEditViewModel.onTimeSelected.observe(this) { viewModelTime ->
             // Save the time
-            mGroupInfo.expiryTime = DateInstant(
-                DateTime(mGroupInfo.expiryTime.date)
-                    .withHourOfDay(viewModelTime.hours)
-                    .withMinuteOfHour(viewModelTime.minutes)
-                    .toDate(), mGroupInfo.expiryTime.type)
+            mGroupInfo.expiryTime.setTime(viewModelTime.hour, viewModelTime.minute)
             expirationView.dateTime = mGroupInfo.expiryTime
         }
 
@@ -255,11 +248,7 @@ class GroupEditDialogFragment : DatabaseDialogFragment() {
 
     private fun retrieveGroupInfoFromViews() {
         mGroupInfo.title = nameTextView.text.toString()
-        // Only if there
-        val newNotes = notesTextView.text.toString()
-        if (newNotes.isNotEmpty()) {
-            mGroupInfo.notes = newNotes
-        }
+        mGroupInfo.notes = notesTextView.text?.toString()
         mGroupInfo.expires = expirationView.activation
         mGroupInfo.expiryTime = expirationView.dateTime
         mGroupInfo.searchable = searchableView.getValue()

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/SetMainCredentialDialogFragment.kt

@@ -43,8 +43,13 @@ import com.kunzisoft.keepass.utils.UriUtil.getDocumentFile
 import com.kunzisoft.keepass.utils.UriUtil.openUrl
 import com.kunzisoft.keepass.view.HardwareKeySelectionView
 import com.kunzisoft.keepass.view.KeyFileSelectionView
-import com.kunzisoft.keepass.view.PassKeyView
+import com.kunzisoft.keepass.view.PasswordEditView
 import com.kunzisoft.keepass.view.applyFontVisibility
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.launch
+import java.security.SecureRandom
+
 
 class SetMainCredentialDialogFragment : DatabaseDialogFragment() {
 
@@ -55,11 +60,12 @@ class SetMainCredentialDialogFragment : DatabaseDialogFragment() {
     private lateinit var rootView: View
 
     private lateinit var passwordCheckBox: CompoundButton
-    private lateinit var passwordView: PassKeyView
+    private lateinit var passwordEditView: PasswordEditView
     private lateinit var passwordRepeatTextInputLayout: TextInputLayout
     private lateinit var passwordRepeatView: TextView
 
     private lateinit var keyFileCheckBox: CompoundButton
+    private lateinit var keyFileGenerateButton: View
     private lateinit var keyFileSelectionView: KeyFileSelectionView
 
     private lateinit var hardwareKeyCheckBox: CompoundButton
@@ -141,30 +147,40 @@ class SetMainCredentialDialogFragment : DatabaseDialogFragment() {
             }
 
             passwordCheckBox = rootView.findViewById(R.id.password_checkbox)
-            passwordView = rootView.findViewById(R.id.password_view)
+            passwordEditView = rootView.findViewById(R.id.password_view)
             passwordRepeatTextInputLayout = rootView.findViewById(R.id.password_repeat_input_layout)
             passwordRepeatView = rootView.findViewById(R.id.password_confirmation)
             passwordRepeatView.applyFontVisibility()
 
             keyFileCheckBox = rootView.findViewById(R.id.keyfile_checkbox)
+            keyFileGenerateButton = rootView.findViewById(R.id.keyfile_generate)
             keyFileSelectionView = rootView.findViewById(R.id.keyfile_selection)
 
             hardwareKeyCheckBox = rootView.findViewById(R.id.hardware_key_checkbox)
             hardwareKeySelectionView = rootView.findViewById(R.id.hardware_key_selection)
 
             mExternalFileHelper = ExternalFileHelper(this)
+            mExternalFileHelper?.buildCreateDocument { createdFileUri ->
+                createdFileUri?.let { uri ->
+                    createKeyFile(uri)
+                    keyFileSelectionView.error = null
+                    keyFileCheckBox.isChecked = true
+                    keyFileSelectionView.uri = uri
+                }
+            }
             mExternalFileHelper?.buildOpenDocument { uri ->
                 uri?.let { pathUri ->
                     pathUri.getDocumentFile(requireContext())?.length()?.let { lengthFile ->
                         keyFileSelectionView.error = null
                         keyFileCheckBox.isChecked = true
                         keyFileSelectionView.uri = pathUri
-                        if (lengthFile <= 0L) {
-                            showEmptyKeyFileConfirmationDialog()
-                        }
+                        showLengthKeyFileConfirmationDialog(lengthFile)
                     }
                 }
             }
+            keyFileGenerateButton.setOnClickListener {
+                mExternalFileHelper?.createDocument(DEFAULT_KEYFILE_NAME)
+            }
             keyFileSelectionView.setOpenDocumentClickListener(mExternalFileHelper)
 
             hardwareKeySelectionView.selectionListener = { hardwareKey ->
@@ -202,6 +218,16 @@ class SetMainCredentialDialogFragment : DatabaseDialogFragment() {
         return super.onCreateDialog(savedInstanceState)
     }
 
+    private fun createKeyFile(uri: Uri) {
+        CoroutineScope(Dispatchers.IO).launch {
+            activity?.contentResolver?.openOutputStream(uri)?.use { outputStream ->
+                val randomBytes = ByteArray(DEFAULT_KEYFILE_SIZE)
+                SecureRandom().nextBytes(randomBytes)
+                outputStream.write(randomBytes)
+            }
+        }
+    }
+
     private fun approveMainCredential() {
         val errorPassword = verifyPassword()
         val errorKeyFile = verifyKeyFile()
@@ -250,7 +276,7 @@ class SetMainCredentialDialogFragment : DatabaseDialogFragment() {
         var error = false
         passwordRepeatTextInputLayout.error = null
         if (passwordCheckBox.isChecked) {
-            mMasterPassword = passwordView.passwordString
+            mMasterPassword = passwordEditView.passwordString
             val confPassword = passwordRepeatView.text.toString()
 
             // Verify that passwords match
@@ -302,13 +328,13 @@ class SetMainCredentialDialogFragment : DatabaseDialogFragment() {
         super.onResume()
 
         // To check checkboxes if a text is present
-        passwordView.addTextChangedListener(passwordTextWatcher)
+        passwordEditView.addTextChangedListener(passwordTextWatcher)
     }
 
     override fun onPause() {
         super.onPause()
 
-        passwordView.removeTextChangedListener(passwordTextWatcher)
+        passwordEditView.removeTextChangedListener(passwordTextWatcher)
     }
 
     private fun showEmptyPasswordConfirmationDialog() {
@@ -339,21 +365,31 @@ class SetMainCredentialDialogFragment : DatabaseDialogFragment() {
         }
     }
 
-    private fun showEmptyKeyFileConfirmationDialog() {
+    private fun showLengthKeyFileConfirmationDialog(length: Long) {
         activity?.let {
             val builder = AlertDialog.Builder(it)
             builder.setMessage(SpannableStringBuilder().apply {
-                append(getString(R.string.warning_empty_keyfile))
-                append("\n\n")
                 append(getString(R.string.warning_empty_keyfile_explanation))
-                append("\n\n")
-                append(getString(R.string.warning_sure_add_file))
-                })
-                    .setPositiveButton(android.R.string.ok) { _, _ -> }
-                    .setNegativeButton(android.R.string.cancel) { _, _ ->
-                        keyFileCheckBox.isChecked = false
-                        keyFileSelectionView.uri = null
-                    }
+                var warning = false
+                if (length <= 0L) {
+                    warning = true
+                    append("\n\n")
+                    append(getString(R.string.warning_empty_keyfile))
+                } else if (length > 10485760L) {
+                    warning = true
+                    append("\n\n")
+                    append(getString(R.string.warning_large_keyfile))
+                }
+                if (warning) {
+                    append("\n\n")
+                    append(getString(R.string.warning_sure_add_file))
+                }
+            })
+                .setPositiveButton(android.R.string.ok) { _, _ -> }
+                .setNegativeButton(android.R.string.cancel) { _, _ ->
+                    keyFileCheckBox.isChecked = false
+                    keyFileSelectionView.uri = null
+                }
             mEmptyKeyFileConfirmationDialog = builder.create()
             mEmptyKeyFileConfirmationDialog?.show()
         }
@@ -362,6 +398,8 @@ class SetMainCredentialDialogFragment : DatabaseDialogFragment() {
     companion object {
 
         private const val ALLOW_NO_MASTER_KEY_ARG = "ALLOW_NO_MASTER_KEY_ARG"
+        private const val DEFAULT_KEYFILE_NAME = "keyfile.bin"
+        private const val DEFAULT_KEYFILE_SIZE = 128
 
         fun getInstance(allowNoMasterKey: Boolean): SetMainCredentialDialogFragment {
             val fragment = SetMainCredentialDialogFragment()

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/SetOTPDialogFragment.kt

@@ -41,6 +41,7 @@ import com.kunzisoft.keepass.otp.OtpElement.Companion.MAX_TOTP_PERIOD
 import com.kunzisoft.keepass.otp.OtpElement.Companion.MIN_HOTP_COUNTER
 import com.kunzisoft.keepass.otp.OtpElement.Companion.MIN_OTP_DIGITS
 import com.kunzisoft.keepass.otp.OtpElement.Companion.MIN_TOTP_PERIOD
+import com.kunzisoft.keepass.otp.OtpElement.Companion.MIN_OTP_SECRET
 import com.kunzisoft.keepass.otp.OtpTokenType
 import com.kunzisoft.keepass.otp.OtpType
 import com.kunzisoft.keepass.otp.TokenCalculator
@@ -224,6 +225,9 @@ class SetOTPDialogFragment : DatabaseDialogFragment() {
             }
             otpAlgorithmSpinner?.adapter = otpAlgorithmAdapter
 
+            // Ensure that the UX does not prevent user from hiding/unhiding text
+            otpSecretContainer?.errorIconDrawable = null
+
             // Set the default value of OTP element
             upgradeType()
             upgradeTokenType()
@@ -310,11 +314,16 @@ class SetOTPDialogFragment : DatabaseDialogFragment() {
         otpSecretTextView?.addTextChangedListener(object: TextWatcher {
             override fun afterTextChanged(s: Editable?) {
                 s?.toString()?.let { userString ->
-                    try {
-                        mOtpElement.setBase32Secret(userString.uppercase(Locale.ENGLISH))
-                        otpSecretContainer?.error = null
-                    } catch (exception: Exception) {
-                        otpSecretContainer?.error = getString(R.string.error_otp_secret_key)
+                    if (userString.length >= MIN_OTP_SECRET) {
+                        try {
+                            mOtpElement.setBase32Secret(userString.uppercase(Locale.ENGLISH))
+                            otpSecretContainer?.error = null
+                        } catch (exception: Exception) {
+                            otpSecretContainer?.error = getString(R.string.error_otp_secret_key)
+                        }
+                    } else {
+                        otpSecretContainer?.error = getString(R.string.error_otp_secret_length,
+                            MIN_OTP_SECRET)
                     }
                     mSecretWellFormed = otpSecretContainer?.error == null
                 }

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/SortDialogFragment.kt

@@ -176,21 +176,14 @@ class SortDialogFragment : DatabaseDialogFragment() {
             return bundle
         }
 
-        fun getInstance(sortNodeEnum: SortNodeEnum,
-                        ascending: Boolean,
-                        groupsBefore: Boolean): SortDialogFragment {
-            val bundle = buildBundle(sortNodeEnum, ascending, groupsBefore)
-            val fragment = SortDialogFragment()
-            fragment.arguments = bundle
-            return fragment
-        }
-
         fun getInstance(sortNodeEnum: SortNodeEnum,
                         ascending: Boolean,
                         groupsBefore: Boolean,
-                        recycleBinBottom: Boolean): SortDialogFragment {
+                        recycleBinBottom: Boolean?): SortDialogFragment {
             val bundle = buildBundle(sortNodeEnum, ascending, groupsBefore)
-            bundle.putBoolean(SORT_RECYCLE_BIN_BOTTOM_BUNDLE_KEY, recycleBinBottom)
+            recycleBinBottom?.let {
+                bundle.putBoolean(SORT_RECYCLE_BIN_BOTTOM_BUNDLE_KEY, recycleBinBottom)
+            }
             val fragment = SortDialogFragment()
             fragment.arguments = bundle
             return fragment

app/src/main/java/com/kunzisoft/keepass/activities/fragments/GroupFragment.kt

@@ -76,9 +76,6 @@ class GroupFragment : DatabaseFragment(), SortDialogFragment.SortSelectionListen
 
     private var specialMode: SpecialMode = SpecialMode.DEFAULT
 
-    private var mRecycleBinEnable: Boolean = false
-    private var mRecycleBin: Group? = null
-
     private var mRecycleViewScrollListener = object : RecyclerView.OnScrollListener() {
         override fun onScrollStateChanged(recyclerView: RecyclerView, newState: Int) {
             super.onScrollStateChanged(recyclerView, newState)
@@ -102,21 +99,14 @@ class GroupFragment : DatabaseFragment(), SortDialogFragment.SortSelectionListen
                 R.id.menu_sort -> {
                     context?.let { context ->
                         val sortDialogFragment: SortDialogFragment =
-                            if (mRecycleBinEnable) {
-                                SortDialogFragment.getInstance(
-                                    PreferencesUtil.getListSort(context),
-                                    PreferencesUtil.getAscendingSort(context),
-                                    PreferencesUtil.getGroupsBeforeSort(context),
+                            SortDialogFragment.getInstance(
+                                PreferencesUtil.getListSort(context),
+                                PreferencesUtil.getAscendingSort(context),
+                                PreferencesUtil.getGroupsBeforeSort(context),
+                                if (mDatabase?.isRecycleBinEnabled == true) {
                                     PreferencesUtil.getRecycleBinBottomSort(context)
-                                )
-                            } else {
-                                SortDialogFragment.getInstance(
-                                    PreferencesUtil.getListSort(context),
-                                    PreferencesUtil.getAscendingSort(context),
-                                    PreferencesUtil.getGroupsBeforeSort(context)
-                                )
-                            }
-
+                                } else null
+                            )
                         sortDialogFragment.show(childFragmentManager, "sortDialog")
                     }
                     true
@@ -165,9 +155,6 @@ class GroupFragment : DatabaseFragment(), SortDialogFragment.SortSelectionListen
     }
 
     override fun onDatabaseRetrieved(database: ContextualDatabase?) {
-        mRecycleBinEnable = database?.isRecycleBinEnabled == true
-        mRecycleBin = database?.recycleBin
-
         context?.let { context ->
             database?.let { database ->
                 mAdapter = NodesAdapter(context, database).apply {
@@ -312,6 +299,11 @@ class GroupFragment : DatabaseFragment(), SortDialogFragment.SortSelectionListen
         }
     }
 
+    private fun containsRecycleBin(nodes: List<Node>): Boolean {
+        return mDatabase?.isRecycleBinEnabled == true
+                && nodes.any { it == mDatabase?.recycleBin }
+    }
+
     fun actionNodesCallback(database: ContextualDatabase,
                             nodes: List<Node>,
                             menuListener: NodesActionMenuListener?,
@@ -336,8 +328,7 @@ class GroupFragment : DatabaseFragment(), SortDialogFragment.SortSelectionListen
                     // Open and Edit for a single item
                     if (nodes.size == 1) {
                         // Edition
-                        if (database.isReadOnly
-                                || (mRecycleBinEnable && nodes[0] == mRecycleBin)) {
+                        if (database.isReadOnly || containsRecycleBin(nodes)) {
                             menu?.removeItem(R.id.menu_edit)
                         }
                     } else {
@@ -357,8 +348,7 @@ class GroupFragment : DatabaseFragment(), SortDialogFragment.SortSelectionListen
                     }
 
                     // Deletion
-                    if (database.isReadOnly
-                            || (mRecycleBinEnable && nodes.any { it == mRecycleBin })) {
+                    if (database.isReadOnly || containsRecycleBin(nodes)) {
                         menu?.removeItem(R.id.menu_delete)
                     }
                 }

app/src/main/java/com/kunzisoft/keepass/activities/fragments/PassphraseGeneratorFragment.kt

@@ -34,12 +34,12 @@ import com.kunzisoft.keepass.database.ContextualDatabase
 import com.kunzisoft.keepass.password.PassphraseGenerator
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.timeout.ClipboardHelper
-import com.kunzisoft.keepass.view.PassKeyView
+import com.kunzisoft.keepass.view.PasswordEditView
 import com.kunzisoft.keepass.viewmodels.KeyGeneratorViewModel
 
 class PassphraseGeneratorFragment : DatabaseFragment() {
 
-    private lateinit var passKeyView: PassKeyView
+    private lateinit var passwordEditView: PasswordEditView
 
     private lateinit var sliderWordCount: Slider
     private lateinit var wordCountText: EditText
@@ -62,7 +62,7 @@ class PassphraseGeneratorFragment : DatabaseFragment() {
     override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
         super.onViewCreated(view, savedInstanceState)
 
-        passKeyView = view.findViewById(R.id.passphrase_view)
+        passwordEditView = view.findViewById(R.id.passphrase_view)
         val passphraseCopyView: ImageView? = view.findViewById(R.id.passphrase_copy_button)
         sliderWordCount = view.findViewById(R.id.slider_word_count)
         wordCountText = view.findViewById(R.id.word_count)
@@ -80,7 +80,7 @@ class PassphraseGeneratorFragment : DatabaseFragment() {
             passphraseCopyView?.setOnClickListener {
                 clipboardHelper.timeoutCopyToClipboard(
                     getString(R.string.passphrase),
-                    passKeyView.passwordString,
+                    passwordEditView.passwordString,
                     true
                 )
             }
@@ -146,7 +146,7 @@ class PassphraseGeneratorFragment : DatabaseFragment() {
         generatePassphrase()
 
         mKeyGeneratorViewModel.passphraseGeneratedValidated.observe(viewLifecycleOwner) {
-            mKeyGeneratorViewModel.setKeyGenerated(passKeyView.passwordString)
+            mKeyGeneratorViewModel.setKeyGenerated(passwordEditView.passwordString)
         }
 
         mKeyGeneratorViewModel.requirePassphraseGeneration.observe(viewLifecycleOwner) {
@@ -219,7 +219,7 @@ class PassphraseGeneratorFragment : DatabaseFragment() {
         } catch (e: Exception) {
             Log.e(TAG, "Unable to generate a passphrase", e)
         }
-        passKeyView.passwordString = passphrase
+        passwordEditView.passwordString = passphrase
         charactersCountText.text = getString(R.string.character_count, passphrase.length)
     }
 

app/src/main/java/com/kunzisoft/keepass/activities/fragments/PasswordGeneratorFragment.kt

@@ -36,12 +36,12 @@ import com.kunzisoft.keepass.database.ContextualDatabase
 import com.kunzisoft.keepass.password.PasswordGenerator
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.timeout.ClipboardHelper
-import com.kunzisoft.keepass.view.PassKeyView
+import com.kunzisoft.keepass.view.PasswordEditView
 import com.kunzisoft.keepass.viewmodels.KeyGeneratorViewModel
 
 class PasswordGeneratorFragment : DatabaseFragment() {
 
-    private lateinit var passKeyView: PassKeyView
+    private lateinit var passwordEditView: PasswordEditView
 
     private lateinit var sliderLength: Slider
     private lateinit var lengthEditView: EditText
@@ -74,7 +74,7 @@ class PasswordGeneratorFragment : DatabaseFragment() {
     override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
         super.onViewCreated(view, savedInstanceState)
 
-        passKeyView = view.findViewById(R.id.password_view)
+        passwordEditView = view.findViewById(R.id.password_view)
         val passwordCopyView: ImageView? = view.findViewById(R.id.password_copy_button)
 
         sliderLength = view.findViewById(R.id.slider_length)
@@ -101,7 +101,7 @@ class PasswordGeneratorFragment : DatabaseFragment() {
             passwordCopyView?.setOnClickListener {
                 clipboardHelper.timeoutCopyToClipboard(
                     getString(R.string.password),
-                    passKeyView.passwordString,
+                    passwordEditView.passwordString,
                     true
                 )
             }
@@ -195,7 +195,7 @@ class PasswordGeneratorFragment : DatabaseFragment() {
         generatePassword()
 
         mKeyGeneratorViewModel.passwordGeneratedValidated.observe(viewLifecycleOwner) {
-            mKeyGeneratorViewModel.setKeyGenerated(passKeyView.passwordString)
+            mKeyGeneratorViewModel.setKeyGenerated(passwordEditView.passwordString)
         }
 
         mKeyGeneratorViewModel.requirePasswordGeneration.observe(viewLifecycleOwner) {
@@ -310,7 +310,7 @@ class PasswordGeneratorFragment : DatabaseFragment() {
         } catch (e: Exception) {
             Log.e(TAG, "Unable to generate a password", e)
         }
-        passKeyView.passwordString = password
+        passwordEditView.passwordString = password
     }
 
     override fun onDestroy() {

app/src/main/java/com/kunzisoft/keepass/activities/legacy/DatabaseLockActivity.kt

@@ -47,10 +47,14 @@ import com.kunzisoft.keepass.services.DatabaseTaskNotificationService
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.timeout.TimeoutHelper
-import com.kunzisoft.keepass.utils.*
+import com.kunzisoft.keepass.utils.LOCK_ACTION
+import com.kunzisoft.keepass.utils.LockReceiver
+import com.kunzisoft.keepass.utils.closeDatabase
+import com.kunzisoft.keepass.utils.registerLockReceiver
+import com.kunzisoft.keepass.utils.unregisterLockReceiver
 import com.kunzisoft.keepass.view.showActionErrorIfNeeded
 import com.kunzisoft.keepass.viewmodels.NodesViewModel
-import java.util.*
+import java.util.UUID
 
 abstract class DatabaseLockActivity : DatabaseModeActivity(),
     PasswordEncodingDialogFragment.Listener {
@@ -184,8 +188,6 @@ abstract class DatabaseLockActivity : DatabaseModeActivity(),
                     mLockReceiver = LockReceiver {
                         mDatabase = null
                         closeDatabase(database)
-                        if (LOCKING_ACTIVITY_UI_VISIBLE_DURING_LOCK == null)
-                            LOCKING_ACTIVITY_UI_VISIBLE_DURING_LOCK = LOCKING_ACTIVITY_UI_VISIBLE
                         mExitLock = true
                         closeOptionsMenu()
                         finish()
@@ -413,8 +415,6 @@ abstract class DatabaseLockActivity : DatabaseModeActivity(),
         }
 
         invalidateOptionsMenu()
-
-        LOCKING_ACTIVITY_UI_VISIBLE = true
     }
 
     protected fun checkTimeAndLockIfTimeoutOrResetTimeout(action: (() -> Unit)? = null) {
@@ -429,8 +429,6 @@ abstract class DatabaseLockActivity : DatabaseModeActivity(),
     }
 
     override fun onPause() {
-        LOCKING_ACTIVITY_UI_VISIBLE = false
-
         super.onPause()
 
         if (mTimeoutEnable) {
@@ -480,9 +478,6 @@ abstract class DatabaseLockActivity : DatabaseModeActivity(),
 
         const val TIMEOUT_ENABLE_KEY = "TIMEOUT_ENABLE_KEY"
         const val TIMEOUT_ENABLE_KEY_DEFAULT = true
-
-        private var LOCKING_ACTIVITY_UI_VISIBLE = false
-        var LOCKING_ACTIVITY_UI_VISIBLE_DURING_LOCK: Boolean? = null
     }
 }
 

app/src/main/java/com/kunzisoft/keepass/activities/stylish/StylishActivity.kt

@@ -22,6 +22,7 @@ package com.kunzisoft.keepass.activities.stylish
 import android.content.ActivityNotFoundException
 import android.content.Intent
 import android.content.SharedPreferences.OnSharedPreferenceChangeListener
+import android.os.Build
 import android.os.Bundle
 import android.os.Handler
 import android.os.Looper
@@ -77,7 +78,18 @@ abstract class StylishActivity : AppCompatActivity() {
             startActivity(intent)
         }
         finish()
-        overridePendingTransition(android.R.anim.fade_in, android.R.anim.fade_out)
+        @Suppress("DEPRECATION")
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE)
+            overrideActivityTransition(
+                OVERRIDE_TRANSITION_OPEN,
+                android.R.anim.fade_in,
+                android.R.anim.fade_out
+            )
+        else
+            overridePendingTransition(
+                android.R.anim.fade_in,
+                android.R.anim.fade_out
+            )
     }
 
     override fun onCreate(savedInstanceState: Bundle?) {

app/src/main/java/com/kunzisoft/keepass/adapters/BreadcrumbAdapter.kt

@@ -10,6 +10,7 @@ import android.widget.ImageView
 import android.widget.TextView
 import androidx.recyclerview.widget.RecyclerView
 import com.kunzisoft.keepass.R
+import com.kunzisoft.keepass.database.element.Database
 import com.kunzisoft.keepass.database.element.Group
 import com.kunzisoft.keepass.database.element.node.Node
 import com.kunzisoft.keepass.database.element.node.Type
@@ -17,7 +18,7 @@ import com.kunzisoft.keepass.icons.IconDrawableFactory
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.view.strikeOut
 
-class BreadcrumbAdapter(val context: Context)
+class BreadcrumbAdapter(val context: Context, val database: Database?)
     : RecyclerView.Adapter<BreadcrumbAdapter.BreadcrumbGroupViewHolder>() {
 
     private val inflater: LayoutInflater = LayoutInflater.from(context)
@@ -31,6 +32,8 @@ class BreadcrumbAdapter(val context: Context)
     var onItemClickListener: ((item: Node, position: Int)->Unit)? = null
     var onLongItemClickListener: ((item: Node, position: Int)->Unit)? = null
 
+    private var mNodeFilter: NodeFilter = NodeFilter(context, database)
+
     private var mShowNumberEntries = false
     private var mShowUUID = false
     private var mIconColor: Int = 0
@@ -112,12 +115,10 @@ class BreadcrumbAdapter(val context: Context)
 
                 holder.groupNumbersView?.apply {
                     if (mShowNumberEntries) {
-                        group.refreshNumberOfChildEntries(
-                            Group.ChildFilter.getDefaults(
-                                PreferencesUtil.showExpiredEntries(context)
-                            )
-                        )
-                        text = group.recursiveNumberOfChildEntries.toString()
+                        text = group.getNumberOfChildEntries(
+                            mNodeFilter.recursiveNumberOfEntries,
+                            mNodeFilter.filter
+                        ).toString()
                         visibility = View.VISIBLE
                     } else {
                         visibility = View.GONE

app/src/main/java/com/kunzisoft/keepass/adapters/NodeFilter.kt

@@ -0,0 +1,30 @@
+package com.kunzisoft.keepass.adapters
+
+import android.content.Context
+import com.kunzisoft.keepass.database.element.Database
+import com.kunzisoft.keepass.database.element.Entry
+import com.kunzisoft.keepass.database.element.Group
+import com.kunzisoft.keepass.database.element.node.Node
+import com.kunzisoft.keepass.settings.PreferencesUtil
+
+class NodeFilter(
+    context: Context,
+    var database: Database? = null
+) {
+    var recursiveNumberOfEntries = PreferencesUtil.recursiveNumberEntries(context)
+        private set
+    private var showExpired = PreferencesUtil.showExpiredEntries(context)
+    private var showTemplate = PreferencesUtil.showTemplates(context)
+
+    val filter: (Node) -> Boolean = { node ->
+        when (node) {
+            is Entry -> {
+                node.entryKDB?.isMetaStream() != true
+            }
+            is Group -> {
+                showTemplate || database?.templatesGroup != node
+            }
+            else -> true
+        } && (showExpired || !node.isCurrentlyExpires)
+    }
+}

app/src/main/java/com/kunzisoft/keepass/adapters/NodesAdapter.kt

@@ -22,6 +22,7 @@ package com.kunzisoft.keepass.adapters
 import android.content.Context
 import android.content.res.ColorStateList
 import android.graphics.Color
+import android.os.Build
 import android.util.Log
 import android.util.TypedValue
 import android.view.LayoutInflater
@@ -66,6 +67,7 @@ class NodesAdapter (
     private val mNodeSortedListCallback: NodeSortedListCallback
     private val mNodeSortedList: SortedList<Node>
     private val mInflater: LayoutInflater = LayoutInflater.from(context)
+    private val mNodeFilter: NodeFilter = NodeFilter(context, database)
 
     private var mCalculateViewTypeTextSize = Array(2) { true } // number of view type
     private var mTextSizeUnit: Int = TypedValue.COMPLEX_UNIT_PX
@@ -82,7 +84,7 @@ class NodesAdapter (
     private var mShowNumberEntries: Boolean = true
     private var mShowOTP: Boolean = false
     private var mShowUUID: Boolean = false
-    private var mEntryFilters = arrayOf<Group.ChildFilter>()
+    private var mNodeFilters: NodeFilter? = null
     private var mOldVirtualGroup = false
     private var mVirtualGroup = false
 
@@ -161,9 +163,7 @@ class NodesAdapter (
         this.mShowOTP = PreferencesUtil.showOTPToken(context)
         this.mShowUUID = PreferencesUtil.showUUID(context)
 
-        this.mEntryFilters = Group.ChildFilter.getDefaults(
-            PreferencesUtil.showExpiredEntries(context)
-        )
+        this.mNodeFilters = NodeFilter(context, database)
 
         // Reinit textSize for all view type
         mCalculateViewTypeTextSize.forEachIndexed { index, _ -> mCalculateViewTypeTextSize[index] = true }
@@ -176,7 +176,7 @@ class NodesAdapter (
         mOldVirtualGroup = mVirtualGroup
         mVirtualGroup = group.isVirtual
         assignPreferences()
-        mNodeSortedList.replaceAll(group.getFilteredChildren(mEntryFilters))
+        mNodeSortedList.replaceAll(group.getChildren(mNodeFilter.filter))
     }
 
     private inner class NodeSortedListCallback: SortedListAdapterCallback<Node>(this) {
@@ -205,6 +205,11 @@ class NodesAdapter (
                     && oldItem.type == newItem.type
                     && oldItem.title == newItem.title
                     && oldItem.icon == newItem.icon
+                    && oldItem.creationTime == newItem.creationTime
+                    && oldItem.lastModificationTime == newItem.lastModificationTime
+                    && oldItem.lastAccessTime == newItem.lastAccessTime
+                    && oldItem.expiryTime == newItem.expiryTime
+                    && oldItem.expires == newItem.expires
                     && oldItem.isCurrentlyExpires == newItem.isCurrentlyExpires
         }
 
@@ -473,7 +478,10 @@ class NodesAdapter (
             if (mShowNumberEntries) {
                 holder.numberChildren?.apply {
                     text = (subNode as Group)
-                            .recursiveNumberOfChildEntries
+                            .getNumberOfChildEntries(
+                                mNodeFilter.recursiveNumberOfEntries,
+                                mNodeFilter.filter
+                            )
                             .toString()
                     setTextSize(mTextSizeUnit, mNumberChildrenTextDefaultDimension, mPrefSizeMultiplier)
                     visibility = View.VISIBLE
@@ -522,6 +530,8 @@ class NodesAdapter (
         holder?.otpToken?.apply {
             text = otpElement?.tokenString
             setTextSize(mTextSizeUnit, mOtpTokenTextDefaultDimension, mPrefSizeMultiplier)
+            textDirection = View.TEXT_DIRECTION_LTR
+            
         }
         holder?.otpContainer?.setOnClickListener {
             otpElement?.token?.let { token ->

app/src/main/java/com/kunzisoft/keepass/app/App.kt

@@ -19,15 +19,53 @@
  */
 package com.kunzisoft.keepass.app
 
+import androidx.lifecycle.DefaultLifecycleObserver
+import androidx.lifecycle.LifecycleOwner
+import androidx.lifecycle.ProcessLifecycleOwner
 import androidx.multidex.MultiDexApplication
 import com.kunzisoft.keepass.activities.stylish.Stylish
+import kotlinx.coroutines.DelicateCoroutinesApi
+import kotlinx.coroutines.GlobalScope
+import kotlinx.coroutines.flow.MutableSharedFlow
+import kotlinx.coroutines.flow.asSharedFlow
+import kotlinx.coroutines.launch
 
 class App : MultiDexApplication() {
 
     override fun onCreate() {
         super.onCreate()
 
