mirror of
https://github.com/Kunzisoft/KeePassDX.git
synced 2025-12-04 15:49:33 +01:00
Compare commits
6 Commits
develop
...
5fd25c6150
| Author | SHA1 | Date | |
|---|---|---|---|
|
5fd25c6150 | ||
|
|
c1cfddddbe | ||
|
|
609b536898 | ||
|
|
f9051ce787 | ||
|
|
d90d175bd8 | ||
|
|
c17fba8ef7 |
@@ -1,5 +1,6 @@
|
||||
KeePassDX(4.3.0)
|
||||
* Manual change of app language #1884 #1990
|
||||
* Add Passkey User Verification #2283
|
||||
* Fix autofill username detection #2276
|
||||
* Fix Passkey in passwordless mode #2282
|
||||
|
||||
|
||||
@@ -31,6 +31,8 @@ import androidx.activity.result.contract.ActivityResultContracts
|
||||
import androidx.activity.viewModels
|
||||
import androidx.annotation.RequiresApi
|
||||
import androidx.appcompat.app.AlertDialog
|
||||
import androidx.biometric.BiometricPrompt
|
||||
import androidx.core.content.ContextCompat
|
||||
import androidx.lifecycle.lifecycleScope
|
||||
import com.kunzisoft.keepass.R
|
||||
import com.kunzisoft.keepass.activities.FileDatabaseSelectActivity
|
||||
@@ -44,8 +46,15 @@ import com.kunzisoft.keepass.credentialprovider.EntrySelectionHelper.setActivity
|
||||
import com.kunzisoft.keepass.credentialprovider.SpecialMode
|
||||
import com.kunzisoft.keepass.credentialprovider.TypeMode
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.data.AndroidPrivilegedApp
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.data.UserVerificationRequirement
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.ALLOWED_AUTHENTICATORS
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.addAppOrigin
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.addAuthCode
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.addUserVerification
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.getUserVerificationCondition
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.getUserVerifiedWithAuth
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.isAuthenticatorsAllowed
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.removeUserVerification
|
||||
import com.kunzisoft.keepass.credentialprovider.viewmodel.CredentialLauncherViewModel
|
||||
import com.kunzisoft.keepass.credentialprovider.viewmodel.PasskeyLauncherViewModel
|
||||
import com.kunzisoft.keepass.database.ContextualDatabase
|
||||
@@ -54,6 +63,7 @@ import com.kunzisoft.keepass.model.SearchInfo
|
||||
import com.kunzisoft.keepass.services.DatabaseTaskNotificationService.Companion.ACTION_DATABASE_UPDATE_ENTRY_TASK
|
||||
import com.kunzisoft.keepass.tasks.ActionRunnable
|
||||
import com.kunzisoft.keepass.utils.AppUtil.randomRequestCode
|
||||
import com.kunzisoft.keepass.utils.LOCK_ACTION
|
||||
import com.kunzisoft.keepass.view.toastError
|
||||
import kotlinx.coroutines.launch
|
||||
import java.util.UUID
|
||||
@@ -82,10 +92,64 @@ class PasskeyLauncherActivity : DatabaseLockActivity() {
|
||||
}
|
||||
|
||||
override fun onCreate(savedInstanceState: Bundle?) {
|
||||
// To manage https://github.com/Kunzisoft/KeePassDX/issues/2283
|
||||
val userVerificationCondition = intent.getUserVerificationCondition()
|
||||
if (userVerificationCondition) {
|
||||
if (isAuthenticatorsAllowed().not()) {
|
||||
intent.removeUserVerification()
|
||||
sendBroadcast(Intent(LOCK_ACTION))
|
||||
}
|
||||
}
|
||||
// super.onCreate must be after UserVerification to allow database lock
|
||||
super.onCreate(savedInstanceState)
|
||||
// Biometric must be after super.onCreate
|
||||
if (userVerificationCondition) {
|
||||
if (isAuthenticatorsAllowed()) {
|
||||
BiometricPrompt(
|
||||
this, ContextCompat.getMainExecutor(this),
|
||||
object : BiometricPrompt.AuthenticationCallback() {
|
||||
override fun onAuthenticationError(
|
||||
errorCode: Int,
|
||||
errString: CharSequence
|
||||
) {
|
||||
super.onAuthenticationError(errorCode, errString)
|
||||
when (errorCode) {
|
||||
BiometricPrompt.ERROR_CANCELED,
|
||||
BiometricPrompt.ERROR_NEGATIVE_BUTTON,
|
||||
BiometricPrompt.ERROR_USER_CANCELED -> {
|
||||
// No operation
|
||||
Log.i(TAG, "$errString")
|
||||
}
|
||||
else -> {
|
||||
toastError(SecurityException("Authentication error: $errString"))
