fix: Separate Main credential, remove ContentProvider from Database

app/src/main/java/com/kunzisoft/keepass/activities/FileDatabaseSelectActivity.kt

@@ -54,7 +54,7 @@ import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
 import com.kunzisoft.keepass.autofill.AutofillComponent
 import com.kunzisoft.keepass.autofill.AutofillHelper
 import com.kunzisoft.keepass.database.ContextualDatabase
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.education.FileDatabaseSelectActivityEducation
 import com.kunzisoft.keepass.hardware.HardwareKey
 import com.kunzisoft.keepass.model.RegisterInfo

app/src/main/java/com/kunzisoft/keepass/activities/GroupActivity.kt

@@ -75,10 +75,10 @@ import com.kunzisoft.keepass.adapters.BreadcrumbAdapter
 import com.kunzisoft.keepass.autofill.AutofillComponent
 import com.kunzisoft.keepass.autofill.AutofillHelper
 import com.kunzisoft.keepass.database.ContextualDatabase
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.element.DateInstant
 import com.kunzisoft.keepass.database.element.Entry
 import com.kunzisoft.keepass.database.element.Group
-import com.kunzisoft.keepass.database.element.MainCredential
 import com.kunzisoft.keepass.database.element.SortNodeEnum
 import com.kunzisoft.keepass.database.element.node.Node
 import com.kunzisoft.keepass.database.element.node.NodeId

app/src/main/java/com/kunzisoft/keepass/activities/MainCredentialActivity.kt

@@ -56,7 +56,7 @@ import com.kunzisoft.keepass.autofill.AutofillHelper
 import com.kunzisoft.keepass.biometric.AdvancedUnlockFragment
 import com.kunzisoft.keepass.biometric.AdvancedUnlockManager
 import com.kunzisoft.keepass.database.ContextualDatabase
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.exception.DuplicateUuidDatabaseException
 import com.kunzisoft.keepass.database.exception.FileNotFoundDatabaseException
 import com.kunzisoft.keepass.education.PasswordActivityEducation

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/MainCredentialDialogFragment.kt

@@ -27,7 +27,7 @@ import android.widget.TextView
 import androidx.appcompat.app.AlertDialog
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.utils.UriUtil.getDocumentFile
 import com.kunzisoft.keepass.view.MainCredentialView
 

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/PasswordEncodingDialogFragment.kt

@@ -26,7 +26,7 @@ import android.os.Bundle
 import androidx.appcompat.app.AlertDialog
 import androidx.fragment.app.DialogFragment
 import com.kunzisoft.keepass.R
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 
 class PasswordEncodingDialogFragment : DialogFragment() {
 
@@ -78,8 +78,10 @@ class PasswordEncodingDialogFragment : DialogFragment() {
         private const val DATABASE_URI_KEY = "DATABASE_URI_KEY"
         private const val MAIN_CREDENTIAL = "MAIN_CREDENTIAL"
 
-        fun getInstance(databaseUri: Uri,
+        fun getInstance(
-                        mainCredential: MainCredential): SortDialogFragment {
+            databaseUri: Uri,
+            mainCredential: MainCredential
+        ): SortDialogFragment {
             val fragment = SortDialogFragment()
             fragment.arguments = Bundle().apply {
                 putParcelable(DATABASE_URI_KEY, databaseUri)

app/src/main/java/com/kunzisoft/keepass/activities/dialogs/SetMainCredentialDialogFragment.kt

@@ -35,7 +35,7 @@ import com.google.android.material.textfield.TextInputLayout
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.helpers.setOpenDocumentClickListener
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.hardware.HardwareKey
 import com.kunzisoft.keepass.hardware.HardwareKeyActivity
 import com.kunzisoft.keepass.password.PasswordEntropy

app/src/main/java/com/kunzisoft/keepass/activities/legacy/DatabaseActivity.kt

@@ -5,8 +5,8 @@ import android.os.Bundle
 import androidx.activity.viewModels
 import com.kunzisoft.keepass.activities.stylish.StylishActivity
 import com.kunzisoft.keepass.database.ContextualDatabase
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.action.DatabaseTaskProvider
-import com.kunzisoft.keepass.database.element.MainCredential
 import com.kunzisoft.keepass.model.CipherEncryptDatabase
 import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.utils.UriUtil.getBinaryDir

app/src/main/java/com/kunzisoft/keepass/activities/legacy/DatabaseLockActivity.kt

@@ -37,10 +37,10 @@ import com.kunzisoft.keepass.activities.dialogs.PasswordEncodingDialogFragment
 import com.kunzisoft.keepass.activities.helpers.EntrySelectionHelper
 import com.kunzisoft.keepass.activities.helpers.SpecialMode
 import com.kunzisoft.keepass.database.ContextualDatabase
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.element.Database
 import com.kunzisoft.keepass.database.element.Entry
 import com.kunzisoft.keepass.database.element.Group
-import com.kunzisoft.keepass.database.element.MainCredential
 import com.kunzisoft.keepass.database.element.node.Node
 import com.kunzisoft.keepass.database.element.node.NodeId
 import com.kunzisoft.keepass.model.GroupInfo
@@ -251,7 +251,7 @@ abstract class DatabaseLockActivity : DatabaseModeActivity(),
         mDatabase?.let { database ->
             database.fileUri?.let { databaseUri ->
                 // Show the progress dialog now or after dialog confirmation
-                if (database.validatePasswordEncoding(mainCredential)) {
+                if (database.isValidCredential(mainCredential.toMasterCredential(contentResolver))) {
                     assignDatabasePassword(databaseUri, mainCredential)
                 } else {
                     PasswordEncodingDialogFragment.getInstance(databaseUri, mainCredential)