+        ProcessLifecycleOwner.get().lifecycle.addObserver(AppLifecycleObserver)
+
         Stylish.load(this)
-        PRNGFixes.apply()
+    }
+}
+
+object AppLifecycleObserver : DefaultLifecycleObserver {
+
+    var isAppInForeground: Boolean = false
+        private set
+
+    var lockBackgroundEvent = false
+
+    private val _appJustLaunched = MutableSharedFlow<Unit>(replay = 0)
+    val appJustLaunched = _appJustLaunched.asSharedFlow()
+
+
+    @OptIn(DelicateCoroutinesApi::class)
+    override fun onStart(owner: LifecycleOwner) {
+        super.onStart(owner)
+        val wasPreviouslyInBackground = !isAppInForeground
+        isAppInForeground = true
+        if (!lockBackgroundEvent && wasPreviouslyInBackground) {
+            GlobalScope.launch {
+                _appJustLaunched.emit(Unit)
+            }
+        }
+    }
+
+    override fun onStop(owner: LifecycleOwner) {
+        super.onStop(owner)
+        isAppInForeground = false
     }
 }

app/src/main/java/com/kunzisoft/keepass/app/PRNGFixes.java

@@ -1,399 +0,0 @@
-package com.kunzisoft.keepass.app;
-
-/*
- * This software is provided 'as-is', without any express or implied
- * warranty.  In no event will Google be held liable for any damages
- * arising from the use of this software.
- *
- * Permission is granted to anyone to use this software for any purpose,
- * including commercial applications, and to alter it and redistribute it
- * freely, as long as the origin is not misrepresented.
- */
-
-import android.os.Build;
-import android.os.Process;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayOutputStream;
-import java.io.DataInputStream;
-import java.io.DataOutputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.OutputStream;
-import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Provider;
-import java.security.SecureRandom;
-import java.security.SecureRandomSpi;
-import java.security.Security;
-import java.util.Locale;
-
-/**
- * Fixes for the output of the default PRNG having low entropy.
- *
- * The fixes need to be applied via {@link #apply()} before any use of Java
- * Cryptography Architecture primitives. A good place to invoke them is in the
- * application's {@code onCreate}.
- */
-public final class PRNGFixes {
-
-    private static final byte[] BUILD_FINGERPRINT_AND_DEVICE_SERIAL =
-        getBuildFingerprintAndDeviceSerial();
-
-    /** Hidden constructor to prevent instantiation. */
-    private PRNGFixes() {}
-    
-    /**
-     * Applies all fixes.
-     *
-     * @throws SecurityException if a fix is needed but could not be applied.
-     */
-    public static void apply() {
-    	try {
-	    	if (supportedOnThisDevice()) {
-		        applyOpenSSLFix();
-		        installLinuxPRNGSecureRandom();
-	    	}
-    	} catch (Exception e) {
-    		// Do nothing, do the best we can to implement the workaround
-    	}
-    }
-    
-    private static boolean supportedOnThisDevice() {
-    	// Blacklist on samsung devices
-    	if (Build.MANUFACTURER.toLowerCase(Locale.ENGLISH).contains("samsung")) {
-    		return false;
-    	}
-    	
-        if (Build.VERSION.SDK_INT > Build.VERSION_CODES.JELLY_BEAN_MR2) {
-            return false;
-        }
-        
-        if (onSELinuxEnforce()) {
-        	return false;
-        }
-
-    	File urandom = new File("/dev/urandom");
-    	
-    	// Test permissions
-    	if ( !(urandom.canRead() && urandom.canWrite()) ) {
-    		return false;
-    	}
-    	
-    	
-    	// Test actually writing to urandom
-    	try {
-	    	FileOutputStream fos = new FileOutputStream(urandom);
-	    	fos.write(0);
-    	} catch (Exception e) {
-    		return false;
-    	}
-    	
-    	return true;
-    	
-    }
-    
-    private static boolean onSELinuxEnforce() {
-    	try {
-	    	ProcessBuilder builder = new ProcessBuilder("getenforce");
-	    	builder.redirectErrorStream(true);
-	    	java.lang.Process process = builder.start();
-	    	BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
-	    	process.waitFor();
-	    	
-	    	String output = reader.readLine();
-	    	
-	    	if (output == null) {
-	    		return false;
-	    	}
-	    	
-	    	return output.toLowerCase(Locale.US).startsWith("enforcing");
-    	} catch (Exception e) {
-    		return false;
-    	}
-    }
-
-    /**
-     * Applies the fix for OpenSSL PRNG having low entropy. Does nothing if the
-     * fix is not needed.
-     *
-     * @throws SecurityException if the fix is needed but could not be applied.
-     */
-    private static void applyOpenSSLFix() throws SecurityException {
-        if ((Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN)
-                || (Build.VERSION.SDK_INT > Build.VERSION_CODES.JELLY_BEAN_MR2)) {
-            // No need to apply the fix
-            return;
-        }
-
-        try {
-            // Mix in the device- and invocation-specific seed.
-            Class.forName("org.apache.harmony.xnet.provider.jsse.NativeCrypto")
-                    .getMethod("RAND_seed", byte[].class)
-                    .invoke(null, generateSeed());
-
-            // Mix output of Linux PRNG into OpenSSL's PRNG
-            int bytesRead = (Integer) Class.forName(
-                    "org.apache.harmony.xnet.provider.jsse.NativeCrypto")
-                    .getMethod("RAND_load_file", String.class, long.class)
-                    .invoke(null, "/dev/urandom", 1024);
-            if (bytesRead != 1024) {
-                throw new IOException(
-                        "Unexpected number of bytes read from Linux PRNG: "
-                                + bytesRead);
-            }
-        } catch (Exception e) {
-            throw new SecurityException("Failed to seed OpenSSL PRNG", e);
-        }
-    }
-
-    /**
-     * Installs a Linux PRNG-backed {@code SecureRandom} implementation as the
-     * default. Does nothing if the implementation is already the default or if
-     * there is not need to install the implementation.
-     *
-     * @throws SecurityException if the fix is needed but could not be applied.
-     */
-    private static void installLinuxPRNGSecureRandom()
-            throws SecurityException {
-        if (Build.VERSION.SDK_INT > Build.VERSION_CODES.JELLY_BEAN_MR2) {
-            // No need to apply the fix
-            return;
-        }
-
-        // Install a Linux PRNG-based SecureRandom implementation as the
-        // default, if not yet installed.
-        Provider[] secureRandomProviders =
-                Security.getProviders("SecureRandom.SHA1PRNG");
-        if ((secureRandomProviders == null)
-                || (secureRandomProviders.length < 1)
-                || (!LinuxPRNGSecureRandomProvider.class.equals(
-                        secureRandomProviders[0].getClass()))) {
-            Security.insertProviderAt(new LinuxPRNGSecureRandomProvider(), 1);
-        }
-
-        // Assert that new SecureRandom() and
-        // SecureRandom.getInstance("SHA1PRNG") return a SecureRandom backed
-        // by the Linux PRNG-based SecureRandom implementation.
-        SecureRandom rng1 = new SecureRandom();
-        if (!LinuxPRNGSecureRandomProvider.class.equals(
-                rng1.getProvider().getClass())) {
-            throw new SecurityException(
-                    "new SecureRandom() backed by wrong Provider: "
-                            + rng1.getProvider().getClass());
-        }
-
-        SecureRandom rng2;
-        try {
-            rng2 = SecureRandom.getInstance("SHA1PRNG");
-        } catch (NoSuchAlgorithmException e) {
-            throw new SecurityException("SHA1PRNG not available", e);
-        }
-        if (!LinuxPRNGSecureRandomProvider.class.equals(
-                rng2.getProvider().getClass())) {
-            throw new SecurityException(
-                    "SecureRandom.getInstance(\"SHA1PRNG\") backed by wrong"
-                    + " Provider: " + rng2.getProvider().getClass());
-        }
-    }
-
-    /**
-     * {@code Provider} of {@code SecureRandom} engines which pass through
-     * all requests to the Linux PRNG.
-     */
-    private static class LinuxPRNGSecureRandomProvider extends Provider {
-
-        public LinuxPRNGSecureRandomProvider() {
-            super("LinuxPRNG",
-                    1.0,
-                    "A Linux-specific random number provider that uses"
-                        + " /dev/urandom");
-            // Although /dev/urandom is not a SHA-1 PRNG, some apps
-            // explicitly request a SHA1PRNG SecureRandom and we thus need to
-            // prevent them from getting the default implementation whose output
-            // may have low entropy.
-            put("SecureRandom.SHA1PRNG", LinuxPRNGSecureRandom.class.getName());
-            put("SecureRandom.SHA1PRNG ImplementedIn", "Software");
-        }
-    }
-
-    /**
-     * {@link SecureRandomSpi} which passes all requests to the Linux PRNG
-     * ({@code /dev/urandom}).
-     */
-    public static class LinuxPRNGSecureRandom extends SecureRandomSpi {
-
-        /*
-         * IMPLEMENTATION NOTE: Requests to generate bytes and to mix in a seed
-         * are passed through to the Linux PRNG (/dev/urandom). Instances of
-         * this class seed themselves by mixing in the current time, PID, UID,
-         * build fingerprint, and hardware serial number (where available) into
-         * Linux PRNG.
-         *
-         * Concurrency: Read requests to the underlying Linux PRNG are
-         * serialized (on sLock) to ensure that multiple threads do not get
-         * duplicated PRNG output.
-         */
-
-        private static final File URANDOM_FILE = new File("/dev/urandom");
-        
-
-        private static final Object sLock = new Object();
-
-        /**
-         * Input stream for reading from Linux PRNG or {@code null} if not yet
-         * opened.
-         *
-         * @GuardedBy("sLock")
-         */
-        private static DataInputStream sUrandomIn;
-
-        /**
-         * Output stream for writing to Linux PRNG or {@code null} if not yet
-         * opened.
-         *
-         * @GuardedBy("sLock")
-         */
-        private static OutputStream sUrandomOut;
-
-        /**
-         * Whether this engine instance has been seeded. This is needed because
-         * each instance needs to seed itself if the client does not explicitly
-         * seed it.
-         */
-        private boolean mSeeded;
-
-        @Override
-        protected void engineSetSeed(byte[] bytes) {
-            try {
-                OutputStream out;
-                synchronized (sLock) {
-                    out = getUrandomOutputStream();
-                }
-                out.write(bytes);
-                out.flush();
-                mSeeded = true;
-            } catch (IOException e) {
-                throw new SecurityException(
-                        "Failed to mix seed into " + URANDOM_FILE, e);
-            }
-        }
-
-        @Override
-        protected void engineNextBytes(byte[] bytes) {
-            if (!mSeeded) {
-                // Mix in the device- and invocation-specific seed.
-                engineSetSeed(generateSeed());
-            }
-
-            try {
-                DataInputStream in;
-                synchronized (sLock) {
-                    in = getUrandomInputStream();
-                }
-                synchronized (in) {
-                    in.readFully(bytes);
-                }
-            } catch (IOException e) {
-                throw new SecurityException(
-                        "Failed to read from " + URANDOM_FILE, e);
-            }
-        }
-
-        @Override
-        protected byte[] engineGenerateSeed(int size) {
-            byte[] seed = new byte[size];
-            engineNextBytes(seed);
-            return seed;
-        }
-
-        private DataInputStream getUrandomInputStream() {
-            synchronized (sLock) {
-                if (sUrandomIn == null) {
-                    // NOTE: Consider inserting a BufferedInputStream between
-                    // DataInputStream and FileInputStream if you need higher
-                    // PRNG output performance and can live with future PRNG
-                    // output being pulled into this process prematurely.
-                    try {
-                        sUrandomIn = new DataInputStream(
-                                new FileInputStream(URANDOM_FILE));
-                    } catch (IOException e) {
-                        throw new SecurityException("Failed to open "
-                                + URANDOM_FILE + " for reading", e);
-                    }
-                }
-                return sUrandomIn;
-            }
-        }
-
-        private OutputStream getUrandomOutputStream() {
-            synchronized (sLock) {
-                if (sUrandomOut == null) {
-                    try {
-                        sUrandomOut = new FileOutputStream(URANDOM_FILE);
-                    } catch (IOException e) {
-                        throw new SecurityException("Failed to open "
-                                + URANDOM_FILE + " for writing", e);
-                    }
-                }
-                return sUrandomOut;
-            }
-        }
-    }
-
-    /**
-     * Generates a device- and invocation-specific seed to be mixed into the
-     * Linux PRNG.
-     */
-    private static byte[] generateSeed() {
-        try {
-            ByteArrayOutputStream seedBuffer = new ByteArrayOutputStream();
-            DataOutputStream seedBufferOut =
-                    new DataOutputStream(seedBuffer);
-            seedBufferOut.writeLong(System.currentTimeMillis());
-            seedBufferOut.writeLong(System.nanoTime());
-            seedBufferOut.writeInt(Process.myPid());
-            seedBufferOut.writeInt(Process.myUid());
-            seedBufferOut.write(BUILD_FINGERPRINT_AND_DEVICE_SERIAL);
-            seedBufferOut.close();
-            return seedBuffer.toByteArray();
-        } catch (IOException e) {
-            throw new SecurityException("Failed to generate seed", e);
-        }
-    }
-
-    /**
-     * Gets the hardware serial number of this device.
-     *
-     * @return serial number or {@code null} if not available.
-     */
-    private static String getDeviceSerialNumber() {
-        // We're using the Reflection API because Build.SERIAL is only available
-        // since API Level 9 (Gingerbread, Android 2.3).
-        try {
-            return (String) Build.class.getField("SERIAL").get(null);
-        } catch (Exception ignored) {
-            return null;
-        }
-    }
-
-    private static byte[] getBuildFingerprintAndDeviceSerial() {
-        StringBuilder result = new StringBuilder();
-        String fingerprint = Build.FINGERPRINT;
-        if (fingerprint != null) {
-            result.append(fingerprint);
-        }
-        String serial = getDeviceSerialNumber();
-        if (serial != null) {
-            result.append(serial);
-        }
-        try {
-            return result.toString().getBytes("UTF-8");
-        } catch (UnsupportedEncodingException e) {
-            throw new RuntimeException("UTF-8 encoding not supported");
-        }
-    }
-}

app/src/main/java/com/kunzisoft/keepass/app/database/AppDatabase.kt

@@ -26,10 +26,11 @@ import android.content.Context
 import androidx.room.AutoMigration
 
 @Database(
-    version = 2,
+    version = 3,
     entities = [FileDatabaseHistoryEntity::class, CipherDatabaseEntity::class],
     autoMigrations = [
-        AutoMigration (from = 1, to = 2)
+        AutoMigration (from = 1, to = 2),
+        AutoMigration (from = 2, to = 3)
     ]
 )
 abstract class AppDatabase : RoomDatabase() {

app/src/main/java/com/kunzisoft/keepass/app/database/CipherDatabaseAction.kt

@@ -27,9 +27,11 @@ import android.net.Uri
 import android.os.IBinder
 import android.util.Base64
 import android.util.Log
+import androidx.core.content.ContextCompat
+import androidx.core.net.toUri
 import com.kunzisoft.keepass.database.element.binary.BinaryData.Companion.BASE64_FLAG
 import com.kunzisoft.keepass.model.CipherEncryptDatabase
-import com.kunzisoft.keepass.services.AdvancedUnlockNotificationService
+import com.kunzisoft.keepass.services.DeviceUnlockNotificationService
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.utils.IOActionTask
 import com.kunzisoft.keepass.utils.SingletonHolderParameter
@@ -42,19 +44,19 @@ class CipherDatabaseAction(context: Context) {
         AppDatabase.getDatabase(applicationContext).cipherDatabaseDao()
 
     // Temp DAO to easily remove content if object no longer in memory
-    private var useTempDao = PreferencesUtil.isTempAdvancedUnlockEnable(applicationContext)
+    private var useTempDao = PreferencesUtil.isTempDeviceUnlockEnable(applicationContext)
 
-    private var mBinder: AdvancedUnlockNotificationService.AdvancedUnlockBinder? = null
+    private var mBinder: DeviceUnlockNotificationService.DeviceUnlockBinder? = null
     private var mServiceConnection: ServiceConnection? = null
 
     private var mDatabaseListeners = LinkedList<CipherDatabaseListener>()
-    private var mAdvancedUnlockBroadcastReceiver = AdvancedUnlockNotificationService.AdvancedUnlockReceiver {
+    private var mDeviceUnlockBroadcastReceiver = DeviceUnlockNotificationService.DeviceUnlockReceiver {
         deleteAll()
         removeAllDataAndDetach()
     }
 
-    fun reloadPreferences() {
-        useTempDao = PreferencesUtil.isTempAdvancedUnlockEnable(applicationContext)
+    private fun reloadPreferences() {
+        useTempDao = PreferencesUtil.isTempDeviceUnlockEnable(applicationContext)
     }
 
     @Synchronized
@@ -69,13 +71,15 @@ class CipherDatabaseAction(context: Context) {
 
     @Synchronized
     private fun attachService(performedAction: () -> Unit) {
-        applicationContext.registerReceiver(mAdvancedUnlockBroadcastReceiver, IntentFilter().apply {
-            addAction(AdvancedUnlockNotificationService.REMOVE_ADVANCED_UNLOCK_KEY_ACTION)
-        })
+        ContextCompat.registerReceiver(applicationContext, mDeviceUnlockBroadcastReceiver,
+            IntentFilter().apply {
+                addAction(DeviceUnlockNotificationService.REMOVE_DEVICE_UNLOCK_KEY_ACTION)
+            }, ContextCompat.RECEIVER_EXPORTED
+        )
 
         mServiceConnection = object : ServiceConnection {
             override fun onServiceConnected(name: ComponentName?, serviceBinder: IBinder?) {
-                mBinder = (serviceBinder as AdvancedUnlockNotificationService.AdvancedUnlockBinder)
+                mBinder = (serviceBinder as DeviceUnlockNotificationService.DeviceUnlockBinder)
                 performedAction.invoke()
             }
 
@@ -84,7 +88,7 @@ class CipherDatabaseAction(context: Context) {
             }
         }
         try {
-            AdvancedUnlockNotificationService.bindService(applicationContext,
+            DeviceUnlockNotificationService.bindService(applicationContext,
                     mServiceConnection!!,
                 Context.BIND_AUTO_CREATE)
         } catch (e: Exception) {
@@ -96,11 +100,11 @@ class CipherDatabaseAction(context: Context) {
     @Synchronized
     private fun detachService() {
         try {
-            applicationContext.unregisterReceiver(mAdvancedUnlockBroadcastReceiver)
-        } catch (e: Exception) {}
+            applicationContext.unregisterReceiver(mDeviceUnlockBroadcastReceiver)
+        } catch (_: Exception) {}
 
         mServiceConnection?.let {
-            AdvancedUnlockNotificationService.unbindService(applicationContext, it)
+            DeviceUnlockNotificationService.unbindService(applicationContext, it)
         }
     }
 
@@ -120,23 +124,27 @@ class CipherDatabaseAction(context: Context) {
     private fun onClear() {
         mBinder = null
         mServiceConnection = null
-        mDatabaseListeners.forEach {
-            it.onCipherDatabaseCleared()
+        mDatabaseListeners.forEach { listener ->
+            listener.onCipherDatabaseCleared()
         }
     }
 
     interface CipherDatabaseListener {
+        fun onCipherDatabaseRetrieved(databaseUri: Uri, cipherDatabase: CipherEncryptDatabase?)
+        fun onCipherDatabaseAddedOrUpdated(cipherDatabase: CipherEncryptDatabase)
+        fun onCipherDatabaseDeleted(databaseUri: Uri)
+        fun onAllCipherDatabasesDeleted()
         fun onCipherDatabaseCleared()
     }
 
     fun getCipherDatabase(databaseUri: Uri,
-                          cipherDatabaseResultListener: (CipherEncryptDatabase?) -> Unit) {
+                          cipherDatabaseResultListener: ((CipherEncryptDatabase?) -> Unit)? = null) {
         if (useTempDao) {
             serviceActionTask {
                 var cipherDatabase: CipherEncryptDatabase? = null
                 mBinder?.getCipherDatabase(databaseUri)?.let { cipherDatabaseEntity ->
                     cipherDatabase = CipherEncryptDatabase().apply {
-                        this.databaseUri = Uri.parse(cipherDatabaseEntity.databaseUri)
+                        this.databaseUri = cipherDatabaseEntity.databaseUri.toUri()
                         this.encryptedValue = Base64.decode(
                             cipherDatabaseEntity.encryptedValue,
                             BASE64_FLAG
@@ -147,7 +155,11 @@ class CipherDatabaseAction(context: Context) {
                         )
                     }
                 }
-                cipherDatabaseResultListener.invoke(cipherDatabase)
+                cipherDatabaseResultListener?.invoke(cipherDatabase) ?: run {
+                    mDatabaseListeners.forEach { listener ->
+                        listener.onCipherDatabaseRetrieved(databaseUri, cipherDatabase)
+                    }
+                }
             }
         } else {
             IOActionTask(
@@ -155,7 +167,7 @@ class CipherDatabaseAction(context: Context) {
                     cipherDatabaseDao.getByDatabaseUri(databaseUri.toString())
                         ?.let { cipherDatabaseEntity ->
                             CipherEncryptDatabase().apply {
-                                this.databaseUri = Uri.parse(cipherDatabaseEntity.databaseUri)
+                                this.databaseUri = cipherDatabaseEntity.databaseUri.toUri()
                                 this.encryptedValue = Base64.decode(
                                     cipherDatabaseEntity.encryptedValue,
                                     Base64.NO_WRAP
@@ -167,17 +179,33 @@ class CipherDatabaseAction(context: Context) {
                             }
                         }
                 },
-                {
-                    cipherDatabaseResultListener.invoke(it)
+                { cipherDatabase ->
+                    cipherDatabaseResultListener?.invoke(cipherDatabase) ?: run {
+                        mDatabaseListeners.forEach { listener ->
+                            listener.onCipherDatabaseRetrieved(databaseUri, cipherDatabase)
+                        }
+                    }
                 }
             ).execute()
         }
     }
 
-    fun containsCipherDatabase(databaseUri: Uri,
+    private fun containsCipherDatabase(databaseUri: Uri?,
                                contains: (Boolean) -> Unit) {
-        getCipherDatabase(databaseUri) {
-            contains.invoke(it != null)
+        if (databaseUri == null) {
+            contains.invoke(false)
+        } else {
+            getCipherDatabase(databaseUri) {
+                contains.invoke(it != null)
+            }
+        }
+    }
+
+    fun resetCipherParameters(databaseUri: Uri?) {
+        containsCipherDatabase(databaseUri) { contains ->
+            if (contains) {
+                mBinder?.resetTimer()
+            }
         }
     }
 
@@ -195,7 +223,11 @@ class CipherDatabaseAction(context: Context) {
                 // The only case to create service (not needed to get an info)
                 serviceActionTask(true) {
                     mBinder?.addOrUpdateCipherDatabase(cipherDatabaseEntity)
-                    cipherDatabaseResultListener?.invoke()
+                    cipherDatabaseResultListener?.invoke() ?: run {
+                        mDatabaseListeners.forEach { listener ->
+                            listener.onCipherDatabaseAddedOrUpdated(cipherEncryptDatabase)
+                        }
+                    }
                 }
             } else {
                 IOActionTask(
@@ -210,7 +242,11 @@ class CipherDatabaseAction(context: Context) {
                         }
                     },
                     {
-                        cipherDatabaseResultListener?.invoke()
+                        cipherDatabaseResultListener?.invoke() ?: run {
+                            mDatabaseListeners.forEach { listener ->
+                                listener.onCipherDatabaseAddedOrUpdated(cipherEncryptDatabase)
+                            }
+                        }
                     }
                 ).execute()
             }
@@ -222,7 +258,11 @@ class CipherDatabaseAction(context: Context) {
         if (useTempDao) {
             serviceActionTask {
                 mBinder?.deleteByDatabaseUri(databaseUri)
-                cipherDatabaseResultListener?.invoke()
+                cipherDatabaseResultListener?.invoke() ?: run {
+                    mDatabaseListeners.forEach { listener ->
+                        listener.onCipherDatabaseDeleted(databaseUri)
+                    }
+                }
             }
         } else {
             IOActionTask(
@@ -230,10 +270,15 @@ class CipherDatabaseAction(context: Context) {
                     cipherDatabaseDao.deleteByDatabaseUri(databaseUri.toString())
                 },
                 {
-                    cipherDatabaseResultListener?.invoke()
+                    cipherDatabaseResultListener?.invoke() ?: run {
+                        mDatabaseListeners.forEach { listener ->
+                            listener.onCipherDatabaseDeleted(databaseUri)
+                        }
+                    }
                 }
             ).execute()
         }
+        reloadPreferences()
     }
 
     fun deleteAll() {
@@ -248,8 +293,12 @@ class CipherDatabaseAction(context: Context) {
                 cipherDatabaseDao.deleteAll()
             }
         ).execute()
+        mDatabaseListeners.forEach { listener ->
+            listener.onAllCipherDatabasesDeleted()
+        }
         // Unbind
         removeAllDataAndDetach()
+        reloadPreferences()
     }
 
     companion object : SingletonHolderParameter<CipherDatabaseAction, Context>(::CipherDatabaseAction) {

app/src/main/java/com/kunzisoft/keepass/app/database/FileDatabaseHistoryAction.kt

@@ -49,6 +49,7 @@ class FileDatabaseHistoryAction(private val applicationContext: Context) {
                     databaseUri,
                     fileDatabaseHistoryEntity?.keyFileUri?.parseUri(),
                     HardwareKey.getHardwareKeyFromString(fileDatabaseHistoryEntity?.hardwareKey),
+                    fileDatabaseHistoryEntity?.readOnly,
                     fileDatabaseHistoryEntity?.databaseUri?.decodeUri(),
                     fileDatabaseInfo.retrieveDatabaseAlias(fileDatabaseHistoryEntity?.databaseAlias
                         ?: ""),
@@ -99,6 +100,7 @@ class FileDatabaseHistoryAction(private val applicationContext: Context) {
                                 fileDatabaseHistoryEntity.databaseUri.parseUri(),
                                 fileDatabaseHistoryEntity.keyFileUri?.parseUri(),
                                 HardwareKey.getHardwareKeyFromString(fileDatabaseHistoryEntity.hardwareKey),
+                                fileDatabaseHistoryEntity.readOnly,
                                 fileDatabaseHistoryEntity.databaseUri.decodeUri(),
                                 fileDatabaseInfo.retrieveDatabaseAlias(fileDatabaseHistoryEntity.databaseAlias),
                                 fileDatabaseInfo.exists,
@@ -147,6 +149,8 @@ class FileDatabaseHistoryAction(private val applicationContext: Context) {
                                 ?: "",
                             databaseFileToAddOrUpdate.keyFileUri?.toString(),
                             databaseFileToAddOrUpdate.hardwareKey?.value,
+                            databaseFileToAddOrUpdate.readOnly
+                                ?: fileDatabaseHistoryRetrieve?.readOnly,
                             System.currentTimeMillis()
                         )
 
@@ -168,6 +172,7 @@ class FileDatabaseHistoryAction(private val applicationContext: Context) {
                         fileDatabaseHistory.databaseUri.parseUri(),
                         fileDatabaseHistory.keyFileUri?.parseUri(),
                         HardwareKey.getHardwareKeyFromString(fileDatabaseHistory.hardwareKey),
+                        fileDatabaseHistory.readOnly,
                         fileDatabaseHistory.databaseUri.decodeUri(),
                         fileDatabaseInfo.retrieveDatabaseAlias(fileDatabaseHistory.databaseAlias),
                         fileDatabaseInfo.exists,
@@ -195,6 +200,7 @@ class FileDatabaseHistoryAction(private val applicationContext: Context) {
                                     fileDatabaseHistory.databaseUri.parseUri(),
                                     fileDatabaseHistory.keyFileUri?.parseUri(),
                                     HardwareKey.getHardwareKeyFromString(fileDatabaseHistory.hardwareKey),
+                                    fileDatabaseHistory.readOnly,
                                     fileDatabaseHistory.databaseUri.decodeUri(),
                                     databaseFileToDelete.databaseAlias
                                 )

app/src/main/java/com/kunzisoft/keepass/app/database/FileDatabaseHistoryEntity.kt

@@ -38,6 +38,9 @@ data class FileDatabaseHistoryEntity(
         @ColumnInfo(name = "hardware_key")
             var hardwareKey: String?,
 
+        @ColumnInfo(name = "read_only")
+            var readOnly: Boolean?,
+
         @ColumnInfo(name = "updated")
             val updated: Long
 ) {

app/src/main/java/com/kunzisoft/keepass/autofill/AutofillHelper.kt

@@ -60,6 +60,7 @@ import com.kunzisoft.keepass.settings.AutofillSettingsActivity
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.utils.LOCK_ACTION
 import com.kunzisoft.keepass.utils.getParcelableExtraCompat
+import kotlin.math.min
 
 
 @RequiresApi(api = Build.VERSION_CODES.O)
@@ -175,8 +176,8 @@ object AutofillHelper {
         }
 
         if (entryInfo.expires) {
-            val year = entryInfo.expiryTime.getYearInt()
-            val month = entryInfo.expiryTime.getMonthInt()
+            val year = entryInfo.expiryTime.getYear()
+            val month = entryInfo.expiryTime.getMonth()
             val monthString = month.toString().padStart(2, '0')
             val day = entryInfo.expiryTime.getDay()
             val dayString = day.toString().padStart(2, '0')
@@ -191,7 +192,7 @@ object AutofillHelper {
                 } else {
                     datasetBuilder.addValueToDatasetBuilder(
                         it,
-                        AutofillValue.forDate(entryInfo.expiryTime.date.time)
+                        AutofillValue.forDate(entryInfo.expiryTime.toMilliseconds())
                     )
                 }
             }
@@ -321,10 +322,11 @@ object AutofillHelper {
             val inlinePresentationSpecs = inlineSuggestionsRequest.inlinePresentationSpecs
             val maxSuggestion = inlineSuggestionsRequest.maxSuggestionCount
 
-            if (positionItem <= maxSuggestion - 1
-                && inlinePresentationSpecs.size > positionItem
-            ) {
-                val inlinePresentationSpec = inlinePresentationSpecs[positionItem]
+            if (positionItem <= maxSuggestion - 1) {
+
+                // If positionItem is larger than the number of specs in the list, then
+                // the last spec is used for the remainder of the suggestions
+                val inlinePresentationSpec = inlinePresentationSpecs[min(positionItem, inlinePresentationSpecs.size - 1)]
 
                 // Make sure that the IME spec claims support for v1 UI template.
                 val imeStyle = inlinePresentationSpec.style

app/src/main/java/com/kunzisoft/keepass/autofill/KeeAutofillService.kt

@@ -21,12 +21,21 @@ package com.kunzisoft.keepass.autofill
 
 import android.annotation.SuppressLint
 import android.app.PendingIntent
+import android.content.Context
 import android.content.Intent
 import android.graphics.BlendMode
 import android.graphics.drawable.Icon
 import android.os.Build
 import android.os.CancellationSignal
-import android.service.autofill.*
+import android.service.autofill.AutofillService
+import android.service.autofill.FillCallback
+import android.service.autofill.FillRequest
+import android.service.autofill.FillResponse
+import android.service.autofill.InlinePresentation
+import android.service.autofill.Presentations
+import android.service.autofill.SaveCallback
+import android.service.autofill.SaveInfo
+import android.service.autofill.SaveRequest
 import android.util.Log
 import android.view.autofill.AutofillId
 import android.widget.RemoteViews
@@ -35,6 +44,7 @@ import androidx.autofill.inline.UiVersions
 import androidx.autofill.inline.v1.InlineSuggestionUi
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.AutofillLauncherActivity
+import com.kunzisoft.keepass.autofill.StructureParser.Companion.APPLICATION_ID_POPUP_WINDOW
 import com.kunzisoft.keepass.database.ContextualDatabase
 import com.kunzisoft.keepass.database.DatabaseTaskProvider
 import com.kunzisoft.keepass.database.helper.SearchHelper
@@ -99,8 +109,12 @@ class KeeAutofillService : AutofillService() {
         StructureParser(latestStructure).parse()?.let { parseResult ->
 
             // Build search info only if applicationId or webDomain are not blocked
-            if (autofillAllowedFor(parseResult.applicationId, applicationIdBlocklist)
-                    && autofillAllowedFor(parseResult.webDomain, webDomainBlocklist)) {
+            if (autofillAllowedFor(
+                    applicationId = parseResult.applicationId,
+                    applicationIdBlocklist = applicationIdBlocklist,
+                    webDomain = parseResult.webDomain,
+                    webDomainBlocklist = webDomainBlocklist)
+                ) {
                 val searchInfo = SearchInfo().apply {
                     applicationId = parseResult.applicationId
                     webDomain = parseResult.webDomain
@@ -258,7 +272,7 @@ class KeeAutofillService : AutofillService() {
                             val inlinePresentationSpecs =
                                 inlineSuggestionsRequest.inlinePresentationSpecs
                             if (inlineSuggestionsRequest.maxSuggestionCount > 0
-                                && inlinePresentationSpecs.size > 0
+                                && inlinePresentationSpecs.isNotEmpty()
                             ) {
                                 val inlinePresentationSpec = inlinePresentationSpecs[0]
 
@@ -274,11 +288,7 @@ class KeeAutofillService : AutofillService() {
                                                 this,
                                                 0,
                                                 Intent(this, AutofillSettingsActivity::class.java),
-                                                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                                                    PendingIntent.FLAG_IMMUTABLE
-                                                } else {
-                                                    0
-                                                }
+                                                PendingIntent.FLAG_IMMUTABLE
                                             )
                                         ).apply {
                                             setContentDescription(getString(R.string.autofill_sign_in_prompt))
@@ -352,8 +362,12 @@ class KeeAutofillService : AutofillService() {
             val latestStructure = request.fillContexts.last().structure
             StructureParser(latestStructure).parse(true)?.let { parseResult ->
 
-                if (autofillAllowedFor(parseResult.applicationId, applicationIdBlocklist)
-                        && autofillAllowedFor(parseResult.webDomain, webDomainBlocklist)) {
+                if (autofillAllowedFor(
+                        applicationId = parseResult.applicationId,
+                        applicationIdBlocklist = applicationIdBlocklist,
+                        webDomain = parseResult.webDomain,
+                        webDomainBlocklist = webDomainBlocklist)
+                    ) {
                     Log.d(TAG, "autofill onSaveRequest password")
 
                     // Build expiration from date or from year and month
@@ -414,6 +428,28 @@ class KeeAutofillService : AutofillService() {
     companion object {
         private val TAG = KeeAutofillService::class.java.name
 
+        fun autofillAllowedFor(applicationId: String?,
+                               webDomain: String?,
+                               context: Context
+        ): Boolean {
+            return autofillAllowedFor(
+                applicationId = applicationId,
+                applicationIdBlocklist = PreferencesUtil.applicationIdBlocklist(context),
+                webDomain = webDomain,
+                webDomainBlocklist = PreferencesUtil.webDomainBlocklist(context))
+        }
+
+        fun autofillAllowedFor(applicationId: String?,
+                               applicationIdBlocklist: Set<String>?,
+                               webDomain: String?,
+                               webDomainBlocklist: Set<String>?
+        ): Boolean {
+            return autofillAllowedFor(applicationId, applicationIdBlocklist)
+                    // To prevent unrecognized autofill popup id
+                    && applicationId?.contains(APPLICATION_ID_POPUP_WINDOW) != true
+                    && autofillAllowedFor(webDomain, webDomainBlocklist)
+        }
+
         fun autofillAllowedFor(element: String?, blockList: Set<String>?): Boolean {
             element?.let { elementNotNull ->
                 if (blockList?.any { appIdBlocked ->

app/src/main/java/com/kunzisoft/keepass/autofill/StructureParser.kt

@@ -27,8 +27,7 @@ import android.view.autofill.AutofillId
 import android.view.autofill.AutofillValue
 import androidx.annotation.RequiresApi
 import org.joda.time.DateTime
-import java.util.*
-import kotlin.collections.ArrayList
+import java.util.Locale
 
 
 /**
@@ -52,7 +51,7 @@ class StructureParser(private val structure: AssistStructure) {
                     applicationId = windowNode.title.toString().split("/")[0]
                     Log.d(TAG, "Autofill applicationId: $applicationId")
 
-                    if (applicationId?.contains("PopupWindow:") == false) {
+                    if (applicationId?.contains(APPLICATION_ID_POPUP_WINDOW) == false) {
                         if (parseViewNode(windowNode.rootViewNode))
                             break@mainLoop
                     }
@@ -583,5 +582,7 @@ class StructureParser(private val structure: AssistStructure) {
 
     companion object {
         private val TAG = StructureParser::class.java.name
+
+        const val APPLICATION_ID_POPUP_WINDOW = "PopupWindow:"
     }
 }

app/src/main/java/com/kunzisoft/keepass/biometric/AdvancedUnlockCryptoPrompt.kt

@@ -1,10 +0,0 @@
-package com.kunzisoft.keepass.biometric
-
-import androidx.annotation.StringRes
-import javax.crypto.Cipher
-
-data class AdvancedUnlockCryptoPrompt(var cipher: Cipher,
-                                      @StringRes var promptTitleId: Int,
-                                      @StringRes var promptDescriptionId: Int? = null,
-                                      var isDeviceCredentialOperation: Boolean,
-                                      var isBiometricOperation: Boolean)