|
||||
}
|
||||
}
|
||||
passkeyLauncherViewModel.cancelResult()
|
||||
}
|
||||
override fun onAuthenticationSucceeded(
|
||||
result: BiometricPrompt.AuthenticationResult
|
||||
) {
|
||||
super.onAuthenticationSucceeded(result)
|
||||
passkeyLauncherViewModel.launchAction(userVerified = true, intent, mSpecialMode)
|
||||
}
|
||||
override fun onAuthenticationFailed() {
|
||||
super.onAuthenticationFailed()
|
||||
toastError(SecurityException(getString(R.string.device_unlock_not_recognized)))
|
||||
passkeyLauncherViewModel.cancelResult()
|
||||
}
|
||||
}).authenticate(
|
||||
BiometricPrompt.PromptInfo.Builder()
|
||||
.setTitle(getString(R.string.user_verification_required))
|
||||
.setAllowedAuthenticators(ALLOWED_AUTHENTICATORS)
|
||||
.setConfirmationRequired(false)
|
||||
.build()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
lifecycleScope.launch {
|
||||
// Initialize the parameters
|
||||
passkeyLauncherViewModel.initialize()
|
||||
passkeyLauncherViewModel.initialize(userVerified = intent.getUserVerifiedWithAuth())
|
||||
// Retrieve the UI
|
||||
passkeyLauncherViewModel.uiState.collect { uiState ->
|
||||
when (uiState) {
|
||||
@@ -278,7 +342,9 @@ class PasskeyLauncherActivity : DatabaseLockActivity() {
|
||||
specialMode: SpecialMode,
|
||||
searchInfo: SearchInfo? = null,
|
||||
appOrigin: AppOrigin? = null,
|
||||
nodeId: UUID? = null
|
||||
nodeId: UUID? = null,
|
||||
userVerification: UserVerificationRequirement = UserVerificationRequirement.PREFERRED,
|
||||
userVerifiedWithAuth: Boolean = true
|
||||
): PendingIntent? {
|
||||
return PendingIntent.getActivity(
|
||||
context,
|
||||
@@ -290,6 +356,7 @@ class PasskeyLauncherActivity : DatabaseLockActivity() {
|
||||
addAppOrigin(appOrigin)
|
||||
addNodeId(nodeId)
|
||||
addAuthCode(nodeId)
|
||||
addUserVerification(userVerification, userVerifiedWithAuth)
|
||||
},
|
||||
PendingIntent.FLAG_MUTABLE or PendingIntent.FLAG_UPDATE_CURRENT
|
||||
)
|
||||
|
||||
@@ -49,6 +49,8 @@ import com.kunzisoft.keepass.credentialprovider.SpecialMode
|
||||
import com.kunzisoft.keepass.credentialprovider.activity.PasskeyLauncherActivity
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.data.PublicKeyCredentialCreationOptions
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.data.PublicKeyCredentialRequestOptions
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.data.UserVerificationRequirement
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.isAuthenticatorsAllowed
|
||||
import com.kunzisoft.keepass.database.ContextualDatabase
|
||||
import com.kunzisoft.keepass.database.DatabaseTaskProvider
|
||||
import com.kunzisoft.keepass.database.exception.RegisterInReadOnlyDatabaseException
|
||||
@@ -65,6 +67,7 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
private var mDatabaseTaskProvider: DatabaseTaskProvider? = null
|
||||
private var mDatabase: ContextualDatabase? = null
|
||||
private lateinit var defaultIcon: Icon
|
||||
private lateinit var relaunchIcon: Icon
|
||||
private var isAutoSelectAllowed: Boolean = false
|
||||
|
||||
override fun onCreate() {
|
||||
@@ -83,6 +86,11 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
setTintBlendMode(BlendMode.DST)
|
||||
}
|
||||
|
||||
relaunchIcon = Icon.createWithResource(
|
||||
this@PasskeyProviderService,
|
||||
R.drawable.ic_clock_loader_red_24dp
|
||||
)
|
||||
|
||||
isAutoSelectAllowed = isPasskeyAutoSelectEnable(this)
|
||||
}
|
||||
|
||||
@@ -149,69 +157,92 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
val credentialIdList = publicKeyCredentialRequestOptions.allowCredentials
|
||||
.map { b64Encode(it.id) }
|
||||
val searchInfo = buildPasskeySearchInfo(relyingPartyId, credentialIdList)
|
||||
Log.d(TAG, "Build passkey search for relying party $relyingPartyId, credentialIds $credentialIdList")
|
||||
val userVerification = publicKeyCredentialRequestOptions.userVerification
|
||||
Log.d(TAG, "Build passkey search for UV $userVerification, " +
|
||||
"RP $relyingPartyId and Credential IDs $credentialIdList")
|
||||
SearchHelper.checkAutoSearchInfo(
|
||||
context = this,