app/src/main/java/com/kunzisoft/keepass/database/ContextualDatabase.kt

@@ -1,5 +1,6 @@
 package com.kunzisoft.keepass.database
 
+import android.net.Uri
 import com.kunzisoft.keepass.database.element.Database
 import com.kunzisoft.keepass.database.element.icon.IconImageCustom
 import com.kunzisoft.keepass.icons.IconDrawableFactory
@@ -8,6 +9,8 @@ import java.io.File
 
 class ContextualDatabase: Database() {
 
+    var fileUri: Uri? = null
+
     val iconDrawableFactory = IconDrawableFactory(
         retrieveBinaryCache = { binaryCache },
         retrieveCustomIconBinary = { iconId -> getBinaryForCustomIcon(iconId) }
@@ -23,6 +26,11 @@ class ContextualDatabase: Database() {
         super.clearIndexesAndBinaries(filesDirectory)
     }
 
+    override fun clearAndClose(filesDirectory: File?) {
+        super.clearAndClose(filesDirectory)
+        this.fileUri = null
+    }
+
     companion object : SingletonHolder<ContextualDatabase>(::ContextualDatabase) {
         private val TAG = ContextualDatabase::class.java.name
     }

app/src/main/java/com/kunzisoft/keepass/database/MainCredential.kt

@@ -0,0 +1,100 @@
+/*
+ * Copyright 2022 Jeremy Jamet / Kunzisoft.
+ *
+ * This file is part of KeePassDX.
+ *
+ *  KeePassDX is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  KeePassDX is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with KeePassDX.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package com.kunzisoft.keepass.database
+
+import android.content.ContentResolver
+import android.net.Uri
+import android.os.Parcel
+import android.os.Parcelable
+import com.kunzisoft.keepass.database.element.MasterCredential
+import com.kunzisoft.keepass.hardware.HardwareKey
+import com.kunzisoft.keepass.utils.UriHelper.getUriInputStream
+import com.kunzisoft.keepass.utils.readEnum
+import com.kunzisoft.keepass.utils.writeEnum
+
+data class MainCredential(var password: String? = null,
+                          var keyFileUri: Uri? = null,
+                          var hardwareKey: HardwareKey? = null): Parcelable {
+
+    constructor(parcel: Parcel) : this() {
+        password = parcel.readString()
+        keyFileUri = parcel.readParcelable(Uri::class.java.classLoader)
+        hardwareKey = parcel.readEnum<HardwareKey>()
+    }
+
+    override fun writeToParcel(parcel: Parcel, flags: Int) {
+        parcel.writeString(password)
+        parcel.writeParcelable(keyFileUri, flags)
+        parcel.writeEnum(hardwareKey)
+    }
+
+    override fun describeContents(): Int {
+        return 0
+    }
+
+    override fun equals(other: Any?): Boolean {
+        if (this === other) return true
+        if (javaClass != other?.javaClass) return false
+
+        other as MainCredential
+
+        if (password != other.password) return false
+        if (keyFileUri != other.keyFileUri) return false
+        if (hardwareKey != other.hardwareKey) return false
+
+        return true
+    }
+
+    override fun hashCode(): Int {
+        var result = password?.hashCode() ?: 0
+        result = 31 * result + (keyFileUri?.hashCode() ?: 0)
+        result = 31 * result + (hardwareKey?.hashCode() ?: 0)
+        return result
+    }
+
+    fun toMasterCredential(contentResolver: ContentResolver): MasterCredential {
+        return MasterCredential(
+            this.password,
+            this.keyFileUri?.let {
+                getKeyFileData(contentResolver, it)
+            },
+            this.hardwareKey
+        )
+    }
+
+    private fun getKeyFileData(contentResolver: ContentResolver,
+                               keyFileUri: Uri): ByteArray? {
+        contentResolver.getUriInputStream(keyFileUri)?.use { keyFileInputStream ->
+            return keyFileInputStream.readBytes()
+        }
+        return null
+    }
+
+    companion object CREATOR : Parcelable.Creator<MainCredential> {
+        override fun createFromParcel(parcel: Parcel): MainCredential {
+            return MainCredential(parcel)
+        }
+
+        override fun newArray(size: Int): Array<MainCredential?> {
+            return arrayOfNulls(size)
+        }
+
+        private val TAG = MainCredential::class.java.simpleName
+    }
+}

app/src/main/java/com/kunzisoft/keepass/database/action/AssignMainCredentialInDatabaseRunnable.kt

@@ -24,7 +24,7 @@ import android.net.Uri
 import com.kunzisoft.keepass.app.database.CipherDatabaseAction
 import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
 import com.kunzisoft.keepass.database.ContextualDatabase
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.hardware.HardwareKey
 
 open class AssignMainCredentialInDatabaseRunnable (

app/src/main/java/com/kunzisoft/keepass/database/action/CreateDatabaseRunnable.kt