app/src/main/java/com/kunzisoft/keepass/biometric/AdvancedUnlockFragment.kt

@@ -1,677 +0,0 @@
-/*
- * Copyright 2020 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.biometric
-
-import android.app.Activity
-import android.content.Context
-import android.content.Intent
-import android.net.Uri
-import android.os.Build
-import android.os.Bundle
-import android.provider.Settings
-import android.util.Log
-import android.view.*
-import androidx.activity.result.contract.ActivityResultContracts
-import androidx.annotation.RequiresApi
-import androidx.biometric.BiometricManager
-import androidx.biometric.BiometricPrompt
-import androidx.core.view.MenuProvider
-import androidx.fragment.app.Fragment
-import androidx.fragment.app.activityViewModels
-import androidx.lifecycle.lifecycleScope
-import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.app.database.CipherDatabaseAction
-import com.kunzisoft.keepass.database.exception.UnknownDatabaseLocationException
-import com.kunzisoft.keepass.model.CipherDecryptDatabase
-import com.kunzisoft.keepass.model.CipherEncryptDatabase
-import com.kunzisoft.keepass.model.CredentialStorage
-import com.kunzisoft.keepass.settings.PreferencesUtil
-import com.kunzisoft.keepass.view.AdvancedUnlockInfoView
-import com.kunzisoft.keepass.view.hideByFading
-import com.kunzisoft.keepass.view.showByFading
-import com.kunzisoft.keepass.viewmodels.AdvancedUnlockViewModel
-import kotlinx.coroutines.Dispatchers
-import kotlinx.coroutines.launch
-
-class AdvancedUnlockFragment: Fragment(), AdvancedUnlockManager.AdvancedUnlockCallback {
-
-    private var mBuilderListener: BuilderListener? = null
-
-    private var mAdvancedUnlockEnabled = false
-    private var mAutoOpenPromptEnabled = false
-
-    private var advancedUnlockManager: AdvancedUnlockManager? = null
-    private var biometricMode: Mode = Mode.BIOMETRIC_UNAVAILABLE
-    private var mAdvancedUnlockInfoView: AdvancedUnlockInfoView? = null
-
-    var databaseFileUri: Uri? = null
-        private set
-
-    // TODO Retrieve credential storage from app database
-    var credentialDatabaseStorage: CredentialStorage = CredentialStorage.DEFAULT
-
-    // Variable to check if the prompt can be open (if the right activity is currently shown)
-    // checkBiometricAvailability() allows open biometric prompt and onDestroy() removes the authorization
-    private var allowOpenBiometricPrompt = false
-
-    private lateinit var cipherDatabaseAction : CipherDatabaseAction
-
-    private var cipherDatabaseListener: CipherDatabaseAction.CipherDatabaseListener? = null
-
-    private val mAdvancedUnlockViewModel: AdvancedUnlockViewModel by activityViewModels()
-
-    // Only to fix multiple fingerprint menu #332
-    private var mAllowAdvancedUnlockMenu = false
-    private var mAddBiometricMenuInProgress = false
-
-    // Only keep connection when we request a device credential activity
-    private var keepConnection = false
-
-    private var mDeviceCredentialResultLauncher = registerForActivityResult(
-        ActivityResultContracts.StartActivityForResult()
-    ) { result ->
-        mAdvancedUnlockViewModel.allowAutoOpenBiometricPrompt = false
-        // To wait resume
-        if (keepConnection) {
-            mAdvancedUnlockViewModel.deviceCredentialAuthSucceeded =
-                result.resultCode == Activity.RESULT_OK
-        }
-        keepConnection = false
-    }
-
-    private val menuProvider: MenuProvider = object: MenuProvider {
-        override fun onCreateMenu(menu: Menu, menuInflater: MenuInflater) {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                // biometric menu
-                if (mAllowAdvancedUnlockMenu)
-                    menuInflater.inflate(R.menu.advanced_unlock, menu)
-            }
-        }
-
-        override fun onMenuItemSelected(menuItem: MenuItem): Boolean {
-            when (menuItem.itemId) {
-                R.id.menu_keystore_remove_key -> if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                    deleteEncryptedDatabaseKey()
-                }
-            }
-            return false
-        }
-    }
-
-    override fun onAttach(context: Context) {
-        super.onAttach(context)
-
-        mAdvancedUnlockEnabled = PreferencesUtil.isAdvancedUnlockEnable(context)
-        mAutoOpenPromptEnabled = PreferencesUtil.isAdvancedUnlockPromptAutoOpenEnable(context)
-        try {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                mBuilderListener = context as BuilderListener
-            }
-        } catch (e: ClassCastException) {
-            throw ClassCastException(context.toString()
-                    + " must implement " + BuilderListener::class.java.name)
-        }
-    }
-
-    override fun onCreate(savedInstanceState: Bundle?) {
-        super.onCreate(savedInstanceState)
-
-        cipherDatabaseAction = CipherDatabaseAction.getInstance(requireContext().applicationContext)
-
-        mAdvancedUnlockViewModel.onInitAdvancedUnlockModeRequested.observe(this) {
-            initAdvancedUnlockMode()
-        }
-
-        mAdvancedUnlockViewModel.onUnlockAvailabilityCheckRequested.observe(this) {
-            checkUnlockAvailability()
-        }
-
-        mAdvancedUnlockViewModel.onDatabaseFileLoaded.observe(this) {
-            onDatabaseLoaded(it)
-        }
-    }
-
-    override fun onCreateView(inflater: LayoutInflater, container: ViewGroup?, savedInstanceState: Bundle?): View? {
-        super.onCreateView(inflater, container, savedInstanceState)
-
-        val rootView = inflater.inflate(R.layout.fragment_advanced_unlock, container, false)
-
-        mAdvancedUnlockInfoView = rootView.findViewById(R.id.advanced_unlock_view)
-
-        return rootView
-    }
-
-    override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
-        super.onViewCreated(view, savedInstanceState)
-
-        activity?.addMenuProvider(menuProvider, viewLifecycleOwner)
-    }
-
-    override fun onResume() {
-        super.onResume()
-        context?.let {
-            mAdvancedUnlockEnabled = PreferencesUtil.isAdvancedUnlockEnable(it)
-            mAutoOpenPromptEnabled = PreferencesUtil.isAdvancedUnlockPromptAutoOpenEnable(it)
-        }
-        keepConnection = false
-    }
-
-    private fun onDatabaseLoaded(databaseUri: Uri?) {
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-            // To get device credential unlock result, only if same database uri
-            if (databaseUri != null
-                    && mAdvancedUnlockEnabled) {
-                val deviceCredentialAuthSucceeded = mAdvancedUnlockViewModel.deviceCredentialAuthSucceeded
-                deviceCredentialAuthSucceeded?.let {
-                    if (databaseUri == databaseFileUri) {
-                        if (deviceCredentialAuthSucceeded == true) {
-                            advancedUnlockManager?.advancedUnlockCallback?.onAuthenticationSucceeded()
-                        } else {
-                            advancedUnlockManager?.advancedUnlockCallback?.onAuthenticationFailed()
-                        }
-                    } else {
-                        disconnect()
-                    }
-                } ?: run {
-                    if (databaseUri != databaseFileUri) {
-                        connect(databaseUri)
-                    }
-                }
-            } else {
-                disconnect()
-            }
-            mAdvancedUnlockViewModel.deviceCredentialAuthSucceeded = null
-        }
-    }
-
-    /**
-     * Check unlock availability and change the current mode depending of device's state
-     */
-    private fun checkUnlockAvailability() {
-        context?.let { context ->
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                allowOpenBiometricPrompt = true
-                if (PreferencesUtil.isBiometricUnlockEnable(context)) {
-                    // biometric not supported (by API level or hardware) so keep option hidden
-                    // or manually disable
-                    val biometricCanAuthenticate = AdvancedUnlockManager.canAuthenticate(context)
-                    if (!PreferencesUtil.isAdvancedUnlockEnable(context)
-                            || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE
-                            || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE) {
-                        toggleMode(Mode.BIOMETRIC_UNAVAILABLE)
-                    } else if (biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED) {
-                        toggleMode(Mode.BIOMETRIC_SECURITY_UPDATE_REQUIRED)
-                    } else {
-                        // biometric is available but not configured, show icon but in disabled state with some information
-                        if (biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED) {
-                            toggleMode(Mode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED)
-                        } else {
-                            selectMode()
-                        }
-                    }
-                } else if (PreferencesUtil.isDeviceCredentialUnlockEnable(context)) {
-                    if (AdvancedUnlockManager.isDeviceSecure(context)) {
-                        selectMode()
-                    } else {
-                        toggleMode(Mode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED)
-                    }
-                }
-            }
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun selectMode() {
-        // Check if fingerprint well init (be called the first time the fingerprint is configured
-        // and the activity still active)
-        if (advancedUnlockManager?.isKeyManagerInitialized != true) {
-            advancedUnlockManager = AdvancedUnlockManager { requireActivity() }
-            // callback for fingerprint findings
-            advancedUnlockManager?.advancedUnlockCallback = this
-        }
-        // Recheck to change the mode
-        if (advancedUnlockManager?.isKeyManagerInitialized != true) {
-            toggleMode(Mode.KEY_MANAGER_UNAVAILABLE)
-        } else {
-            if (mBuilderListener?.conditionToStoreCredential() == true) {
-                // listen for encryption
-                toggleMode(Mode.STORE_CREDENTIAL)
-            } else {
-                databaseFileUri?.let { databaseUri ->
-                    cipherDatabaseAction.containsCipherDatabase(databaseUri) { containsCipher ->
-                        // biometric available but no stored password found yet for this DB so show info don't listen
-                        toggleMode(if (containsCipher) {
-                            // listen for decryption
-                            Mode.EXTRACT_CREDENTIAL
-                        } else {
-                            // wait for typing
-                            Mode.WAIT_CREDENTIAL
-                        })
-                    }
-                }
-            }
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun toggleMode(newBiometricMode: Mode) {
-        if (newBiometricMode != biometricMode) {
-            biometricMode = newBiometricMode
-            initAdvancedUnlockMode()
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun initNotAvailable() {
-        showViews(false)
-
-        mAdvancedUnlockInfoView?.setIconViewClickListener(null)
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun openBiometricSetting() {
-        mAdvancedUnlockInfoView?.setIconViewClickListener {
-            try {
-                when {
-                    Build.VERSION.SDK_INT >= Build.VERSION_CODES.R -> {
-                        context?.startActivity(Intent(Settings.ACTION_BIOMETRIC_ENROLL))
-                    }
-                    Build.VERSION.SDK_INT >= Build.VERSION_CODES.P -> {
-                        @Suppress("DEPRECATION") context
-                            ?.startActivity(Intent(Settings.ACTION_FINGERPRINT_ENROLL))
-                    }
-                    else -> {
-                        context?.startActivity(Intent(Settings.ACTION_SECURITY_SETTINGS))
-                    }
-                }
-            } catch (e: Exception) {
-                // ACTION_SECURITY_SETTINGS does not contain fingerprint enrollment on some devices...
-                context?.startActivity(Intent(Settings.ACTION_SETTINGS))
-            }
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun initSecurityUpdateRequired() {
-        showViews(true)
-        setAdvancedUnlockedTitleView(R.string.biometric_security_update_required)
-
-        openBiometricSetting()
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun initNotConfigured() {
-        showViews(true)
-        setAdvancedUnlockedTitleView(R.string.configure_biometric)
-        setAdvancedUnlockedMessageView("")
-
-        openBiometricSetting()
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun initKeyManagerNotAvailable() {
-        showViews(true)
-        setAdvancedUnlockedTitleView(R.string.keystore_not_accessible)
-
-        openBiometricSetting()
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun initWaitData() {
-        showViews(true)
-        setAdvancedUnlockedTitleView(R.string.unavailable)
-        setAdvancedUnlockedMessageView("")
-
-        context?.let { context ->
-            mAdvancedUnlockInfoView?.setIconViewClickListener {
-                onAuthenticationError(BiometricPrompt.ERROR_UNABLE_TO_PROCESS,
-                        context.getString(R.string.credential_before_click_advanced_unlock_button))
-            }
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun openAdvancedUnlockPrompt(cryptoPrompt: AdvancedUnlockCryptoPrompt) {
-        lifecycleScope.launch(Dispatchers.Main) {
-            if (allowOpenBiometricPrompt) {
-                if (cryptoPrompt.isDeviceCredentialOperation)
-                    keepConnection = true
-                try {
-                    advancedUnlockManager?.openAdvancedUnlockPrompt(cryptoPrompt,
-                        mDeviceCredentialResultLauncher)
-                } catch (e: Exception) {
-                    Log.e(TAG, "Unable to open advanced unlock prompt", e)
-                    setAdvancedUnlockedTitleView(R.string.advanced_unlock_prompt_not_initialized)
-                }
-            }
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun initEncryptData() {
-        showViews(true)
-        setAdvancedUnlockedTitleView(R.string.unlock_and_link_biometric)
-        setAdvancedUnlockedMessageView("")
-
-        advancedUnlockManager?.initEncryptData { cryptoPrompt ->
-            // Set listener to open the biometric dialog and save credential
-            mAdvancedUnlockInfoView?.setIconViewClickListener { _ ->
-                openAdvancedUnlockPrompt(cryptoPrompt)
-            }
-        } ?: throw Exception("AdvancedUnlockManager not initialized")
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun initDecryptData() {
-        showViews(true)
-        setAdvancedUnlockedTitleView(R.string.unlock)
-        setAdvancedUnlockedMessageView("")
-
-        advancedUnlockManager?.let { unlockHelper ->
-            databaseFileUri?.let { databaseUri ->
-                cipherDatabaseAction.getCipherDatabase(databaseUri) { cipherDatabase ->
-                    cipherDatabase?.let {
-                        unlockHelper.initDecryptData(it.specParameters) { cryptoPrompt ->
-
-                            // Set listener to open the biometric dialog and check credential
-                            mAdvancedUnlockInfoView?.setIconViewClickListener { _ ->
-                                openAdvancedUnlockPrompt(cryptoPrompt)
-                            }
-
-                            // Auto open the biometric prompt
-                            if (mAdvancedUnlockViewModel.allowAutoOpenBiometricPrompt
-                                && mAutoOpenPromptEnabled) {
-                                mAdvancedUnlockViewModel.allowAutoOpenBiometricPrompt = false
-                                openAdvancedUnlockPrompt(cryptoPrompt)
-                            }
-                        }
-                    } ?: deleteEncryptedDatabaseKey()
-                }
-            } ?: throw UnknownDatabaseLocationException()
-        } ?: throw Exception("AdvancedUnlockManager not initialized")
-    }
-
-    private fun initAdvancedUnlockMode() {
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-            mAllowAdvancedUnlockMenu = false
-            try {
-                when (biometricMode) {
-                    Mode.BIOMETRIC_UNAVAILABLE -> initNotAvailable()
-                    Mode.BIOMETRIC_SECURITY_UPDATE_REQUIRED -> initSecurityUpdateRequired()
-                    Mode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED -> initNotConfigured()
-                    Mode.KEY_MANAGER_UNAVAILABLE -> initKeyManagerNotAvailable()
-                    Mode.WAIT_CREDENTIAL -> initWaitData()
-                    Mode.STORE_CREDENTIAL -> initEncryptData()
-                    Mode.EXTRACT_CREDENTIAL -> initDecryptData()
-                }
-            } catch (e: Exception) {
-                onGenericException(e)
-            }
-            invalidateBiometricMenu()
-        }
-    }
-
-    private fun invalidateBiometricMenu() {
-        // Show fingerprint key deletion
-        if (!mAddBiometricMenuInProgress) {
-            mAddBiometricMenuInProgress = true
-            databaseFileUri?.let { databaseUri ->
-                cipherDatabaseAction.containsCipherDatabase(databaseUri) { containsCipher ->
-                    mAllowAdvancedUnlockMenu = containsCipher
-                            && (biometricMode != Mode.BIOMETRIC_UNAVAILABLE
-                            && biometricMode != Mode.KEY_MANAGER_UNAVAILABLE)
-                    mAddBiometricMenuInProgress = false
-                    activity?.invalidateOptionsMenu()
-                }
-            }
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    fun connect(databaseUri: Uri) {
-        showViews(true)
-        this.databaseFileUri = databaseUri
-        cipherDatabaseListener = object: CipherDatabaseAction.CipherDatabaseListener {
-            override fun onCipherDatabaseCleared() {
-                advancedUnlockManager?.closeBiometricPrompt()
-                checkUnlockAvailability()
-            }
-        }
-        cipherDatabaseAction.apply {
-            reloadPreferences()
-            cipherDatabaseListener?.let {
-                registerDatabaseListener(it)
-            }
-        }
-        checkUnlockAvailability()
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    fun disconnect(hideViews: Boolean = true,
-                   closePrompt: Boolean = true) {
-        this.databaseFileUri = null
-        // Close the biometric prompt
-        allowOpenBiometricPrompt = false
-        if (closePrompt)
-            advancedUnlockManager?.closeBiometricPrompt()
-        cipherDatabaseListener?.let {
-            cipherDatabaseAction.unregisterDatabaseListener(it)
-        }
-        biometricMode = Mode.BIOMETRIC_UNAVAILABLE
-        if (hideViews) {
-            showViews(false)
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    fun deleteEncryptedDatabaseKey() {
-        mAllowAdvancedUnlockMenu = false
-        advancedUnlockManager?.closeBiometricPrompt()
-        databaseFileUri?.let { databaseUri ->
-            cipherDatabaseAction.deleteByDatabaseUri(databaseUri) {
-                checkUnlockAvailability()
-            }
-        } ?: checkUnlockAvailability()
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
-        lifecycleScope.launch(Dispatchers.Main) {
-            Log.e(TAG, "Biometric authentication error. Code : $errorCode Error : $errString")
-            setAdvancedUnlockedMessageView(errString.toString())
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    override fun onAuthenticationFailed() {
-        lifecycleScope.launch(Dispatchers.Main) {
-            Log.e(TAG, "Biometric authentication failed, biometric not recognized")
-            setAdvancedUnlockedMessageView(R.string.advanced_unlock_not_recognized)
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    override fun onAuthenticationSucceeded() {
-        lifecycleScope.launch(Dispatchers.Main) {
-            when (biometricMode) {
-                Mode.BIOMETRIC_UNAVAILABLE -> {
-                }
-                Mode.BIOMETRIC_SECURITY_UPDATE_REQUIRED -> {
-                }
-                Mode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED -> {
-                }
-                Mode.KEY_MANAGER_UNAVAILABLE -> {
-                }
-                Mode.WAIT_CREDENTIAL -> {
-                }
-                Mode.STORE_CREDENTIAL -> {
-                    // newly store the entered password in encrypted way
-                    mBuilderListener?.retrieveCredentialForEncryption()?.let { credential ->
-                        advancedUnlockManager?.encryptData(credential)
-                    }
-                }
-                Mode.EXTRACT_CREDENTIAL -> {
-                    // retrieve the encrypted value from preferences
-                    databaseFileUri?.let { databaseUri ->
-                        cipherDatabaseAction.getCipherDatabase(databaseUri) { cipherDatabase ->
-                            cipherDatabase?.encryptedValue?.let { value ->
-                                advancedUnlockManager?.decryptData(value)
-                            } ?: deleteEncryptedDatabaseKey()
-                        }
-                    } ?: run {
-                        onAuthenticationError(-1, getString(R.string.error_database_uri_null))
-                    }
-                }
-            }
-        }
-    }
-
-    override fun handleEncryptedResult(encryptedValue: ByteArray, ivSpec: ByteArray) {
-        databaseFileUri?.let { databaseUri ->
-            mBuilderListener?.onCredentialEncrypted(
-                CipherEncryptDatabase().apply {
-                    this.databaseUri = databaseUri
-                    this.credentialStorage = credentialDatabaseStorage
-                    this.encryptedValue = encryptedValue
-                    this.specParameters = ivSpec
-                }
-            )
-        }
-    }
-
-    override fun handleDecryptedResult(decryptedValue: ByteArray) {
-        // Load database directly with password retrieve
-        databaseFileUri?.let { databaseUri ->
-            mBuilderListener?.onCredentialDecrypted(
-                CipherDecryptDatabase().apply {
-                    this.databaseUri = databaseUri
-                    this.credentialStorage = credentialDatabaseStorage
-                    this.decryptedValue = decryptedValue
-                }
-            )
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    override fun onUnrecoverableKeyException(e: Exception) {
-        setAdvancedUnlockedMessageView(R.string.advanced_unlock_invalid_key)
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    override fun onInvalidKeyException(e: Exception) {
-        setAdvancedUnlockedMessageView(R.string.advanced_unlock_invalid_key)
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    override fun onGenericException(e: Exception) {
-        val errorMessage = e.cause?.localizedMessage ?: e.localizedMessage ?: ""
-        setAdvancedUnlockedMessageView(errorMessage)
-    }
-
-    private fun showViews(show: Boolean) {
-        lifecycleScope.launch(Dispatchers.Main) {
-            if (show) {
-                if (mAdvancedUnlockInfoView?.visibility != View.VISIBLE)
-                    mAdvancedUnlockInfoView?.showByFading()
-            }
-            else {
-                if (mAdvancedUnlockInfoView?.visibility == View.VISIBLE)
-                    mAdvancedUnlockInfoView?.hideByFading()
-            }
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun setAdvancedUnlockedTitleView(textId: Int) {
-        lifecycleScope.launch(Dispatchers.Main) {
-            mAdvancedUnlockInfoView?.setTitle(textId)
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun setAdvancedUnlockedMessageView(textId: Int) {
-        lifecycleScope.launch(Dispatchers.Main) {
-            mAdvancedUnlockInfoView?.setMessage(textId)
-        }
-    }
-
-    @RequiresApi(Build.VERSION_CODES.M)
-    private fun setAdvancedUnlockedMessageView(text: CharSequence) {
-        lifecycleScope.launch(Dispatchers.Main) {
-            mAdvancedUnlockInfoView?.setMessage(text)
-        }
-    }
-
-    enum class Mode {
-        BIOMETRIC_UNAVAILABLE,
-        BIOMETRIC_SECURITY_UPDATE_REQUIRED,
-        DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED,
-        KEY_MANAGER_UNAVAILABLE,
-        WAIT_CREDENTIAL,
-        STORE_CREDENTIAL,
-        EXTRACT_CREDENTIAL
-    }
-
-    interface BuilderListener {
-        fun retrieveCredentialForEncryption(): ByteArray
-        fun conditionToStoreCredential(): Boolean
-        fun onCredentialEncrypted(cipherEncryptDatabase: CipherEncryptDatabase)
-        fun onCredentialDecrypted(cipherDecryptDatabase: CipherDecryptDatabase)
-    }
-
-    override fun onPause() {
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-            if (!keepConnection) {
-                // If close prompt, bug "user not authenticated in Android R"
-                disconnect(false)
-                advancedUnlockManager = null
-            }
-        }
-
-        super.onPause()
-    }
-
-    override fun onDestroyView() {
-        mAdvancedUnlockInfoView = null
-
-        super.onDestroyView()
-    }
-
-    override fun onDestroy() {
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-            disconnect()
-            advancedUnlockManager = null
-            mBuilderListener = null
-        }
-
-        super.onDestroy()
-    }
-
-    override fun onDetach() {
-        mBuilderListener = null
-
-        super.onDetach()
-    }
-
-    companion object {
-
-        private val TAG = AdvancedUnlockFragment::class.java.name
-    }
-}

app/src/main/java/com/kunzisoft/keepass/biometric/AdvancedUnlockManager.kt

@@ -1,506 +0,0 @@
-/*
- * Copyright 2020 Jeremy Jamet / Kunzisoft.
- *
- * This file is part of KeePassDX.
- *
- *  KeePassDX is free software: you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License as published by
- *  the Free Software Foundation, either version 3 of the License, or
- *  (at your option) any later version.
- *
- *  KeePassDX is distributed in the hope that it will be useful,
- *  but WITHOUT ANY WARRANTY; without even the implied warranty of
- *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- *  GNU General Public License for more details.
- *
- *  You should have received a copy of the GNU General Public License
- *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-package com.kunzisoft.keepass.biometric
-
-import android.app.KeyguardManager
-import android.content.Context
-import android.content.Intent
-import android.content.pm.PackageManager
-import android.os.Build
-import android.security.keystore.KeyGenParameterSpec
-import android.security.keystore.KeyPermanentlyInvalidatedException
-import android.security.keystore.KeyProperties
-import android.util.Log
-import android.widget.Toast
-import androidx.activity.result.ActivityResultLauncher
-import androidx.annotation.RequiresApi
-import androidx.biometric.BiometricManager
-import androidx.biometric.BiometricManager.Authenticators.*
-import androidx.biometric.BiometricPrompt
-import androidx.core.content.ContextCompat
-import androidx.fragment.app.FragmentActivity
-import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.app.database.CipherDatabaseAction
-import com.kunzisoft.keepass.settings.PreferencesUtil
-import java.security.KeyStore
-import java.security.UnrecoverableKeyException
-import java.util.concurrent.Executors
-import javax.crypto.BadPaddingException
-import javax.crypto.Cipher
-import javax.crypto.KeyGenerator
-import javax.crypto.SecretKey
-import javax.crypto.spec.IvParameterSpec
-
-@RequiresApi(api = Build.VERSION_CODES.M)
-class AdvancedUnlockManager(private var retrieveContext: () -> FragmentActivity) {
-
-    private var keyStore: KeyStore? = null
-    private var keyGenerator: KeyGenerator? = null
-    private var cipher: Cipher? = null
-
-    private var biometricPrompt: BiometricPrompt? = null
-    private var authenticationCallback = object: BiometricPrompt.AuthenticationCallback() {
-        override fun onAuthenticationSucceeded(result: BiometricPrompt.AuthenticationResult) {
-            advancedUnlockCallback?.onAuthenticationSucceeded()
-        }
-
-        override fun onAuthenticationFailed() {
-            advancedUnlockCallback?.onAuthenticationFailed()
-        }
-
-        override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
-            advancedUnlockCallback?.onAuthenticationError(errorCode, errString)
-        }
-    }
-
-    var advancedUnlockCallback: AdvancedUnlockCallback? = null
-
-    private var isKeyManagerInit = false
-
-    private val biometricUnlockEnable = PreferencesUtil.isBiometricUnlockEnable(retrieveContext())
-    private val deviceCredentialUnlockEnable = PreferencesUtil.isDeviceCredentialUnlockEnable(retrieveContext())
-
-    val isKeyManagerInitialized: Boolean
-        get() {
-            if (!isKeyManagerInit) {
-                advancedUnlockCallback?.onGenericException(Exception("Biometric not initialized"))
-            }
-            return isKeyManagerInit
-        }
-
-    private fun isBiometricOperation(): Boolean {
-        return biometricUnlockEnable || isDeviceCredentialBiometricOperation()
-    }
-
-    // Since Android 30, device credential is also a biometric operation
-    private fun isDeviceCredentialOperation(): Boolean {
-        return Build.VERSION.SDK_INT < Build.VERSION_CODES.R
-                && deviceCredentialUnlockEnable
-    }
-
-    private fun isDeviceCredentialBiometricOperation(): Boolean {
-        return Build.VERSION.SDK_INT >= Build.VERSION_CODES.R
-                && deviceCredentialUnlockEnable
-    }
-
-    init {
-        if (isDeviceSecure(retrieveContext())
-                && (biometricUnlockEnable || deviceCredentialUnlockEnable)) {
-            try {
-                this.keyStore = KeyStore.getInstance(ADVANCED_UNLOCK_KEYSTORE)
-                this.keyGenerator = KeyGenerator.getInstance(ADVANCED_UNLOCK_KEY_ALGORITHM, ADVANCED_UNLOCK_KEYSTORE)
-                this.cipher = Cipher.getInstance(
-                        ADVANCED_UNLOCK_KEY_ALGORITHM + "/"
-                                + ADVANCED_UNLOCK_BLOCKS_MODES + "/"
-                                + ADVANCED_UNLOCK_ENCRYPTION_PADDING)
-                isKeyManagerInit = (keyStore != null
-                        && keyGenerator != null
-                        && cipher != null)
-            } catch (e: Exception) {
-                Log.e(TAG, "Unable to initialize the keystore", e)
-                isKeyManagerInit = false
-                advancedUnlockCallback?.onGenericException(e)
-            }
-        } else {
-            // really not much to do when no fingerprint support found
-            isKeyManagerInit = false
-        }
-    }
-
-    @Synchronized private fun getSecretKey(): SecretKey? {
-        if (!isKeyManagerInitialized) {
-            return null
-        }
-        try {
-            // Create new key if needed
-            keyStore?.let { keyStore ->
-                keyStore.load(null)
-
-                try {
-                    if (!keyStore.containsAlias(ADVANCED_UNLOCK_KEYSTORE_KEY)) {
-                        // Set the alias of the entry in Android KeyStore where the key will appear
-                        // and the constrains (purposes) in the constructor of the Builder
-                        keyGenerator?.init(
-                                KeyGenParameterSpec.Builder(
-                                    ADVANCED_UNLOCK_KEYSTORE_KEY,
-                                    KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
-                                    .setBlockModes(ADVANCED_UNLOCK_BLOCKS_MODES)
-                                    .setEncryptionPaddings(ADVANCED_UNLOCK_ENCRYPTION_PADDING)
-                                    .apply {
-                                        // Require the user to authenticate with a fingerprint to authorize every use
-                                        // of the key, don't use it for device credential because it's the user authentication
-                                        if (biometricUnlockEnable) {
-                                            setUserAuthenticationRequired(true)
-                                        }
-                                        // To store in the security chip
-                                        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P
-                                            && retrieveContext().packageManager.hasSystemFeature(
-                                                PackageManager.FEATURE_STRONGBOX_KEYSTORE)) {
-                                            setIsStrongBoxBacked(true)
-                                        }
-                                    }
-                                    .build())
-                        keyGenerator?.generateKey()
-                    }
-                } catch (e: Exception) {
-                    Log.e(TAG, "Unable to create a key in keystore", e)
-                    advancedUnlockCallback?.onGenericException(e)
-                }
-
-                return keyStore.getKey(ADVANCED_UNLOCK_KEYSTORE_KEY, null) as SecretKey?
-            }
-        } catch (e: Exception) {
-            Log.e(TAG, "Unable to retrieve the key in keystore", e)
-            advancedUnlockCallback?.onGenericException(e)
-        }
-        return null
-    }
-
-    @Synchronized fun initEncryptData(actionIfCypherInit: (cryptoPrompt: AdvancedUnlockCryptoPrompt) -> Unit,) {
-        initEncryptData(actionIfCypherInit, true)
-    }
-
-    @Synchronized private fun initEncryptData(actionIfCypherInit: (cryptoPrompt: AdvancedUnlockCryptoPrompt) -> Unit,
-                                firstLaunch: Boolean) {
-        if (!isKeyManagerInitialized) {
-            return
-        }
-        try {
-            getSecretKey()?.let { secretKey ->
-                cipher?.let { cipher ->
-                    cipher.init(Cipher.ENCRYPT_MODE, secretKey)
-
-                    actionIfCypherInit.invoke(
-                            AdvancedUnlockCryptoPrompt(
-                                    cipher,
-                                    R.string.advanced_unlock_prompt_store_credential_title,
-                                    R.string.advanced_unlock_prompt_store_credential_message,
-                                    isDeviceCredentialOperation(), isBiometricOperation())
-                    )
-                }
-            }
-        } catch (unrecoverableKeyException: UnrecoverableKeyException) {
-            Log.e(TAG, "Unable to initialize encrypt data", unrecoverableKeyException)
-            advancedUnlockCallback?.onUnrecoverableKeyException(unrecoverableKeyException)
-        } catch (invalidKeyException: KeyPermanentlyInvalidatedException) {
-            Log.e(TAG, "Unable to initialize encrypt data", invalidKeyException)
-            if (firstLaunch) {
-                deleteAllEntryKeysInKeystoreForBiometric(retrieveContext())
-                initEncryptData(actionIfCypherInit, false)
-            } else {
-                advancedUnlockCallback?.onInvalidKeyException(invalidKeyException)
-            }
-        } catch (e: Exception) {
-            Log.e(TAG, "Unable to initialize encrypt data", e)
-            advancedUnlockCallback?.onGenericException(e)
-        }
-    }
-
-    @Synchronized fun encryptData(value: ByteArray) {
-        if (!isKeyManagerInitialized) {
-            return
-        }
-        try {
-            val encrypted = cipher?.doFinal(value) ?: byteArrayOf()
-            // passes updated iv spec on to callback so this can be stored for decryption
-            cipher?.parameters?.getParameterSpec(IvParameterSpec::class.java)?.let{ spec ->
-                advancedUnlockCallback?.handleEncryptedResult(encrypted, spec.iv)
-            }
-        } catch (e: Exception) {
-            Log.e(TAG, "Unable to encrypt data", e)
-            advancedUnlockCallback?.onGenericException(e)
-        }
-    }
-
-    @Synchronized fun initDecryptData(ivSpecValue: ByteArray,
-                        actionIfCypherInit: (cryptoPrompt: AdvancedUnlockCryptoPrompt) -> Unit) {
-        initDecryptData(ivSpecValue, actionIfCypherInit, true)
-    }
-
-    @Synchronized private fun initDecryptData(ivSpecValue: ByteArray,
-                        actionIfCypherInit: (cryptoPrompt: AdvancedUnlockCryptoPrompt) -> Unit,
-                        firstLaunch: Boolean = true) {
-        if (!isKeyManagerInitialized) {
-            return
-        }
-        try {
-            // important to restore spec here that was used for decryption
-            val spec = IvParameterSpec(ivSpecValue)
-            getSecretKey()?.let { secretKey ->
-                cipher?.let { cipher ->
-                    cipher.init(Cipher.DECRYPT_MODE, secretKey, spec)
-
-                    actionIfCypherInit.invoke(
-                            AdvancedUnlockCryptoPrompt(
-                                    cipher,
-                                    R.string.advanced_unlock_prompt_extract_credential_title,
-                                    null,
-                                    isDeviceCredentialOperation(), isBiometricOperation())
-                    )
-                }
-            }
-        } catch (unrecoverableKeyException: UnrecoverableKeyException) {
-            Log.e(TAG, "Unable to initialize decrypt data", unrecoverableKeyException)
-            if (firstLaunch) {
-                deleteKeystoreKey()
-                initDecryptData(ivSpecValue, actionIfCypherInit, firstLaunch)
-            } else {
-                advancedUnlockCallback?.onUnrecoverableKeyException(unrecoverableKeyException)
-            }
-        } catch (invalidKeyException: KeyPermanentlyInvalidatedException) {
-            Log.e(TAG, "Unable to initialize decrypt data", invalidKeyException)
-            if (firstLaunch) {
-                deleteAllEntryKeysInKeystoreForBiometric(retrieveContext())
-                initDecryptData(ivSpecValue, actionIfCypherInit, firstLaunch)
-            } else {
-                advancedUnlockCallback?.onInvalidKeyException(invalidKeyException)
-            }
-        } catch (e: Exception) {
-            Log.e(TAG, "Unable to initialize decrypt data", e)
-            advancedUnlockCallback?.onGenericException(e)
-        }
-    }
-
-    @Synchronized fun decryptData(encryptedValue: ByteArray) {
-        if (!isKeyManagerInitialized) {
-            return
-        }
-        try {
-            // actual decryption here
-            cipher?.doFinal(encryptedValue)?.let { decrypted ->
-                advancedUnlockCallback?.handleDecryptedResult(decrypted)
-            }
-        } catch (badPaddingException: BadPaddingException) {
-            Log.e(TAG, "Unable to decrypt data", badPaddingException)
-            advancedUnlockCallback?.onInvalidKeyException(badPaddingException)
-        } catch (e: Exception) {
-            Log.e(TAG, "Unable to decrypt data", e)
-            advancedUnlockCallback?.onGenericException(e)
-        }
-    }
-
-    @Synchronized fun deleteKeystoreKey() {
-        try {
-            keyStore?.load(null)
-            keyStore?.deleteEntry(ADVANCED_UNLOCK_KEYSTORE_KEY)
-        } catch (e: Exception) {
-            Log.e(TAG, "Unable to delete entry key in keystore", e)
-            advancedUnlockCallback?.onGenericException(e)
-        }
-    }
-
-    @Synchronized fun openAdvancedUnlockPrompt(cryptoPrompt: AdvancedUnlockCryptoPrompt,
-                                 deviceCredentialResultLauncher: ActivityResultLauncher<Intent>
-    ) {
-        // Init advanced unlock prompt
-        if (biometricPrompt == null) {
-            biometricPrompt = BiometricPrompt(retrieveContext(),
-                    Executors.newSingleThreadExecutor(),
-                    authenticationCallback)
-        }
-
-        val promptTitle = retrieveContext().getString(cryptoPrompt.promptTitleId)
-        val promptDescription = cryptoPrompt.promptDescriptionId?.let { descriptionId ->
-            retrieveContext().getString(descriptionId)
-        } ?: ""
-
-        if (cryptoPrompt.isBiometricOperation) {
-            val promptInfoExtractCredential = BiometricPrompt.PromptInfo.Builder().apply {
-                setTitle(promptTitle)
-                if (promptDescription.isNotEmpty())
-                    setDescription(promptDescription)
-                setConfirmationRequired(false)
-                if (isDeviceCredentialBiometricOperation()) {
-                    setAllowedAuthenticators(DEVICE_CREDENTIAL)
-                } else {
-                    setNegativeButtonText(retrieveContext().getString(android.R.string.cancel))
-                }
-            }.build()
-            biometricPrompt?.authenticate(
-                    promptInfoExtractCredential,
-                    BiometricPrompt.CryptoObject(cryptoPrompt.cipher))
-        }
-        else if (cryptoPrompt.isDeviceCredentialOperation) {
-            val keyGuardManager = ContextCompat.getSystemService(retrieveContext(), KeyguardManager::class.java)
-            @Suppress("DEPRECATION")
-            deviceCredentialResultLauncher.launch(
-                keyGuardManager?.createConfirmDeviceCredentialIntent(promptTitle, promptDescription)
-            )
-        }
-    }
-
-    @Synchronized fun closeBiometricPrompt() {
-        biometricPrompt?.cancelAuthentication()
-    }
-
-    interface AdvancedUnlockErrorCallback {
-        fun onUnrecoverableKeyException(e: Exception)
-        fun onInvalidKeyException(e: Exception)
-        fun onGenericException(e: Exception)
-    }
-
-    interface AdvancedUnlockCallback : AdvancedUnlockErrorCallback {
-        fun onAuthenticationSucceeded()
-        fun onAuthenticationFailed()
-        fun onAuthenticationError(errorCode: Int, errString: CharSequence)
-        fun handleEncryptedResult(encryptedValue: ByteArray, ivSpec: ByteArray)
-        fun handleDecryptedResult(decryptedValue: ByteArray)
-    }
-
-    companion object {
-
-        private val TAG = AdvancedUnlockManager::class.java.name
-
-        private const val ADVANCED_UNLOCK_KEYSTORE = "AndroidKeyStore"
-        private const val ADVANCED_UNLOCK_KEYSTORE_KEY = "com.kunzisoft.keepass.biometric.key"
-        private const val ADVANCED_UNLOCK_KEY_ALGORITHM = KeyProperties.KEY_ALGORITHM_AES
-        private const val ADVANCED_UNLOCK_BLOCKS_MODES = KeyProperties.BLOCK_MODE_CBC
-        private const val ADVANCED_UNLOCK_ENCRYPTION_PADDING = KeyProperties.ENCRYPTION_PADDING_PKCS7
-
-        @RequiresApi(api = Build.VERSION_CODES.M)
-        fun canAuthenticate(context: Context): Int {
-            return try {
-                BiometricManager.from(context).canAuthenticate(
-                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R
-                            && PreferencesUtil.isDeviceCredentialUnlockEnable(context)) {
-                        BIOMETRIC_STRONG or DEVICE_CREDENTIAL
-                    } else {
-                        BIOMETRIC_STRONG
-                    }
-                )
-            } catch (e: Exception) {
-                Log.e(TAG, "Unable to authenticate with strong biometric.", e)
-                try {
-                    BiometricManager.from(context).canAuthenticate(
-                            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R
-                                    && PreferencesUtil.isDeviceCredentialUnlockEnable(context)) {
-                                BIOMETRIC_WEAK or DEVICE_CREDENTIAL
-                            } else {
-                                BIOMETRIC_WEAK
-                            }
-                    )
-                } catch (e: Exception) {
-                    Log.e(TAG, "Unable to authenticate with weak biometric.", e)
-                    BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE
-                }
-            }
-        }
-
-        fun isDeviceSecure(context: Context): Boolean {
-            return ContextCompat.getSystemService(context, KeyguardManager::class.java)
-                ?.isDeviceSecure ?: false
-        }
-
-        fun biometricUnlockSupported(context: Context): Boolean {
-            val biometricCanAuthenticate = try {
-                BiometricManager.from(context).canAuthenticate(BIOMETRIC_STRONG)
-            } catch (e: Exception) {
-                Log.e(TAG, "Unable to authenticate with strong biometric.", e)
-                try {
-                    BiometricManager.from(context).canAuthenticate(BIOMETRIC_WEAK)
-                } catch (e: Exception) {
-                    Log.e(TAG, "Unable to authenticate with weak biometric.", e)
-                    BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE
-                }
-            }
-            return (biometricCanAuthenticate == BiometricManager.BIOMETRIC_SUCCESS
-                    || biometricCanAuthenticate == BiometricManager.BIOMETRIC_STATUS_UNKNOWN
-                    || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE
-                    || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED
-                    || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED
-            )
-        }
-
-        fun deviceCredentialUnlockSupported(context: Context): Boolean {
-            return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
-                val biometricCanAuthenticate = BiometricManager.from(context).canAuthenticate(DEVICE_CREDENTIAL)
-                (biometricCanAuthenticate == BiometricManager.BIOMETRIC_SUCCESS
-                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_STATUS_UNKNOWN
-                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE
-                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED
-                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED
-                        )
-            } else {
-                true
-            }
-        }
-
-        /**
-         * Remove entry key in keystore
-         */
-        fun deleteEntryKeyInKeystoreForBiometric(fragmentActivity: FragmentActivity,
-                                                 advancedCallback: AdvancedUnlockErrorCallback) {
-            AdvancedUnlockManager{ fragmentActivity }.apply {
-                advancedUnlockCallback = object : AdvancedUnlockCallback {
-                    override fun onAuthenticationSucceeded() {}
-
-                    override fun onAuthenticationFailed() {}
-
-                    override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {}
-
-                    override fun handleEncryptedResult(encryptedValue: ByteArray, ivSpec: ByteArray) {}
-
-                    override fun handleDecryptedResult(decryptedValue: ByteArray) {}
-
-                    override fun onUnrecoverableKeyException(e: Exception) {
-                        advancedCallback.onUnrecoverableKeyException(e)
-                    }
-
-                    override fun onInvalidKeyException(e: Exception) {
-                        advancedCallback.onInvalidKeyException(e)
-                    }
-
-                    override fun onGenericException(e: Exception) {
-                        advancedCallback.onGenericException(e)
-                    }
-                }
-                deleteKeystoreKey()
-            }
-        }
-
-        fun deleteAllEntryKeysInKeystoreForBiometric(activity: FragmentActivity) {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                deleteEntryKeyInKeystoreForBiometric(
-                    activity,
-                    object : AdvancedUnlockErrorCallback {
-                        fun showException(e: Exception) {
-                            Toast.makeText(activity,
-                                activity.getString(R.string.advanced_unlock_scanning_error, e.localizedMessage),
-                                Toast.LENGTH_SHORT).show()
-                        }
-
-                        override fun onUnrecoverableKeyException(e: Exception) {
-                            showException(e)
-                        }
-
-                        override fun onInvalidKeyException(e: Exception) {
-                            showException(e)
-                        }
-
-                        override fun onGenericException(e: Exception) {
-                            showException(e)
-                        }
-                    })
-            }
-            CipherDatabaseAction.getInstance(activity.applicationContext).deleteAll()
-        }
-    }
-
-}