|
||||
database = mDatabase,
|
||||
searchInfo = searchInfo,
|
||||
onItemsFound = { database, items ->
|
||||
Log.d(TAG, "Add pending intent for passkey selection with found items")
|
||||
for (passkeyEntry in items) {
|
||||
PasskeyLauncherActivity.getPendingIntent(
|
||||
context = applicationContext,
|
||||
specialMode = SpecialMode.SELECTION,
|
||||
nodeId = passkeyEntry.id,
|
||||
appOrigin = passkeyEntry.appOrigin
|
||||
)?.let { usagePendingIntent ->
|
||||
val passkey = passkeyEntry.passkey
|
||||
passkeyEntries.add(
|
||||
PublicKeyCredentialEntry(
|
||||
context = applicationContext,
|
||||
username = passkey?.username ?: "Unknown",
|
||||
icon = passkeyEntry.buildIcon(this@PasskeyProviderService, database)?.apply {
|
||||
setTintBlendMode(BlendMode.DST)
|
||||
} ?: defaultIcon,
|
||||
pendingIntent = usagePendingIntent,
|
||||
beginGetPublicKeyCredentialOption = option,
|
||||
displayName = passkeyEntry.getVisualTitle(),
|
||||
isAutoSelectAllowed = isAutoSelectAllowed
|
||||
manageUserVerification(
|
||||
passkeyEntries = passkeyEntries,
|
||||
searchInfo = searchInfo,
|
||||
option = option,
|
||||
userVerification = userVerification
|
||||
) {
|
||||
Log.d(TAG, "Add pending intent for passkey selection with found items")
|
||||
for (passkeyEntry in items) {
|
||||
PasskeyLauncherActivity.getPendingIntent(
|
||||
context = applicationContext,
|
||||
specialMode = SpecialMode.SELECTION,
|
||||
nodeId = passkeyEntry.id,
|
||||
appOrigin = passkeyEntry.appOrigin,
|
||||
userVerification = userVerification,
|
||||
userVerifiedWithAuth = false
|
||||
)?.let { usagePendingIntent ->
|
||||
val passkey = passkeyEntry.passkey
|
||||
passkeyEntries.add(
|
||||
PublicKeyCredentialEntry(
|
||||
context = applicationContext,
|
||||
username = passkey?.username ?: "Unknown",
|
||||
icon = passkeyEntry.buildIcon(
|
||||
this@PasskeyProviderService,
|
||||
database
|
||||
)?.apply {
|
||||
setTintBlendMode(BlendMode.DST)
|
||||
} ?: defaultIcon,
|
||||
pendingIntent = usagePendingIntent,
|
||||
beginGetPublicKeyCredentialOption = option,
|
||||
displayName = passkeyEntry.getVisualTitle(),
|
||||
isAutoSelectAllowed = isAutoSelectAllowed
|
||||
)
|
||||
)
|
||||
)
|
||||
}
|
||||
}
|
||||
}
|
||||
callback(passkeyEntries)
|
||||
},
|
||||
onItemNotFound = { _ ->
|
||||
Log.w(TAG, "No passkey found in the database with this relying party : $relyingPartyId")
|
||||
if (credentialIdList.isEmpty()) {
|
||||
Log.d(TAG, "Add pending intent for passkey selection in opened database")
|
||||
PasskeyLauncherActivity.getPendingIntent(
|
||||
context = applicationContext,
|
||||
specialMode = SpecialMode.SELECTION,
|
||||
searchInfo = searchInfo
|
||||
)?.let { pendingIntent ->
|
||||
passkeyEntries.add(
|
||||
PublicKeyCredentialEntry(
|
||||
context = applicationContext,
|
||||
username = getString(R.string.passkey_database_username),
|
||||
displayName = getString(R.string.passkey_selection_description),
|
||||
icon = defaultIcon,
|
||||
pendingIntent = pendingIntent,
|
||||
beginGetPublicKeyCredentialOption = option,
|
||||
lastUsedTime = Instant.now(),
|
||||
isAutoSelectAllowed = isAutoSelectAllowed
|
||||
manageUserVerification(
|
||||
passkeyEntries = passkeyEntries,
|
||||
searchInfo = searchInfo,
|
||||
option = option,
|
||||
userVerification = userVerification,
|
||||
) {
|
||||
Log.w(TAG, "No passkey found in the database with this relying party : $relyingPartyId")
|
||||
if (credentialIdList.isEmpty()) {
|
||||
Log.d(TAG, "Add pending intent for passkey selection in opened database")
|
||||
PasskeyLauncherActivity.getPendingIntent(
|
||||
context = applicationContext,
|
||||
specialMode = SpecialMode.SELECTION,
|
||||
searchInfo = searchInfo,
|
||||
userVerification = userVerification,
|
||||
userVerifiedWithAuth = false
|
||||
)?.let { pendingIntent ->
|
||||
passkeyEntries.add(
|
||||
PublicKeyCredentialEntry(
|
||||
context = applicationContext,
|
||||
username = getString(R.string.passkey_database_username),
|
||||
displayName = getString(R.string.passkey_selection_description),
|
||||
icon = defaultIcon,
|
||||