@@ -24,7 +24,7 @@ import android.net.Uri
 import android.util.Log
 import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
 import com.kunzisoft.keepass.database.ContextualDatabase
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.hardware.HardwareKey
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.utils.UriUtil.getBinaryDir
@@ -45,7 +45,8 @@ class CreateDatabaseRunnable(
         try {
             // Create new database record
             mDatabase.apply {
-                createData(mDatabaseUri, databaseName, rootName, templateGroupName)
+                this.fileUri = mDatabaseUri
+                createData(databaseName, rootName, templateGroupName)
             }
         } catch (e: Exception) {
             mDatabase.clearAndClose(context.getBinaryDir())

app/src/main/java/com/kunzisoft/keepass/database/action/DatabaseTaskProvider.kt

@@ -40,11 +40,11 @@ import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.dialogs.DatabaseChangedDialogFragment
 import com.kunzisoft.keepass.activities.dialogs.DatabaseChangedDialogFragment.Companion.DATABASE_CHANGED_DIALOG_TAG
 import com.kunzisoft.keepass.database.ContextualDatabase
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
 import com.kunzisoft.keepass.database.element.Entry
 import com.kunzisoft.keepass.database.element.Group
-import com.kunzisoft.keepass.database.element.MainCredential
 import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
 import com.kunzisoft.keepass.database.element.node.Node
 import com.kunzisoft.keepass.database.element.node.NodeId

app/src/main/java/com/kunzisoft/keepass/database/action/LoadDatabaseRunnable.kt

@@ -24,14 +24,16 @@ import android.net.Uri
 import com.kunzisoft.keepass.app.database.CipherDatabaseAction
 import com.kunzisoft.keepass.app.database.FileDatabaseHistoryAction
 import com.kunzisoft.keepass.database.ContextualDatabase
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.exception.DatabaseInputException
+import com.kunzisoft.keepass.database.exception.UnknownDatabaseLocationException
 import com.kunzisoft.keepass.hardware.HardwareKey
 import com.kunzisoft.keepass.model.CipherEncryptDatabase
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.tasks.ProgressTaskUpdater
+import com.kunzisoft.keepass.utils.UriHelper.getUriInputStream
 import com.kunzisoft.keepass.utils.UriUtil.getBinaryDir
 
 class LoadDatabaseRunnable(
@@ -56,10 +58,13 @@ class LoadDatabaseRunnable(
 
     override fun onActionRun() {
         try {
+            val contentResolver = context.contentResolver
+            // Save database URI
+            mDatabase.fileUri = mDatabaseUri
             mDatabase.loadData(
-                context.contentResolver,
+                contentResolver.getUriInputStream(mDatabaseUri)
-                mDatabaseUri,
+                    ?: throw UnknownDatabaseLocationException(),
-                mMainCredential,
+                mMainCredential.toMasterCredential(contentResolver),
                 mChallengeResponseRetriever,
                 mReadonly,
                 binaryDir,

app/src/main/java/com/kunzisoft/keepass/database/action/MergeDatabaseRunnable.kt

@@ -22,12 +22,14 @@ package com.kunzisoft.keepass.database.action
 import android.content.Context
 import android.net.Uri
 import com.kunzisoft.keepass.database.ContextualDatabase
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.exception.DatabaseException
+import com.kunzisoft.keepass.database.exception.UnknownDatabaseLocationException
 import com.kunzisoft.keepass.hardware.HardwareKey
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.tasks.ProgressTaskUpdater
+import com.kunzisoft.keepass.utils.UriHelper.getUriInputStream
 
 class MergeDatabaseRunnable(
     context: Context,
@@ -48,10 +50,12 @@ class MergeDatabaseRunnable(
 
     override fun onActionRun() {
         try {
+            val contentResolver = context.contentResolver
             database.mergeData(
-                context.contentResolver,
+                context.contentResolver.getUriInputStream(
-                mDatabaseToMergeUri,
+                    mDatabaseToMergeUri ?: database.fileUri
-                mDatabaseToMergeMainCredential,
+                ) ?: throw UnknownDatabaseLocationException(),
+                mDatabaseToMergeMainCredential?.toMasterCredential(contentResolver),
                 mDatabaseToMergeChallengeResponseRetriever,
                 { memoryWanted ->
                     BinaryData.canMemoryBeAllocatedInRAM(context, memoryWanted)

app/src/main/java/com/kunzisoft/keepass/database/action/ReloadDatabaseRunnable.kt

@@ -23,9 +23,11 @@ import android.content.Context
 import com.kunzisoft.keepass.database.ContextualDatabase
 import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.exception.DatabaseException
+import com.kunzisoft.keepass.database.exception.UnknownDatabaseLocationException
 import com.kunzisoft.keepass.settings.PreferencesUtil
 import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.tasks.ProgressTaskUpdater
+import com.kunzisoft.keepass.utils.UriHelper.getUriInputStream
 import com.kunzisoft.keepass.utils.UriUtil.getBinaryDir
 
 class ReloadDatabaseRunnable(
@@ -45,7 +47,9 @@ class ReloadDatabaseRunnable(
 
     override fun onActionRun() {
         try {
-            mDatabase.reloadData(context.contentResolver,
+            mDatabase.reloadData(
+                context.contentResolver.getUriInputStream(mDatabase.fileUri)
+                    ?: throw UnknownDatabaseLocationException(),
                 { memoryWanted ->
                     BinaryData.canMemoryBeAllocatedInRAM(context, memoryWanted)
                 },

app/src/main/java/com/kunzisoft/keepass/database/action/SaveDatabaseRunnable.kt

@@ -22,10 +22,12 @@ package com.kunzisoft.keepass.database.action
 import android.content.Context
 import android.net.Uri
 import com.kunzisoft.keepass.database.ContextualDatabase
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.exception.DatabaseException
 import com.kunzisoft.keepass.hardware.HardwareKey
 import com.kunzisoft.keepass.tasks.ActionRunnable
+import com.kunzisoft.keepass.utils.UriHelper.getUriOutputStream
+import java.io.File
 