app/src/main/java/com/kunzisoft/keepass/biometric/DeviceUnlockCryptoPrompt.kt

@@ -0,0 +1,21 @@
+package com.kunzisoft.keepass.biometric
+
+import androidx.annotation.StringRes
+import javax.crypto.Cipher
+
+data class DeviceUnlockCryptoPrompt(
+    var type: DeviceUnlockCryptoPromptType,
+    var cipher: Cipher,
+    @StringRes var titleId: Int,
+    @StringRes var descriptionId: Int? = null,
+    var isDeviceCredentialOperation: Boolean,
+    var isBiometricOperation: Boolean
+) {
+    fun isOldCredentialOperation(): Boolean {
+        return !isBiometricOperation && isDeviceCredentialOperation
+    }
+}
+
+enum class DeviceUnlockCryptoPromptType {
+    CREDENTIAL_ENCRYPTION, CREDENTIAL_DECRYPTION
+}

app/src/main/java/com/kunzisoft/keepass/biometric/DeviceUnlockFragment.kt

@@ -0,0 +1,363 @@
+/*
+ * Copyright 2020 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.biometric
+
+import android.app.Activity
+import android.app.KeyguardManager
+import android.content.Intent
+import android.os.Build
+import android.os.Bundle
+import android.provider.Settings
+import android.util.Log
+import android.view.LayoutInflater
+import android.view.Menu
+import android.view.MenuInflater
+import android.view.MenuItem
+import android.view.View
+import android.view.ViewGroup
+import androidx.activity.result.ActivityResultLauncher
+import androidx.activity.result.contract.ActivityResultContracts
+import androidx.annotation.RequiresApi
+import androidx.biometric.BiometricManager.Authenticators.DEVICE_CREDENTIAL
+import androidx.biometric.BiometricPrompt
+import androidx.core.content.ContextCompat
+import androidx.core.view.MenuProvider
+import androidx.fragment.app.Fragment
+import androidx.fragment.app.activityViewModels
+import androidx.lifecycle.Lifecycle
+import androidx.lifecycle.lifecycleScope
+import androidx.lifecycle.repeatOnLifecycle
+import com.kunzisoft.keepass.R
+import com.kunzisoft.keepass.view.DeviceUnlockView
+import com.kunzisoft.keepass.view.hideByFading
+import com.kunzisoft.keepass.view.showByFading
+import com.kunzisoft.keepass.viewmodels.DeviceUnlockPromptMode
+import com.kunzisoft.keepass.viewmodels.DeviceUnlockViewModel
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.launch
+import java.util.concurrent.Executors
+
+@RequiresApi(Build.VERSION_CODES.M)
+class DeviceUnlockFragment: Fragment() {
+
+    private var mDeviceUnlockView: DeviceUnlockView? = null
+
+    private val mDeviceUnlockViewModel: DeviceUnlockViewModel by activityViewModels()
+
+    private var mBiometricPrompt: BiometricPrompt? = null
+
+    // Only to fix multiple fingerprint menu #332
+    private var mAllowDeviceUnlockMenu = false
+
+    private var mDeviceCredentialResultLauncher: ActivityResultLauncher<Intent>? = registerForActivityResult(
+        ActivityResultContracts.StartActivityForResult()
+    ) { result ->
+        if (result.resultCode == Activity.RESULT_OK) {
+            mDeviceUnlockViewModel.onAuthenticationSucceeded()
+        } else {
+            setAuthenticationFailed()
+        }
+        mDeviceUnlockViewModel.biometricPromptClosed()
+    }
+
+    private var biometricAuthenticationCallback = object: BiometricPrompt.AuthenticationCallback() {
+        override fun onAuthenticationSucceeded(result: BiometricPrompt.AuthenticationResult) {
+            mDeviceUnlockViewModel.onAuthenticationSucceeded(result)
+            mDeviceUnlockViewModel.biometricPromptClosed()
+        }
+
+        override fun onAuthenticationFailed() {
+            setAuthenticationFailed()
+        }
+
+        override fun onAuthenticationError(errorCode: Int, errString: CharSequence) {
+            setAuthenticationError(errorCode, errString)
+        }
+    }
+
+    private val menuProvider: MenuProvider = object: MenuProvider {
+        override fun onCreateMenu(menu: Menu, menuInflater: MenuInflater) {
+            // biometric menu
+            if (mAllowDeviceUnlockMenu)
+                menuInflater.inflate(R.menu.device_unlock, menu)
+        }
+
+        override fun onMenuItemSelected(menuItem: MenuItem): Boolean {
+            when (menuItem.itemId) {
+                R.id.menu_keystore_remove_key ->
+                    deleteEncryptedDatabaseKey()
+            }
+            return false
+        }
+    }
+
+    override fun onCreateView(inflater: LayoutInflater, container: ViewGroup?, savedInstanceState: Bundle?): View? {
+        super.onCreateView(inflater, container, savedInstanceState)
+
+        val rootView = inflater.inflate(R.layout.fragment_device_unlock, container, false)
+
+        mDeviceUnlockView = rootView.findViewById(R.id.device_unlock_view)
+
+        return rootView
+    }
+
+    override fun onViewCreated(view: View, savedInstanceState: Bundle?) {
+        super.onViewCreated(view, savedInstanceState)
+
+        // Init device unlock prompt
+        mBiometricPrompt = BiometricPrompt(
+            this@DeviceUnlockFragment,
+            Executors.newSingleThreadExecutor(),
+            biometricAuthenticationCallback
+        )
+
+        activity?.addMenuProvider(menuProvider, viewLifecycleOwner)
+
+        viewLifecycleOwner.lifecycleScope.launch {
+            viewLifecycleOwner.repeatOnLifecycle(Lifecycle.State.RESUMED) {
+                mDeviceUnlockViewModel.uiState.collect { uiState ->
+                    // Change mode
+                    toggleDeviceCredentialMode(uiState.newDeviceUnlockMode)
+                    // Prompt
+                    manageDeviceCredentialPrompt(uiState.cryptoPromptState)
+                    // Advanced menu
+                    mAllowDeviceUnlockMenu = uiState.allowDeviceUnlockMenu
+                    activity?.invalidateOptionsMenu()
+                }
+            }
+        }
+    }
+
+    fun cancelBiometricPrompt() {
+        lifecycleScope.launch(Dispatchers.Main) {
+            mBiometricPrompt?.cancelAuthentication()
+        }
+    }
+
+    private fun toggleDeviceCredentialMode(deviceUnlockMode: DeviceUnlockMode) {
+        lifecycleScope.launch(Dispatchers.Main) {
+            try {
+                when (deviceUnlockMode) {
+                    DeviceUnlockMode.BIOMETRIC_UNAVAILABLE -> setNotAvailableMode()
+                    DeviceUnlockMode.BIOMETRIC_SECURITY_UPDATE_REQUIRED -> setSecurityUpdateRequiredMode()
+                    DeviceUnlockMode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED -> setNotConfiguredMode()
+                    DeviceUnlockMode.KEY_MANAGER_UNAVAILABLE -> setKeyManagerNotAvailableMode()
+                    DeviceUnlockMode.WAIT_CREDENTIAL -> setWaitCredentialMode()
+                    DeviceUnlockMode.STORE_CREDENTIAL -> setStoreCredentialMode()
+                    DeviceUnlockMode.EXTRACT_CREDENTIAL -> setExtractCredentialMode()
+                }
+            } catch (e: Exception) {
+                mDeviceUnlockViewModel.setException(e)
+            }
+        }
+    }
+
+    private fun manageDeviceCredentialPrompt(
+        state: DeviceUnlockPromptMode
+    ) {
+        mDeviceUnlockViewModel.cryptoPrompt?.let { prompt ->
+            when (state) {
+                DeviceUnlockPromptMode.SHOW -> {
+                    openPrompt(prompt)
+                    mDeviceUnlockViewModel.promptShown()
+                }
+                DeviceUnlockPromptMode.CLOSE -> {
+                    cancelBiometricPrompt()
+                    mDeviceUnlockViewModel.biometricPromptClosed()
+                }
+                else -> {}
+            }
+        }
+    }
+
+    private fun openPrompt(cryptoPrompt: DeviceUnlockCryptoPrompt) {
+        lifecycleScope.launch(Dispatchers.Main) {
+            try {
+                val promptTitle = getString(cryptoPrompt.titleId)
+                val promptDescription = cryptoPrompt.descriptionId?.let { descriptionId ->
+                    getString(descriptionId)
+                } ?: ""
+
+                if (cryptoPrompt.isBiometricOperation) {
+                    mBiometricPrompt?.authenticate(
+                        BiometricPrompt.PromptInfo.Builder().apply {
+                            setTitle(promptTitle)
+                            if (promptDescription.isNotEmpty())
+                                setDescription(promptDescription)
+                            setConfirmationRequired(false)
+                            if (isDeviceCredentialBiometricOperation(context)) {
+                                setAllowedAuthenticators(DEVICE_CREDENTIAL)
+                            } else {
+                                setNegativeButtonText(getString(android.R.string.cancel))
+                            }
+                        }.build(),
+                        BiometricPrompt.CryptoObject(cryptoPrompt.cipher)
+                    )
+                } else if (cryptoPrompt.isDeviceCredentialOperation) {
+                    context?.let { context ->
+                        @Suppress("DEPRECATION")
+                        mDeviceCredentialResultLauncher?.launch(
+                            ContextCompat.getSystemService(
+                                context,
+                                KeyguardManager::class.java
+                            )?.createConfirmDeviceCredentialIntent(
+                                promptTitle,
+                                promptDescription
+                            )
+                        )
+                    }
+                }
+            } catch (e: Exception) {
+                Log.e(TAG, "Unable to open prompt", e)
+                mDeviceUnlockViewModel.setException(e)
+            }
+        }
+    }
+
+    private fun setNotAvailableMode() {
+        showViews(false)
+        mDeviceUnlockView?.setDeviceUnlockButtonViewClickListener(null)
+    }
+
+    private fun openBiometricSetting() {
+        mDeviceUnlockView?.setDeviceUnlockButtonViewClickListener {
+            try {
+                when {
+                    Build.VERSION.SDK_INT >= Build.VERSION_CODES.R -> {
+                        context?.startActivity(Intent(Settings.ACTION_BIOMETRIC_ENROLL))
+                    }
+                    Build.VERSION.SDK_INT >= Build.VERSION_CODES.P -> {
+                        @Suppress("DEPRECATION") context
+                            ?.startActivity(Intent(Settings.ACTION_FINGERPRINT_ENROLL))
+                    }
+                    else -> {
+                        context?.startActivity(Intent(Settings.ACTION_SECURITY_SETTINGS))
+                    }
+                }
+            } catch (e: Exception) {
+                // ACTION_SECURITY_SETTINGS does not contain fingerprint enrollment on some devices...
+                context?.startActivity(Intent(Settings.ACTION_SETTINGS))
+            }
+        }
+    }
+
+    private fun setSecurityUpdateRequiredMode() {
+        showViews(true)
+        setDeviceUnlockedTitleView(R.string.biometric_security_update_required)
+        openBiometricSetting()
+    }
+
+    private fun setNotConfiguredMode() {
+        showViews(true)
+        setDeviceUnlockedTitleView(R.string.configure_biometric)
+        openBiometricSetting()
+    }
+
+    private fun setKeyManagerNotAvailableMode() {
+        showViews(true)
+        setDeviceUnlockedTitleView(R.string.keystore_not_accessible)
+        openBiometricSetting()
+    }
+
+    private fun setWaitCredentialMode() {
+        showViews(true)
+        setDeviceUnlockedTitleView(R.string.unavailable)
+        context?.let { context ->
+            mDeviceUnlockView?.setDeviceUnlockButtonViewClickListener {
+                mDeviceUnlockViewModel.setException(SecurityException(
+                    context.getString(R.string.credential_before_click_device_unlock_button)
+                ))
+            }
+        }
+    }
+
+    private fun setStoreCredentialMode() {
+        showViews(true)
+        setDeviceUnlockedTitleView(R.string.unlock_and_link_biometric)
+        mDeviceUnlockView?.setDeviceUnlockButtonViewClickListener { _ ->
+            mDeviceUnlockViewModel.showPrompt()
+        }
+    }
+
+    private fun setExtractCredentialMode() {
+        showViews(true)
+        setDeviceUnlockedTitleView(R.string.unlock)
+        mDeviceUnlockView?.setDeviceUnlockButtonViewClickListener { _ ->
+            mDeviceUnlockViewModel.showPrompt()
+        }
+    }
+
+    fun deleteEncryptedDatabaseKey() {
+        mDeviceUnlockViewModel.deleteEncryptedDatabaseKey()
+    }
+
+    private fun showViews(show: Boolean) {
+        if (show) {
+            if (mDeviceUnlockView?.visibility != View.VISIBLE)
+                mDeviceUnlockView?.showByFading()
+        }
+        else {
+            if (mDeviceUnlockView?.visibility == View.VISIBLE)
+                mDeviceUnlockView?.hideByFading()
+        }
+    }
+
+    private fun setDeviceUnlockedTitleView(textId: Int) {
+        mDeviceUnlockView?.setTitle(textId)
+    }
+
+    private fun setAuthenticationError(errorCode: Int, errString: CharSequence) {
+        mDeviceUnlockViewModel.biometricPromptClosed()
+        when (errorCode) {
+            BiometricPrompt.ERROR_CANCELED,
+            BiometricPrompt.ERROR_NEGATIVE_BUTTON,
+            BiometricPrompt.ERROR_USER_CANCELED -> {
+                // No operation
+                Log.i(TAG, "$errString")
+            }
+            else -> {
+                Log.e(TAG, "Biometric authentication error. Code : $errorCode Error : $errString")
+                mDeviceUnlockViewModel.setException(SecurityException(errString.toString()))
+            }
+        }
+    }
+
+    private fun setAuthenticationFailed() {
+        Log.e(TAG, "Biometric authentication failed, biometric not recognized")
+        mDeviceUnlockViewModel.setException(
+            SecurityException(getString(R.string.device_unlock_not_recognized))
+        )
+    }
+
+    override fun onPause() {
+        super.onPause()
+        cancelBiometricPrompt()
+        mDeviceUnlockViewModel.clear()
+    }
+
+    override fun onDestroyView() {
+        mDeviceUnlockView = null
+        super.onDestroyView()
+    }
+
+    companion object {
+        private val TAG = DeviceUnlockFragment::class.java.name
+    }
+}

app/src/main/java/com/kunzisoft/keepass/biometric/DeviceUnlockManager.kt

@@ -0,0 +1,430 @@
+/*
+ * Copyright 2020 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.biometric
+
+import android.app.KeyguardManager
+import android.content.Context
+import android.content.pm.PackageManager
+import android.os.Build
+import android.security.keystore.KeyGenParameterSpec
+import android.security.keystore.KeyPermanentlyInvalidatedException
+import android.security.keystore.KeyProperties
+import android.util.Log
+import android.widget.Toast
+import androidx.annotation.RequiresApi
+import androidx.biometric.BiometricManager
+import androidx.biometric.BiometricManager.Authenticators.BIOMETRIC_STRONG
+import androidx.biometric.BiometricManager.Authenticators.BIOMETRIC_WEAK
+import androidx.biometric.BiometricManager.Authenticators.DEVICE_CREDENTIAL
+import androidx.core.content.ContextCompat
+import com.kunzisoft.keepass.R
+import com.kunzisoft.keepass.app.database.CipherDatabaseAction
+import com.kunzisoft.keepass.settings.PreferencesUtil
+import java.security.KeyStore
+import java.security.UnrecoverableKeyException
+import javax.crypto.Cipher
+import javax.crypto.KeyGenerator
+import javax.crypto.SecretKey
+import javax.crypto.spec.IvParameterSpec
+
+@RequiresApi(api = Build.VERSION_CODES.M)
+class DeviceUnlockManager(private var appContext: Context) {
+
+    private var keyStore: KeyStore? = null
+    private var keyGenerator: KeyGenerator? = null
+    private var cipher: Cipher? = null
+
+    private var biometricUnlockEnable = isBiometricUnlockEnable(appContext)
+    private var deviceCredentialUnlockEnable = isDeviceCredentialUnlockEnable(appContext)
+
+    init {
+        if (biometricUnlockEnable || deviceCredentialUnlockEnable) {
+            if (isDeviceSecure(appContext)) {
+                try {
+                    this.keyStore = KeyStore.getInstance(DEVICE_UNLOCK_KEYSTORE)
+                    this.keyGenerator = KeyGenerator.getInstance(
+                        DEVICE_UNLOCK_KEY_ALGORITHM,
+                        DEVICE_UNLOCK_KEYSTORE
+                    )
+                    this.cipher = Cipher.getInstance(
+                        DEVICE_UNLOCK_KEY_ALGORITHM + "/"
+                                + DEVICE_UNLOCK_BLOCKS_MODES + "/"
+                                + DEVICE_UNLOCK_ENCRYPTION_PADDING
+                    )
+                    if (keyStore == null) {
+                        throw SecurityException("Unable to initialize the keystore")
+                    }
+                    if (keyGenerator == null) {
+                        throw SecurityException("Unable to initialize the key generator")
+                    }
+                    if (cipher == null) {
+                        throw SecurityException("Unable to initialize the cipher")
+                    }
+                } catch (e: Exception) {
+                    Log.e(TAG, "Unable to initialize the device unlock manager", e)
+                    throw e
+                }
+            } else {
+                throw SecurityException("Device not secure enough")
+            }
+        }
+    }
+
+    @Synchronized private fun getSecretKey(): SecretKey? {
+        try {
+            // Create new key if needed
+            keyStore?.let { keyStore ->
+                keyStore.load(null)
+                try {
+                    if (!keyStore.containsAlias(DEVICE_UNLOCK_KEYSTORE_KEY)) {
+                        // Set the alias of the entry in Android KeyStore where the key will appear
+                        // and the constrains (purposes) in the constructor of the Builder
+                        keyGenerator?.init(
+                                KeyGenParameterSpec.Builder(
+                                    DEVICE_UNLOCK_KEYSTORE_KEY,
+                                    KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT)
+                                    .setBlockModes(DEVICE_UNLOCK_BLOCKS_MODES)
+                                    .setEncryptionPaddings(DEVICE_UNLOCK_ENCRYPTION_PADDING)
+                                    .apply {
+                                        // Require the user to authenticate with a fingerprint to authorize every use
+                                        // of the key, don't use it for device credential because it's the user authentication
+                                        if (biometricUnlockEnable) {
+                                            setUserAuthenticationRequired(true)
+                                        }
+                                        // To store in the security chip
+                                        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.P
+                                            && appContext.packageManager.hasSystemFeature(
+                                                PackageManager.FEATURE_STRONGBOX_KEYSTORE)) {
+                                            setIsStrongBoxBacked(true)
+                                        }
+                                    }
+                                    .build())
+                        keyGenerator?.generateKey()
+                    }
+                } catch (e: Exception) {
+                    Log.e(TAG, "Unable to create a key in keystore", e)
+                    throw e
+                }
+                return keyStore.getKey(DEVICE_UNLOCK_KEYSTORE_KEY, null) as SecretKey?
+            }
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to retrieve the key in keystore", e)
+            throw e
+        }
+        return null
+    }
+
+    @Synchronized fun initEncryptData(
+        actionIfCypherInit: (cryptoPrompt: DeviceUnlockCryptoPrompt) -> Unit
+    ) {
+        initEncryptData(true, actionIfCypherInit)
+    }
+
+    @Synchronized private fun initEncryptData(
+        firstLaunch: Boolean,
+        actionIfCypherInit: (cryptoPrompt: DeviceUnlockCryptoPrompt) -> Unit
+    ) {
+        try {
+            getSecretKey()?.let { secretKey ->
+                cipher?.let { cipher ->
+                    cipher.init(Cipher.ENCRYPT_MODE, secretKey)
+                    actionIfCypherInit.invoke(
+                        DeviceUnlockCryptoPrompt(
+                            type = DeviceUnlockCryptoPromptType.CREDENTIAL_ENCRYPTION,
+                            cipher = cipher,
+                            titleId = R.string.device_unlock_prompt_store_credential_title,
+                            descriptionId = R.string.device_unlock_prompt_store_credential_message,
+                            isDeviceCredentialOperation = isDeviceCredentialOperation(
+                                deviceCredentialUnlockEnable
+                            ),
+                            isBiometricOperation = isBiometricOperation(
+                                biometricUnlockEnable, deviceCredentialUnlockEnable
+                            )
+                        )
+                    )
+                }
+            }
+        } catch (unrecoverableKeyException: UnrecoverableKeyException) {
+            Log.e(TAG, "Unable to initialize encrypt data", unrecoverableKeyException)
+            throw unrecoverableKeyException
+        } catch (invalidKeyException: KeyPermanentlyInvalidatedException) {
+            Log.e(TAG, "Unable to initialize encrypt data", invalidKeyException)
+            if (firstLaunch) {
+                deleteAllEntryKeysInKeystoreForBiometric(appContext)
+                initEncryptData(false, actionIfCypherInit)
+            } else {
+                throw invalidKeyException
+            }
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to initialize encrypt data", e)
+            throw e
+        }
+    }
+
+    @Synchronized fun encryptData(
+        value: ByteArray,
+        cipher: Cipher?,
+        handleEncryptedResult: (encryptedValue: ByteArray, ivSpec: ByteArray) -> Unit
+    ) {
+        try {
+            val encrypted = cipher?.doFinal(value) ?: byteArrayOf()
+            // passes updated iv spec on to callback so this can be stored for decryption
+            cipher?.parameters?.getParameterSpec(IvParameterSpec::class.java)?.let{ spec ->
+                handleEncryptedResult.invoke(encrypted, spec.iv)
+            }
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to encrypt data", e)
+            throw e
+        }
+    }
+
+    @Synchronized fun initDecryptData(
+        ivSpecValue: ByteArray,
+        actionIfCypherInit: (cryptoPrompt: DeviceUnlockCryptoPrompt) -> Unit
+    ) {
+        initDecryptData(ivSpecValue, true, actionIfCypherInit)
+    }
+
+    @Synchronized private fun initDecryptData(
+        ivSpecValue: ByteArray,
+        firstLaunch: Boolean = true,
+        actionIfCypherInit: (cryptoPrompt: DeviceUnlockCryptoPrompt) -> Unit
+    ) {
+        try {
+            // important to restore spec here that was used for decryption
+            val spec = IvParameterSpec(ivSpecValue)
+            getSecretKey()?.let { secretKey ->
+                cipher?.let { cipher ->
+                    cipher.init(Cipher.DECRYPT_MODE, secretKey, spec)
+                    actionIfCypherInit.invoke(
+                        DeviceUnlockCryptoPrompt(
+                            type = DeviceUnlockCryptoPromptType.CREDENTIAL_DECRYPTION,
+                            cipher = cipher,
+                            titleId = R.string.device_unlock_prompt_extract_credential_title,
+                            descriptionId = null,
+                            isDeviceCredentialOperation = isDeviceCredentialOperation(
+                                deviceCredentialUnlockEnable
+                            ),
+                            isBiometricOperation = isBiometricOperation(
+                                biometricUnlockEnable, deviceCredentialUnlockEnable
+                            )
+                        )
+                    )
+                }
+            }
+        } catch (unrecoverableKeyException: UnrecoverableKeyException) {
+            Log.e(TAG, "Unable to initialize decrypt data", unrecoverableKeyException)
+            if (firstLaunch) {
+                deleteKeystoreKey()
+                initDecryptData(ivSpecValue, false, actionIfCypherInit)
+            } else {
+                throw unrecoverableKeyException
+            }
+        } catch (invalidKeyException: KeyPermanentlyInvalidatedException) {
+            Log.e(TAG, "Unable to initialize decrypt data", invalidKeyException)
+            if (firstLaunch) {
+                deleteAllEntryKeysInKeystoreForBiometric(appContext)
+                initDecryptData(ivSpecValue, false, actionIfCypherInit)
+            } else {
+                throw invalidKeyException
+            }
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to initialize decrypt data", e)
+            throw e
+        }
+    }
+
+    @Synchronized fun decryptData(
+        encryptedValue: ByteArray,
+        cipher: Cipher?,
+        handleDecryptedResult: (decryptedValue: ByteArray) -> Unit
+    ) {
+        try {
+            // actual decryption here
+            cipher?.doFinal(encryptedValue)?.let { decrypted ->
+                handleDecryptedResult.invoke(decrypted)
+            }
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to decrypt data", e)
+            throw e
+        }
+    }
+
+    @Synchronized fun deleteKeystoreKey() {
+        try {
+            keyStore?.load(null)
+            keyStore?.deleteEntry(DEVICE_UNLOCK_KEYSTORE_KEY)
+        } catch (e: Exception) {
+            Log.e(TAG, "Unable to delete entry key in keystore", e)
+            throw e
+        }
+    }
+
+    companion object {
+
+        private val TAG = DeviceUnlockManager::class.java.name
+
+        private const val DEVICE_UNLOCK_KEYSTORE = "AndroidKeyStore"
+        private const val DEVICE_UNLOCK_KEYSTORE_KEY = "com.kunzisoft.keepass.biometric.key"
+        private const val DEVICE_UNLOCK_KEY_ALGORITHM = KeyProperties.KEY_ALGORITHM_AES
+        private const val DEVICE_UNLOCK_BLOCKS_MODES = KeyProperties.BLOCK_MODE_CBC
+        private const val DEVICE_UNLOCK_ENCRYPTION_PADDING = KeyProperties.ENCRYPTION_PADDING_PKCS7
+
+        @RequiresApi(api = Build.VERSION_CODES.M)
+        fun canAuthenticate(context: Context): Int {
+            return try {
+                BiometricManager.from(context).canAuthenticate(
+                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R
+                            && PreferencesUtil.isDeviceCredentialUnlockEnable(context)) {
+                        BIOMETRIC_STRONG or DEVICE_CREDENTIAL
+                    } else {
+                        BIOMETRIC_STRONG
+                    }
+                )
+            } catch (e: Exception) {
+                Log.e(TAG, "Unable to authenticate with strong biometric.", e)
+                try {
+                    BiometricManager.from(context).canAuthenticate(
+                            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R
+                                    && PreferencesUtil.isDeviceCredentialUnlockEnable(context)) {
+                                BIOMETRIC_WEAK or DEVICE_CREDENTIAL
+                            } else {
+                                BIOMETRIC_WEAK
+                            }
+                    )
+                } catch (e: Exception) {
+                    Log.e(TAG, "Unable to authenticate with weak biometric.", e)
+                    BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE
+                }
+            }
+        }
+
+        fun isDeviceSecure(context: Context): Boolean {
+            return ContextCompat.getSystemService(context, KeyguardManager::class.java)
+                ?.isDeviceSecure ?: false
+        }
+
+        fun biometricUnlockSupported(context: Context): Boolean {
+            val biometricCanAuthenticate = try {
+                BiometricManager.from(context).canAuthenticate(BIOMETRIC_STRONG)
+            } catch (e: Exception) {
+                Log.e(TAG, "Unable to authenticate with strong biometric.", e)
+                try {
+                    BiometricManager.from(context).canAuthenticate(BIOMETRIC_WEAK)
+                } catch (e: Exception) {
+                    Log.e(TAG, "Unable to authenticate with weak biometric.", e)
+                    BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE
+                }
+            }
+            return (biometricCanAuthenticate == BiometricManager.BIOMETRIC_SUCCESS
+                    || biometricCanAuthenticate == BiometricManager.BIOMETRIC_STATUS_UNKNOWN
+                    || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE
+                    || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED
+                    || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED
+            )
+        }
+
+        fun deviceCredentialUnlockSupported(context: Context): Boolean {
+            return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+                val biometricCanAuthenticate = BiometricManager.from(context).canAuthenticate(DEVICE_CREDENTIAL)
+                (biometricCanAuthenticate == BiometricManager.BIOMETRIC_SUCCESS
+                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_STATUS_UNKNOWN
+                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE
+                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED
+                        || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED
+                        )
+            } else {
+                true
+            }
+        }
+
+        /**
+         * Remove entry key in keystore
+         */
+        fun deleteEntryKeyInKeystoreForBiometric(
+            appContext: Context
+        ) {
+            DeviceUnlockManager(appContext).apply {
+                deleteKeystoreKey()
+            }
+        }
+
+        fun deleteAllEntryKeysInKeystoreForBiometric(appContext: Context) {
+            try {
+                deleteEntryKeyInKeystoreForBiometric(appContext)
+            } catch (e: Exception) {
+                Toast.makeText(appContext,
+                    deviceUnlockError(e, appContext),
+                    Toast.LENGTH_SHORT).show()
+            } finally {
+                CipherDatabaseAction.getInstance(appContext).deleteAll()
+            }
+        }
+    }
+}
+
+fun deviceUnlockError(error: Throwable, context: Context): String {
+    return if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M
+        && (error is UnrecoverableKeyException
+                || error is KeyPermanentlyInvalidatedException)) {
+        context.getString(R.string.device_unlock_invalid_key)
+    } else
+        error.cause?.localizedMessage
+            ?: error.localizedMessage
+            ?: error.toString()
+}
+
+fun isBiometricUnlockEnable(appContext: Context) =
+    PreferencesUtil.isBiometricUnlockEnable(appContext)
+
+fun isDeviceCredentialUnlockEnable(appContext: Context) =
+    PreferencesUtil.isDeviceCredentialUnlockEnable(appContext)
+
+private fun isBiometricOperation(
+    biometricUnlockEnable: Boolean,
+    deviceCredentialUnlockEnable: Boolean
+): Boolean {
+    return biometricUnlockEnable
+            || isDeviceCredentialBiometricOperation(deviceCredentialUnlockEnable)
+}
+
+// Since Android 30, device credential is also a biometric operation
+private fun isDeviceCredentialOperation(
+    deviceCredentialUnlockEnable: Boolean
+): Boolean {
+    return Build.VERSION.SDK_INT < Build.VERSION_CODES.R
+            && deviceCredentialUnlockEnable
+}
+
+private fun isDeviceCredentialBiometricOperation(
+    deviceCredentialUnlockEnable: Boolean
+): Boolean {
+    return Build.VERSION.SDK_INT >= Build.VERSION_CODES.R
+            && deviceCredentialUnlockEnable
+}
+
+fun isDeviceCredentialBiometricOperation(context: Context?): Boolean {
+    if (context == null) {
+        return false
+    }
+    return isDeviceCredentialBiometricOperation(
+        isDeviceCredentialUnlockEnable(context)
+    )
+}

app/src/main/java/com/kunzisoft/keepass/biometric/DeviceUnlockMode.kt

@@ -0,0 +1,11 @@
+package com.kunzisoft.keepass.biometric
+
+enum class DeviceUnlockMode {
+    BIOMETRIC_UNAVAILABLE,
+    BIOMETRIC_SECURITY_UPDATE_REQUIRED,
+    DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED,
+    KEY_MANAGER_UNAVAILABLE,
+    WAIT_CREDENTIAL,
+    STORE_CREDENTIAL,
+    EXTRACT_CREDENTIAL
+}

app/src/main/java/com/kunzisoft/keepass/database/DatabaseTaskProvider.kt

@@ -40,6 +40,7 @@ import androidx.activity.result.contract.ActivityResultContracts
 import androidx.appcompat.app.AlertDialog
 import androidx.core.app.ActivityCompat.shouldShowRequestPermissionRationale
 import androidx.core.content.ContextCompat
+import androidx.core.content.ContextCompat.RECEIVER_NOT_EXPORTED
 import androidx.fragment.app.FragmentActivity
 import androidx.lifecycle.lifecycleScope
 import com.kunzisoft.keepass.R
@@ -182,8 +183,11 @@ class DatabaseTaskProvider(
 
     private var databaseInfoListener = object:
         DatabaseTaskNotificationService.DatabaseInfoListener {
-        override fun onDatabaseInfoChanged(previousDatabaseInfo: SnapFileDatabaseInfo,
-                                           newDatabaseInfo: SnapFileDatabaseInfo) {
+        override fun onDatabaseInfoChanged(
+            previousDatabaseInfo: SnapFileDatabaseInfo,
+            newDatabaseInfo: SnapFileDatabaseInfo,
+            readOnlyDatabase: Boolean
+        ) {
             activity?.let { activity ->
                 activity.lifecycleScope.launch {
                     if (databaseChangedDialogFragment == null) {
@@ -195,7 +199,8 @@ class DatabaseTaskProvider(
                     if (progressTaskDialogFragment == null) {
                         databaseChangedDialogFragment = DatabaseChangedDialogFragment.getInstance(
                             previousDatabaseInfo,
-                            newDatabaseInfo
+                            newDatabaseInfo,
+                            readOnlyDatabase
                         )
                         databaseChangedDialogFragment?.actionDatabaseListener =
                             mActionDatabaseListener
@@ -326,11 +331,11 @@ class DatabaseTaskProvider(
                 }
             }
         }
-        context.registerReceiver(databaseTaskBroadcastReceiver,
+        ContextCompat.registerReceiver(context, databaseTaskBroadcastReceiver,
             IntentFilter().apply {
                 addAction(DATABASE_START_TASK_ACTION)
                 addAction(DATABASE_STOP_TASK_ACTION)
-            }
+            }, RECEIVER_NOT_EXPORTED
         )
 
         // Check if a service is currently running else do nothing

app/src/main/java/com/kunzisoft/keepass/database/action/SaveDatabaseRunnable.kt

@@ -51,8 +51,10 @@ open class SaveDatabaseRunnable(
                 // Build temp database file to avoid file corruption if error
                 database.saveData(
                     cacheFile = File(context.cacheDir, databaseCopyUri.hashCode().toString()),
-                    databaseOutputStream = contentResolver
-                        .getUriOutputStream(databaseCopyUri ?: database.fileUri),
+                    databaseOutputStream = {
+                        contentResolver
+                            .getUriOutputStream(databaseCopyUri ?: database.fileUri)
+                    },
                     isNewLocation = databaseCopyUri == null,
                     mainCredential?.toMasterCredential(contentResolver),
                     challengeResponseRetriever)

app/src/main/java/com/kunzisoft/keepass/database/helper/SearchHelper.kt

@@ -59,8 +59,9 @@ object SearchHelper {
                 && !searchInfo.containsOnlyNullValues()) {
                 // If search provide results
                 database.createVirtualGroupFromSearchInfo(
-                        searchInfo.toString(),
-                        MAX_SEARCH_ENTRY
+                        searchInfoString = searchInfo.toString(),
+                        searchInfoByDomain = searchInfo.isASearchByDomain(),
+                        max = MAX_SEARCH_ENTRY
                 )?.let { searchGroup ->
                     if (searchGroup.numberOfChildEntries > 0) {
                         searchWithoutUI = true

app/src/main/java/com/kunzisoft/keepass/education/PasswordActivityEducation.kt

@@ -89,8 +89,8 @@ class PasswordActivityEducation(activity: Activity)
                                             onOuterViewClick: ((TapTargetView?) -> Unit)? = null): Boolean {
         return checkAndPerformedEducation(isEducationBiometricPerformed(activity),
                 TapTarget.forView(educationView,
-                        activity.getString(R.string.education_advanced_unlock_title),
-                        activity.getString(R.string.education_advanced_unlock_summary))
+                        activity.getString(R.string.education_device_unlock_title),
+                        activity.getString(R.string.education_device_unlock_summary))
                         .outerCircleColorInt(getCircleColor())
                         .outerCircleAlpha(getCircleAlpha())
                         .icon(ContextCompat.getDrawable(activity, R.drawable.ic_fingerprint_24dp))

app/src/main/java/com/kunzisoft/keepass/model/DataDate.kt

@@ -0,0 +1,3 @@
+package com.kunzisoft.keepass.model
+
+data class DataDate(val year: Int, val month: Int, val day: Int)

app/src/main/java/com/kunzisoft/keepass/model/DataTime.kt

@@ -0,0 +1,3 @@
+package com.kunzisoft.keepass.model
+
+data class DataTime(val hour: Int, val minute: Int)

app/src/main/java/com/kunzisoft/keepass/password/PasswordGenerator.kt

@@ -21,6 +21,7 @@ package com.kunzisoft.keepass.password
 
 import android.content.res.Resources
 import android.graphics.Color
+import android.text.Editable
 import android.text.Spannable
 import android.text.SpannableString
 import android.text.SpannableStringBuilder
@@ -253,51 +254,62 @@ class PasswordGenerator(private val resources: Resources) {
             return charSet.toString()
         }
 