pendingIntent = pendingIntent,
|
||||
beginGetPublicKeyCredentialOption = option,
|
||||
lastUsedTime = Instant.now(),
|
||||
isAutoSelectAllowed = isAutoSelectAllowed
|
||||
)
|
||||
)
|
||||
}
|
||||
callback(passkeyEntries)
|
||||
} else {
|
||||
throw IOException(
|
||||
getString(
|
||||
R.string.error_passkey_credential_id,
|
||||
relyingPartyId,
|
||||
credentialIdList
|
||||
)
|
||||
)
|
||||
}
|
||||
callback(passkeyEntries)
|
||||
} else {
|
||||
throw IOException(
|
||||
getString(
|
||||
R.string.error_passkey_credential_id,
|
||||
relyingPartyId,
|
||||
credentialIdList
|
||||
)
|
||||
)
|
||||
}
|
||||
},
|
||||
onDatabaseClosed = {
|
||||
@@ -220,7 +251,8 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
PasskeyLauncherActivity.getPendingIntent(
|
||||
context = applicationContext,
|
||||
specialMode = SpecialMode.SELECTION,
|
||||
searchInfo = searchInfo
|
||||
searchInfo = searchInfo,
|
||||
userVerifiedWithAuth = true
|
||||
)?.let { pendingIntent ->
|
||||
passkeyEntries.add(
|
||||
PublicKeyCredentialEntry(
|
||||
@@ -240,6 +272,42 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* To easily manage user verification condition
|
||||
*/
|
||||
private fun manageUserVerification(
|
||||
passkeyEntries: MutableList<CredentialEntry>,
|
||||
searchInfo: SearchInfo,
|
||||
option: BeginGetPublicKeyCredentialOption,
|
||||
userVerification: UserVerificationRequirement,
|
||||
standardAction: () -> Unit
|
||||
) {
|
||||
if (userVerification == UserVerificationRequirement.REQUIRED && isAuthenticatorsAllowed().not()) {
|
||||
PasskeyLauncherActivity.getPendingIntent(
|
||||
context = applicationContext,
|
||||
specialMode = SpecialMode.SELECTION,
|
||||
searchInfo = searchInfo,
|
||||
userVerification = userVerification,
|
||||
userVerifiedWithAuth = true
|
||||
)?.let { pendingIntent ->
|
||||
passkeyEntries.add(
|
||||
PublicKeyCredentialEntry(
|
||||
context = applicationContext,
|
||||
username = getString(R.string.passkey_database_username),
|
||||
displayName = getString(R.string.passkey_relaunch_database_description),
|
||||
icon = relaunchIcon,
|
||||
pendingIntent = pendingIntent,
|
||||
beginGetPublicKeyCredentialOption = option,
|
||||
lastUsedTime = Instant.now(),
|
||||
isAutoSelectAllowed = isAutoSelectAllowed
|
||||
)
|
||||
)
|
||||
}
|
||||
} else {
|
||||
standardAction()
|
||||
}
|
||||
}
|
||||
|
||||
override fun onBeginCreateCredentialRequest(
|
||||
request: BeginCreateCredentialRequest,
|
||||
cancellationSignal: CancellationSignal,
|
||||
@@ -275,14 +343,17 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
|
||||
private fun MutableList<CreateEntry>.addPendingIntentCreationNewEntry(
|
||||
accountName: String,
|
||||
searchInfo: SearchInfo?
|
||||
searchInfo: SearchInfo?,
|
||||
userVerification: UserVerificationRequirement
|
||||
) {
|
||||
Log.d(TAG, "Add pending intent for registration in opened database to create new item")
|
||||
// TODO add a setting to directly store in a specific group
|
||||
PasskeyLauncherActivity.getPendingIntent(
|
||||
context = applicationContext,
|
||||
specialMode = SpecialMode.REGISTRATION,
|
||||
searchInfo = searchInfo
|
||||
searchInfo = searchInfo,
|
||||
userVerification = userVerification,
|
||||
userVerifiedWithAuth = false
|
||||
)?.let { pendingIntent ->
|
||||
this.add(
|
||||
CreateEntry(
|
||||
@@ -311,6 +382,7 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
)
|
||||
val relyingPartyId = publicKeyCredentialCreationOptions.relyingPartyEntity.id
|
||||
val searchInfo = buildPasskeySearchInfo(relyingPartyId)
|
||||
val userVerification = publicKeyCredentialCreationOptions.authenticatorSelection.userVerification
|
||||
Log.d(TAG, "Build passkey search for relying party $relyingPartyId")
|
||||
SearchHelper.checkAutoSearchInfo(
|
||||
context = this,
|
||||
@@ -321,7 +393,11 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
throw RegisterInReadOnlyDatabaseException()
|
||||
} else {
|
||||
// To create a new entry
|
||||
createEntries.addPendingIntentCreationNewEntry(accountName, searchInfo)
|
||||
createEntries.addPendingIntentCreationNewEntry(