 open class SaveDatabaseRunnable(
     protected var context: Context,
@@ -44,11 +46,14 @@ open class SaveDatabaseRunnable(
         database.checkVersion()
         if (saveDatabase && result.isSuccess) {
             try {
+                val contentResolver = context.contentResolver
+                // Build temp database file to avoid file corruption if error
                 database.saveData(
-                    context.contentResolver,
+                    cacheFile = File(context.cacheDir, databaseCopyUri.hashCode().toString()),
-                    context.cacheDir,
+                    databaseOutputStream = context.contentResolver
-                    databaseCopyUri,
+                        .getUriOutputStream(databaseCopyUri ?: database.fileUri),
-                    mainCredential,
+                    isNewLocation = databaseCopyUri == null,
+                    mainCredential?.toMasterCredential(contentResolver),
                     challengeResponseRetriever)
             } catch (e: DatabaseException) {
                 setError(e)

app/src/main/java/com/kunzisoft/keepass/services/DatabaseTaskNotificationService.kt

@@ -32,6 +32,7 @@ import androidx.media.app.NotificationCompat
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.GroupActivity
 import com.kunzisoft.keepass.database.ContextualDatabase
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.database.action.*
 import com.kunzisoft.keepass.database.action.history.DeleteEntryHistoryDatabaseRunnable
 import com.kunzisoft.keepass.database.action.history.RestoreEntryHistoryDatabaseRunnable
@@ -39,7 +40,6 @@ import com.kunzisoft.keepass.database.action.node.*
 import com.kunzisoft.keepass.database.element.Database
 import com.kunzisoft.keepass.database.element.Entry
 import com.kunzisoft.keepass.database.element.Group
-import com.kunzisoft.keepass.database.element.MainCredential
 import com.kunzisoft.keepass.database.element.database.CompressionAlgorithm
 import com.kunzisoft.keepass.database.element.node.Node
 import com.kunzisoft.keepass.database.element.node.NodeId

app/src/main/java/com/kunzisoft/keepass/settings/SettingsActivity.kt

@@ -36,7 +36,7 @@ import com.kunzisoft.keepass.activities.dialogs.SetMainCredentialDialogFragment
 import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.legacy.DatabaseLockActivity
 import com.kunzisoft.keepass.database.ContextualDatabase
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.MainCredential
 import com.kunzisoft.keepass.tasks.ActionRunnable
 import com.kunzisoft.keepass.timeout.TimeoutHelper
 import com.kunzisoft.keepass.view.showActionErrorIfNeeded

app/src/main/java/com/kunzisoft/keepass/view/MainCredentialView.kt

@@ -38,9 +38,9 @@ import androidx.appcompat.app.AppCompatActivity
 import com.kunzisoft.keepass.R
 import com.kunzisoft.keepass.activities.helpers.ExternalFileHelper
 import com.kunzisoft.keepass.activities.helpers.setOpenDocumentClickListener
-import com.kunzisoft.keepass.model.CredentialStorage
+import com.kunzisoft.keepass.database.MainCredential
-import com.kunzisoft.keepass.database.element.MainCredential
 import com.kunzisoft.keepass.hardware.HardwareKey
+import com.kunzisoft.keepass.model.CredentialStorage
 
 class MainCredentialView @JvmOverloads constructor(context: Context,
                                                    attrs: AttributeSet? = null,

database/src/main/java/com/kunzisoft/keepass/database/element/Database.kt

@@ -19,9 +19,7 @@
  */
 package com.kunzisoft.keepass.database.element
 
-import android.content.ContentResolver
 import android.graphics.Color
-import android.net.Uri
 import android.util.Log
 import com.kunzisoft.androidclearchroma.ChromaUtil
 import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
@@ -56,8 +54,6 @@ import com.kunzisoft.keepass.database.search.SearchParameters
 import com.kunzisoft.keepass.hardware.HardwareKey
 import com.kunzisoft.keepass.tasks.ProgressTaskUpdater
 import com.kunzisoft.keepass.utils.*
-import com.kunzisoft.keepass.utils.UriHelper.getUriInputStream
-import com.kunzisoft.keepass.utils.UriHelper.getUriOutputStream
 import java.io.*
 import java.util.*
 
@@ -68,9 +64,6 @@ open class Database {
     private var mDatabaseKDB: DatabaseKDB? = null
     private var mDatabaseKDBX: DatabaseKDBX? = null
 
-    var fileUri: Uri? = null
-        private set
-
     private var mSearchHelper: SearchHelper = SearchHelper()
 
     var isReadOnly = false
@@ -548,22 +541,19 @@ open class Database {
     }
 
     fun createData(
-        databaseUri: Uri,
         databaseName: String,
         rootName: String,
         templateGroupName: String?
     ) {
         setDatabaseKDBX(DatabaseKDBX(databaseName, rootName, templateGroupName))
-        this.fileUri = databaseUri
         // Set Database state
         this.dataModifiedSinceLastLoading = false
     }
 