+        fun colorizedPassword(editable: Editable?) {
+            editable.toString().forEachIndexed { index, char ->
+                colorFromChar(char)?.let { color ->
+                    editable?.setSpan(
+                        ForegroundColorSpan(color),
+                        index,
+                        index + 1,
+                        Spannable.SPAN_EXCLUSIVE_EXCLUSIVE
+                    )
+                }
+            }
+        }
+
         fun getColorizedPassword(password: String): Spannable {
             val spannableString = SpannableStringBuilder()
             if (password.isNotEmpty()) {
-                password.forEach {
-                    when {
-                        UPPERCASE_CHARS.contains(it)||
-                        LOWERCASE_CHARS.contains(it) -> {
-                            spannableString.append(it)
-                        }
-                        DIGIT_CHARS.contains(it) -> {
-                            // RED
-                            spannableString.append(colorizeChar(it, Color.rgb(246, 79, 62)))
-                        }
-                        SPECIAL_CHARS.contains(it) -> {
-                            // Blue
-                            spannableString.append(colorizeChar(it, Color.rgb(39, 166, 228)))
-                        }
-                        MINUS_CHAR.contains(it)||
-                        UNDERLINE_CHAR.contains(it)||
-                        BRACKET_CHARS.contains(it) -> {
-                            // Purple
-                            spannableString.append(colorizeChar(it, Color.rgb(185, 38, 209)))
-                        }
-                        extendedChars().contains(it) -> {
-                            // Green
-                            spannableString.append(colorizeChar(it, Color.rgb(44, 181, 50)))
-                        }
-                        else -> {
-                            spannableString.append(it)
-                        }
-                    }
+                password.forEach { char ->
+                    colorFromChar(char)?.let { color ->
+                        val spannableColorChar = SpannableString(char.toString())
+                        spannableColorChar.setSpan(
+                            ForegroundColorSpan(color),
+                            0,
+                            1,
+                            Spannable.SPAN_EXCLUSIVE_EXCLUSIVE
+                        )
+                        spannableString.append(spannableColorChar)
+                    } ?: spannableString.append(char)
                 }
             }
             return spannableString
         }
 
-        private fun colorizeChar(char: Char, color: Int): Spannable {
-            val spannableColorChar = SpannableString(char.toString())
-            spannableColorChar.setSpan(
-                ForegroundColorSpan(color),
-                0,
-                1,
-                Spannable.SPAN_EXCLUSIVE_EXCLUSIVE
-            )
-            return spannableColorChar
+        private fun colorFromChar(char: Char): Int? {
+            return when {
+                DIGIT_CHARS.contains(char) -> {
+                    // RED
+                    Color.rgb(246, 79, 62)
+                }
+                SPECIAL_CHARS.contains(char) -> {
+                    // Blue
+                    Color.rgb(39, 166, 228)
+                }
+                MINUS_CHAR.contains(char)||
+                        UNDERLINE_CHAR.contains(char)||
+                        BRACKET_CHARS.contains(char) -> {
+                    // Purple
+                    Color.rgb(185, 38, 209)
+                }
+                extendedChars().contains(char) -> {
+                    // Green
+                    Color.rgb(44, 181, 50)
+                }
+                else -> {
+                    null
+                }
+            }
         }
     }
 }

app/src/main/java/com/kunzisoft/keepass/services/AttachmentFileNotificationService.kt

@@ -36,13 +36,13 @@ import com.kunzisoft.keepass.model.AttachmentState
 import com.kunzisoft.keepass.model.EntryAttachmentState
 import com.kunzisoft.keepass.model.StreamDirection
 import com.kunzisoft.keepass.tasks.BinaryDatabaseManager
-import com.kunzisoft.keepass.utils.getParcelableExtraCompat
 import com.kunzisoft.keepass.utils.UriUtil.getDocumentFile
+import com.kunzisoft.keepass.utils.getParcelableExtraCompat
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Dispatchers
 import kotlinx.coroutines.launch
 import kotlinx.coroutines.withContext
-import java.util.*
+import java.util.LinkedList
 import java.util.concurrent.CopyOnWriteArrayList
 
 
@@ -282,15 +282,21 @@ class AttachmentFileNotificationService: LockNotificationService() {
             AttachmentState.ERROR -> {
                 ServiceCompat.stopForeground(this, ServiceCompat.STOP_FOREGROUND_DETACH)
                 try {
-                    notificationManager?.notify(
-                        attachmentNotification.notificationId,
-                        builder.build()
-                    )
+                    checkNotificationsPermission(this) {
+                        notificationManager?.notify(
+                            attachmentNotification.notificationId,
+                            builder.build()
+                        )
+                    }
                 } catch (e: SecurityException) {
                     Log.e(TAG, "Unable to notify the attachment state", e)
                 }
             } else -> {
-                startForeground(attachmentNotification.notificationId, builder.build())
+                startForegroundCompat(
+                    attachmentNotification.notificationId,
+                    builder,
+                    NotificationServiceType.ATTACHMENT
+                )
             }
         }
     }

app/src/main/java/com/kunzisoft/keepass/services/ClipboardEntryNotificationService.kt

@@ -19,16 +19,12 @@
  */
 package com.kunzisoft.keepass.services
 
-import android.Manifest
 import android.app.Activity
 import android.app.PendingIntent
 import android.content.Context
 import android.content.Intent
-import android.content.pm.PackageManager
 import android.os.Build
 import android.util.Log
-import android.widget.Toast
-import androidx.core.content.ContextCompat
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.model.EntryInfo
 import com.kunzisoft.keepass.otp.OtpEntryFields.OTP_TOKEN_FIELD
@@ -196,23 +192,29 @@ class ClipboardEntryNotificationService : LockNotificationService() {
             //Get settings
             val notificationTimeoutMilliSecs = PreferencesUtil.getClipboardTimeout(this)
             if (notificationTimeoutMilliSecs != NEVER) {
-                defineTimerJob(builder, notificationTimeoutMilliSecs, {
-                    val newGeneratedValue = fieldToCopy.getGeneratedValue(mEntryInfo)
-                    // New auto generated value
-                    if (generatedValue != newGeneratedValue) {
-                        generatedValue = newGeneratedValue
-                        clipboardHelper?.copyToClipboard(
-                            fieldToCopy.label,
-                            generatedValue,
-                            fieldToCopy.isSensitive
-                        )
+                defineTimerJob(
+                    builder,
+                    NotificationServiceType.CLIPBOARD,
+                    notificationTimeoutMilliSecs,
+                    {
+                        val newGeneratedValue = fieldToCopy.getGeneratedValue(mEntryInfo)
+                        // New auto generated value
+                        if (generatedValue != newGeneratedValue) {
+                            generatedValue = newGeneratedValue
+                            clipboardHelper?.copyToClipboard(
+                                fieldToCopy.label,
+                                generatedValue,
+                                fieldToCopy.isSensitive
+                            )
+                        }
+                    },
+                    {
+                        stopNotificationAndSendLockIfNeeded()
+                        // Clean password only if no next field
+                        if (nextFields.size <= 0)
+                            clipboardHelper?.cleanClipboard()
                     }
-                }) {
-                    stopNotificationAndSendLockIfNeeded()
-                    // Clean password only if no next field
-                    if (nextFields.size <= 0)
-                        clipboardHelper?.cleanClipboard()
-                }
+                )
             } else {
                 // No timer
                 checkNotificationsPermission {
@@ -226,12 +228,11 @@ class ClipboardEntryNotificationService : LockNotificationService() {
     }
 
     private fun checkNotificationsPermission(action: () -> Unit) {
-        if (ContextCompat.checkSelfPermission(this, Manifest.permission.POST_NOTIFICATIONS)
-            == PackageManager.PERMISSION_GRANTED) {
-            action.invoke()
-        } else {
-            showPermissionErrorIfNeeded(this)
-        }
+        checkNotificationsPermission(
+            this,
+            PreferencesUtil.isClipboardNotificationsEnable(this),
+            action
+        )
     }
 
     override fun onTaskRemoved(rootIntent: Intent?) {
@@ -255,26 +256,14 @@ class ClipboardEntryNotificationService : LockNotificationService() {
         const val EXTRA_CLIPBOARD_FIELDS = "EXTRA_CLIPBOARD_FIELDS"
         const val ACTION_CLEAN_CLIPBOARD = "ACTION_CLEAN_CLIPBOARD"
 
-        private fun showPermissionErrorIfNeeded(context: Context) {
-            if (PreferencesUtil.isClipboardNotificationsEnable(context)) {
-                Toast.makeText(context, R.string.warning_copy_permission, Toast.LENGTH_LONG).show()
-            }
-        }
-
         fun checkAndLaunchNotification(
             activity: Activity,
             entry: EntryInfo
         ) {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.TIRAMISU) {
-                if (ContextCompat.checkSelfPermission(
-                        activity,
-                        Manifest.permission.POST_NOTIFICATIONS
-                    ) == PackageManager.PERMISSION_GRANTED) {
-                        launchNotificationIfAllowed(activity, entry)
-                } else {
-                    showPermissionErrorIfNeeded(activity)
-                }
-            } else {
+            checkNotificationsPermission(
+                activity,
+                PreferencesUtil.isClipboardNotificationsEnable(activity)
+            ) {
                 launchNotificationIfAllowed(activity, entry)
             }
         }

app/src/main/java/com/kunzisoft/keepass/services/DatabaseTaskNotificationService.kt

@@ -36,10 +36,24 @@ import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
 import com.kunzisoft.keepass.database.ContextualDatabase
 import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.ProgressMessage
-import com.kunzisoft.keepass.database.action.*
+import com.kunzisoft.keepass.database.action.CreateDatabaseRunnable
+import com.kunzisoft.keepass.database.action.LoadDatabaseRunnable
+import com.kunzisoft.keepass.database.action.MergeDatabaseRunnable
+import com.kunzisoft.keepass.database.action.ReloadDatabaseRunnable
+import com.kunzisoft.keepass.database.action.RemoveUnlinkedDataDatabaseRunnable
+import com.kunzisoft.keepass.database.action.SaveDatabaseRunnable
+import com.kunzisoft.keepass.database.action.UpdateCompressionBinariesDatabaseRunnable
 import com.kunzisoft.keepass.database.action.history.DeleteEntryHistoryDatabaseRunnable
 import com.kunzisoft.keepass.database.action.history.RestoreEntryHistoryDatabaseRunnable
-import com.kunzisoft.keepass.database.action.node.*
+import com.kunzisoft.keepass.database.action.node.ActionNodesValues
+import com.kunzisoft.keepass.database.action.node.AddEntryRunnable
+import com.kunzisoft.keepass.database.action.node.AddGroupRunnable
+import com.kunzisoft.keepass.database.action.node.AfterActionNodesFinish
+import com.kunzisoft.keepass.database.action.node.CopyNodesRunnable
+import com.kunzisoft.keepass.database.action.node.DeleteNodesRunnable
+import com.kunzisoft.keepass.database.action.node.MoveNodesRunnable
+import com.kunzisoft.keepass.database.action.node.UpdateEntryRunnable
+import com.kunzisoft.keepass.database.action.node.UpdateGroupRunnable
 import com.kunzisoft.keepass.database.element.Entry
 import com.kunzisoft.keepass.database.element.Group
 import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
@@ -62,9 +76,17 @@ import com.kunzisoft.keepass.utils.getParcelableExtraCompat
 import com.kunzisoft.keepass.utils.getParcelableList
 import com.kunzisoft.keepass.utils.putParcelableList
 import com.kunzisoft.keepass.viewmodels.FileDatabaseInfo
-import kotlinx.coroutines.*
+import kotlinx.coroutines.CancellationException
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Deferred
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.ExperimentalCoroutinesApi
+import kotlinx.coroutines.async
 import kotlinx.coroutines.channels.Channel
-import java.util.*
+import kotlinx.coroutines.launch
+import kotlinx.coroutines.runBlocking
+import kotlinx.coroutines.withContext
+import java.util.UUID
 
 open class DatabaseTaskNotificationService : LockNotificationService(), ProgressTaskUpdater {
 
@@ -139,6 +161,7 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
         fun onDatabaseInfoChanged(
             previousDatabaseInfo: SnapFileDatabaseInfo,
             newDatabaseInfo: SnapFileDatabaseInfo,
+            readOnlyDatabase: Boolean
         )
     }
 
@@ -197,8 +220,11 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
                     // Call listener to indicate a change in database info
                     if (!mSaveState && previousDatabaseInfo != null) {
                         mDatabaseInfoListeners.forEach { listener ->
-                            listener.onDatabaseInfoChanged(previousDatabaseInfo,
-                                lastFileDatabaseInfo)
+                            listener.onDatabaseInfoChanged(
+                                previousDatabaseInfo,
+                                lastFileDatabaseInfo,
+                                mDatabase?.isReadOnly ?: true
+                            )
                         }
                     }
                     mSnapFileDatabaseInfo = lastFileDatabaseInfo
@@ -565,7 +591,11 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
         }
 
         // Create the notification
-        startForeground(notificationId, notificationBuilder.build())
+        startForegroundCompat(
+            notificationId,
+            notificationBuilder,
+            NotificationServiceType.DATABASE_TASK
+        )
     }
 
     private fun removeIntentData(intent: Intent?) {
@@ -831,6 +861,7 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
         if (intent.hasExtra(MAIN_CREDENTIAL_KEY)) {
             databaseToMergeMainCredential = intent.getParcelableExtraCompat(MAIN_CREDENTIAL_KEY)
         }
+        val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
         return MergeDatabaseRunnable(
             this,
             databaseToMergeUri,
@@ -839,7 +870,7 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
                 retrieveResponseFromChallenge(hardwareKey, seed)
             },
             database,
-            !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+            !database.isReadOnly && saveDatabase,
             { hardwareKey, seed ->
                 retrieveResponseFromChallenge(hardwareKey, seed)
             },
@@ -932,12 +963,13 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             val parentId: NodeId<*>? = intent.getParcelableExtraCompat(PARENT_ID_KEY)
             val newGroup: Group? = intent.getParcelableExtraCompat(GROUP_KEY)
             if (parentId == null || newGroup == null) return null
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             database.getGroupById(parentId)?.let { parent ->
                 AddGroupRunnable(this,
                     database,
                     newGroup,
                     parent,
-                    !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+                    !database.isReadOnly && saveDatabase,
                     AfterActionNodesRunnable()
                 ) { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)
@@ -959,12 +991,13 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             val groupId: NodeId<*>? = intent.getParcelableExtraCompat(GROUP_ID_KEY)
             val newGroup: Group? = intent.getParcelableExtraCompat(GROUP_KEY)
             if (groupId == null || newGroup == null) return null
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             database.getGroupById(groupId)?.let { oldGroup ->
                 UpdateGroupRunnable(this,
                     database,
                     oldGroup,
                     newGroup,
-                    !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+                    !database.isReadOnly && saveDatabase,
                     AfterActionNodesRunnable()
                 ) { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)
@@ -986,12 +1019,13 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             val parentId: NodeId<*>? = intent.getParcelableExtraCompat(PARENT_ID_KEY)
             val newEntry: Entry? = intent.getParcelableExtraCompat(ENTRY_KEY)
             if (parentId == null || newEntry == null) return null
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             database.getGroupById(parentId)?.let { parent ->
                 AddEntryRunnable(this,
                     database,
                     newEntry,
                     parent,
-                    !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+                    !database.isReadOnly && saveDatabase,
                     AfterActionNodesRunnable()
                 ) { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)
@@ -1013,12 +1047,13 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             val entryId: NodeId<UUID>? = intent.getParcelableExtraCompat(ENTRY_ID_KEY)
             val newEntry: Entry? = intent.getParcelableExtraCompat(ENTRY_KEY)
             if (entryId == null || newEntry == null) return null
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             database.getEntryById(entryId)?.let { oldEntry ->
                 UpdateEntryRunnable(this,
                     database,
                     oldEntry,
                     newEntry,
-                    !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+                    !database.isReadOnly && saveDatabase,
                     AfterActionNodesRunnable()
                 ) { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)
@@ -1039,12 +1074,13 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             && intent.hasExtra(SAVE_DATABASE_KEY)
         ) {
             val parentId: NodeId<*> = intent.getParcelableExtraCompat(PARENT_ID_KEY) ?: return null
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             database.getGroupById(parentId)?.let { newParent ->
                 CopyNodesRunnable(this,
                     database,
                     getListNodesFromBundle(database, intent.extras!!),
                     newParent,
-                    !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+                    !database.isReadOnly && saveDatabase,
                     AfterActionNodesRunnable()
                 ) { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)
@@ -1065,12 +1101,13 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             && intent.hasExtra(SAVE_DATABASE_KEY)
         ) {
             val parentId: NodeId<*> = intent.getParcelableExtraCompat(PARENT_ID_KEY) ?: return null
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             database.getGroupById(parentId)?.let { newParent ->
                 MoveNodesRunnable(this,
                     database,
                     getListNodesFromBundle(database, intent.extras!!),
                     newParent,
-                    !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+                    !database.isReadOnly && saveDatabase,
                     AfterActionNodesRunnable()
                 ) { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)
@@ -1089,11 +1126,12 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             && intent.hasExtra(ENTRIES_ID_KEY)
             && intent.hasExtra(SAVE_DATABASE_KEY)
         ) {
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             DeleteNodesRunnable(this,
                 database,
                 getListNodesFromBundle(database, intent.extras!!),
                 resources.getString(R.string.recycle_bin),
-                !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+                !database.isReadOnly && saveDatabase,
                 AfterActionNodesRunnable()
             ) { hardwareKey, seed ->
                 retrieveResponseFromChallenge(hardwareKey, seed)
@@ -1112,12 +1150,13 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             && intent.hasExtra(SAVE_DATABASE_KEY)
         ) {
             val entryId: NodeId<UUID> = intent.getParcelableExtraCompat(ENTRY_ID_KEY) ?: return null
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             database.getEntryById(entryId)?.let { mainEntry ->
                 RestoreEntryHistoryDatabaseRunnable(this,
                     database,
                     mainEntry,
                     intent.getIntExtra(ENTRY_HISTORY_POSITION_KEY, -1),
-                    !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
+                    !database.isReadOnly && saveDatabase
                 ) { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)
                 }
@@ -1136,12 +1175,13 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             && intent.hasExtra(SAVE_DATABASE_KEY)
         ) {
             val entryId: NodeId<UUID> = intent.getParcelableExtraCompat(ENTRY_ID_KEY) ?: return null
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             database.getEntryById(entryId)?.let { mainEntry ->
                 DeleteEntryHistoryDatabaseRunnable(this,
                     database,
                     mainEntry,
                     intent.getIntExtra(ENTRY_HISTORY_POSITION_KEY, -1),
-                    !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
+                    !database.isReadOnly && saveDatabase
                 ) { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)
                 }
@@ -1162,11 +1202,12 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
             val oldElement: CompressionAlgorithm? = intent.getParcelableExtraCompat(OLD_ELEMENT_KEY)
             val newElement: CompressionAlgorithm? = intent.getParcelableExtraCompat(NEW_ELEMENT_KEY)
             if (oldElement == null || newElement == null) return null
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             return UpdateCompressionBinariesDatabaseRunnable(this,
                 database,
                 oldElement,
                 newElement,
-                !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
+                !database.isReadOnly && saveDatabase
             ) { hardwareKey, seed ->
                 retrieveResponseFromChallenge(hardwareKey, seed)
             }.apply {
@@ -1184,9 +1225,10 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
         database: ContextualDatabase,
     ): ActionRunnable? {
         return if (intent.hasExtra(SAVE_DATABASE_KEY)) {
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             return RemoveUnlinkedDataDatabaseRunnable(this,
                 database,
-                !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
+                !database.isReadOnly && saveDatabase
             ) { hardwareKey, seed ->
                 retrieveResponseFromChallenge(hardwareKey, seed)
             }.apply {
@@ -1204,9 +1246,10 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
         database: ContextualDatabase,
     ): ActionRunnable? {
         return if (intent.hasExtra(SAVE_DATABASE_KEY)) {
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             return SaveDatabaseRunnable(this,
                 database,
-                !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+                !database.isReadOnly && saveDatabase,
                 null,
                 { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)
@@ -1229,13 +1272,14 @@ open class DatabaseTaskNotificationService : LockNotificationService(), Progress
         database: ContextualDatabase
     ): ActionRunnable? {
         return if (intent.hasExtra(SAVE_DATABASE_KEY)) {
+            val saveDatabase = intent.getBooleanExtra(SAVE_DATABASE_KEY, false)
             var databaseCopyUri: Uri? = null
             if (intent.hasExtra(DATABASE_URI_KEY)) {
                 databaseCopyUri = intent.getParcelableExtraCompat(DATABASE_URI_KEY)
             }
             SaveDatabaseRunnable(this,
                 database,
-                !database.isReadOnly && intent.getBooleanExtra(SAVE_DATABASE_KEY, false),
+                !database.isReadOnly && saveDatabase,
                 null,
                 { hardwareKey, seed ->
                     retrieveResponseFromChallenge(hardwareKey, seed)

app/src/main/java/com/kunzisoft/keepass/services/DeviceUnlockNotificationService.kt

@@ -15,18 +15,20 @@ import com.kunzisoft.keepass.app.database.CipherDatabaseEntity
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.timeout.TimeoutHelper
 
-class AdvancedUnlockNotificationService : NotificationService() {
+class DeviceUnlockNotificationService : NotificationService() {
 
     private lateinit var mTempCipherDao: ArrayList<CipherDatabaseEntity>
 
-    private var mActionTaskBinder = AdvancedUnlockBinder()
+    private var mActionTaskBinder = DeviceUnlockBinder()
 
-    inner class AdvancedUnlockBinder: Binder() {
+    inner class DeviceUnlockBinder: Binder() {
         fun getCipherDatabase(databaseUri: Uri): CipherDatabaseEntity? {
             return mTempCipherDao.firstOrNull { it.databaseUri == databaseUri.toString()}
         }
         fun addOrUpdateCipherDatabase(cipherDatabaseEntity: CipherDatabaseEntity) {
-            val cipherDatabaseRetrieve = mTempCipherDao.firstOrNull { it.databaseUri == cipherDatabaseEntity.databaseUri }
+            val cipherDatabaseRetrieve = mTempCipherDao.firstOrNull {
+                it.databaseUri == cipherDatabaseEntity.databaseUri
+            }
             cipherDatabaseRetrieve?.replaceContent(cipherDatabaseEntity)
                     ?: mTempCipherDao.add(cipherDatabaseEntity)
         }
@@ -35,6 +37,9 @@ class AdvancedUnlockNotificationService : NotificationService() {
                 mTempCipherDao.remove(it)
             }
         }
+        fun resetTimer() {
+            resetTimeJob()
+        }
         fun deleteAll() {
             mTempCipherDao.clear()
         }
@@ -43,11 +48,11 @@ class AdvancedUnlockNotificationService : NotificationService() {
     override val notificationId: Int = 593
 
     override fun retrieveChannelId(): String {
-        return CHANNEL_ADVANCED_UNLOCK_ID
+        return CHANNEL_DEVICE_UNLOCK_ID
     }
 
     override fun retrieveChannelName(): String {
-        return getString(R.string.advanced_unlock)
+        return getString(R.string.device_unlock)
     }
 
     override fun onCreate() {
@@ -55,7 +60,7 @@ class AdvancedUnlockNotificationService : NotificationService() {
         mTempCipherDao = ArrayList()
     }
 
-    // It's simpler to use pendingIntent to perform REMOVE_ADVANCED_UNLOCK_KEY_ACTION
+    // It's simpler to use pendingIntent to perform REMOVE_DEVICE_UNLOCK_KEY_ACTION
     // because can be directly broadcast to another module or app
     @SuppressLint("LaunchActivityFromNotification")
     override fun onBind(intent: Intent): IBinder {
@@ -63,7 +68,7 @@ class AdvancedUnlockNotificationService : NotificationService() {
 
         val pendingDeleteIntent = PendingIntent.getBroadcast(this,
             4577,
-            Intent(REMOVE_ADVANCED_UNLOCK_KEY_ACTION),
+            Intent(REMOVE_DEVICE_UNLOCK_KEY_ACTION),
             if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
                 PendingIntent.FLAG_IMMUTABLE
             } else {
@@ -76,21 +81,29 @@ class AdvancedUnlockNotificationService : NotificationService() {
             } else {
                 R.drawable.notification_ic_device_unlock_24dp
             })
-            setContentTitle(getString(R.string.advanced_unlock))
-            setContentText(getString(R.string.advanced_unlock_tap_delete))
+            setContentTitle(getString(R.string.device_unlock))
+            setContentText(getString(R.string.device_unlock_tap_delete))
             setContentIntent(pendingDeleteIntent)
             // Unfortunately swipe is disabled in lollipop+
             setDeleteIntent(pendingDeleteIntent)
         }
 
-        val notificationTimeoutMilliSecs = PreferencesUtil.getAdvancedUnlockTimeout(this)
+        val notificationTimeoutMilliSecs = PreferencesUtil.getDeviceUnlockTimeout(this)
         // Not necessarily a foreground service
         if (mTimerJob == null && notificationTimeoutMilliSecs != TimeoutHelper.NEVER) {
-            defineTimerJob(notificationBuilder, notificationTimeoutMilliSecs) {
-                sendBroadcast(Intent(REMOVE_ADVANCED_UNLOCK_KEY_ACTION))
+            defineTimerJob(
+                notificationBuilder,
+                NotificationServiceType.DEVICE_UNLOCK,
+                notificationTimeoutMilliSecs
+            ) {
+                sendBroadcast(Intent(REMOVE_DEVICE_UNLOCK_KEY_ACTION))
             }
         } else {
-            startForeground(notificationId, notificationBuilder.build())
+            startForegroundCompat(
+                notificationId,
+                notificationBuilder,
+                NotificationServiceType.DEVICE_UNLOCK
+            )
         }
 
         return mActionTaskBinder
@@ -106,11 +119,11 @@ class AdvancedUnlockNotificationService : NotificationService() {
         super.onDestroy()
     }
 
-    class AdvancedUnlockReceiver(var removeKeyAction: () -> Unit): BroadcastReceiver() {
+    class DeviceUnlockReceiver(var removeKeyAction: () -> Unit): BroadcastReceiver() {
         override fun onReceive(context: Context, intent: Intent) {
             intent.action?.let {
                 when (it) {
-                    REMOVE_ADVANCED_UNLOCK_KEY_ACTION -> {
+                    REMOVE_DEVICE_UNLOCK_KEY_ACTION -> {
                         removeKeyAction.invoke()
                     }
                 }
@@ -119,13 +132,13 @@ class AdvancedUnlockNotificationService : NotificationService() {
     }
 
     companion object {
-        private const val CHANNEL_ADVANCED_UNLOCK_ID = "com.kunzisoft.keepass.notification.channel.unlock"
-        const val REMOVE_ADVANCED_UNLOCK_KEY_ACTION = "com.kunzisoft.keepass.REMOVE_ADVANCED_UNLOCK_KEY"
+        private const val CHANNEL_DEVICE_UNLOCK_ID = "com.kunzisoft.keepass.notification.channel.unlock"
+        const val REMOVE_DEVICE_UNLOCK_KEY_ACTION = "com.kunzisoft.keepass.REMOVE_DEVICE_UNLOCK_KEY"
 
         // Only one service connection
         fun bindService(context: Context, serviceConnection: ServiceConnection, flags: Int) {
             context.bindService(Intent(context,
-                AdvancedUnlockNotificationService::class.java),
+                DeviceUnlockNotificationService::class.java),
                     serviceConnection,
                     flags)
         }

app/src/main/java/com/kunzisoft/keepass/services/KeyboardEntryNotificationService.kt

@@ -111,13 +111,18 @@ class KeyboardEntryNotificationService : LockNotificationService() {
                 .setContentIntent(null)
                 .setDeleteIntent(pendingDeleteIntent)
 
-        notificationManager?.cancel(notificationId)
-        notificationManager?.notify(notificationId, builder.build())
+        checkNotificationsPermission(this, PreferencesUtil.isKeyboardNotificationEntryEnable(this)) {
+            notificationManager?.notify(notificationId, builder.build())
+        }
 
         // Timeout only if notification clear is available
         if (PreferencesUtil.isClearKeyboardNotificationEnable(this)) {
             if (mNotificationTimeoutMilliSecs != TimeoutHelper.NEVER) {
-                defineTimerJob(builder, mNotificationTimeoutMilliSecs) {
+                defineTimerJob(
+                    builder,
+                    NotificationServiceType.KEYBOARD,
+                    mNotificationTimeoutMilliSecs
+                ) {
                     stopNotificationAndSendLockIfNeeded()
                 }
             }

app/src/main/java/com/kunzisoft/keepass/services/NotificationService.kt

@@ -1,17 +1,32 @@
 package com.kunzisoft.keepass.services
 
+import android.Manifest
 import android.app.NotificationChannel
 import android.app.NotificationManager
 import android.app.Service
+import android.content.Context
 import android.content.Intent
+import android.content.pm.PackageManager
+import android.content.pm.ServiceInfo.FOREGROUND_SERVICE_TYPE_DATA_SYNC
+import android.content.pm.ServiceInfo.FOREGROUND_SERVICE_TYPE_NONE
+import android.content.pm.ServiceInfo.FOREGROUND_SERVICE_TYPE_SPECIAL_USE
 import android.os.Build
 import android.os.IBinder
+import android.util.Log
 import android.util.TypedValue
+import android.widget.Toast
 import androidx.core.app.NotificationCompat
 import androidx.core.app.NotificationManagerCompat
+import androidx.core.content.ContextCompat
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.stylish.Stylish
-import kotlinx.coroutines.*
+import kotlinx.coroutines.CoroutineScope
+import kotlinx.coroutines.Dispatchers
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.cancel
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.launch
+import org.joda.time.Instant
 
 
 abstract class NotificationService : Service() {
@@ -20,6 +35,7 @@ abstract class NotificationService : Service() {
     private var colorNotificationAccent: Int = 0
 
     protected var mTimerJob: Job? = null
+    private var mReset: Boolean = false
 
     protected abstract val notificationId: Int
 
@@ -74,21 +90,55 @@ abstract class NotificationService : Service() {
         }
     }
 
+    protected fun startForegroundCompat(notificationId: Int,
+                                        builder: NotificationCompat.Builder,
+                                        type: NotificationServiceType
+    ) {
+        @Suppress("DEPRECATION")
+        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.Q) {
+            val foregroundServiceTimer = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.UPSIDE_DOWN_CAKE) {
+                FOREGROUND_SERVICE_TYPE_SPECIAL_USE
+            } else {
+                FOREGROUND_SERVICE_TYPE_NONE
+            }
+            val foregroundType = when (type) {
+                NotificationServiceType.DATABASE_TASK -> FOREGROUND_SERVICE_TYPE_DATA_SYNC
+                NotificationServiceType.ATTACHMENT -> FOREGROUND_SERVICE_TYPE_DATA_SYNC
+                NotificationServiceType.CLIPBOARD -> foregroundServiceTimer
+                NotificationServiceType.KEYBOARD -> foregroundServiceTimer
+                NotificationServiceType.DEVICE_UNLOCK -> foregroundServiceTimer
+            }
+            startForeground(notificationId, builder.build(), foregroundType)
+        } else {
+            startForeground(notificationId, builder.build())
+        }
+    }
+
     protected fun defineTimerJob(builder: NotificationCompat.Builder,
+                                 type: NotificationServiceType,
                                  timeoutMilliseconds: Long,
                                  actionAfterASecond: (() -> Unit)? = null,
                                  actionEnd: () -> Unit) {
         mTimerJob?.cancel()
         mTimerJob = CoroutineScope(Dispatchers.Main).launch {
             if (timeoutMilliseconds > 0) {
-                val timeoutInSeconds = timeoutMilliseconds / 1000L
-                for (currentTime in timeoutInSeconds downTo 0) {
+                var startInstant = Instant.now().millis
+                var currentTime = timeoutMilliseconds
+                while (currentTime >= 0) {
+                    // Reset the timer if needed
+                    if (mReset) {
+                        mReset = false
+                        startInstant = Instant.now().millis
+                        currentTime = timeoutMilliseconds
+                    }
+                    // Update every second
                     actionAfterASecond?.invoke()
                     builder.setProgress(100,
-                            (currentTime * 100 / timeoutInSeconds).toInt(),
-                            false)
-                    startForeground(notificationId, builder.build())
+                        (currentTime * 100 / timeoutMilliseconds).toInt(),
+                        false)
+                    startForegroundCompat(notificationId, builder, type)
                     delay(1000)
+                    currentTime = timeoutMilliseconds - (Instant.now().millis - startInstant)
                     if (currentTime <= 0) {
                         actionEnd()
                     }
@@ -103,16 +153,50 @@ abstract class NotificationService : Service() {
         }
     }
 
-    override fun onDestroy() {
+    protected fun resetTimeJob() {
+        mReset = true
+    }
+
+    override fun onTimeout(startId: Int, fgsType: Int) {
+        super.onTimeout(startId, fgsType)
+        Log.e(javaClass::class.simpleName, "The service took too long to execute")
+        cancelNotification()
+        stopSelf()
+    }
+
+    protected fun cancelNotification() {
         mTimerJob?.cancel()
         mTimerJob = null
         notificationManager?.cancel(notificationId)
+    }
 
+    override fun onDestroy() {
+        cancelNotification()
         super.onDestroy()
     }
 
     companion object {
         private const val CHANNEL_ID = "com.kunzisoft.keepass.notification.channel"
         private const val CHANNEL_NAME = "KeePassDX notification"
+
+        fun checkNotificationsPermission(
+            context: Context,
+            showError: Boolean = true,
+            action: () -> Unit
+        ) {
+            if (ContextCompat.checkSelfPermission(context,
+                    Manifest.permission.POST_NOTIFICATIONS)
+                == PackageManager.PERMISSION_GRANTED) {
+                action.invoke()
+            } else {
+                if (showError) {
+                    Toast.makeText(
+                        context,
+                        R.string.warning_copy_permission,
+                        Toast.LENGTH_LONG
+                    ).show()
+                }
+            }
+        }
     }
 }

app/src/main/java/com/kunzisoft/keepass/services/NotificationServiceType.kt

@@ -0,0 +1,9 @@
+package com.kunzisoft.keepass.services
+
+enum class NotificationServiceType {
+    DATABASE_TASK,
+    ATTACHMENT,
+    CLIPBOARD,
+    KEYBOARD,
+    DEVICE_UNLOCK
+}

app/src/main/java/com/kunzisoft/keepass/settings/DeviceUnlockSettingsActivity.kt

@@ -23,15 +23,15 @@ import android.os.Bundle
 import androidx.fragment.app.Fragment
 
 
-class AdvancedUnlockSettingsActivity : SettingsActivity() {
+class DeviceUnlockSettingsActivity : SettingsActivity() {
 
     override fun onCreate(savedInstanceState: Bundle?) {
         super.onCreate(savedInstanceState)
         mTimeoutEnable = false
-        setTitle(NestedSettingsFragment.Screen.ADVANCED_UNLOCK)
+        setTitle(NestedSettingsFragment.Screen.DEVICE_UNLOCK)
     }
 
     override fun retrieveMainFragment(): Fragment {
-        return NestedSettingsFragment.newInstance(NestedSettingsFragment.Screen.ADVANCED_UNLOCK)
+        return NestedSettingsFragment.newInstance(NestedSettingsFragment.Screen.DEVICE_UNLOCK)
     }
 }

app/src/main/java/com/kunzisoft/keepass/settings/MainPreferenceFragment.kt

@@ -84,9 +84,9 @@ class MainPreferenceFragment : PreferenceFragmentCompat() {
             }
         }
 