|
||||
accountName = accountName,
|
||||
searchInfo = searchInfo,
|
||||
userVerification = userVerification
|
||||
)
|
||||
/* TODO Overwrite
|
||||
// To select an existing entry and permit an overwrite
|
||||
Log.w(TAG, "Passkey already registered")
|
||||
@@ -352,7 +428,11 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
if (database.isReadOnly) {
|
||||
throw RegisterInReadOnlyDatabaseException()
|
||||
} else {
|
||||
createEntries.addPendingIntentCreationNewEntry(accountName, searchInfo)
|
||||
createEntries.addPendingIntentCreationNewEntry(
|
||||
accountName = accountName,
|
||||
searchInfo = searchInfo,
|
||||
userVerification = userVerification
|
||||
)
|
||||
}
|
||||
callback(createEntries)
|
||||
},
|
||||
@@ -361,7 +441,8 @@ class PasskeyProviderService : CredentialProviderService() {
|
||||
Log.d(TAG, "Add pending intent for passkey registration in closed database")
|
||||
PasskeyLauncherActivity.getPendingIntent(
|
||||
context = applicationContext,
|
||||
specialMode = SpecialMode.REGISTRATION
|
||||
specialMode = SpecialMode.REGISTRATION,
|
||||
userVerifiedWithAuth = true
|
||||
)?.let { pendingIntent ->
|
||||
createEntries.add(
|
||||
CreateEntry(
|
||||
|
||||
@@ -148,11 +148,12 @@ data class PublicKeyCredentialDescriptor(
|
||||
}
|
||||
}
|
||||
|
||||
// https://www.w3.org/TR/webauthn-3/#dictdef-authenticatorselectioncriteria
|
||||
data class AuthenticatorSelectionCriteria(
|
||||
val authenticatorAttachment: String? = null,
|
||||
val residentKey: ResidentKeyRequirement? = null,
|
||||
val requireResidentKey: Boolean?,
|
||||
val userVerification: UserVerificationRequirement? = UserVerificationRequirement.PREFERRED
|
||||
val userVerification: UserVerificationRequirement = UserVerificationRequirement.PREFERRED
|
||||
) {
|
||||
companion object {
|
||||
fun JSONObject.getAuthenticatorSelectionCriteria(
|
||||
@@ -166,7 +167,9 @@ data class AuthenticatorSelectionCriteria(
|
||||
ResidentKeyRequirement.fromString(authenticatorSelection.getString("residentKey"))
|
||||
else null
|
||||
val requireResidentKey = authenticatorSelection.optBoolean("requireResidentKey", false)
|
||||
val userVerification = UserVerificationRequirement.fromString(authenticatorSelection.optString("userVerification", "preferred"))
|
||||
val userVerification = UserVerificationRequirement
|
||||
.fromString(authenticatorSelection.optString("userVerification", "preferred"))
|
||||
?: UserVerificationRequirement.PREFERRED
|
||||
// https://www.w3.org/TR/webauthn-3/#enumdef-residentkeyrequirement
|
||||
if (residentKey == null) {
|
||||
residentKey = if (requireResidentKey) {
|
||||
@@ -195,7 +198,9 @@ enum class ResidentKeyRequirement(val value: String) {
|
||||
}
|
||||
companion object {
|
||||
fun fromString(value: String): ResidentKeyRequirement? {
|
||||
return ResidentKeyRequirement.entries.firstOrNull { it.value == value }
|
||||
return ResidentKeyRequirement.entries.firstOrNull {
|
||||
it.value.equals(other = value, ignoreCase = true)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -210,7 +215,9 @@ enum class UserVerificationRequirement(val value: String) {
|
||||
}
|
||||
companion object {
|
||||
fun fromString(value: String): UserVerificationRequirement? {
|
||||
return UserVerificationRequirement.entries.firstOrNull { it.value == value }
|
||||
return UserVerificationRequirement.entries.firstOrNull {
|
||||
it.value.equals(other = value, ignoreCase = true)
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -30,6 +30,10 @@ import android.security.keystore.KeyProperties
|
||||
import android.util.Log
|
||||
import android.widget.Toast
|
||||
import androidx.annotation.RequiresApi
|
||||
import androidx.biometric.BiometricManager
|
||||
import androidx.biometric.BiometricManager.Authenticators.BIOMETRIC_WEAK
|
||||
import androidx.biometric.BiometricManager.Authenticators.DEVICE_CREDENTIAL
|
||||
import androidx.biometric.BiometricManager.BIOMETRIC_SUCCESS
|
||||
import androidx.credentials.CreatePublicKeyCredentialRequest
|
||||
import androidx.credentials.CreatePublicKeyCredentialResponse
|
||||