     @Throws(DatabaseInputException::class)
     fun loadData(
-        contentResolver: ContentResolver,
+        databaseStream: InputStream,
-        databaseUri: Uri,
+        masterCredential: MasterCredential,
-        mainCredential: MainCredential,
         challengeResponseRetriever: (HardwareKey, ByteArray?) -> ByteArray,
         readOnly: Boolean,
         cacheDirectory: File,
@@ -571,16 +561,12 @@ open class Database {
         fixDuplicateUUID: Boolean,
         progressTaskUpdater: ProgressTaskUpdater?
     ) {
-
-        // Save database URI
-        this.fileUri = databaseUri
-
         // Check if the file is writable
         this.isReadOnly = readOnly
 
         try {
             // Read database stream for the first time
-            readDatabaseStream(contentResolver, databaseUri,
+            readDatabaseStream(databaseStream,
                     { databaseInputStream ->
                         val databaseKDB = DatabaseKDB().apply {
                             binaryCache.cacheDirectory = cacheDirectory
@@ -591,8 +577,7 @@ open class Database {
                                 progressTaskUpdater
                             ) {
                                  databaseKDB.deriveMasterKey(
-                                    contentResolver,
+                                     masterCredential
-                                    mainCredential
                                  )
                             }
                         setDatabaseKDB(databaseKDB)
@@ -607,8 +592,7 @@ open class Database {
                             openDatabase(databaseInputStream,
                                 progressTaskUpdater) {
                                 databaseKDBX.deriveMasterKey(
-                                    contentResolver,
+                                    masterCredential,
-                                    mainCredential,
                                     challengeResponseRetriever
                                 )
                             }
@@ -633,9 +617,8 @@ open class Database {
 
     @Throws(DatabaseInputException::class)
     fun mergeData(
-        contentResolver: ContentResolver,
+        databaseToMergeStream: InputStream,
-        databaseToMergeUri: Uri?,
+        databaseToMergeMasterCredential: MasterCredential?,
-        databaseToMergeMainCredential: MainCredential?,
         databaseToMergeChallengeResponseRetriever: (HardwareKey, ByteArray?) -> ByteArray,
         isRAMSufficient: (memoryWanted: Long) -> Boolean,
         progressTaskUpdater: ProgressTaskUpdater?
@@ -647,20 +630,15 @@ open class Database {
 
         // New database instance to get new changes
         val databaseToMerge = Database()
-        databaseToMerge.fileUri = databaseToMergeUri ?: this.fileUri
-
         try {
-            val databaseUri = databaseToMerge.fileUri
+            readDatabaseStream(databaseToMergeStream,
-            if (databaseUri != null) {
-                readDatabaseStream(contentResolver, databaseUri,
                 { databaseInputStream ->
                     val databaseToMergeKDB = DatabaseKDB()
                     DatabaseInputKDB(databaseToMergeKDB)
                         .openDatabase(databaseInputStream, progressTaskUpdater) {
-                                if (databaseToMergeMainCredential != null) {
+                            if (databaseToMergeMasterCredential != null) {
                                 databaseToMergeKDB.deriveMasterKey(
-                                        contentResolver,
+                                    databaseToMergeMasterCredential
-                                        databaseToMergeMainCredential
                                 )
                             } else {
                                 this@Database.mDatabaseKDB?.let { thisDatabaseKDB ->
@@ -675,10 +653,9 @@ open class Database {
                     DatabaseInputKDBX(databaseToMergeKDBX).apply {
                         setMethodToCheckIfRAMIsSufficient(isRAMSufficient)
                         openDatabase(databaseInputStream, progressTaskUpdater) {
-                                if (databaseToMergeMainCredential != null) {
+                            if (databaseToMergeMasterCredential != null) {
                                 databaseToMergeKDBX.deriveMasterKey(
-                                        contentResolver,
+                                    databaseToMergeMasterCredential,
-                                        databaseToMergeMainCredential,
                                     databaseToMergeChallengeResponseRetriever
                                 )
                             } else {
@@ -699,20 +676,13 @@ open class Database {
                 }
                 databaseToMerge.mDatabaseKDB?.let { databaseKDBToMerge ->
                     databaseMerger.merge(databaseKDBToMerge)
-                        if (databaseToMergeUri != null) {
                     this.dataModifiedSinceLastLoading = true
                 }
-                    }
                 databaseToMerge.mDatabaseKDBX?.let { databaseKDBXToMerge ->
                     databaseMerger.merge(databaseKDBXToMerge)
-                        if (databaseToMergeUri != null) {
                     this.dataModifiedSinceLastLoading = true
                 }
             }
-                }
-            } else {
-                throw UnknownDatabaseLocationException()
-            }
         } catch (e: Exception) {
             Log.e(TAG, "Unable to merge the database")
             if (e is DatabaseException)
@@ -725,16 +695,13 @@ open class Database {
 
     @Throws(DatabaseInputException::class)
     fun reloadData(
-        contentResolver: ContentResolver,
+        databaseStream: InputStream,
         isRAMSufficient: (memoryWanted: Long) -> Boolean,
         progressTaskUpdater: ProgressTaskUpdater?
     ) {
-
-        // Retrieve the stream from the old database URI
         try {
-            val oldDatabaseUri = fileUri
+            // Retrieve the stream from the old database
-            if (oldDatabaseUri != null) {
+            readDatabaseStream(databaseStream,
-                readDatabaseStream(contentResolver, oldDatabaseUri,
                 { databaseInputStream ->
                     val databaseKDB = DatabaseKDB()
                     mDatabaseKDB?.let {
@@ -765,9 +732,6 @@ open class Database {
                 }
             )
             loaded = true
-            } else {
-                throw UnknownDatabaseLocationException()
-            }
         } catch (e: Exception) {
             Log.e(TAG, "Unable to reload the database")
             if (e is DatabaseException)
@@ -780,16 +744,12 @@ open class Database {
 