-        findPreference<Preference>(getString(R.string.settings_advanced_unlock_key))?.apply {
+        findPreference<Preference>(getString(R.string.settings_device_unlock_key))?.apply {
             onPreferenceClickListener = Preference.OnPreferenceClickListener {
-                mCallback?.onNestedPreferenceSelected(NestedSettingsFragment.Screen.ADVANCED_UNLOCK)
+                mCallback?.onNestedPreferenceSelected(NestedSettingsFragment.Screen.DEVICE_UNLOCK)
                 false
             }
         }

app/src/main/java/com/kunzisoft/keepass/settings/NestedAppSettingsFragment.kt

@@ -41,7 +41,7 @@ import com.kunzisoft.keepass.activities.dialogs.ProFeatureDialogFragment
 import com.kunzisoft.keepass.activities.dialogs.UnavailableFeatureDialogFragment
 import com.kunzisoft.keepass.activities.stylish.Stylish
 import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
-import com.kunzisoft.keepass.biometric.AdvancedUnlockManager
+import com.kunzisoft.keepass.biometric.DeviceUnlockManager
 import com.kunzisoft.keepass.education.Education
 import com.kunzisoft.keepass.icons.IconPackChooser
 import com.kunzisoft.keepass.services.ClipboardEntryNotificationService
@@ -66,8 +66,8 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
             Screen.FORM_FILLING -> {
                 onCreateFormFillingPreference(rootKey)
             }
-            Screen.ADVANCED_UNLOCK -> {
-                onCreateAdvancedUnlockPreferences(rootKey)
+            Screen.DEVICE_UNLOCK -> {
+                onCreateDeviceUnlockPreferences(rootKey)
             }
             Screen.APPEARANCE -> {
                 onCreateAppearancePreferences(rootKey)
@@ -240,18 +240,18 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
         }
     }
 
-    private fun onCreateAdvancedUnlockPreferences(rootKey: String?) {
-        setPreferencesFromResource(R.xml.preferences_advanced_unlock, rootKey)
+    private fun onCreateDeviceUnlockPreferences(rootKey: String?) {
+        setPreferencesFromResource(R.xml.preferences_device_unlock, rootKey)
 
         activity?.let { activity ->
 
             val biometricUnlockEnablePreference: TwoStatePreference? = findPreference(getString(R.string.biometric_unlock_enable_key))
             val deviceCredentialUnlockEnablePreference: TwoStatePreference? = findPreference(getString(R.string.device_credential_unlock_enable_key))
             val autoOpenPromptPreference: TwoStatePreference? = findPreference(getString(R.string.biometric_auto_open_prompt_key))
-            val tempAdvancedUnlockPreference: TwoStatePreference? = findPreference(getString(R.string.temp_advanced_unlock_enable_key))
+            val tempDeviceUnlockPreference: TwoStatePreference? = findPreference(getString(R.string.temp_device_unlock_enable_key))
 
             val biometricUnlockSupported = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                AdvancedUnlockManager.biometricUnlockSupported(activity)
+                DeviceUnlockManager.biometricUnlockSupported(activity)
             } else false
             biometricUnlockEnablePreference?.apply {
                 // False if under Marshmallow
@@ -272,7 +272,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                             warningMessage(activity, keystoreWarning = false, deleteKeys = true) {
                                 biometricUnlockEnablePreference.isChecked = false
                                 autoOpenPromptPreference?.isEnabled = deviceCredentialChecked
-                                tempAdvancedUnlockPreference?.isEnabled = deviceCredentialChecked
+                                tempDeviceUnlockPreference?.isEnabled = deviceCredentialChecked
                             }
                         } else {
                             if (deviceCredentialChecked) {
@@ -286,7 +286,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                                 warningMessage(activity, keystoreWarning = true, deleteKeys = false) {
                                     biometricUnlockEnablePreference.isChecked = true
                                     autoOpenPromptPreference?.isEnabled = true
-                                    tempAdvancedUnlockPreference?.isEnabled = true
+                                    tempDeviceUnlockPreference?.isEnabled = true
                                 }
                             }
                         }
@@ -296,7 +296,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
             }
 
             val deviceCredentialUnlockSupported = if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                AdvancedUnlockManager.deviceCredentialUnlockSupported(activity)
+                DeviceUnlockManager.deviceCredentialUnlockSupported(activity)
             } else false
             deviceCredentialUnlockEnablePreference?.apply {
                 // Biometric unlock already checked
@@ -319,7 +319,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                             warningMessage(activity, keystoreWarning = false, deleteKeys = true) {
                                 deviceCredentialUnlockEnablePreference.isChecked = false
                                 autoOpenPromptPreference?.isEnabled = biometricChecked
-                                tempAdvancedUnlockPreference?.isEnabled = biometricChecked
+                                tempDeviceUnlockPreference?.isEnabled = biometricChecked
                             }
                         } else {
                             if (biometricChecked) {
@@ -333,7 +333,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                                 warningMessage(activity, keystoreWarning = true, deleteKeys = false) {
                                     deviceCredentialUnlockEnablePreference.isChecked = true
                                     autoOpenPromptPreference?.isEnabled = true
-                                    tempAdvancedUnlockPreference?.isEnabled = true
+                                    tempDeviceUnlockPreference?.isEnabled = true
                                 }
                             }
                         }
@@ -344,13 +344,13 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
 
             autoOpenPromptPreference?.isEnabled = biometricUnlockEnablePreference?.isChecked == true
                         || deviceCredentialUnlockEnablePreference?.isChecked == true
-            tempAdvancedUnlockPreference?.isEnabled = biometricUnlockEnablePreference?.isChecked == true
+            tempDeviceUnlockPreference?.isEnabled = biometricUnlockEnablePreference?.isChecked == true
                     || deviceCredentialUnlockEnablePreference?.isChecked == true
 
-            tempAdvancedUnlockPreference?.setOnPreferenceClickListener {
-                tempAdvancedUnlockPreference.isChecked = !tempAdvancedUnlockPreference.isChecked
+            tempDeviceUnlockPreference?.setOnPreferenceClickListener {
+                tempDeviceUnlockPreference.isChecked = !tempDeviceUnlockPreference.isChecked
                 warningMessage(activity, keystoreWarning = false, deleteKeys = true) {
-                    tempAdvancedUnlockPreference.isChecked = !tempAdvancedUnlockPreference.isChecked
+                    tempDeviceUnlockPreference.isChecked = !tempDeviceUnlockPreference.isChecked
                 }
                 true
             }
@@ -366,8 +366,8 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
             }
         }
 
-        findPreference<Preference>(getString(R.string.advanced_unlock_explanation_key))?.setOnPreferenceClickListener {
-            context?.openUrl(R.string.advanced_unlock_explanation_url)
+        findPreference<Preference>(getString(R.string.device_unlock_explanation_key))?.setOnPreferenceClickListener {
+            context?.openUrl(R.string.device_unlock_explanation_url)
             false
         }
     }
@@ -378,14 +378,14 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                                validate: (()->Unit)? = null) {
         var message = ""
         if (keystoreWarning) {
-            message += resources.getString(R.string.advanced_unlock_prompt_store_credential_message)
-            message += "\n\n" + resources.getString(R.string.advanced_unlock_keystore_warning)
+            message += resources.getString(R.string.device_unlock_prompt_store_credential_message)
+            message += "\n\n" + resources.getString(R.string.device_unlock_keystore_warning)
         }
         if (keystoreWarning && deleteKeys) {
             message += "\n\n"
         }
         if (deleteKeys) {
-            message += resources.getString(R.string.advanced_unlock_delete_all_key_warning)
+            message += resources.getString(R.string.device_unlock_delete_all_key_warning)
         }
         warningAlertDialog = AlertDialog.Builder(activity)
             .setMessage(message)
@@ -395,7 +395,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
                 validate?.invoke()
                 warningAlertDialog?.setOnDismissListener(null)
                 if (deleteKeys && Build.VERSION.SDK_INT >= Build.VERSION_CODES.M) {
-                    AdvancedUnlockManager.deleteAllEntryKeysInKeystoreForBiometric(activity)
+                    DeviceUnlockManager.deleteAllEntryKeysInKeystoreForBiometric(activity)
                 }
             }
             .setNegativeButton(resources.getString(android.R.string.cancel)
@@ -483,13 +483,15 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
             getString(R.string.setting_style_brightness_key),
             getString(R.string.setting_icon_pack_choose_key),
             getString(R.string.show_entry_colors_key),
+            getString(R.string.hide_expired_entries_key),
+            getString(R.string.hide_templates_key),
             getString(R.string.list_entries_show_username_key),
             getString(R.string.list_groups_show_number_entries_key),
+            getString(R.string.recursive_number_entries_key),
             getString(R.string.show_otp_token_key),
             getString(R.string.show_uuid_key),
             getString(R.string.list_size_key),
             getString(R.string.monospace_font_fields_enable_key),
-            getString(R.string.hide_expired_entries_key),
             getString(R.string.enable_education_screens_key),
             getString(R.string.reset_education_screens_key) -> {
                 DATABASE_PREFERENCE_CHANGED = true
@@ -507,7 +509,7 @@ class NestedAppSettingsFragment : NestedSettingsFragment() {
         when (preference.key) {
             getString(R.string.app_timeout_key),
             getString(R.string.clipboard_timeout_key),
-            getString(R.string.temp_advanced_unlock_timeout_key) -> {
+            getString(R.string.temp_device_unlock_timeout_key) -> {
                 dialogFragment = DurationDialogFragmentCompat.newInstance(preference.key)
             }
             else -> otherDialogFragment = true

app/src/main/java/com/kunzisoft/keepass/settings/NestedSettingsFragment.kt

@@ -30,7 +30,7 @@ import com.kunzisoft.keepass.activities.dialogs.UnderDevelopmentFeatureDialogFra
 abstract class NestedSettingsFragment : PreferenceFragmentCompat() {
 
     enum class Screen {
-        APPLICATION, FORM_FILLING, ADVANCED_UNLOCK, APPEARANCE, DATABASE, DATABASE_SECURITY, DATABASE_MASTER_KEY
+        APPLICATION, FORM_FILLING, DEVICE_UNLOCK, APPEARANCE, DATABASE, DATABASE_SECURITY, DATABASE_MASTER_KEY
     }
 
     fun getScreen(): Screen {
@@ -66,7 +66,7 @@ abstract class NestedSettingsFragment : PreferenceFragmentCompat() {
             val fragment: NestedSettingsFragment = when (key) {
                 Screen.APPLICATION,
                 Screen.FORM_FILLING,
-                Screen.ADVANCED_UNLOCK,
+                Screen.DEVICE_UNLOCK,
                 Screen.APPEARANCE -> NestedAppSettingsFragment()
                 Screen.DATABASE,
                 Screen.DATABASE_SECURITY,
@@ -83,7 +83,7 @@ abstract class NestedSettingsFragment : PreferenceFragmentCompat() {
             return when (key) {
                 Screen.APPLICATION -> resources.getString(R.string.menu_app_settings)
                 Screen.FORM_FILLING -> resources.getString(R.string.menu_form_filling_settings)
-                Screen.ADVANCED_UNLOCK -> resources.getString(R.string.menu_advanced_unlock_settings)
+                Screen.DEVICE_UNLOCK -> resources.getString(R.string.menu_device_unlock_settings)
                 Screen.APPEARANCE -> resources.getString(R.string.menu_appearance_settings)
                 Screen.DATABASE -> resources.getString(R.string.menu_database_settings)
                 Screen.DATABASE_SECURITY -> resources.getString(R.string.menu_security_settings)

app/src/main/java/com/kunzisoft/keepass/settings/PreferencesUtil.kt

@@ -29,7 +29,7 @@ import androidx.preference.PreferenceManager
 import com.kunzisoft.keepass.BuildConfig
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.stylish.Stylish
-import com.kunzisoft.keepass.biometric.AdvancedUnlockManager
+import com.kunzisoft.keepass.biometric.DeviceUnlockManager
 import com.kunzisoft.keepass.database.element.SortNodeEnum
 import com.kunzisoft.keepass.database.search.SearchParameters
 import com.kunzisoft.keepass.education.Education
@@ -120,6 +120,18 @@ object PreferencesUtil {
             context.resources.getBoolean(R.bool.show_entry_colors_default))
     }
 
+    fun showExpiredEntries(context: Context): Boolean {
+        val prefs = PreferenceManager.getDefaultSharedPreferences(context)
+        return ! prefs.getBoolean(context.getString(R.string.hide_expired_entries_key),
+            context.resources.getBoolean(R.bool.hide_expired_entries_default))
+    }
+
+    fun showTemplates(context: Context): Boolean {
+        val prefs = PreferenceManager.getDefaultSharedPreferences(context)
+        return ! prefs.getBoolean(context.getString(R.string.hide_templates_key),
+            context.resources.getBoolean(R.bool.hide_templates_default))
+    }
+
     fun hideProtectedValue(context: Context): Boolean {
         val prefs = PreferenceManager.getDefaultSharedPreferences(context)
         return prefs.getBoolean(context.getString(R.string.hide_password_key),
@@ -144,6 +156,12 @@ object PreferencesUtil {
             context.resources.getBoolean(R.bool.list_groups_show_number_entries_default))
     }
 
+    fun recursiveNumberEntries(context: Context): Boolean {
+        val prefs = PreferenceManager.getDefaultSharedPreferences(context)
+        return prefs.getBoolean(context.getString(R.string.recursive_number_entries_key),
+            context.resources.getBoolean(R.bool.recursive_number_entries_default))
+    }
+
     fun showOTPToken(context: Context): Boolean {
         val prefs = PreferenceManager.getDefaultSharedPreferences(context)
         return prefs.getBoolean(context.getString(R.string.show_otp_token_key),
@@ -156,12 +174,6 @@ object PreferencesUtil {
             context.resources.getBoolean(R.bool.show_uuid_default))
     }
 
-    fun showExpiredEntries(context: Context): Boolean {
-        val prefs = PreferenceManager.getDefaultSharedPreferences(context)
-        return ! prefs.getBoolean(context.getString(R.string.hide_expired_entries_key),
-            context.resources.getBoolean(R.bool.hide_expired_entries_default))
-    }
-
     fun getStyle(context: Context): String {
         val defaultStyleString = Stylish.defaultStyle(context)
         val styleString = PreferenceManager.getDefaultSharedPreferences(context)
@@ -448,10 +460,10 @@ object PreferencesUtil {
             ?: TimeoutHelper.DEFAULT_TIMEOUT
     }
 
-    fun getAdvancedUnlockTimeout(context: Context): Long {
+    fun getDeviceUnlockTimeout(context: Context): Long {
         val prefs = PreferenceManager.getDefaultSharedPreferences(context)
-        return prefs.getString(context.getString(R.string.temp_advanced_unlock_timeout_key),
-            context.getString(R.string.temp_advanced_unlock_timeout_default))?.toLong()
+        return prefs.getString(context.getString(R.string.temp_device_unlock_timeout_key),
+            context.getString(R.string.temp_device_unlock_timeout_default))?.toLong()
             ?: TimeoutHelper.DEFAULT_TIMEOUT
     }
 
@@ -491,7 +503,7 @@ object PreferencesUtil {
             context.resources.getBoolean(R.bool.enable_screenshot_mode_key_default))
     }
 
-    fun isAdvancedUnlockEnable(context: Context): Boolean {
+    fun isDeviceUnlockEnable(context: Context): Boolean {
         return isBiometricUnlockEnable(context) || isDeviceCredentialUnlockEnable(context)
     }
 
@@ -500,7 +512,7 @@ object PreferencesUtil {
         return prefs.getBoolean(context.getString(R.string.biometric_unlock_enable_key),
             context.resources.getBoolean(R.bool.biometric_unlock_enable_default))
                 && (if (android.os.Build.VERSION.SDK_INT >= android.os.Build.VERSION_CODES.M) {
-            AdvancedUnlockManager.biometricUnlockSupported(context)
+            DeviceUnlockManager.biometricUnlockSupported(context)
         } else {
             false
         })
@@ -514,13 +526,13 @@ object PreferencesUtil {
                 && !isBiometricUnlockEnable(context)
     }
 
-    fun isTempAdvancedUnlockEnable(context: Context): Boolean {
+    fun isTempDeviceUnlockEnable(context: Context): Boolean {
         val prefs = PreferenceManager.getDefaultSharedPreferences(context)
-        return prefs.getBoolean(context.getString(R.string.temp_advanced_unlock_enable_key),
-            context.resources.getBoolean(R.bool.temp_advanced_unlock_enable_default))
+        return prefs.getBoolean(context.getString(R.string.temp_device_unlock_enable_key),
+            context.resources.getBoolean(R.bool.temp_device_unlock_enable_default))
     }
 
-    fun isAdvancedUnlockPromptAutoOpenEnable(context: Context): Boolean {
+    fun isDeviceUnlockPromptAutoOpenEnable(context: Context): Boolean {
         val prefs = PreferenceManager.getDefaultSharedPreferences(context)
         return prefs.getBoolean(context.getString(R.string.biometric_auto_open_prompt_key),
             context.resources.getBoolean(R.bool.biometric_auto_open_prompt_default))
@@ -606,12 +618,6 @@ object PreferencesUtil {
             context.resources.getBoolean(R.bool.allow_no_password_default))
     }
 
-    fun enableReadOnlyDatabase(context: Context): Boolean {
-        val prefs = PreferenceManager.getDefaultSharedPreferences(context)
-        return prefs.getBoolean(context.getString(R.string.enable_read_only_key),
-            context.resources.getBoolean(R.bool.enable_read_only_default))
-    }
-
     fun deletePasswordAfterConnexionAttempt(context: Context): Boolean {
         val prefs = PreferenceManager.getDefaultSharedPreferences(context)
         return prefs.getBoolean(context.getString(R.string.delete_entered_password_key),
@@ -792,7 +798,6 @@ object PreferencesUtil {
             when (name) {
                 context.getString(R.string.allow_no_password_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.delete_entered_password_key) -> editor.putBoolean(name, value.toBoolean())
-                context.getString(R.string.enable_read_only_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.enable_auto_save_database_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.enable_keep_screen_on_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.auto_focus_search_key) -> editor.putBoolean(name, value.toBoolean())
@@ -809,8 +814,8 @@ object PreferencesUtil {
                 context.getString(R.string.biometric_unlock_enable_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.device_credential_unlock_enable_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.biometric_auto_open_prompt_key) -> editor.putBoolean(name, value.toBoolean())
-                context.getString(R.string.temp_advanced_unlock_enable_key) -> editor.putBoolean(name, value.toBoolean())
-                context.getString(R.string.temp_advanced_unlock_timeout_key) -> editor.putString(name, value.toLong().toString())
+                context.getString(R.string.temp_device_unlock_enable_key) -> editor.putBoolean(name, value.toBoolean())
+                context.getString(R.string.temp_device_unlock_timeout_key) -> editor.putString(name, value.toLong().toString())
 
                 context.getString(R.string.magic_keyboard_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.clipboard_notifications_key) -> editor.putBoolean(name, value.toBoolean())
@@ -841,15 +846,17 @@ object PreferencesUtil {
                 context.getString(R.string.setting_style_brightness_key) -> editor.putString(name, value)
                 context.getString(R.string.setting_icon_pack_choose_key) -> editor.putString(name, value)
                 context.getString(R.string.show_entry_colors_key) -> editor.putBoolean(name, value.toBoolean())
+                context.getString(R.string.hide_expired_entries_key) -> editor.putBoolean(name, value.toBoolean())
+                context.getString(R.string.hide_templates_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.hide_password_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.colorize_password_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.list_entries_show_username_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.list_groups_show_number_entries_key) -> editor.putBoolean(name, value.toBoolean())
+                context.getString(R.string.recursive_number_entries_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.show_otp_token_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.show_uuid_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.list_size_key) -> editor.putString(name, value)
                 context.getString(R.string.monospace_font_fields_enable_key) -> editor.putBoolean(name, value.toBoolean())
-                context.getString(R.string.hide_expired_entries_key) -> editor.putBoolean(name, value.toBoolean())
                 context.getString(R.string.enable_education_screens_key) -> editor.putBoolean(name, value.toBoolean())
 
                 context.getString(R.string.password_generator_length_key) -> editor.putInt(name, value.toInt())

app/src/main/java/com/kunzisoft/keepass/settings/preferencedialogfragment/AutofillBlocklistWebDomainPreferenceDialogFragmentCompat.kt

@@ -26,7 +26,7 @@ import com.kunzisoft.keepass.model.SearchInfo
 class AutofillBlocklistWebDomainPreferenceDialogFragmentCompat
     : AutofillBlocklistPreferenceDialogFragmentCompat() {
 
-    override fun buildSearchInfoFromString(searchInfoString: String): SearchInfo? {
+    override fun buildSearchInfoFromString(searchInfoString: String): SearchInfo {
         val newSearchInfo = searchInfoString
                 // remove prefix https://
                 .replace(Regex("^.*://"), "")

app/src/main/java/com/kunzisoft/keepass/timeout/TimeoutHelper.kt

@@ -65,27 +65,19 @@ object TimeoutHelper {
                 (context.applicationContext.getSystemService(Context.ALARM_SERVICE) as AlarmManager?)?.let { alarmManager ->
                     val triggerTime = System.currentTimeMillis() + timeout
                     Log.d(TAG, "TimeoutHelper start")
-                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
-                        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S
-                            && !alarmManager.canScheduleExactAlarms()) {
-                            alarmManager.set(
-                                AlarmManager.RTC,
-                                triggerTime,
-                                getLockPendingIntent(context)
-                            )
-                        } else {
-                            alarmManager.setExact(
-                                AlarmManager.RTC,
-                                triggerTime,
-                                getLockPendingIntent(context)
-                            )
-                        }
-                    } else {
+                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S
+                        && !alarmManager.canScheduleExactAlarms()) {
                         alarmManager.set(
                             AlarmManager.RTC,
                             triggerTime,
                             getLockPendingIntent(context)
                         )
+                    } else {
+                        alarmManager.setExact(
+                            AlarmManager.RTC,
+                            triggerTime,
+                            getLockPendingIntent(context)
+                        )
                     }
                 }
             }

app/src/main/java/com/kunzisoft/keepass/utils/BroadcastAction.kt

@@ -29,7 +29,9 @@ import android.content.Intent
 import android.content.IntentFilter
 import android.os.Build
 import android.util.Log
+import androidx.core.content.ContextCompat
 import com.kunzisoft.keepass.R
+import com.kunzisoft.keepass.app.AppLifecycleObserver
 import com.kunzisoft.keepass.database.ContextualDatabase
 import com.kunzisoft.keepass.magikeyboard.MagikeyboardService
 import com.kunzisoft.keepass.services.ClipboardEntryNotificationService
@@ -45,9 +47,9 @@ const val LOCK_ACTION = "com.kunzisoft.keepass.LOCK"
 const val REMOVE_ENTRY_MAGIKEYBOARD_ACTION = "com.kunzisoft.keepass.REMOVE_ENTRY_MAGIKEYBOARD"
 const val BACK_PREVIOUS_KEYBOARD_ACTION = "com.kunzisoft.keepass.BACK_PREVIOUS_KEYBOARD"
 
-class LockReceiver(var lockAction: () -> Unit) : BroadcastReceiver() {
+class LockReceiver(private var lockAction: () -> Unit) : BroadcastReceiver() {
 
-    var mLockPendingIntent: PendingIntent? = null
+    private var mLockPendingIntent: PendingIntent? = null
     var backToPreviousKeyboardAction: (() -> Unit)? = null
 
     override fun onReceive(context: Context, intent: Intent) {
@@ -60,7 +62,7 @@ class LockReceiver(var lockAction: () -> Unit) : BroadcastReceiver() {
                     }
                     Intent.ACTION_SCREEN_OFF -> {
                         if (PreferencesUtil.isLockDatabaseWhenScreenShutOffEnable(context)) {
-                            mLockPendingIntent = PendingIntent.getBroadcast(context,
+                            val lockPendingIntent = PendingIntent.getBroadcast(context,
                                 4575,
                                 Intent(intent).apply {
                                     action = LOCK_ACTION
@@ -71,29 +73,22 @@ class LockReceiver(var lockAction: () -> Unit) : BroadcastReceiver() {
                                     0
                                 }
                             )
+                            this.mLockPendingIntent = lockPendingIntent
                             // Launch the effective action after a small time
                             val first: Long = System.currentTimeMillis() + context.getString(R.string.timeout_screen_off).toLong()
                             (context.getSystemService(ALARM_SERVICE) as AlarmManager?)?.let { alarmManager ->
-                                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
-                                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S
-                                        && !alarmManager.canScheduleExactAlarms()) {
-                                        alarmManager.set(
-                                            AlarmManager.RTC_WAKEUP,
-                                            first,
-                                            mLockPendingIntent
-                                        )
-                                    } else {
-                                        alarmManager.setExact(
-                                            AlarmManager.RTC_WAKEUP,
-                                            first,
-                                            mLockPendingIntent
-                                        )
-                                    }
-                                } else {
+                                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.S
+                                    && !alarmManager.canScheduleExactAlarms()) {
                                     alarmManager.set(
                                         AlarmManager.RTC_WAKEUP,
                                         first,
-                                        mLockPendingIntent
+                                        lockPendingIntent
+                                    )
+                                } else {
+                                    alarmManager.setExact(
+                                        AlarmManager.RTC_WAKEUP,
+                                        first,
+                                        lockPendingIntent
                                     )
                                 }
                             }
@@ -103,6 +98,7 @@ class LockReceiver(var lockAction: () -> Unit) : BroadcastReceiver() {
                     }
                     LOCK_ACTION -> {
                         lockAction.invoke()
+                        AppLifecycleObserver.lockBackgroundEvent = false
                         if (PreferencesUtil.isKeyboardPreviousLockEnable(context)) {
                             backToPreviousKeyboardAction?.invoke()
                         } else {}
@@ -120,9 +116,9 @@ class LockReceiver(var lockAction: () -> Unit) : BroadcastReceiver() {
     }
 
     private fun cancelLockPendingIntent(context: Context) {
-        mLockPendingIntent?.let {
+        mLockPendingIntent?.let { lockPendingIntent ->
             val alarmManager = context.getSystemService(ALARM_SERVICE) as AlarmManager?
-            alarmManager?.cancel(mLockPendingIntent)
+            alarmManager?.cancel(lockPendingIntent)
             mLockPendingIntent = null
         }
     }
@@ -131,7 +127,7 @@ class LockReceiver(var lockAction: () -> Unit) : BroadcastReceiver() {
 fun Context.registerLockReceiver(lockReceiver: LockReceiver?,
                                  registerKeyboardAction: Boolean = false) {
     lockReceiver?.let {
-        registerReceiver(it, IntentFilter().apply {
+        ContextCompat.registerReceiver(this, it, IntentFilter().apply {
             addAction(Intent.ACTION_SCREEN_OFF)
             addAction(Intent.ACTION_SCREEN_ON)
             addAction(LOCK_ACTION)
@@ -139,7 +135,7 @@ fun Context.registerLockReceiver(lockReceiver: LockReceiver?,
                 addAction(REMOVE_ENTRY_MAGIKEYBOARD_ACTION)
                 addAction(BACK_PREVIOUS_KEYBOARD_ACTION)
             }
-        })
+        }, ContextCompat.RECEIVER_EXPORTED)
     }
 }
 

app/src/main/java/com/kunzisoft/keepass/utils/TimeUtil.kt

@@ -3,13 +3,17 @@ package com.kunzisoft.keepass.utils
 import android.content.res.Resources
 import androidx.core.os.ConfigurationCompat
 import com.kunzisoft.keepass.database.element.DateInstant
+import com.kunzisoft.keepass.model.DataDate
 import java.text.DateFormat
+import java.util.Calendar
 import java.util.Locale
+import java.util.TimeZone
 
 object TimeUtil {
 
     fun DateInstant.getDateTimeString(resources: Resources): String {
         val locale = ConfigurationCompat.getLocales(resources.configuration)[0] ?: Locale.ROOT
+        val date = instant.toDate()
         return when (type) {
             DateInstant.Type.DATE -> DateFormat.getDateInstance(
                 DateFormat.MEDIUM,
@@ -26,4 +30,22 @@ object TimeUtil {
                 .format(date)
         }
     }
+
+    // https://github.com/material-components/material-components-android/issues/882#issuecomment-1111374962
+    // To fix UTC time in date picker
+    fun datePickerToDataDate(millis: Long): DataDate {
+        val selectedUtc = Calendar.getInstance(TimeZone.getTimeZone("UTC"))
+        selectedUtc.timeInMillis = millis
+        val selectedLocal = Calendar.getInstance()
+        selectedLocal.clear()
+        selectedLocal.set(
+            selectedUtc.get(Calendar.YEAR),
+            selectedUtc.get(Calendar.MONTH),
+            selectedUtc.get(Calendar.DAY_OF_MONTH))
+        return DataDate(
+            selectedLocal.get(Calendar.YEAR),
+            selectedLocal.get(Calendar.MONTH) + 1,
+            selectedLocal.get(Calendar.DAY_OF_MONTH),
+        )
+    }
 }

app/src/main/java/com/kunzisoft/keepass/utils/UriUtil.kt

@@ -67,55 +67,53 @@ object UriUtil {
                                      readOnly: Boolean) {
         try {
             // try to persist read and write permissions
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
-                contentResolver?.apply {
-                    var readPermissionAllowed = false
-                    var writePermissionAllowed = false
-                    // Check current permissions allowed
-                    persistedUriPermissions.find { uriPermission ->
-                        uriPermission.uri == uri
-                    }?.let { uriPermission ->
-                        Log.d(TAG, "Check URI permission : $uriPermission")
-                        if (uriPermission.isReadPermission) {
-                            readPermissionAllowed = true
-                        }
-                        if (uriPermission.isWritePermission) {
-                            writePermissionAllowed = true
-                        }
+            contentResolver?.apply {
+                var readPermissionAllowed = false
+                var writePermissionAllowed = false
+                // Check current permissions allowed
+                persistedUriPermissions.find { uriPermission ->
+                    uriPermission.uri == uri
+                }?.let { uriPermission ->
+                    Log.d(TAG, "Check URI permission : $uriPermission")
+                    if (uriPermission.isReadPermission) {
+                        readPermissionAllowed = true
                     }
-
-                    // Release permission
-                    if (release) {
-                        if (writePermissionAllowed) {
-                            Log.d(TAG, "Release write permission : $uri")
-                            val removeFlags: Int = Intent.FLAG_GRANT_WRITE_URI_PERMISSION
-                            releasePersistableUriPermission(uri, removeFlags)
-                        }
-                        if (readPermissionAllowed) {
-                            Log.d(TAG, "Release read permission $uri")
-                            val takeFlags: Int = Intent.FLAG_GRANT_READ_URI_PERMISSION
-                            releasePersistableUriPermission(uri, takeFlags)
-                        }
+                    if (uriPermission.isWritePermission) {
+                        writePermissionAllowed = true
                     }
+                }
 
-                    // Take missing permission
-                    if (!readPermissionAllowed) {
-                        Log.d(TAG, "Take read permission $uri")
+                // Release permission
+                if (release) {
+                    if (writePermissionAllowed) {
+                        Log.d(TAG, "Release write permission : $uri")
+                        val removeFlags: Int = Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+                        releasePersistableUriPermission(uri, removeFlags)
+                    }
+                    if (readPermissionAllowed) {
+                        Log.d(TAG, "Release read permission $uri")
                         val takeFlags: Int = Intent.FLAG_GRANT_READ_URI_PERMISSION
-                        takePersistableUriPermission(uri, takeFlags)
+                        releasePersistableUriPermission(uri, takeFlags)
                     }
-                    if (readOnly) {
-                        if (writePermissionAllowed) {
-                            Log.d(TAG, "Release write permission $uri")
-                            val removeFlags: Int = Intent.FLAG_GRANT_WRITE_URI_PERMISSION
-                            releasePersistableUriPermission(uri, removeFlags)
-                        }
-                    } else {
-                        if (!writePermissionAllowed) {
-                            Log.d(TAG, "Take write permission $uri")
-                            val takeFlags: Int = Intent.FLAG_GRANT_WRITE_URI_PERMISSION
-                            takePersistableUriPermission(uri, takeFlags)
-                        }
+                }
+
+                // Take missing permission
+                if (!readPermissionAllowed) {
+                    Log.d(TAG, "Take read permission $uri")
+                    val takeFlags: Int = Intent.FLAG_GRANT_READ_URI_PERMISSION
+                    takePersistableUriPermission(uri, takeFlags)
+                }
+                if (readOnly) {
+                    if (writePermissionAllowed) {
+                        Log.d(TAG, "Release write permission $uri")
+                        val removeFlags: Int = Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+                        releasePersistableUriPermission(uri, removeFlags)
+                    }
+                } else {
+                    if (!writePermissionAllowed) {
+                        Log.d(TAG, "Take write permission $uri")
+                        val takeFlags: Int = Intent.FLAG_GRANT_WRITE_URI_PERMISSION
+                        takePersistableUriPermission(uri, takeFlags)
                     }
                 }
             }
@@ -140,42 +138,38 @@ object UriUtil {
     }
 
     fun Context.releaseAllUnnecessaryPermissionUris() {
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT) {
-            applicationContext?.let { appContext ->
-                val fileDatabaseHistoryAction = FileDatabaseHistoryAction.getInstance(appContext)
-                fileDatabaseHistoryAction.getDatabaseFileList { databaseFileList ->
-                    val listToNotRemove = mutableListOf<Uri>()
-                    databaseFileList.forEach {
-                        it.databaseUri?.let { databaseUri ->
-                            listToNotRemove.add(databaseUri)
-                        }
-                        it.keyFileUri?.let { keyFileUri ->
-                            listToNotRemove.add(keyFileUri)
-                        }
+        applicationContext?.let { appContext ->
+            val fileDatabaseHistoryAction = FileDatabaseHistoryAction.getInstance(appContext)
+            fileDatabaseHistoryAction.getDatabaseFileList { databaseFileList ->
+                val listToNotRemove = mutableListOf<Uri>()
+                databaseFileList.forEach {
+                    it.databaseUri?.let { databaseUri ->
+                        listToNotRemove.add(databaseUri)
                     }
-                    // Remove URI permission for not database files
-                    val resolver = appContext.contentResolver
-                    resolver.persistedUriPermissions.forEach { uriPermission ->
-                        val uri = uriPermission.uri
-                        if (!listToNotRemove.contains(uri))
-                            resolver.releaseUriPermission(uri)
+                    it.keyFileUri?.let { keyFileUri ->
+                        listToNotRemove.add(keyFileUri)
                     }
                 }
+                // Remove URI permission for not database files
+                val resolver = appContext.contentResolver
+                resolver.persistedUriPermissions.forEach { uriPermission ->
+                    val uri = uriPermission.uri
+                    if (!listToNotRemove.contains(uri))
+                        resolver.releaseUriPermission(uri)
+                }
             }
         }
     }
 
     fun Intent.getUri(key: String): Uri? {
         try {
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
-                val clipData = this.clipData
-                if (clipData != null) {
-                    if (clipData.description.label == key) {
-                        if (clipData.itemCount == 1) {
-                            val clipItem = clipData.getItemAt(0)
-                            if (clipItem != null) {
-                                return clipItem.uri
-                            }
+            val clipData = this.clipData
+            if (clipData != null) {
+                if (clipData.description.label == key) {
+                    if (clipData.itemCount == 1) {
+                        val clipItem = clipData.getItemAt(0)
+                        if (clipItem != null) {
+                            return clipItem.uri
                         }
                     }
                 }

app/src/main/java/com/kunzisoft/keepass/view/AddNodeButtonView.kt

@@ -68,6 +68,7 @@ class AddNodeButtonView @JvmOverloads constructor(context: Context,
 
     init {
         inflate(context)
+        hideButton()
     }
 
     private fun inflate(context: Context) {

app/src/main/java/com/kunzisoft/keepass/view/DataTime.kt

@@ -1,3 +0,0 @@
-package com.kunzisoft.keepass.view
-
-data class DataTime(val hours: Int, val minutes: Int)

app/src/main/java/com/kunzisoft/keepass/view/DateTimeEditFieldView.kt

@@ -111,7 +111,7 @@ class DateTimeEditFieldView @JvmOverloads constructor(context: Context,
                 mDefault
         }
         set(value) {
-            mDateTime = DateInstant(value.date, mDateTime.type)
+            mDateTime = DateInstant(value.instant, mDateTime.type)
             entryExpiresTextView.text = if (entryExpiresCheckBox.isChecked) {
                 mDateTime.getDateTimeString(resources)
             } else {

app/src/main/java/com/kunzisoft/keepass/view/DateTimeFieldView.kt

@@ -57,8 +57,6 @@ class DateTimeFieldView @JvmOverloads constructor(context: Context,
     }
 
     private fun assignExpiresDateText() {
-        val isExpires = mDateTime.isCurrentlyExpire()
-
         // Show or not the warning icon
         expiresImage.isVisible = if (mActivated) {
             isExpires
@@ -100,6 +98,13 @@ class DateTimeFieldView @JvmOverloads constructor(context: Context,
             mDateTime.type = value
         }
 