import androidx.credentials.GetPublicKeyCredentialOption
|
||||
@@ -56,6 +60,7 @@ import com.kunzisoft.keepass.credentialprovider.passkey.data.PublicKeyCredential
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.data.PublicKeyCredentialCreationParameters
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.data.PublicKeyCredentialRequestOptions
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.data.PublicKeyCredentialUsageParameters
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.data.UserVerificationRequirement
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PrivilegedAllowLists.getOriginFromPrivilegedAllowLists
|
||||
import com.kunzisoft.keepass.model.AndroidOrigin
|
||||
import com.kunzisoft.keepass.model.AppOrigin
|
||||
@@ -63,7 +68,9 @@ import com.kunzisoft.keepass.model.EntryInfo
|
||||
import com.kunzisoft.keepass.model.Passkey
|
||||
import com.kunzisoft.keepass.utils.AppUtil
|
||||
import com.kunzisoft.keepass.utils.StringUtil.toHexString
|
||||
import com.kunzisoft.keepass.utils.getEnumExtra
|
||||
import com.kunzisoft.keepass.utils.getParcelableExtraCompat
|
||||
import com.kunzisoft.keepass.utils.putEnumExtra
|
||||
import kotlinx.coroutines.Dispatchers
|
||||
import kotlinx.coroutines.withContext
|
||||
import java.io.IOException
|
||||
@@ -91,6 +98,8 @@ object PasskeyHelper {
|
||||
private const val EXTRA_APP_ORIGIN = "com.kunzisoft.keepass.extra.appOrigin"
|
||||
private const val EXTRA_TIMESTAMP = "com.kunzisoft.keepass.extra.timestamp"
|
||||
private const val EXTRA_AUTHENTICATION_CODE = "com.kunzisoft.keepass.extra.authenticationCode"
|
||||
private const val EXTRA_USER_VERIFICATION = "com.kunzisoft.keepass.extra.userVerification"
|
||||
private const val EXTRA_USER_VERIFIED_WITH_AUTH = "com.kunzisoft.keepass.extra.userVerifiedWithAuth"
|
||||
|
||||
private const val SEPARATOR = "_"
|
||||
|
||||
@@ -107,6 +116,60 @@ object PasskeyHelper {
|
||||
|
||||
private val internalSecureRandom: SecureRandom = SecureRandom()
|
||||
|
||||
/**
|
||||
* Add the User Verification to the intent
|
||||
*/
|
||||
fun Intent.addUserVerification(
|
||||
userVerification: UserVerificationRequirement,
|
||||
userVerifiedWithAuth: Boolean
|
||||
) {
|
||||
putEnumExtra(EXTRA_USER_VERIFICATION, userVerification)
|
||||
putExtra(EXTRA_USER_VERIFIED_WITH_AUTH, userVerifiedWithAuth)
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the User Verification from the intent
|
||||
*/
|
||||
fun Intent.getUserVerificationCondition(): Boolean {
|
||||
return (getEnumExtra<UserVerificationRequirement>(EXTRA_USER_VERIFICATION)
|
||||
?: UserVerificationRequirement.PREFERRED) == UserVerificationRequirement.REQUIRED
|
||||
}
|
||||
|
||||
/**
|
||||
* Define if the User is verified with authentification from the intent
|
||||
*/
|
||||
fun Intent.getUserVerifiedWithAuth(): Boolean {
|
||||
return getBooleanExtra(EXTRA_USER_VERIFIED_WITH_AUTH, true)
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove the User Verification from the intent
|
||||
*/
|
||||
fun Intent.removeUserVerification() {
|
||||
removeExtra(EXTRA_USER_VERIFICATION)
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove the User verified with auth from the intent
|
||||
*/
|
||||
fun Intent.removeUserVerifiedWithAuth() {
|
||||
removeExtra(EXTRA_USER_VERIFIED_WITH_AUTH)
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Allowed authenticators for the User Verification
|
||||
*/
|
||||
const val ALLOWED_AUTHENTICATORS = BIOMETRIC_WEAK or DEVICE_CREDENTIAL
|
||||
|
||||
/**
|
||||
* Check if the device supports the biometric prompt for User Verification
|
||||
*/
|
||||
fun Context.isAuthenticatorsAllowed(): Boolean {
|
||||
return BiometricManager.from(this)
|
||||
.canAuthenticate(ALLOWED_AUTHENTICATORS) == BIOMETRIC_SUCCESS
|
||||
}
|
||||
|
||||
/**
|
||||
* Add an authentication code generated by an entry to the intent
|
||||
*/
|
||||
@@ -494,6 +557,7 @@ object PasskeyHelper {
|
||||
*/
|
||||
fun buildCreatePublicKeyCredentialResponse(
|
||||
publicKeyCredentialCreationParameters: PublicKeyCredentialCreationParameters,
|
||||
userVerified: Boolean,
|
||||