     @Throws(Exception::class)
     private fun readDatabaseStream(
-        contentResolver: ContentResolver,
+        databaseStream: InputStream,
-        databaseUri: Uri,
         openDatabaseKDB: (InputStream) -> Unit,
         openDatabaseKDBX: (InputStream) -> Unit
     ) {
         try {
-            // Load Data, pass Uris as InputStreams
+            // Load Data by InputStream
-            val databaseStream = contentResolver.getUriInputStream(databaseUri)
-                ?: throw UnknownDatabaseLocationException()
-
             BufferedInputStream(databaseStream).use { databaseInputStream ->
 
                 // We'll end up reading 8 bytes to identify the header. Might as well use two extra.
@@ -822,26 +782,21 @@ open class Database {
 
     @Throws(DatabaseOutputException::class)
     fun saveData(
-        contentResolver: ContentResolver,
+        cacheFile: File,
-        cacheDir: File,
+        databaseOutputStream: OutputStream?,
-        databaseCopyUri: Uri?,
+        isNewLocation: Boolean,
-        mainCredential: MainCredential?,
+        masterCredential: MasterCredential?,
         challengeResponseRetriever: (HardwareKey, ByteArray?) -> ByteArray
     ) {
-        val saveUri = databaseCopyUri ?: this.fileUri
-        // Build temp database file to avoid file corruption if error
-        val cacheFile = File(cacheDir, saveUri.hashCode().toString())
         try {
-            if (saveUri != null) {
             // Save in a temp memory to avoid exception
             cacheFile.outputStream().use { outputStream ->
                 mDatabaseKDB?.let { databaseKDB ->
                     DatabaseOutputKDB(databaseKDB).apply {
                         writeDatabase(outputStream) {
-                                if (mainCredential != null) {
+                            if (masterCredential != null) {
                                 databaseKDB.deriveMasterKey(
-                                        contentResolver,
+                                    masterCredential
-                                        mainCredential
                                 )
                             } else {
                                 // No master key change
@@ -852,11 +807,10 @@ open class Database {
                 ?: mDatabaseKDBX?.let { databaseKDBX ->
                     DatabaseOutputKDBX(databaseKDBX).apply {
                         writeDatabase(outputStream) {
-                                if (mainCredential != null) {
+                            if (masterCredential != null) {
                                 // Build new master key from MainCredential
                                 databaseKDBX.deriveMasterKey(
-                                        contentResolver,
+                                    masterCredential,
-                                        mainCredential,
                                     challengeResponseRetriever
                                 )
                             } else {
@@ -870,16 +824,13 @@ open class Database {
                 }
             }
             // Copy from the cache to the final stream
-                contentResolver.getUriOutputStream(saveUri)?.use { outputStream ->
+            databaseOutputStream?.use { outputStream ->
                 cacheFile.inputStream().use { inputStream ->
                     inputStream.readAllBytes { buffer ->
                         outputStream.write(buffer)
                     }
                 }
             }
-            } else {
-                throw UnknownDatabaseLocationException()
-            }
         } catch (e: Exception) {
             Log.e(TAG, "Unable to save database", e)
             if (e is DatabaseException)
@@ -892,7 +843,7 @@ open class Database {
             } catch (e: Exception) {
                 Log.e(TAG, "Cache file $cacheFile cannot be deleted", e)
             }
-            if (databaseCopyUri == null) {
+            if (isNewLocation) {
                 this.dataModifiedSinceLastLoading = false
             }
         }
@@ -1010,11 +961,10 @@ open class Database {
         }
     }
 
-    fun clearAndClose(filesDirectory: File? = null) {
+    open fun clearAndClose(filesDirectory: File? = null) {
         clearIndexesAndBinaries(filesDirectory)
         this.mDatabaseKDB = null
         this.mDatabaseKDBX = null
-        this.fileUri = null
         this.loaded = false
     }
 
@@ -1029,11 +979,11 @@ open class Database {
         }
     }
 
-    fun validatePasswordEncoding(mainCredential: MainCredential): Boolean {
+    fun isValidCredential(masterCredential: MasterCredential): Boolean {
-        val password = mainCredential.password
+        val password = masterCredential.password
-        val containsKeyFile = mainCredential.keyFileUri != null
+        val containsKeyFile = masterCredential.keyFileData != null
-        return mDatabaseKDB?.validatePasswordEncoding(password, containsKeyFile)
+        return mDatabaseKDB?.isValidCredential(password, containsKeyFile)
-                ?: mDatabaseKDBX?.validatePasswordEncoding(password, containsKeyFile)
+                ?: mDatabaseKDBX?.isValidCredential(password, containsKeyFile)
                 ?: false
     }
 

database/src/main/java/com/kunzisoft/keepass/database/element/MasterCredential.kt

@@ -18,8 +18,6 @@
  */
 package com.kunzisoft.keepass.database.element
 
-import android.content.ContentResolver
-import android.net.Uri
 import android.os.Parcel
 import android.os.Parcelable
 import android.util.Base64
@@ -29,8 +27,9 @@ import com.kunzisoft.keepass.database.element.database.DatabaseKDBX
 import com.kunzisoft.keepass.hardware.HardwareKey
 import com.kunzisoft.keepass.utils.StringUtil.removeSpaceChars
 import com.kunzisoft.keepass.utils.StringUtil.toHexString
-import com.kunzisoft.keepass.utils.UriHelper.getUriInputStream
+import com.kunzisoft.keepass.utils.readByteArrayCompat
 import com.kunzisoft.keepass.utils.readEnum
+import com.kunzisoft.keepass.utils.writeByteArrayCompat
 import com.kunzisoft.keepass.utils.writeEnum
 import org.apache.commons.codec.binary.Hex
 import org.w3c.dom.Node
@@ -43,19 +42,19 @@ import javax.xml.XMLConstants
 import javax.xml.parsers.DocumentBuilderFactory
 import javax.xml.parsers.ParserConfigurationException
 