+    var isExpirable: Boolean = false
+
+    val isExpires: Boolean
+        get() {
+            return isExpirable && mDateTime.isCurrentlyExpire()
+        }
+
     override var activation: Boolean
         get() {
             return mActivated
@@ -128,7 +133,7 @@ class DateTimeFieldView @JvmOverloads constructor(context: Context,
                 mDefault
         }
         set(value) {
-            mDateTime = DateInstant(value.date, mDateTime.type)
+            mDateTime = DateInstant(value.instant, mDateTime.type)
             assignExpiresDateText()
         }
 

app/src/main/java/com/kunzisoft/keepass/view/DeviceUnlockView.kt

@@ -25,27 +25,26 @@ import android.util.AttributeSet
 import android.view.LayoutInflater
 import android.widget.Button
 import android.widget.LinearLayout
-import android.widget.Toast
 import androidx.annotation.RequiresApi
 import androidx.annotation.StringRes
 import com.kunzisoft.keepass.R
 
 @RequiresApi(api = Build.VERSION_CODES.M)
-class AdvancedUnlockInfoView @JvmOverloads constructor(context: Context,
-                                                       attrs: AttributeSet? = null,
-                                                       defStyle: Int = 0)
+class DeviceUnlockView @JvmOverloads constructor(context: Context,
+                                                 attrs: AttributeSet? = null,
+                                                 defStyle: Int = 0)
     : LinearLayout(context, attrs, defStyle) {
 
     private var biometricButtonView: Button? = null
 
     init {
         val inflater = context.getSystemService(Context.LAYOUT_INFLATER_SERVICE) as LayoutInflater?
-        inflater?.inflate(R.layout.view_advanced_unlock, this)
+        inflater?.inflate(R.layout.view_device_unlock, this)
 
         biometricButtonView = findViewById(R.id.biometric_button)
     }
 
-    fun setIconViewClickListener(listener: OnClickListener?) {
+    fun setDeviceUnlockButtonViewClickListener(listener: OnClickListener?) {
         biometricButtonView?.setOnClickListener(listener)
     }
 
@@ -60,14 +59,4 @@ class AdvancedUnlockInfoView @JvmOverloads constructor(context: Context,
     fun setTitle(@StringRes textId: Int) {
         title = context.getString(textId)
     }
-
-    fun setMessage(text: CharSequence) {
-        if (text.isNotEmpty())
-            Toast.makeText(context, text, Toast.LENGTH_LONG).show()
-    }
-
-    fun setMessage(@StringRes textId: Int) {
-        Toast.makeText(context, textId, Toast.LENGTH_LONG).show()
-    }
-
 }

app/src/main/java/com/kunzisoft/keepass/view/MainCredentialView.kt

@@ -53,9 +53,7 @@ class MainCredentialView @JvmOverloads constructor(context: Context,
     private var checkboxHardwareView: CompoundButton
     private var hardwareKeySelectionView: HardwareKeySelectionView
 
-    var onPasswordChecked: (CompoundButton.OnCheckedChangeListener)? = null
-    var onKeyFileChecked: (CompoundButton.OnCheckedChangeListener)? = null
-    var onHardwareKeyChecked: (CompoundButton.OnCheckedChangeListener)? = null
+    var onConditionToStoreCredentialChanged: ((CredentialStorage, verified: Boolean) -> Unit)? = null
     var onValidateListener: (() -> Unit)? = null
 
     private var mCredentialStorage: CredentialStorage = CredentialStorage.PASSWORD
@@ -103,24 +101,33 @@ class MainCredentialView @JvmOverloads constructor(context: Context,
             handled
         }
 
-        checkboxPasswordView.setOnCheckedChangeListener { view, checked ->
-            onPasswordChecked?.onCheckedChanged(view, checked)
+        checkboxPasswordView.setOnCheckedChangeListener { _, _ ->
+            onConditionToStoreCredentialChanged?.invoke(
+                mCredentialStorage,
+                conditionToStoreCredential()
+            )
         }
-        checkboxKeyFileView.setOnCheckedChangeListener { view, checked ->
+        checkboxKeyFileView.setOnCheckedChangeListener { _, checked ->
             if (checked) {
                 if (keyFileSelectionView.uri == null) {
                     checkboxKeyFileView.isChecked = false
                 }
             }
-            onKeyFileChecked?.onCheckedChanged(view, checked)
+            onConditionToStoreCredentialChanged?.invoke(
+                mCredentialStorage,
+                conditionToStoreCredential()
+            )
         }
-        checkboxHardwareView.setOnCheckedChangeListener { view, checked ->
+        checkboxHardwareView.setOnCheckedChangeListener { _, checked ->
             if (checked) {
                 if (hardwareKeySelectionView.hardwareKey == null) {
                     checkboxHardwareView.isChecked = false
                 }
             }
-            onHardwareKeyChecked?.onCheckedChanged(view, checked)
+            onConditionToStoreCredentialChanged?.invoke(
+                mCredentialStorage,
+                conditionToStoreCredential()
+            )
         }
 
         hardwareKeySelectionView.selectionListener = { _ ->

app/src/main/java/com/kunzisoft/keepass/view/PasswordEditView.kt

@@ -33,20 +33,19 @@ import android.widget.TextView
 import com.google.android.material.progressindicator.LinearProgressIndicator
 import com.google.android.material.textfield.TextInputLayout
 import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.password.PasswordGenerator
 import com.kunzisoft.keepass.password.PasswordEntropy
+import com.kunzisoft.keepass.password.PasswordGenerator
 import com.kunzisoft.keepass.settings.PreferencesUtil
 
-class PassKeyView @JvmOverloads constructor(context: Context,
-                                            attrs: AttributeSet? = null,
-                                            defStyle: Int = 0)
+class PasswordEditView @JvmOverloads constructor(context: Context,
+                                                 attrs: AttributeSet? = null,
+                                                 defStyle: Int = 0)
     : FrameLayout(context, attrs, defStyle) {
 
     private var mPasswordEntropyCalculator: PasswordEntropy? = null
 
     private val passwordInputLayout: TextInputLayout
     private val passwordText: EditText
-    private var textModified = false
     private val passwordStrengthProgress: LinearProgressIndicator
     private val passwordEntropy: TextView
 
@@ -60,13 +59,13 @@ class PassKeyView @JvmOverloads constructor(context: Context,
     init {
         context.theme.obtainStyledAttributes(
             attrs,
-            R.styleable.PassKeyView,
+            R.styleable.PasswordView,
             0, 0).apply {
             try {
-                mViewHint = getString(R.styleable.PassKeyView_passKeyHint)
+                mViewHint = getString(R.styleable.PasswordView_passwordHint)
                     ?: context.getString(R.string.password)
-                mMaxLines = getInteger(R.styleable.PassKeyView_passKeyMaxLines, mMaxLines)
-                mShowPassword = getBoolean(R.styleable.PassKeyView_passKeyVisible,
+                mMaxLines = getInteger(R.styleable.PasswordView_passwordMaxLines, mMaxLines)
+                mShowPassword = getBoolean(R.styleable.PasswordView_passwordVisible,
                     !PreferencesUtil.hideProtectedValue(context))
             } finally {
                 recycle()
@@ -74,24 +73,24 @@ class PassKeyView @JvmOverloads constructor(context: Context,
         }
 
         val inflater = context.getSystemService(Context.LAYOUT_INFLATER_SERVICE) as LayoutInflater?
-        inflater?.inflate(R.layout.view_passkey, this)
+        inflater?.inflate(R.layout.view_password_edit, this)
 
-        passwordInputLayout = findViewById(R.id.password_input_layout)
+        passwordInputLayout = findViewById(R.id.password_edit_input_layout)
         passwordInputLayout?.hint = mViewHint
-        passwordText = findViewById(R.id.password_text)
+        passwordText = findViewById(R.id.password_edit_text)
         if (mShowPassword) {
             passwordText?.inputType = passwordText.inputType or
                     InputType.TYPE_TEXT_VARIATION_VISIBLE_PASSWORD
         }
         passwordText?.maxLines = mMaxLines
         passwordText?.applyFontVisibility()
-        passwordStrengthProgress = findViewById(R.id.password_strength_progress)
+        passwordStrengthProgress = findViewById(R.id.password_edit_strength_progress)
         passwordStrengthProgress?.apply {
             setIndicatorColor(PasswordEntropy.Strength.RISKY.color)
             progress = 0
             max = 100
         }
-        passwordEntropy = findViewById(R.id.password_entropy)
+        passwordEntropy = findViewById(R.id.password_edit_entropy)
 
         mPasswordEntropyCalculator = PasswordEntropy {
             passwordText?.text?.toString()?.let { firstPassword ->
@@ -113,20 +112,11 @@ class PassKeyView @JvmOverloads constructor(context: Context,
             }
 
             override fun afterTextChanged(editable: Editable) {
-                /* Fixme 1686
-                if (textModified) {
-                    textModified = false
-                } else {
-                    textModified = true
-                    val selectionStart = passwordText.selectionStart
-                    val selectionEnd = passwordText.selectionEnd
-                    passwordString = editable.toString()
-                    passwordText.setSelection(selectionStart, selectionEnd)
-                }*/
                 mPasswordTextWatchers.forEach {
                     it.afterTextChanged(editable)
                 }
                 getEntropyStrength(editable.toString())
+                PasswordGenerator.colorizedPassword(editable)
             }
         }
         passwordText?.addTextChangedListener(mPasswordTextWatcher)

app/src/main/java/com/kunzisoft/keepass/view/PasswordTextEditFieldView.kt

@@ -0,0 +1,154 @@
+/*
+ * Copyright 2024 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.view
+
+import android.content.Context
+import android.text.Spannable
+import android.util.AttributeSet
+import android.util.TypedValue
+import android.widget.TextView
+import androidx.core.view.ViewCompat
+import androidx.core.view.setPadding
+import androidx.core.widget.TextViewCompat
+import androidx.core.widget.doAfterTextChanged
+import com.google.android.material.progressindicator.LinearProgressIndicator
+import com.kunzisoft.keepass.R
+import com.kunzisoft.keepass.password.PasswordEntropy
+import com.kunzisoft.keepass.password.PasswordGenerator
+import com.kunzisoft.keepass.settings.PreferencesUtil
+
+
+class PasswordTextEditFieldView @JvmOverloads constructor(context: Context,
+                                                          attrs: AttributeSet? = null,
+                                                          defStyle: Int = 0)
+    : TextEditFieldView(context, attrs, defStyle) {
+
+    private var mPasswordEntropyCalculator: PasswordEntropy = PasswordEntropy {
+        valueView.text?.toString()?.let { firstPassword ->
+            getEntropyStrength(firstPassword)
+        }
+    }
+    private var isColorizedPasswordActivated = PreferencesUtil.colorizePassword(context)
+
+    private var passwordProgressViewId = ViewCompat.generateViewId()
+    private var passwordEntropyViewId = ViewCompat.generateViewId()
+
+    private var mPasswordProgress = LinearProgressIndicator(context).apply {
+        layoutParams = LayoutParams(
+            LayoutParams.MATCH_PARENT,
+            LayoutParams.WRAP_CONTENT
+        ).apply {
+            addRule(ALIGN_PARENT_BOTTOM)
+        }
+        setPadding(
+            TypedValue.applyDimension(
+                TypedValue.COMPLEX_UNIT_DIP,
+                1f,
+                context.resources.displayMetrics
+            ).toInt()
+        )
+        setIndicatorColor(PasswordEntropy.Strength.RISKY.color)
+        progress = 0
+        max = 100
+    }
+
+    private val mPasswordEntropyView = TextView(context).apply {
+        layoutParams = LayoutParams(
+            LayoutParams.WRAP_CONTENT,
+            LayoutParams.WRAP_CONTENT
+        ).apply {
+            addRule(ALIGN_PARENT_BOTTOM)
+        }
+        setPadding(
+            TypedValue.applyDimension(
+                TypedValue.COMPLEX_UNIT_DIP,
+                4f,
+                context.resources.displayMetrics
+            ).toInt()
+        )
+        TextViewCompat.setTextAppearance(this, R.style.KeepassDXStyle_Text_Indicator)
+    }
+
+    init {
+        buildViews()
+
+        valueView.doAfterTextChanged { editable ->
+            getEntropyStrength(editable.toString())
+            PasswordGenerator.colorizedPassword(editable)
+        }
+
+        addView(mPasswordProgress)
+        addView(mPasswordEntropyView)
+    }
+
+    private fun buildViews() {
+        mPasswordProgress.apply {
+            id = passwordProgressViewId
+            layoutParams = (layoutParams as LayoutParams?)?.also {
+                it.addRule(LEFT_OF, actionImageButtonId)
+                it.addRule(START_OF, actionImageButtonId)
+            }
+        }
+        mPasswordEntropyView.apply {
+            id = passwordEntropyViewId
+            layoutParams = (layoutParams as LayoutParams?)?.also {
+                it.addRule(ALIGN_RIGHT, passwordProgressViewId)
+                it.addRule(ALIGN_END, passwordProgressViewId)
+            }
+        }
+    }
+
+    private fun getEntropyStrength(passwordText: String) {
+        mPasswordEntropyCalculator.getEntropyStrength(passwordText) { entropyStrength ->
+            mPasswordProgress.apply {
+                post {
+                    setIndicatorColor(entropyStrength.strength.color)
+                    setProgressCompat(entropyStrength.estimationPercent, true)
+                }
+            }
+            mPasswordEntropyView.apply {
+                post {
+                    text = PasswordEntropy.getStringEntropy(resources, entropyStrength.entropy)
+                }
+            }
+        }
+    }
+
+    override fun spannableValue(value: String?): Spannable? {
+        if (value == null)
+            return null
+        return if (isColorizedPasswordActivated)
+            PasswordGenerator.getColorizedPassword(value)
+        else
+            super.spannableValue(value)
+    }
+
+    override var label: String
+        get() {
+            return super.label
+        }
+        set(value) {
+            super.label = value
+            // Define views Ids with label value
+            passwordProgressViewId = "passwordProgressViewId $value".hashCode()
+            passwordEntropyViewId = "passwordEntropyViewId $value".hashCode()
+            buildViews()
+        }
+}

app/src/main/java/com/kunzisoft/keepass/view/PasswordTextFieldView.kt

@@ -0,0 +1,119 @@
+/*
+ * Copyright 2024 Jeremy Jamet / Kunzisoft.
+ *     
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+package com.kunzisoft.keepass.view
+
+import android.content.Context
+import android.graphics.Color
+import android.text.SpannableString
+import android.text.Spanned.SPAN_EXCLUSIVE_EXCLUSIVE
+import android.text.style.ImageSpan
+import android.util.AttributeSet
+import androidx.annotation.StringRes
+import androidx.core.content.ContextCompat
+import androidx.core.graphics.drawable.DrawableCompat
+import com.kunzisoft.keepass.R
+import com.kunzisoft.keepass.password.PasswordEntropy
+import com.kunzisoft.keepass.password.PasswordGenerator
+import com.kunzisoft.keepass.settings.PreferencesUtil
+
+
+class PasswordTextFieldView @JvmOverloads constructor(context: Context,
+                                                      attrs: AttributeSet? = null,
+                                                      defStyle: Int = 0)
+    : TextFieldView(context, attrs, defStyle) {
+
+    private var mPasswordEntropyCalculator: PasswordEntropy = PasswordEntropy {
+        valueView.text?.toString()?.let { firstPassword ->
+            getEntropyStrength(firstPassword)
+        }
+    }
+
+    private var indicatorDrawable = ContextCompat.getDrawable(
+        context,
+        R.drawable.ic_shield_white_24dp
+    )?.apply {
+        val lineHeight = labelView.lineHeight
+        setBounds(0,0,lineHeight, lineHeight)
+        DrawableCompat.setTint(this, Color.TRANSPARENT)
+    }
+
+    override var label: String
+        get() {
+            return labelView.text.toString().removeSuffix(ICON_STRING_SPACES)
+        }
+        set(value) {
+            indicatorDrawable?.let { drawable ->
+                val spannableString = SpannableString("$value$ICON_STRING_SPACES")
+                val startPosition = spannableString.split(ICON_STRING)[0].length
+                val endPosition = startPosition + ICON_STRING.length
+                spannableString
+                    .setSpan(
+                        ImageSpan(drawable),
+                        startPosition,
+                        endPosition,
+                        SPAN_EXCLUSIVE_EXCLUSIVE
+                    )
+                labelView.text = spannableString
+            } ?: kotlin.run {
+                labelView.text = value
+            }
+        }
+
+    override fun setLabel(@StringRes labelId: Int) {
+        label = resources.getString(labelId)
+    }
+
+    override var value: String
+        get() {
+            return valueView.text.toString()
+        }
+        set(value) {
+            val spannableString =
+                if (PreferencesUtil.colorizePassword(context))
+                    PasswordGenerator.getColorizedPassword(value)
+                else
+                    SpannableString(value)
+            valueView.text = spannableString
+            changeProtectedValueParameters()
+        }
+
+    override fun setValue(@StringRes valueId: Int) {
+        value = resources.getString(valueId)
+    }
+
+    private fun getEntropyStrength(passwordText: String) {
+        mPasswordEntropyCalculator.getEntropyStrength(passwordText) { entropyStrength ->
+            labelView.apply {
+                post {
+                    val strengthColor = entropyStrength.strength.color
+                    indicatorDrawable?.let { drawable ->
+                        DrawableCompat.setTint(drawable, strengthColor)
+                    }
+                    invalidate()
+                }
+            }
+        }
+    }
+
+    companion object {
+        private const val ICON_STRING = "[icon]"
+        private const val ICON_STRING_SPACES = "  $ICON_STRING"
+    }
+}

app/src/main/java/com/kunzisoft/keepass/view/SearchFiltersView.kt

@@ -31,6 +31,7 @@ class SearchFiltersView @JvmOverloads constructor(context: Context,
     private var searchUsername: CompoundButton
     private var searchPassword: CompoundButton
     private var searchURL: CompoundButton
+    private var searchByURLDomain: Boolean = false
     private var searchExpired: CompoundButton
     private var searchNotes: CompoundButton
     private var searchOther: CompoundButton
@@ -50,6 +51,7 @@ class SearchFiltersView @JvmOverloads constructor(context: Context,
                 this.searchInUsernames = searchUsername.isChecked
                 this.searchInPasswords = searchPassword.isChecked
                 this.searchInUrls = searchURL.isChecked
+                this.searchByDomain = searchByURLDomain
                 this.searchInExpired = searchExpired.isChecked
                 this.searchInNotes = searchNotes.isChecked
                 this.searchInOther = searchOther.isChecked
@@ -70,6 +72,7 @@ class SearchFiltersView @JvmOverloads constructor(context: Context,
             searchUsername.isChecked = value.searchInUsernames
             searchPassword.isChecked = value.searchInPasswords
             searchURL.isChecked = value.searchInUrls
+            searchByURLDomain = value.searchByDomain
             searchExpired.isChecked = value.searchInExpired
             searchNotes.isChecked = value.searchInNotes
             searchOther.isChecked = value.searchInOther

app/src/main/java/com/kunzisoft/keepass/view/TemplateAbstractView.kt

@@ -18,8 +18,14 @@ import com.kunzisoft.keepass.database.element.DateInstant
 import com.kunzisoft.keepass.database.element.Field
 import com.kunzisoft.keepass.database.element.icon.IconImage
 import com.kunzisoft.keepass.database.element.security.ProtectedString
-import com.kunzisoft.keepass.database.element.template.*
+import com.kunzisoft.keepass.database.element.template.Template
+import com.kunzisoft.keepass.database.element.template.TemplateAttribute
+import com.kunzisoft.keepass.database.element.template.TemplateAttributeAction
+import com.kunzisoft.keepass.database.element.template.TemplateAttributeOption
+import com.kunzisoft.keepass.database.element.template.TemplateAttributeType
+import com.kunzisoft.keepass.database.element.template.TemplateEngine
 import com.kunzisoft.keepass.database.element.template.TemplateEngine.Companion.addTemplateDecorator
+import com.kunzisoft.keepass.database.element.template.TemplateField
 import com.kunzisoft.keepass.model.EntryInfo
 import com.kunzisoft.keepass.otp.OtpElement
 import com.kunzisoft.keepass.otp.OtpEntryFields
@@ -608,9 +614,8 @@ abstract class TemplateAbstractView<
             getViewFieldByName(oldField.name)?.view?.let { viewToReplace ->
                 val oldValue = getCustomField(oldField.name).protectedValue.toString()
 
-                val parentGroup = viewToReplace.parent as ViewGroup
-                val indexInParent = parentGroup.indexOfChild(viewToReplace)
-                parentGroup.removeView(viewToReplace)
+                val parentGroup = viewToReplace.parent as? ViewGroup?
+                parentGroup?.removeView(viewToReplace)
 
                 val newCustomFieldWithValue = if (keepOldValue)
                     Field(newField.name,
@@ -624,7 +629,9 @@ abstract class TemplateAbstractView<
 
                 val newCustomView = buildViewForCustomField(newCustomFieldWithValue)
                 newCustomView?.let {
-                    parentGroup.addView(newCustomView, indexInParent)
+                    parentGroup?.indexOfChild(viewToReplace)?.let { indexInParent ->
+                        parentGroup.addView(newCustomView, indexInParent)
+                    }
                     mViewFields.add(
                         oldPosition,
                         ViewField(

app/src/main/java/com/kunzisoft/keepass/view/TemplateEditView.kt

@@ -17,8 +17,10 @@ import com.kunzisoft.keepass.database.element.template.TemplateAttribute
 import com.kunzisoft.keepass.database.element.template.TemplateAttributeAction
 import com.kunzisoft.keepass.database.element.template.TemplateField
 import com.kunzisoft.keepass.database.helper.getLocalizedName
+import com.kunzisoft.keepass.database.helper.isStandardPasswordName
+import com.kunzisoft.keepass.model.DataDate
+import com.kunzisoft.keepass.model.DataTime
 import com.kunzisoft.keepass.otp.OtpEntryFields
-import org.joda.time.DateTime
 
 
 class TemplateEditView @JvmOverloads constructor(context: Context,
@@ -112,13 +114,18 @@ class TemplateEditView @JvmOverloads constructor(context: Context,
     override fun buildLinearTextView(templateAttribute: TemplateAttribute,
                                      field: Field): TextEditFieldView? {
         return context?.let {
-            TextEditFieldView(it).apply {
+            (if (TemplateField.isStandardPasswordName(context, templateAttribute.label))
+                PasswordTextEditFieldView(it)
+            else TextEditFieldView(it)).apply {
                 // hiddenProtectedValue (mHideProtectedValue) don't work with TextInputLayout
                 setProtection(field.protectedValue.isProtected)
                 default = templateAttribute.default
                 setMaxChars(templateAttribute.options.getNumberChars())
                 setMaxLines(templateAttribute.options.getNumberLines())
                 setActionClick(templateAttribute, field, this)
+                if (field.protectedValue.isProtected) {
+                    textDirection = TEXT_DIRECTION_LTR
+                }
                 if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
                     importantForAutofill = View.IMPORTANT_FOR_AUTOFILL_NO
                 }
@@ -211,35 +218,31 @@ class TemplateEditView @JvmOverloads constructor(context: Context,
             val dateTimeView = getFieldViewById(viewId)
             if (dateTimeView is DateTimeEditFieldView) {
                 dateTimeView.dateTime = DateInstant(
-                    action.invoke(dateTimeView.dateTime).date,
-                    dateTimeView.dateTime.type)
+                    action.invoke(dateTimeView.dateTime).instant,
+                    dateTimeView.dateTime.type
+                )
             }
         }
     }
 
-    fun setCurrentDateTimeValue(dateMilliseconds: Long) {
+    fun setCurrentDateTimeValue(date: DataDate) {
         // Save the date
-        setCurrentDateTimeSelection { instant ->
-            val newDateInstant = DateInstant(
-                DateTime(instant.date)
-                    .withMillis(dateMilliseconds)
-                .toDate(), instant.type)
-            if (instant.type == DateInstant.Type.DATE_TIME) {
-                val instantTime = DateInstant(instant.date, DateInstant.Type.TIME)
+        setCurrentDateTimeSelection { dateInstant ->
+            dateInstant.setDate(date.year, date.month, date.day)
+            if (dateInstant.type == DateInstant.Type.DATE_TIME) {
                 // Trick to recall selection with time
-                mOnDateInstantClickListener?.invoke(instantTime)
+                mOnDateInstantClickListener?.invoke(
+                    DateInstant(dateInstant.instant, DateInstant.Type.TIME)
+                )
             }
-            newDateInstant
+            dateInstant
         }
     }
 
     fun setCurrentTimeValue(time: DataTime) {
-        setCurrentDateTimeSelection { instant ->
-            DateInstant(
-                DateTime(instant.date)
-                .withHourOfDay(time.hours)
-                .withMinuteOfHour(time.minutes)
-                .toDate(), instant.type)
+        setCurrentDateTimeSelection { dateInstant ->
+            dateInstant.setTime(time.hour, time.minute)
+            dateInstant
         }
     }
 

app/src/main/java/com/kunzisoft/keepass/view/TemplateView.kt

@@ -1,6 +1,7 @@
 package com.kunzisoft.keepass.view
 
 import android.content.Context
+import android.os.Build
 import android.util.AttributeSet
 import android.view.View
 import androidx.core.view.isVisible
@@ -10,6 +11,7 @@ import com.kunzisoft.keepass.database.element.security.ProtectedString
 import com.kunzisoft.keepass.database.element.template.TemplateAttribute
 import com.kunzisoft.keepass.database.element.template.TemplateField
 import com.kunzisoft.keepass.database.helper.getLocalizedName
+import com.kunzisoft.keepass.database.helper.isStandardPasswordName
 import com.kunzisoft.keepass.model.OtpModel
 import com.kunzisoft.keepass.otp.OtpElement
 import com.kunzisoft.keepass.otp.OtpEntryFields.OTP_TOKEN_FIELD
@@ -48,7 +50,9 @@ class TemplateView @JvmOverloads constructor(context: Context,
                                      field: Field): TextFieldView? {
         // Add an action icon if needed
         return context?.let {
-            TextFieldView(it).apply {
+            (if (TemplateField.isStandardPasswordName(context, templateAttribute.label))
+                PasswordTextFieldView(it)
+            else TextFieldView(it)).apply {
                 applyFontVisibility(mFontInVisibility)
                 setProtection(field.protectedValue.isProtected, mHideProtectedValue)
                 label = templateAttribute.alias
@@ -59,6 +63,7 @@ class TemplateView @JvmOverloads constructor(context: Context,
                 // Here the value is often empty
 
                 if (field.protectedValue.isProtected) {
+                    textDirection = TEXT_DIRECTION_LTR
                     if (mFirstTimeAskAllowCopyProtectedFields) {
                         setCopyButtonState(TextFieldView.ButtonState.DEACTIVATE)
                         setCopyButtonClickListener { _, _ ->
@@ -100,13 +105,12 @@ class TemplateView @JvmOverloads constructor(context: Context,
         return context?.let {
             DateTimeFieldView(it).apply {
                 label = TemplateField.getLocalizedName(context, field.name)
-                val dateInstantType = templateAttribute.options.getDateFormat()
+                type = templateAttribute.options.getDateFormat()
+                isExpirable = templateAttribute.options.getExpirable()
                 try {
                     val value = field.protectedValue.toString().trim()
-                    type = dateInstantType
                     activation = value.isNotEmpty()
                 } catch (e: Exception) {
-                    type = dateInstantType
                     activation = false
                 }
             }
@@ -173,6 +177,7 @@ class TemplateView @JvmOverloads constructor(context: Context,
                         otpElement.type.name,
                         ProtectedString(false, otpElement.token)))
                 }
+                textDirection = TEXT_DIRECTION_LTR
                 mLastOtpTokenView = this
                 mOtpRunnable = Runnable {
                     if (otpElement.shouldRefreshToken()) {

app/src/main/java/com/kunzisoft/keepass/view/TextEditFieldView.kt

@@ -8,45 +8,40 @@ import android.text.Spannable
 import android.text.SpannableString
 import android.util.AttributeSet
 import android.util.TypedValue
-import android.view.ContextThemeWrapper
 import android.view.View
 import android.view.inputmethod.EditorInfo
 import android.widget.LinearLayout
 import android.widget.RelativeLayout
 import androidx.annotation.DrawableRes
+import androidx.appcompat.view.ContextThemeWrapper
 import androidx.appcompat.widget.AppCompatImageButton
 import androidx.core.content.ContextCompat
 import androidx.core.view.ViewCompat
 import androidx.core.view.isVisible
-import androidx.core.widget.doAfterTextChanged
 import com.google.android.material.textfield.TextInputEditText
 import com.google.android.material.textfield.TextInputLayout
 import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.database.element.template.TemplateField
-import com.kunzisoft.keepass.database.helper.isStandardPasswordName
-import com.kunzisoft.keepass.password.PasswordGenerator
 import com.kunzisoft.keepass.settings.PreferencesUtil
 
-class TextEditFieldView @JvmOverloads constructor(context: Context,
+open class TextEditFieldView @JvmOverloads constructor(context: Context,
                                                   attrs: AttributeSet? = null,
                                                   defStyle: Int = 0)
     : RelativeLayout(context, attrs, defStyle), GenericTextFieldView {
 
     private var labelViewId = ViewCompat.generateViewId()
     private var valueViewId = ViewCompat.generateViewId()
-    private var actionImageButtonId = ViewCompat.generateViewId()
-
-    private var textModified = false
-    private var isColorizedPasswordActivated = PreferencesUtil.colorizePassword(context)
+    protected var actionImageButtonId = ViewCompat.generateViewId()
 
     private val labelView = TextInputLayout(context).apply {
         layoutParams = LayoutParams(
                 LayoutParams.MATCH_PARENT,
                 LayoutParams.WRAP_CONTENT)
     }
-    private val valueView = TextInputEditText(
-        ContextThemeWrapper(getContext(),
-        R.style.KeepassDXStyle_TextInputLayout)
+    protected val valueView = TextInputEditText(
+        ContextThemeWrapper(
+            getContext(),
+            R.style.KeepassDXStyle_TextInputLayout
+        )
     ).apply {
         layoutParams = LinearLayout.LayoutParams(
                 LayoutParams.MATCH_PARENT,
@@ -56,13 +51,14 @@ class TextEditFieldView @JvmOverloads constructor(context: Context,
             imeOptions = EditorInfo.IME_FLAG_NO_PERSONALIZED_LEARNING
             importantForAutofill = IMPORTANT_FOR_AUTOFILL_NO
         }
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
-            importantForAccessibility = IMPORTANT_FOR_ACCESSIBILITY_NO
-        }
+        importantForAccessibility = IMPORTANT_FOR_ACCESSIBILITY_NO
         maxLines = 1
     }
     private var actionImageButton = AppCompatImageButton(
-            ContextThemeWrapper(context, R.style.KeepassDXStyle_ImageButton_Simple), null, 0).apply {
+            ContextThemeWrapper(
+                context,
+                R.style.KeepassDXStyle_ImageButton_Simple
+            ), null, 0).apply {
         layoutParams = LayoutParams(
                 LayoutParams.WRAP_CONTENT,
                 LayoutParams.WRAP_CONTENT).also {
@@ -72,32 +68,15 @@ class TextEditFieldView @JvmOverloads constructor(context: Context,
                     resources.displayMetrics
             ).toInt()
             it.addRule(ALIGN_PARENT_RIGHT)
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                it.addRule(ALIGN_PARENT_END)
-            }
+            it.addRule(ALIGN_PARENT_END)
         }
-        visibility = View.GONE
+        visibility = GONE
         contentDescription = context.getString(R.string.menu_edit)
     }
 
     init {
         // Manually write view to avoid view id bugs
         buildViews()
-        // To change the password color dynamically
-        /* Fixme 1686
-        valueView.doAfterTextChanged { editable ->
-            editable?.let { text ->
-                if (textModified) {
-                    textModified = false
-                } else {
-                    textModified = true
-                    val selectionStart = valueView.selectionStart
-                    val selectionEnd = valueView.selectionEnd
-                    value = text.toString()
-                    valueView.setSelection(selectionStart, selectionEnd)
-                }
-            }
-        }*/
         labelView.addView(valueView)
         addView(labelView)
         addView(actionImageButton)
@@ -106,11 +85,9 @@ class TextEditFieldView @JvmOverloads constructor(context: Context,
     private fun buildViews() {
         labelView.apply {
             id = labelViewId
-            layoutParams = (layoutParams as LayoutParams?).also {
-                it?.addRule(LEFT_OF, actionImageButtonId)
-                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                    it?.addRule(START_OF, actionImageButtonId)
-                }
+            layoutParams = (layoutParams as LayoutParams?)?.also {
+                it.addRule(LEFT_OF, actionImageButtonId)
+                it.addRule(START_OF, actionImageButtonId)
             }
         }
         valueView.apply {
@@ -130,15 +107,6 @@ class TextEditFieldView @JvmOverloads constructor(context: Context,
         return actionImageButton
     }
 
-    private fun spannableValue(value: String?): Spannable? {
-        if (value == null)
-            return null
-        return if (isColorizedPasswordActivated && TemplateField.isStandardPasswordName(context, label))
-                PasswordGenerator.getColorizedPassword(value)
-            else
-                SpannableString(value)
-    }
-
     override var label: String
         get() {
             return labelView.hint?.toString() ?: ""
@@ -152,6 +120,10 @@ class TextEditFieldView @JvmOverloads constructor(context: Context,
             buildViews()
         }
 
+    protected open fun spannableValue(value: String?): Spannable? {
+        return SpannableString(value)
+    }
+
     override var value: String
         get() {
             return valueView.text?.toString() ?: ""
@@ -214,7 +186,7 @@ class TextEditFieldView @JvmOverloads constructor(context: Context,
             actionImageButton.setImageDrawable(ContextCompat.getDrawable(context, it))
         }
         actionImageButton.setOnClickListener(onActionClickListener)
-        actionImageButton.visibility = if (onActionClickListener == null) View.GONE else View.VISIBLE
+        actionImageButton.visibility = if (onActionClickListener == null) GONE else VISIBLE
     }
 
     override var isFieldVisible: Boolean

app/src/main/java/com/kunzisoft/keepass/view/TextFieldView.kt

@@ -22,7 +22,6 @@ package com.kunzisoft.keepass.view
 import android.content.Context
 import android.os.Build
 import android.text.InputFilter
-import android.text.SpannableString
 import android.text.util.Linkify
 import android.util.AttributeSet
 import android.util.TypedValue
@@ -38,15 +37,11 @@ import androidx.core.text.util.LinkifyCompat
 import androidx.core.view.ViewCompat
 import androidx.core.view.isVisible
 import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.database.element.template.TemplateField
-import com.kunzisoft.keepass.database.helper.isStandardPasswordName
 import com.kunzisoft.keepass.model.EntryInfo.Companion.APPLICATION_ID_FIELD_NAME
-import com.kunzisoft.keepass.password.PasswordGenerator
-import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.utils.UriUtil.openExternalApp
 
 
-class TextFieldView @JvmOverloads constructor(context: Context,
+open class TextFieldView @JvmOverloads constructor(context: Context,
                                               attrs: AttributeSet? = null,
                                               defStyle: Int = 0)
     : RelativeLayout(context, attrs, defStyle), GenericTextFieldView {
@@ -56,7 +51,7 @@ class TextFieldView @JvmOverloads constructor(context: Context,
     private var showButtonId = ViewCompat.generateViewId()
     private var copyButtonId = ViewCompat.generateViewId()
 