backupEligibility: Boolean,
|
||||
backupState: Boolean
|
||||
): CreatePublicKeyCredentialResponse {
|
||||
@@ -511,7 +575,7 @@ object PasskeyHelper {
|
||||
keyTypeId = keyTypeId
|
||||
) ?: mapOf<Int, Any>()),
|
||||
userPresent = true,
|
||||
userVerified = true,
|
||||
userVerified = userVerified,
|
||||
backupEligibility = backupEligibility,
|
||||
backupState = backupState,
|
||||
publicKeyTypeId = keyTypeId,
|
||||
@@ -583,6 +647,7 @@ object PasskeyHelper {
|
||||
requestOptions: PublicKeyCredentialRequestOptions,
|
||||
clientDataResponse: ClientDataResponse,
|
||||
passkey: Passkey,
|
||||
userVerified: Boolean,
|
||||
defaultBackupEligibility: Boolean,
|
||||
defaultBackupState: Boolean
|
||||
): PublicKeyCredential {
|
||||
@@ -591,7 +656,7 @@ object PasskeyHelper {
|
||||
response = AuthenticatorAssertionResponse(
|
||||
requestOptions = requestOptions,
|
||||
userPresent = true,
|
||||
userVerified = true,
|
||||
userVerified = userVerified,
|
||||
backupEligibility = passkey.backupEligibility ?: defaultBackupEligibility,
|
||||
backupState = passkey.backupState ?: defaultBackupState,
|
||||
userHandle = passkey.userHandle,
|
||||
|
||||
@@ -24,7 +24,6 @@ abstract class CredentialLauncherViewModel(application: Application): AndroidVie
|
||||
|
||||
protected var isResultLauncherRegistered: Boolean = false
|
||||
private var mSelectionResult: ActivityResult? = null
|
||||
|
||||
protected val mCredentialUiState = MutableStateFlow<CredentialState>(CredentialState.Loading)
|
||||
val credentialUiState: StateFlow<CredentialState> = mCredentialUiState
|
||||
|
||||
@@ -56,7 +55,7 @@ abstract class CredentialLauncherViewModel(application: Application): AndroidVie
|
||||
)
|
||||
}
|
||||
|
||||
private fun onDatabaseRetrieved(database: ContextualDatabase) {
|
||||
fun onDatabaseRetrieved(database: ContextualDatabase) {
|
||||
mDatabase = database
|
||||
mSelectionResult?.let { selectionResult ->
|
||||
manageSelectionResult(database, selectionResult)
|
||||
|
||||
@@ -24,6 +24,7 @@ import com.kunzisoft.keepass.credentialprovider.passkey.data.PublicKeyCredential
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.buildCreatePublicKeyCredentialResponse
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.buildPasskeyPublicKeyCredential
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.checkSecurity
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.getUserVerificationCondition
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.getVerifiedGETClientDataResponse
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.removeAppOrigin
|
||||
import com.kunzisoft.keepass.credentialprovider.passkey.util.PasskeyHelper.removePasskey
|
||||
@@ -64,14 +65,16 @@ class PasskeyLauncherViewModel(application: Application): CredentialLauncherView
|
||||
private var mPasskey: Passkey? = null
|
||||
|
||||
private var mLockDatabaseAfterSelection: Boolean = false
|
||||
private var mUserVerified: Boolean = true
|
||||
private var mBackupEligibility: Boolean = true
|
||||
private var mBackupState: Boolean = false
|
||||
|
||||
private val mUiState = MutableStateFlow<UIState>(UIState.Loading)
|
||||
val uiState: StateFlow<UIState> = mUiState
|
||||
|
||||
fun initialize() {
|
||||
fun initialize(userVerified: Boolean) {
|
||||
mLockDatabaseAfterSelection = PreferencesUtil.isPasskeyCloseDatabaseEnable(getApplication())
|
||||
mUserVerified = userVerified
|
||||
mBackupEligibility = PreferencesUtil.isPasskeyBackupEligibilityEnable(getApplication())
|
||||
mBackupState = PreferencesUtil.isPasskeyBackupStateEnable(getApplication())
|
||||
}
|
||||
@@ -149,14 +152,29 @@ class PasskeyLauncherViewModel(application: Application): CredentialLauncherView
|
||||
}
|
||||
}
|
||||
|
||||
fun launchAction(
|
||||
userVerified: Boolean,
|
||||
intent: Intent,
|
||||
specialMode: SpecialMode,
|
||||
) {
|
||||
this.mUserVerified = userVerified
|
||||
super.launchActionIfNeeded(intent, specialMode, mDatabase)
|
||||
}
|
||||
|
||||
override fun launchActionIfNeeded(
|
||||
intent: Intent,
|
||||
specialMode: SpecialMode,
|
||||
database: ContextualDatabase?