-data class MainCredential(var password: String? = null,
+data class MasterCredential(var password: String? = null,
-                          var keyFileUri: Uri? = null,
+                            var keyFileData: ByteArray? = null,
                             var hardwareKey: HardwareKey? = null): Parcelable {
 
     constructor(parcel: Parcel) : this() {
         password = parcel.readString()
-        keyFileUri = parcel.readParcelable(Uri::class.java.classLoader)
+        keyFileData = parcel.readByteArrayCompat()
         hardwareKey = parcel.readEnum<HardwareKey>()
     }
 
     override fun writeToParcel(parcel: Parcel, flags: Int) {
         parcel.writeString(password)
-        parcel.writeParcelable(keyFileUri, flags)
+        parcel.writeByteArrayCompat(keyFileData)
         parcel.writeEnum(hardwareKey)
     }
 
@@ -67,10 +66,10 @@ data class MainCredential(var password: String? = null,
         if (this === other) return true
         if (javaClass != other?.javaClass) return false
 
-        other as MainCredential
+        other as MasterCredential
 
         if (password != other.password) return false
-        if (keyFileUri != other.keyFileUri) return false
+        if (!keyFileData.contentEquals(other.keyFileData)) return false
         if (hardwareKey != other.hardwareKey) return false
 
         return true
@@ -78,21 +77,21 @@ data class MainCredential(var password: String? = null,
 
     override fun hashCode(): Int {
         var result = password?.hashCode() ?: 0
-        result = 31 * result + (keyFileUri?.hashCode() ?: 0)
+        result = 31 * result + (keyFileData?.hashCode() ?: 0)
         result = 31 * result + (hardwareKey?.hashCode() ?: 0)
         return result
     }
 
-    companion object CREATOR : Parcelable.Creator<MainCredential> {
+    companion object CREATOR : Parcelable.Creator<MasterCredential> {
-        override fun createFromParcel(parcel: Parcel): MainCredential {
+        override fun createFromParcel(parcel: Parcel): MasterCredential {
-            return MainCredential(parcel)
+            return MasterCredential(parcel)
         }
 
-        override fun newArray(size: Int): Array<MainCredential?> {
+        override fun newArray(size: Int): Array<MasterCredential?> {
             return arrayOfNulls(size)
         }
 
-        private val TAG = MainCredential::class.java.simpleName
+        private val TAG = MasterCredential::class.java.simpleName
 
         @Throws(IOException::class)
         fun retrievePasswordKey(key: String,
@@ -107,17 +106,14 @@ data class MainCredential(var password: String? = null,
         }
 
         @Throws(IOException::class)
-        fun retrieveFileKey(contentResolver: ContentResolver,
+        fun retrieveKeyFileDecodedKey(
-                            keyFileUri: Uri?,
+            keyFileData: ByteArray,
-                            allowXML: Boolean): ByteArray {
+            allowXML: Boolean
-            if (keyFileUri == null)
+        ): ByteArray {
-                throw IOException("Keyfile URI is null")
-            val keyData = getKeyFileData(contentResolver, keyFileUri)
-                ?: throw IOException("No data retrieved")
             try {
                 // Check XML key file
                 val xmlKeyByteArray = if (allowXML)
-                    loadXmlKeyFile(ByteArrayInputStream(keyData))
+                    loadXmlKeyFile(ByteArrayInputStream(keyFileData))
                 else
                     null
                 if (xmlKeyByteArray != null) {
@@ -125,16 +121,16 @@ data class MainCredential(var password: String? = null,
                 }
 
                 // Check 32 bytes key file
-                when (keyData.size) {
+                when (keyFileData.size) {
-                    32 -> return keyData
+                    32 -> return keyFileData
                     64 -> try {
-                        return Hex.decodeHex(String(keyData).toCharArray())
+                        return Hex.decodeHex(String(keyFileData).toCharArray())
                     } catch (ignoredException: Exception) {
                         // Key is not base 64, treat it as binary data
                     }
                 }
                 // Hash file as binary data
-                return HashManager.hashSha256(keyData)
+                return HashManager.hashSha256(keyFileData)
             } catch (e: Exception) {
                 throw IOException("Unable to load the keyfile.", e)
             }
@@ -145,15 +141,6 @@ data class MainCredential(var password: String? = null,
             return HashManager.hashSha256(keyData)
         }
 
-        @Throws(Exception::class)
-        private fun getKeyFileData(contentResolver: ContentResolver,
-                                   keyFileUri: Uri): ByteArray? {
-            contentResolver.getUriInputStream(keyFileUri)?.use { keyFileInputStream ->
-                return keyFileInputStream.readBytes()
-            }
-            return null
-        }
-
         private fun loadXmlKeyFile(keyInputStream: InputStream): ByteArray? {
             try {
                 val documentBuilderFactory = DocumentBuilderFactory.newInstance()

database/src/main/java/com/kunzisoft/keepass/database/element/database/DatabaseKDB.kt