-    private val labelView = AppCompatTextView(context).apply {
+    protected val labelView = AppCompatTextView(context).apply {
         setTextAppearance(context,
             R.style.KeepassDXStyle_TextAppearance_LabelTextStyle)
         layoutParams = LayoutParams(
@@ -68,16 +63,15 @@ class TextFieldView @JvmOverloads constructor(context: Context,
                 4f,
                 resources.displayMetrics
             ).toInt()
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                it.marginStart = TypedValue.applyDimension(
-                    TypedValue.COMPLEX_UNIT_DIP,
-                    4f,
-                    resources.displayMetrics
-                ).toInt()
-            }
+            it.marginStart = TypedValue.applyDimension(
+                TypedValue.COMPLEX_UNIT_DIP,
+                4f,
+                resources.displayMetrics
+            ).toInt()
+            
         }
     }
-    private val valueView = AppCompatTextView(context).apply {
+    protected val valueView = AppCompatTextView(context).apply {
         setTextAppearance(context,
             R.style.KeepassDXStyle_TextAppearance_TextNode)
         layoutParams = LayoutParams(
@@ -93,13 +87,11 @@ class TextFieldView @JvmOverloads constructor(context: Context,
                 8f,
                 resources.displayMetrics
             ).toInt()
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                it.marginStart = TypedValue.applyDimension(
-                    TypedValue.COMPLEX_UNIT_DIP,
-                    8f,
-                    resources.displayMetrics
-                ).toInt()
-            }
+            it.marginStart = TypedValue.applyDimension(
+                TypedValue.COMPLEX_UNIT_DIP,
+                8f,
+                resources.displayMetrics
+            ).toInt()
         }
         setTextIsSelectable(true)
     }
@@ -131,46 +123,40 @@ class TextFieldView @JvmOverloads constructor(context: Context,
     private fun buildViews() {
         copyButton.apply {
             id = copyButtonId
-            layoutParams = (layoutParams as LayoutParams?).also {
-                it?.addRule(ALIGN_PARENT_RIGHT)
-                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                    it?.addRule(ALIGN_PARENT_END)
-                }
+            layoutParams = (layoutParams as LayoutParams?)?.also {
+                it.addRule(ALIGN_PARENT_RIGHT)
+                it.addRule(ALIGN_PARENT_END)
             }
         }
         showButton.apply {
             id = showButtonId
-            layoutParams = (layoutParams as LayoutParams?).also {
+            layoutParams = (layoutParams as LayoutParams?)?.also {
                 if (copyButton.isVisible) {
-                    it?.addRule(LEFT_OF, copyButtonId)
-                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                        it?.addRule(START_OF, copyButtonId)
-                    }
+                    it.addRule(LEFT_OF, copyButtonId)
+                    
+                    it.addRule(START_OF, copyButtonId)
+                    
                 } else {
-                    it?.addRule(ALIGN_PARENT_RIGHT)
-                    if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                        it?.addRule(ALIGN_PARENT_END)
-                    }
+                    it.addRule(ALIGN_PARENT_RIGHT)
+                    
+                    it.addRule(ALIGN_PARENT_END)
+                    
                 }
             }
         }
         labelView.apply {
             id = labelViewId
-            layoutParams = (layoutParams as LayoutParams?).also {
-                it?.addRule(LEFT_OF, showButtonId)
-                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                    it?.addRule(START_OF, showButtonId)
-                }
+            layoutParams = (layoutParams as LayoutParams?)?.also {
+                it.addRule(LEFT_OF, showButtonId)
+                it.addRule(START_OF, showButtonId)
             }
         }
         valueView.apply {
             id = valueViewId
-            layoutParams = (layoutParams as LayoutParams?).also {
-                it?.addRule(LEFT_OF, showButtonId)
-                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                    it?.addRule(START_OF, showButtonId)
-                }
-                it?.addRule(BELOW, labelViewId)
+            layoutParams = (layoutParams as LayoutParams?)?.also {
+                it.addRule(LEFT_OF, showButtonId)
+                it.addRule(START_OF, showButtonId)
+                it.addRule(BELOW, labelViewId)
             }
         }
     }
@@ -188,7 +174,7 @@ class TextFieldView @JvmOverloads constructor(context: Context,
             labelView.text = value
         }
 
-    fun setLabel(@StringRes labelId: Int) {
+    open fun setLabel(@StringRes labelId: Int) {
         labelView.setText(labelId)
     }
 
@@ -197,17 +183,11 @@ class TextFieldView @JvmOverloads constructor(context: Context,
             return valueView.text.toString()
         }
         set(value) {
-            val spannableString =
-                if (PreferencesUtil.colorizePassword(context)
-                    && TemplateField.isStandardPasswordName(context, label))
-                    PasswordGenerator.getColorizedPassword(value)
-                else
-                    SpannableString(value)
-            valueView.text = spannableString
+            valueView.text = value
             changeProtectedValueParameters()
         }
 
-    fun setValue(@StringRes valueId: Int) {
+    open fun setValue(@StringRes valueId: Int) {
         value = resources.getString(valueId)
         changeProtectedValueParameters()
     }
@@ -237,7 +217,7 @@ class TextFieldView @JvmOverloads constructor(context: Context,
         invalidate()
     }
 
-    private fun changeProtectedValueParameters() {
+    protected fun changeProtectedValueParameters() {
         valueView.apply {
             if (showButton.isVisible) {
                 applyHiddenStyle(showButton.isSelected)

app/src/main/java/com/kunzisoft/keepass/view/TextSelectFieldView.kt

@@ -10,7 +10,12 @@ import android.view.LayoutInflater
 import android.view.View
 import android.view.ViewGroup
 import android.view.inputmethod.EditorInfo
-import android.widget.*
+import android.widget.AdapterView
+import android.widget.BaseAdapter
+import android.widget.LinearLayout
+import android.widget.RelativeLayout
+import android.widget.Spinner
+import android.widget.TextView
 import androidx.annotation.DrawableRes
 import androidx.appcompat.widget.AppCompatImageButton
 import androidx.core.content.ContextCompat
@@ -51,9 +56,7 @@ class TextSelectFieldView @JvmOverloads constructor(context: Context,
             imeOptions = EditorInfo.IME_FLAG_NO_PERSONALIZED_LEARNING
             importantForAutofill = IMPORTANT_FOR_AUTOFILL_NO
         }
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN) {
-            importantForAccessibility = IMPORTANT_FOR_ACCESSIBILITY_NO
-        }
+        importantForAccessibility = IMPORTANT_FOR_ACCESSIBILITY_NO
         val drawable = ContextCompat.getDrawable(context, R.drawable.ic_arrow_down_white_24dp)
             ?.apply {
                 mutate().colorFilter = BlendModeColorFilterCompat
@@ -65,14 +68,12 @@ class TextSelectFieldView @JvmOverloads constructor(context: Context,
             drawable,
             null
         )
-        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-            setCompoundDrawablesRelativeWithIntrinsicBounds(
-                null,
-                null,
-                drawable,
-                null
-            )
-        }
+        setCompoundDrawablesRelativeWithIntrinsicBounds(
+            null,
+            null,
+            drawable,
+            null
+        )
         isFocusable = false
         inputType = InputType.TYPE_NULL
         maxLines = 1
@@ -94,9 +95,7 @@ class TextSelectFieldView @JvmOverloads constructor(context: Context,
                     resources.displayMetrics
             ).toInt()
             it.addRule(ALIGN_PARENT_RIGHT)
-            if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                it.addRule(ALIGN_PARENT_END)
-            }
+            it.addRule(ALIGN_PARENT_END)
         }
         visibility = View.GONE
         contentDescription = context.getString(R.string.menu_edit)
@@ -132,18 +131,14 @@ class TextSelectFieldView @JvmOverloads constructor(context: Context,
             id = labelViewId
             layoutParams = (layoutParams as LayoutParams?).also {
                 it?.addRule(LEFT_OF, actionImageButtonId)
-                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                    it?.addRule(START_OF, actionImageButtonId)
-                }
+                it?.addRule(START_OF, actionImageButtonId)
             }
         }
         valueSpinnerView.apply {
             id = valueViewId
             layoutParams = (layoutParams as LayoutParams?).also {
                 it?.addRule(LEFT_OF, actionImageButtonId)
-                if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {
-                    it?.addRule(START_OF, actionImageButtonId)
-                }
+                it?.addRule(START_OF, actionImageButtonId)
                 it?.addRule(BELOW, labelViewId)
             }
         }

app/src/main/java/com/kunzisoft/keepass/view/ViewUtil.kt

@@ -59,6 +59,7 @@ import androidx.core.view.forEach
 import androidx.core.view.isVisible
 import androidx.core.view.updateLayoutParams
 import androidx.core.view.updatePadding
+import androidx.core.view.updatePaddingRelative
 import com.google.android.material.appbar.CollapsingToolbarLayout
 import com.google.android.material.snackbar.Snackbar
 import com.kunzisoft.keepass.R
@@ -225,14 +226,16 @@ fun View.showByFading() {
     }
 }
 
-fun View.updateLockPaddingLeft() {
-    updatePadding(resources.getDimensionPixelSize(
-            if (PreferencesUtil.showLockDatabaseButton(context)) {
-                R.dimen.lock_button_size
-            } else {
-                R.dimen.hidden_lock_button_size
-            }
-    ))
+fun View.updateLockPaddingStart() {
+    resources.getDimensionPixelSize(
+        if (PreferencesUtil.showLockDatabaseButton(context)) {
+            R.dimen.lock_button_size
+        } else {
+            R.dimen.hidden_lock_button_size
+        }
+    ).let { lockPadding ->
+        updatePaddingRelative(lockPadding)
+    }
 }
 
 fun Context.showActionErrorIfNeeded(result: ActionRunnable.Result) {
@@ -301,14 +304,18 @@ fun CollapsingToolbarLayout.changeTitleColor(color: Int) {
     invalidate()
 }
 
+@Suppress("DEPRECATION")
 fun Activity.setTransparentNavigationBar(applyToStatusBar: Boolean = false, applyWindowInsets: () -> Unit) {
     // Only in portrait
     if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O_MR1
         && resources.configuration.orientation == Configuration.ORIENTATION_PORTRAIT) {
         WindowCompat.setDecorFitsSystemWindows(window, false)
-        this.window.navigationBarColor = ContextCompat.getColor(this, R.color.surface_selector)
+        window.navigationBarColor = ContextCompat.getColor(this, R.color.surface_selector)
         if (applyToStatusBar) {
-            this.window.statusBarColor = ContextCompat.getColor(this, R.color.surface_selector)
+            obtainStyledAttributes(intArrayOf(R.attr.colorSurface)).apply {
+                window.statusBarColor = getColor(0, Color.GRAY)
+                recycle()
+            }
         }
         applyWindowInsets.invoke()
     }
@@ -356,6 +363,23 @@ fun View.applyWindowInsets(position: WindowInsetPosition = WindowInsetPosition.B
                     }
                 }
             }
+            WindowInsetPosition.BOTTOM_IME -> {
+                val imeHeight = windowInsets.getInsets(WindowInsetsCompat.Type.ime()).bottom
+                if (view.layoutParams is ViewGroup.MarginLayoutParams) {
+                    view.updateLayoutParams<ViewGroup.MarginLayoutParams> {
+                        bottomMargin = if (imeHeight > 1) 0 else insets.bottom
+                    }
+                }
+            }
+            WindowInsetPosition.TOP_BOTTOM_IME -> {
+                val imeHeight = windowInsets.getInsets(WindowInsetsCompat.Type.ime()).bottom
+                if (view.layoutParams is ViewGroup.MarginLayoutParams) {
+                    view.updateLayoutParams<ViewGroup.MarginLayoutParams> {
+                        topMargin = insets.top
+                        bottomMargin = if (imeHeight > 1) imeHeight else 0
+                    }
+                }
+            }
         }
         // If any of the children consumed the insets, return an appropriate value
         if (consumed) WindowInsetsCompat.CONSUMED else windowInsets
@@ -363,5 +387,5 @@ fun View.applyWindowInsets(position: WindowInsetPosition = WindowInsetPosition.B
 }
 
 enum class WindowInsetPosition {
-    TOP, BOTTOM, LEGIT_TOP
+    TOP, BOTTOM, LEGIT_TOP, BOTTOM_IME, TOP_BOTTOM_IME
 }

app/src/main/java/com/kunzisoft/keepass/viewmodels/AdvancedUnlockViewModel.kt

@@ -1,32 +0,0 @@
-package com.kunzisoft.keepass.viewmodels
-
-import android.net.Uri
-import androidx.lifecycle.LiveData
-import androidx.lifecycle.ViewModel
-
-class AdvancedUnlockViewModel : ViewModel() {
-
-    var allowAutoOpenBiometricPrompt : Boolean = true
-    var deviceCredentialAuthSucceeded: Boolean? = null
-
-    val onInitAdvancedUnlockModeRequested : LiveData<Void?> get() = _onInitAdvancedUnlockModeRequested
-    private val _onInitAdvancedUnlockModeRequested = SingleLiveEvent<Void?>()
-
-    val onUnlockAvailabilityCheckRequested : LiveData<Void?> get() = _onUnlockAvailabilityCheckRequested
-    private val _onUnlockAvailabilityCheckRequested = SingleLiveEvent<Void?>()
-
-    val onDatabaseFileLoaded : LiveData<Uri?> get() = _onDatabaseFileLoaded
-    private val _onDatabaseFileLoaded = SingleLiveEvent<Uri?>()
-
-    fun initAdvancedUnlockMode() {
-        _onInitAdvancedUnlockModeRequested.call()
-    }
-
-    fun checkUnlockAvailability() {
-        _onUnlockAvailabilityCheckRequested.call()
-    }
-
-    fun databaseFileLoaded(databaseUri: Uri?) {
-        _onDatabaseFileLoaded.value = databaseUri
-    }
-}

app/src/main/java/com/kunzisoft/keepass/viewmodels/DatabaseFileViewModel.kt

@@ -51,7 +51,9 @@ class DatabaseFileViewModel(application: Application) : AndroidViewModel(applica
 
     fun loadDatabaseFile(databaseUri: Uri) {
         mFileDatabaseHistoryAction?.getDatabaseFile(databaseUri) { databaseFileRetrieved ->
-            mDatabaseFileLoaded.value = databaseFileRetrieved
+            databaseFileRetrieved?.let {
+                mDatabaseFileLoaded.value = it
+            }
         }
     }
 }

app/src/main/java/com/kunzisoft/keepass/viewmodels/DatabaseFilesViewModel.kt

@@ -2,6 +2,7 @@ package com.kunzisoft.keepass.viewmodels
 
 import android.app.Application
 import android.net.Uri
+import android.util.Log
 import androidx.lifecycle.AndroidViewModel
 import androidx.lifecycle.MutableLiveData
 import com.kunzisoft.keepass.app.App
@@ -10,8 +11,8 @@ import com.kunzisoft.keepass.hardware.HardwareKey
 import com.kunzisoft.keepass.model.DatabaseFile
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.utils.IOActionTask
-import com.kunzisoft.keepass.utils.parseUri
 import com.kunzisoft.keepass.utils.UriUtil.releaseUriPermission
+import com.kunzisoft.keepass.utils.parseUri
 
 class DatabaseFilesViewModel(application: Application) : AndroidViewModel(application) {
 
@@ -25,11 +26,29 @@ class DatabaseFilesViewModel(application: Application) : AndroidViewModel(applic
         MutableLiveData<DatabaseFileData>()
     }
 
+    private var mDefaultDatabaseAlreadyChecked : Boolean = false
+
     val defaultDatabase: MutableLiveData<Uri?> by lazy {
         MutableLiveData<Uri?>()
     }
 
-    fun checkDefaultDatabase() {
+    fun doForDefaultDatabase(action: (defaultDatabaseUri: Uri) -> Unit) {
+        if (!mDefaultDatabaseAlreadyChecked) {
+            mDefaultDatabaseAlreadyChecked = true
+            val context = getApplication<App>().applicationContext
+            PreferencesUtil.getDefaultDatabasePath(context)?.parseUri()?.let { databaseFileUri ->
+                if (FileDatabaseInfo(context, databaseFileUri).exists) {
+                    action.invoke(databaseFileUri)
+                } else {
+                    Log.e(TAG, "Unable to automatically load a non-accessible file")
+                }
+            } ?: run {
+                Log.i(TAG, "No default database to prepare")
+            }
+        }
+    }
+
+    private fun checkDefaultDatabase() {
         IOActionTask(
                 {
                     PreferencesUtil.getDefaultDatabasePath(getApplication<App>().applicationContext)
@@ -149,4 +168,8 @@ class DatabaseFilesViewModel(application: Application) : AndroidViewModel(applic
     enum class DatabaseFileAction {
         NONE, ADD, UPDATE, DELETE
     }
+
+    companion object {
+        private val TAG = DatabaseFilesViewModel::class.java.name
+    }
 }

app/src/main/java/com/kunzisoft/keepass/viewmodels/DeviceUnlockViewModel.kt

@@ -0,0 +1,483 @@
+package com.kunzisoft.keepass.viewmodels
+
+import android.app.Application
+import android.net.Uri
+import android.os.Build
+import android.util.Log
+import androidx.annotation.RequiresApi
+import androidx.biometric.BiometricManager
+import androidx.biometric.BiometricPrompt
+import androidx.lifecycle.AndroidViewModel
+import androidx.lifecycle.viewModelScope
+import com.kunzisoft.keepass.app.AppLifecycleObserver
+import com.kunzisoft.keepass.app.database.CipherDatabaseAction
+import com.kunzisoft.keepass.biometric.DeviceUnlockCryptoPrompt
+import com.kunzisoft.keepass.biometric.DeviceUnlockCryptoPromptType
+import com.kunzisoft.keepass.biometric.DeviceUnlockManager
+import com.kunzisoft.keepass.biometric.DeviceUnlockMode
+import com.kunzisoft.keepass.database.exception.UnknownDatabaseLocationException
+import com.kunzisoft.keepass.model.CipherDecryptDatabase
+import com.kunzisoft.keepass.model.CipherEncryptDatabase
+import com.kunzisoft.keepass.model.CredentialStorage
+import com.kunzisoft.keepass.settings.PreferencesUtil
+import kotlinx.coroutines.CoroutineExceptionHandler
+import kotlinx.coroutines.Job
+import kotlinx.coroutines.flow.MutableStateFlow
+import kotlinx.coroutines.flow.StateFlow
+import kotlinx.coroutines.flow.launchIn
+import kotlinx.coroutines.flow.onEach
+import kotlinx.coroutines.flow.update
+import kotlinx.coroutines.launch
+import javax.crypto.Cipher
+
+
+@RequiresApi(Build.VERSION_CODES.M)
+class DeviceUnlockViewModel(application: Application): AndroidViewModel(application) {
+    private var cipherDatabase: CipherEncryptDatabase? = null
+
+    private var isConditionToStoreCredentialVerified: Boolean = false
+
+    private var deviceUnlockManager: DeviceUnlockManager? = null
+    private var databaseUri: Uri? = null
+
+    private var mCipherJob: Job? = null
+
+    private var deviceUnlockMode = DeviceUnlockMode.BIOMETRIC_UNAVAILABLE
+    var cryptoPrompt: DeviceUnlockCryptoPrompt? = null
+        private set
+    private var isAutoOpenBiometricPromptAllowed = true
+    private var cryptoPromptShowPending: Boolean = false
+
+    // TODO Retrieve credential storage from app database
+    var credentialDatabaseStorage: CredentialStorage = CredentialStorage.DEFAULT
+
+    val cipherDatabaseAction = CipherDatabaseAction.getInstance(getApplication())
+    private var cipherDatabaseListener = object: CipherDatabaseAction.CipherDatabaseListener {
+        override fun onCipherDatabaseRetrieved(
+            databaseUri: Uri,
+            cipherDatabase: CipherEncryptDatabase?
+        ) {
+            if (databaseUri == this@DeviceUnlockViewModel.databaseUri) {
+                cipherDatabase?.let {
+                    this@DeviceUnlockViewModel.cipherDatabase = it
+                    checkUnlockAvailability()
+                } ?: deleteEncryptedDatabaseKey()
+            }
+        }
+        override fun onCipherDatabaseAddedOrUpdated(cipherDatabase: CipherEncryptDatabase) {
+            if (cipherDatabase.databaseUri == this@DeviceUnlockViewModel.databaseUri) {
+                this@DeviceUnlockViewModel.cipherDatabase = cipherDatabase
+                checkUnlockAvailability()
+            }
+        }
+        override fun onCipherDatabaseDeleted(databaseUri: Uri) {
+            if (databaseUri == this@DeviceUnlockViewModel.databaseUri) {
+                this@DeviceUnlockViewModel.cipherDatabase = null
+                checkUnlockAvailability()
+            }
+        }
+        override fun onAllCipherDatabasesDeleted() {
+            this@DeviceUnlockViewModel.cipherDatabase = null
+            checkUnlockAvailability()
+        }
+        override fun onCipherDatabaseCleared() {
+            this@DeviceUnlockViewModel.cipherDatabase = null
+            closeBiometricPrompt()
+            checkUnlockAvailability()
+        }
+    }
+
+    private val _uiState = MutableStateFlow(DeviceUnlockState())
+    val uiState: StateFlow<DeviceUnlockState> = _uiState
+
+    init {
+        AppLifecycleObserver.appJustLaunched
+            .onEach {
+                isAutoOpenBiometricPromptAllowed = true
+                checkUnlockAvailability()
+            }
+            .launchIn(viewModelScope)
+        cipherDatabaseAction.registerDatabaseListener(cipherDatabaseListener)
+    }
+
+    private fun cancelAndLaunchCipherJob(
+        coroutineExceptionHandler: CoroutineExceptionHandler = CoroutineExceptionHandler { _, e ->
+            setException(e)
+        },
+        block: suspend () -> Unit
+    ) {
+        mCipherJob?.cancel()
+        mCipherJob = viewModelScope.launch(coroutineExceptionHandler) {
+            block()
+        }
+    }
+
+    fun checkConditionToStoreCredential(condition: Boolean) {
+        isConditionToStoreCredentialVerified = condition
+        checkUnlockAvailability()
+    }
+
+    /**
+     * Check unlock availability and change the current mode depending of device's state
+     */
+    fun checkUnlockAvailability() {
+        if (PreferencesUtil.isBiometricUnlockEnable(getApplication())) {
+            // biometric not supported (by API level or hardware) so keep option hidden
+            // or manually disable
+            val biometricCanAuthenticate = DeviceUnlockManager.canAuthenticate(getApplication())
+            if (!PreferencesUtil.isDeviceUnlockEnable(getApplication())
+                || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_HW_UNAVAILABLE
+                || biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NO_HARDWARE) {
+                changeMode(DeviceUnlockMode.BIOMETRIC_UNAVAILABLE)
+            } else if (biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_SECURITY_UPDATE_REQUIRED) {
+                changeMode(DeviceUnlockMode.BIOMETRIC_SECURITY_UPDATE_REQUIRED)
+            } else {
+                // biometric is available but not configured, show icon but in disabled state with some information
+                if (biometricCanAuthenticate == BiometricManager.BIOMETRIC_ERROR_NONE_ENROLLED) {
+                    changeMode(DeviceUnlockMode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED)
+                } else {
+                    changeMode()
+                }
+            }
+        } else if (PreferencesUtil.isDeviceCredentialUnlockEnable(getApplication())) {
+            if (DeviceUnlockManager.isDeviceSecure(getApplication())) {
+                changeMode()
+            } else {
+                changeMode(DeviceUnlockMode.DEVICE_CREDENTIAL_OR_BIOMETRIC_NOT_CONFIGURED)
+            }
+        }
+    }
+
+    private fun changeMode() {
+        try {
+            if (isConditionToStoreCredentialVerified) {
+                // listen for encryption
+                changeMode(DeviceUnlockMode.STORE_CREDENTIAL)
+            } else if (cipherDatabase != null) {
+                // biometric available but no stored password found yet for this DB
+                // listen for decryption
+                changeMode(DeviceUnlockMode.EXTRACT_CREDENTIAL)
+            } else {
+                // wait for typing
+                changeMode(DeviceUnlockMode.WAIT_CREDENTIAL)
+            }
+        } catch (e: Exception) {
+            changeMode(DeviceUnlockMode.KEY_MANAGER_UNAVAILABLE)
+            setException(e)
+        }
+    }
+
+    private fun changeMode(deviceUnlockMode: DeviceUnlockMode) {
+        this.deviceUnlockMode = deviceUnlockMode
+        when (deviceUnlockMode) {
+            DeviceUnlockMode.STORE_CREDENTIAL -> initEncryptData()
+            DeviceUnlockMode.EXTRACT_CREDENTIAL -> initDecryptData()
+            else -> {}
+        }
+        _uiState.update { currentState ->
+            currentState.copy(
+                newDeviceUnlockMode = deviceUnlockMode,
+                allowDeviceUnlockMenu = cipherDatabase != null
+                        && deviceUnlockMode != DeviceUnlockMode.BIOMETRIC_UNAVAILABLE
+                        && deviceUnlockMode != DeviceUnlockMode.KEY_MANAGER_UNAVAILABLE
+            )
+        }
+    }
+
+    private fun connectDatabase(databaseUri: Uri) {
+        this.databaseUri = databaseUri
+        cipherDatabaseAction.getCipherDatabase(databaseUri)
+    }
+
+    private fun showPendingIfNecessary() {
+        // Reassign prompt state to open again if necessary
+        if (cryptoPrompt?.isOldCredentialOperation() != true
+            && uiState.value.cryptoPromptState == DeviceUnlockPromptMode.IDLE_SHOW) {
+            cryptoPromptShowPending = true
+        }
+    }
+
+    private fun disconnectDatabase() {
+        this.databaseUri = null
+        this.cipherDatabase = null
+        clearPrompt()
+        changeMode(DeviceUnlockMode.BIOMETRIC_UNAVAILABLE)
+    }
+
+    fun connect(databaseUri: Uri?) {
+        Log.d(TAG, "Connect to device unlock")
+        // To get device credential unlock result, only if same database uri
+        if (databaseUri != null
+            && PreferencesUtil.isDeviceUnlockEnable(getApplication())) {
+            if (databaseUri != this.databaseUri) {
+                connectDatabase(databaseUri)
+            }
+        } else {
+            disconnectDatabase()
+        }
+    }
+
+    fun disconnect() {
+        Log.d(TAG, "Disconnect from device unlock")
+        showPendingIfNecessary()
+        disconnectDatabase()
+    }
+
+    fun onAuthenticationSucceeded() {
+        cryptoPrompt?.let { prompt ->
+            when (prompt.type) {
+                DeviceUnlockCryptoPromptType.CREDENTIAL_ENCRYPTION ->
+                    retrieveCredentialForEncryption( prompt.cipher)
+                DeviceUnlockCryptoPromptType.CREDENTIAL_DECRYPTION ->
+                    decryptCredential( prompt.cipher)
+            }
+        }
+    }
+
+    fun onAuthenticationSucceeded(
+        result: BiometricPrompt.AuthenticationResult
+    ) {
+        cryptoPrompt?.type?.let { type ->
+            when (type) {
+                DeviceUnlockCryptoPromptType.CREDENTIAL_ENCRYPTION ->
+                    retrieveCredentialForEncryption(result.cryptoObject?.cipher)
+                DeviceUnlockCryptoPromptType.CREDENTIAL_DECRYPTION ->
+                    decryptCredential(result.cryptoObject?.cipher)
+            }
+        }
+    }
+
+    private fun retrieveCredentialForEncryption(cipher: Cipher?) {
+        _uiState.update { currentState ->
+            currentState.copy(
+                credentialRequiredCipher = cipher
+            )
+        }
+    }
+
+    fun encryptCredential(
+        credential: ByteArray,
+        cipher: Cipher?
+    ) {
+        cancelAndLaunchCipherJob {
+            deviceUnlockManager?.encryptData(
+                value = credential,
+                cipher = cipher,
+                handleEncryptedResult = { encryptedValue, ivSpec ->
+                    databaseUri?.let { databaseUri ->
+                        onCredentialEncrypted(
+                            CipherEncryptDatabase().apply {
+                                this.databaseUri = databaseUri
+                                this.credentialStorage = credentialDatabaseStorage
+                                this.encryptedValue = encryptedValue
+                                this.specParameters = ivSpec
+                            }
+                        )
+                    } ?: throw UnknownDatabaseLocationException()
+                }
+            )
+        }
+        // Reinit credential storage request
+        _uiState.update { currentState ->
+            currentState.copy(
+                credentialRequiredCipher = null
+            )
+        }
+    }
+
+    fun decryptCredential(cipher: Cipher?) {
+        // retrieve the encrypted value from preferences
+        cancelAndLaunchCipherJob {
+            databaseUri?.let { databaseUri ->
+                cipherDatabase?.encryptedValue?.let { encryptedCredential ->
+                    deviceUnlockManager?.decryptData(
+                        encryptedValue = encryptedCredential,
+                        cipher = cipher,
+                        handleDecryptedResult = { decryptedValue ->
+                            // Load database directly with password retrieve
+                            onCredentialDecrypted(
+                                CipherDecryptDatabase().apply {
+                                    this.databaseUri = databaseUri
+                                    this.credentialStorage = credentialDatabaseStorage
+                                    this.decryptedValue = decryptedValue
+                                }
+                            )
+                            cipherDatabaseAction.resetCipherParameters(databaseUri)
+                        }
+                    )
+                } ?: deleteEncryptedDatabaseKey()
+            } ?: run {
+                throw UnknownDatabaseLocationException()
+            }
+        }
+    }
+
+    fun onCredentialEncrypted(cipherEncryptDatabase: CipherEncryptDatabase) {
+        _uiState.update { currentState ->
+            currentState.copy(
+                cipherEncryptDatabase = cipherEncryptDatabase
+            )
+        }
+    }
+
+    fun consumeCredentialEncrypted() {
+        _uiState.update { currentState ->
+            currentState.copy(
+                cipherEncryptDatabase = null
+            )
+        }
+    }
+
+    fun onCredentialDecrypted(cipherDecryptDatabase: CipherDecryptDatabase) {
+        _uiState.update { currentState ->
+            currentState.copy(
+                cipherDecryptDatabase = cipherDecryptDatabase
+            )
+        }
+    }
+
+    fun consumeCredentialDecrypted() {
+        _uiState.update { currentState ->
+            currentState.copy(
+                cipherDecryptDatabase = null
+            )
+        }
+    }
+
+    fun onPromptRequested(
+        cryptoPrompt: DeviceUnlockCryptoPrompt,
+        autoOpen: Boolean = false
+    ) {
+        this@DeviceUnlockViewModel.cryptoPrompt = cryptoPrompt
+        if (cryptoPromptShowPending
+            || (autoOpen && PreferencesUtil.isDeviceUnlockPromptAutoOpenEnable(getApplication())))
+            showPrompt()
+    }
+
+    fun showPrompt() {
+        AppLifecycleObserver.lockBackgroundEvent = true
+        isAutoOpenBiometricPromptAllowed = false
+        cryptoPromptShowPending = false
+        if (cryptoPrompt == null) {
+            checkUnlockAvailability()
+        }
+        _uiState.update { currentState ->
+            currentState.copy(
+                cryptoPromptState = DeviceUnlockPromptMode.SHOW
+            )
+        }
+    }
+
+    fun promptShown() {
+        _uiState.update { currentState ->
+            currentState.copy(
+                cryptoPromptState = DeviceUnlockPromptMode.IDLE_SHOW
+            )
+        }
+    }
+
+    fun setException(value: Throwable?) {
+        _uiState.update { currentState ->
+            currentState.copy(
+                exception = value
+            )
+        }
+    }
+
+    fun exceptionShown() {
+        _uiState.update { currentState ->
+            currentState.copy(
+                exception = null
+            )
+        }
+    }
+
+    private fun initEncryptData() {
+        cancelAndLaunchCipherJob {
+            deviceUnlockManager = DeviceUnlockManager(getApplication())
+            deviceUnlockManager?.initEncryptData { cryptoPrompt ->
+                onPromptRequested(cryptoPrompt)
+            } ?: throw Exception("Device unlock manager not initialized")
+        }
+    }
+
+    private fun initDecryptData() {
+        cancelAndLaunchCipherJob {
+            cipherDatabase?.let { cipherDb ->
+                    deviceUnlockManager = DeviceUnlockManager(getApplication())
+                    deviceUnlockManager?.initDecryptData(cipherDb.specParameters) { cryptoPrompt ->
+                        onPromptRequested(
+                            cryptoPrompt,
+                            autoOpen = isAutoOpenBiometricPromptAllowed
+                        )
+                    } ?: throw Exception("Device unlock manager not initialized")
+            } ?: throw Exception("Cipher database not initialized")
+        }
+    }
+
+    fun deleteEncryptedDatabaseKey() {
+        closeBiometricPrompt()
+        databaseUri?.let { databaseUri ->
+            cipherDatabaseAction.deleteByDatabaseUri(databaseUri)
+        } ?: run {
+            checkUnlockAvailability()
+        }
+        _uiState.update { currentState ->
+            currentState.copy(
+                allowDeviceUnlockMenu = false
+            )
+        }
+    }
+
+    fun closeBiometricPrompt() {
+        _uiState.update { currentState ->
+            currentState.copy(
+                cryptoPromptState = DeviceUnlockPromptMode.CLOSE
+            )
+        }
+    }
+
+    fun biometricPromptClosed() {
+        _uiState.update { currentState ->
+            currentState.copy(
+                cryptoPromptState = DeviceUnlockPromptMode.IDLE_CLOSE
+            )
+        }
+    }
+
+    private fun clearPrompt() {
+        cryptoPrompt = null
+        deviceUnlockManager = null
+    }
+
+    fun clear() {
+        if (cryptoPrompt?.isOldCredentialOperation() != true) {
+            clearPrompt()
+        }
+    }
+
+    override fun onCleared() {
+        super.onCleared()
+        cipherDatabaseAction.unregisterDatabaseListener(cipherDatabaseListener)
+        clearPrompt()
+    }
+
+    companion object {
+        private val TAG = DeviceUnlockViewModel::class.java.simpleName
+    }
+}
+
+enum class DeviceUnlockPromptMode {
+    IDLE_CLOSE, IDLE_SHOW, SHOW, CLOSE
+}
+
+data class DeviceUnlockState(
+    val newDeviceUnlockMode: DeviceUnlockMode = DeviceUnlockMode.BIOMETRIC_UNAVAILABLE,
+    val allowDeviceUnlockMenu: Boolean = false,
+    val credentialRequiredCipher: Cipher? = null,
+    val cipherEncryptDatabase: CipherEncryptDatabase? = null,
+    val cipherDecryptDatabase: CipherDecryptDatabase? = null,
+    val cryptoPromptState: DeviceUnlockPromptMode = DeviceUnlockPromptMode.IDLE_CLOSE,
+    val autoOpenPrompt: Boolean = false,
+    val exception: Throwable? = null
+)

app/src/main/java/com/kunzisoft/keepass/viewmodels/KeyGeneratorViewModel.kt

@@ -43,8 +43,8 @@ class KeyGeneratorViewModel: ViewModel() {
     val requirePassphraseGeneration : LiveData<Void?> get() = _requirePassphraseGeneration
     private val _requirePassphraseGeneration = SingleLiveEvent<Void?>()
 
-    fun setKeyGenerated(passKey: String) {
-        _keyGenerated.value = passKey
+    fun setKeyGenerated(value: String) {
+        _keyGenerated.value = value
     }
 
     fun validateKeyGenerated() {

app/src/main/java/com/kunzisoft/keepass/viewmodels/NodeEditViewModel.kt

@@ -4,7 +4,8 @@ import androidx.lifecycle.LiveData
 import androidx.lifecycle.ViewModel
 import com.kunzisoft.keepass.database.element.DateInstant
 import com.kunzisoft.keepass.database.element.icon.IconImage
-import com.kunzisoft.keepass.view.DataTime
+import com.kunzisoft.keepass.model.DataDate
+import com.kunzisoft.keepass.model.DataTime
 
 abstract class NodeEditViewModel : ViewModel() {
 
@@ -23,8 +24,8 @@ abstract class NodeEditViewModel : ViewModel() {
 
     val requestDateTimeSelection : LiveData<DateInstant> get() = _requestDateTimeSelection
     private val _requestDateTimeSelection = SingleLiveEvent<DateInstant>()
-    val onDateSelected : LiveData<Long> get() = _onDateSelected
-    private val _onDateSelected = SingleLiveEvent<Long>()
+    val onDateSelected : LiveData<DataDate> get() = _onDateSelected
+    private val _onDateSelected = SingleLiveEvent<DataDate>()
     val onTimeSelected : LiveData<DataTime> get() = _onTimeSelected
     private val _onTimeSelected = SingleLiveEvent<DataTime>()
 
@@ -57,12 +58,12 @@ abstract class NodeEditViewModel : ViewModel() {
         _requestDateTimeSelection.value = dateInstant
     }
 
-    fun selectDate(dateMilliseconds: Long) {
-        _onDateSelected.value = dateMilliseconds
+    fun selectDate(date: DataDate) {
+        _onDateSelected.value = date
     }
 
-    fun selectTime(hours: Int, minutes: Int) {
-        _onTimeSelected.value = DataTime(hours, minutes)
+    fun selectTime(dataTime: DataTime) {
+        _onTimeSelected.value = dataTime
     }
 
     private enum class ColorRequest {

app/src/main/res/drawable-ldrtl/ic_arrow_back_white_24dp.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="utf-8"?>
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:viewportWidth="24"
+    android:viewportHeight="24">
+    <group>
+        <path
+            android:fillColor="#ffffff"
+            android:strokeWidth="1.78885484"
+            android:pathData="M10,19Q7.5,19 5.5,17.5Q4,16 4,13.5Q4,11 5.5,9.5Q7.5,8 10,8L16,8L13.5,5.5L15,4L20,9L15,14L13.5,12.5L16,10L10,10Q8.5,10 7,11Q6,12 6,13.5Q6,15 7,16Q8.5,17 10,17L17,17L17,19L10,19Z" />
+    </group>
+</vector>

app/src/main/res/drawable-ldrtl/ic_arrow_left_white_24dp.xml

@@ -0,0 +1,9 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:viewportWidth="24.0"
+    android:viewportHeight="24.0">
+    <path
+        android:fillColor="#FFFFFF"
+        android:pathData="M8.59,16.59L13.17,12 8.59,7.41 10,6l6,6 -6,6 -1.41,-1.41z"/>
+</vector>

app/src/main/res/drawable-ldrtl/ic_arrow_right_green_24dp.xml

@@ -0,0 +1,9 @@
+<vector xmlns:android="http://schemas.android.com/apk/res/android"
+    android:width="24dp"
+    android:height="24dp"
+    android:viewportHeight="24"
+    android:viewportWidth="24">
+    <path
+        android:fillColor="@color/green"
+        android:pathData="M14,7l-5,5 5,5V7z"/>
+</vector>