|
||||
) {
|
||||
// Launch with database when a nodeId is present
|
||||
if ((database != null && database.loaded) || intent.retrieveNodeId() == null) {
|
||||
super.launchActionIfNeeded(intent, specialMode, database)
|
||||
if (intent.getUserVerificationCondition()) {
|
||||
if (database != null) {
|
||||
onDatabaseRetrieved(database)
|
||||
}
|
||||
} else {
|
||||
// Launch with database when a nodeId is present
|
||||
if ((database != null && database.loaded) || intent.retrieveNodeId() == null) {
|
||||
super.launchActionIfNeeded(intent, specialMode, database)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -307,6 +325,7 @@ class PasskeyLauncherViewModel(application: Application): CredentialLauncherView
|
||||
appOrigin = appOrigin
|
||||
),
|
||||
passkey = passkey,
|
||||
userVerified = mUserVerified,
|
||||
defaultBackupEligibility = mBackupEligibility,
|
||||
defaultBackupState = mBackupState
|
||||
)
|
||||
@@ -363,6 +382,7 @@ class PasskeyLauncherViewModel(application: Application): CredentialLauncherView
|
||||
appOrigin = appOrigin
|
||||
),
|
||||
passkey = passkey,
|
||||
userVerified = mUserVerified,
|
||||
defaultBackupEligibility = mBackupEligibility,
|
||||
defaultBackupState = mBackupState
|
||||
)
|
||||
@@ -505,6 +525,7 @@ class PasskeyLauncherViewModel(application: Application): CredentialLauncherView
|
||||
intent = responseIntent,
|
||||
response = buildCreatePublicKeyCredentialResponse(
|
||||
publicKeyCredentialCreationParameters = it,
|
||||
userVerified = mUserVerified,
|
||||
backupEligibility = passkey?.backupEligibility
|
||||
?: mBackupEligibility,
|
||||
backupState = passkey?.backupState
|
||||
|
||||
9
app/src/main/res/drawable/ic_clock_loader_red_24dp.xml
Normal file
9
app/src/main/res/drawable/ic_clock_loader_red_24dp.xml
Normal file
@@ -0,0 +1,9 @@
|
||||
<vector xmlns:android="http://schemas.android.com/apk/res/android"
|
||||
android:height="24dp"
|
||||
android:width="24dp"
|
||||
android:viewportHeight="960"
|
||||
android:viewportWidth="960">
|
||||
<path
|
||||
android:fillColor="#E50808"
|
||||
android:pathData="M480,880Q397,880 324,848.5Q251,817 197,763Q143,709 111.5,636Q80,563 80,480Q80,397 111.5,324Q143,251 197,197Q251,143 324,111.5Q397,80 480,80Q563,80 636,111.5Q709,143 763,197Q817,251 848.5,324Q880,397 880,480Q880,563 848.5,636Q817,709 763,763Q709,817 636,848.5Q563,880 480,880ZM253,707L480,480L480,160Q346,160 253,253Q160,346 160,480Q160,544 184,603Q208,662 253,707Z"/>
|
||||
</vector>
|
||||
@@ -767,6 +767,7 @@
|
||||
<string name="passkey_selection_description">Select an existing passkey</string>
|
||||
<string name="passkey_database_username">KeePassDX Database</string>
|
||||
<string name="passkey_locked_database_description">Select to unlock</string>
|
||||
<string name="passkey_relaunch_database_description">Reauthenticate (No Device Auth)</string>
|
||||
<string name="passkey_username">Passkey Username</string>
|
||||
<string name="passkey_private_key">Passkey Private Key</string>
|
||||
<string name="passkey_credential_id">Passkey Credential Id</string>
|
||||
@@ -776,4 +777,5 @@
|
||||
<string name="passkey_backup_state">Passkey Backup State</string>
|
||||
<string name="error_passkey_result">Unable to return the passkey</string>
|
||||
<string name="error_passkey_credential_id">No passkey found with relying party %1$s and credentialIds %2$s</string>
|
||||
<string name="user_verification_required">User verification required</string>
|
||||
</resources>
|
||||
@@ -181,15 +181,8 @@ class SearchHelper {
|
||||
val credentialIds = searchParameters.searchOptions
|
||||
val containsRelyingParty = entry.getExtraFields().any { field ->
|
||||
field.isRelyingParty()
|
||||
&& checkSearchQuery(
|
||||
stringToCheck = field.protectedValue.stringValue,
|
||||
searchParameters = SearchParameters().apply {
|
||||
searchQuery = relyingParty
|
||||
searchInRelyingParty = true
|
||||
caseSensitive = false
|
||||
isRegex = false
|
||||
}
|
||||
)
|
||||
&& field.protectedValue.stringValue
|
||||
.equals(relyingParty, ignoreCase = true)
|
||||
}
|
||||
// Check empty to allow any credential if not defined
|
||||
val containsCredentialId = if(credentialIds.isEmpty()) true
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
* Manual change of app language #1884 #1990
|
||||
* Add Passkey User Verification #2283
|
||||
* Fix autofill username detection #2276
|
||||
* Fix Passkey in passwordless mode #2282
|
||||
@@ -1,3 +1,4 @@
|
||||
* Changement manuel de la langue de l'appli #1884 #1990
|
||||
* Ajout de la Verification Utilisateur pour Passkey #2283
|
||||
* Correction de la détection du nom d'utilisateur pour le remplissage auto #2276
|
||||
* Correction de Passkey en mode passwordless #2282
|
||||
Reference in New Issue
Block a user