@@ -19,13 +19,12 @@
 
 package com.kunzisoft.keepass.database.element.database
 
-import android.content.ContentResolver
 import com.kunzisoft.encrypt.HashManager
 import com.kunzisoft.encrypt.aes.AESTransformer
 import com.kunzisoft.keepass.database.crypto.EncryptionAlgorithm
 import com.kunzisoft.keepass.database.crypto.kdf.KdfEngine
 import com.kunzisoft.keepass.database.crypto.kdf.KdfFactory
-import com.kunzisoft.keepass.database.element.MainCredential
+import com.kunzisoft.keepass.database.element.MasterCredential
 import com.kunzisoft.keepass.database.element.binary.BinaryData
 import com.kunzisoft.keepass.database.element.entry.EntryKDB
 import com.kunzisoft.keepass.database.element.group.GroupKDB
@@ -129,25 +128,23 @@ class DatabaseKDB : DatabaseVersioned<Int, UUID, GroupKDB, EntryKDB>() {
     }
 
     fun deriveMasterKey(
-        contentResolver: ContentResolver,
+        masterCredential: MasterCredential
-        mainCredential: MainCredential
     ) {
         // Exception when no password
-        if (mainCredential.hardwareKey != null)
+        if (masterCredential.hardwareKey != null)
             throw HardwareKeyDatabaseException()
-        if (mainCredential.password == null && mainCredential.keyFileUri == null)
+        if (masterCredential.password == null && masterCredential.keyFileData == null)
             throw EmptyKeyDatabaseException()
 
         // Retrieve plain data
-        val password = mainCredential.password
+        val password = masterCredential.password
-        val keyFileUri = mainCredential.keyFileUri
+        val keyFileData = masterCredential.keyFileData
-        val passwordBytes = if (password != null) MainCredential.retrievePasswordKey(
+        val passwordBytes = if (password != null) MasterCredential.retrievePasswordKey(
             password,
             passwordEncoding
         ) else null
-        val keyFileBytes = if (keyFileUri != null) MainCredential.retrieveFileKey(
+        val keyFileBytes = if (keyFileData != null) MasterCredential.retrieveKeyFileDecodedKey(
-            contentResolver,
+            keyFileData,
-            keyFileUri,
             false
         ) else null
 

database/src/main/java/com/kunzisoft/keepass/database/element/database/DatabaseKDBX.kt

@@ -19,7 +19,6 @@
  */
 package com.kunzisoft.keepass.database.element.database
 
-import android.content.ContentResolver
 import android.util.Base64
 import android.util.Log
 import com.kunzisoft.encrypt.HashManager
@@ -226,24 +225,22 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
     }
 
     fun deriveMasterKey(
-        contentResolver: ContentResolver,
+        masterCredential: MasterCredential,
-        mainCredential: MainCredential,
         challengeResponseRetriever: (HardwareKey, ByteArray?) -> ByteArray,
     ) {
         // Retrieve each plain credential
-        val password = mainCredential.password
+        val password = masterCredential.password
-        val keyFileUri = mainCredential.keyFileUri
+        val keyFileData = masterCredential.keyFileData
-        val hardwareKey = mainCredential.hardwareKey
+        val hardwareKey = masterCredential.hardwareKey
-        val passwordBytes = if (password != null) MainCredential.retrievePasswordKey(
+        val passwordBytes = if (password != null) MasterCredential.retrievePasswordKey(
             password,
             passwordEncoding
         ) else null
-        val keyFileBytes = if (keyFileUri != null) MainCredential.retrieveFileKey(
+        val keyFileBytes = if (keyFileData != null) MasterCredential.retrieveKeyFileDecodedKey(
-            contentResolver,
+            keyFileData,
-            keyFileUri,
             true
         ) else null
-        val hardwareKeyBytes = if (hardwareKey != null) MainCredential.retrieveHardwareKey(
+        val hardwareKeyBytes = if (hardwareKey != null) MasterCredential.retrieveHardwareKey(
             challengeResponseRetriever.invoke(hardwareKey, transformSeed)
         ) else null
 
@@ -272,7 +269,7 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
                 keyFileBytes
             )
         } else {
-            val hardwareKeyBytes = MainCredential.retrieveHardwareKey(
+            val hardwareKeyBytes = MasterCredential.retrieveHardwareKey(
                 challengeResponseRetriever.invoke(hardwareKey, transformSeed)
             )
             this.masterKey = composedKeyToMasterKey(
@@ -873,10 +870,10 @@ class DatabaseKDBX : DatabaseVersioned<UUID, UUID, GroupKDBX, EntryKDBX> {
         }
     }
 
-    override fun validatePasswordEncoding(password: String?, containsKeyFile: Boolean): Boolean {
+    override fun isValidCredential(password: String?, containsKeyFile: Boolean): Boolean {
         if (password == null)
             return true
-        return super.validatePasswordEncoding(password, containsKeyFile)
+        return super.isValidCredential(password, containsKeyFile)
     }
 
     override fun clearIndexes() {

database/src/main/java/com/kunzisoft/keepass/database/element/database/DatabaseVersioned.kt

@@ -93,7 +93,7 @@ abstract class DatabaseVersioned<
         return null
     }
 
-    open fun validatePasswordEncoding(password: String?, containsKeyFile: Boolean): Boolean {
+    open fun isValidCredential(password: String?, containsKeyFile: Boolean): Boolean {
         if (password == null && !containsKeyFile)
             return false