Move keystore timeout retry to SQLCipherSupportHelper

google · stevenckngaa · Nov 29, 2021 · Sep 15, 2021 · Sep 15, 2021 · Sep 15, 2021
commit d7f7dc15d987062b5ee04b1072112037ab1c76a2
@@ -148,7 +148,7 @@ object Dependencies {
  const val jsonToolsPatch = "1.13"
  const val material = "1.4.0"
  const val retrofit = "2.7.2"
- const val sqlcipher = "4.4.3"
+ const val sqlcipher = "4.5.0"
  const val truth = "1.0.1"
  const val flexBox = "3.0.0"
  const val kotlinPoet = "1.9.0"

@@ -105,11 +105,10 @@ class DatabaseImplTest {
  }
  private val context: Context = ApplicationProvider.getApplicationContext()
  private val services =
- if (encrypted) {
- FhirServices.builder(context).inMemory().enableEncryption().build()
- } else {
- FhirServices.builder(context).inMemory().build()
- }
+ FhirServices.builder(context)
+ .inMemory()
+ .apply { if (encrypted) enableEncryptionIfSupported() }
+ .build()
  private val testingUtils = TestingUtils(services.parser)
  private val database = services.database
 

@@ -24,6 +24,11 @@ object FhirEngineProvider {
  private lateinit var fhirEngineConfiguration: FhirEngineConfiguration
  private lateinit var fhirEngine: FhirEngine
 
+ /**
+ * Initializes the [FhirEngine] singleton with a custom Configuration.
+ *
+ * This method throws [IllegalStateException] if it is called multiple times
+ */
  @Synchronized
  fun init(fhirEngineConfiguration: FhirEngineConfiguration) {
  check(!FhirEngineProvider::fhirEngineConfiguration.isInitialized) {
@@ -35,17 +40,19 @@ object FhirEngineProvider {
  /**
  * Returns the cached [FhirEngine] instance. Creates a new instance from the supplied [Context] if
  * it doesn't exist.
+ *
+ * If this method is called without calling [init], the default [FhirEngineConfiguration] is used.
  */
  @Synchronized
  fun getInstance(context: Context): FhirEngine {
  if (!::fhirEngine.isInitialized) {
  if (!::fhirEngineConfiguration.isInitialized) {
- fhirEngineConfiguration = FhirEngineConfiguration(enableEncryption = false, UNSPECIFIED)
+ fhirEngineConfiguration = FhirEngineConfiguration()
  }
  fhirEngine =
  FhirServices.builder(context.applicationContext)
  .apply {
- if (fhirEngineConfiguration.enableEncryption) enableEncryption()
+ if (fhirEngineConfiguration.enableEncryptionIfSupported) enableEncryptionIfSupported()
  setDatabaseErrorStrategy(fhirEngineConfiguration.databaseErrorStrategy)
  }
  .build()
@@ -55,9 +62,10 @@ object FhirEngineProvider {
  }
 }
 
+/** A configuration which describes the database setup and error recovery. */
 data class FhirEngineConfiguration(
- val enableEncryption: Boolean,
- val databaseErrorStrategy: DatabaseErrorStrategy
+ val enableEncryptionIfSupported: Boolean = false,
+ val databaseErrorStrategy: DatabaseErrorStrategy = UNSPECIFIED
 )
 
 enum class DatabaseErrorStrategy {
@@ -71,7 +79,7 @@ enum class DatabaseErrorStrategy {
  * If a database error occurs at open, automatically recreate the database.
  *
  * This strategy is NOT respected when opening a previously unencrypted database with an encrypted
- * configuration or vice versa.
+ * configuration or vice versa. An [IllegalStateException] is thrown instead.
  */
  RECREATE_AT_OPEN
 }
@@ -17,14 +17,14 @@
 package com.google.android.fhir
 
 import android.content.Context
+import android.util.Log
 import ca.uhn.fhir.context.FhirContext
 import ca.uhn.fhir.parser.IParser
 import com.google.android.fhir.db.Database
 import com.google.android.fhir.db.impl.DatabaseConfig
 import com.google.android.fhir.db.impl.DatabaseEncryptionKeyProvider.isDatabaseEncryptionSupported
 import com.google.android.fhir.db.impl.DatabaseImpl
 import com.google.android.fhir.impl.FhirEngineImpl
-import java.lang.UnsupportedOperationException
 
 internal data class FhirServices(
  val fhirEngine: FhirEngine,
@@ -38,9 +38,10 @@ internal data class FhirServices(
 
  internal fun inMemory() = apply { inMemory = true }
 
- internal fun enableEncryption() = apply {
+ internal fun enableEncryptionIfSupported() = apply {
  if (!isDatabaseEncryptionSupported()) {
- throw UnsupportedOperationException("Database encryption isn't supported in this device.")
+ Log.w(TAG, "Database encryption isn't supported in this device.")
+ return this
  }
  enableEncryption = true
  }
@@ -64,5 +65,6 @@ internal data class FhirServices(
 
  companion object {
  fun builder(context: Context) = Builder(context)
+ private const val TAG = "FhirService"
  }
 }
@@ -90,6 +90,10 @@ val KeyStoreException.databaseEncryptionException: DatabaseEncryptionException
  return DatabaseEncryptionException(this, UNKNOWN)
  }
 
+/**
+ * A list of keystore error. This is a duplicate of
+ * https://android.googlesource.com/platform/frameworks/base/+/master/core/java/android/security/keymaster/KeymasterDefs.java
+ */
 @Suppress("Unused")
 object KeyStoreExceptionErrorCode {
  const val ERROR_OK = 0

@@ -47,39 +47,51 @@ internal class DatabaseImpl(
  databaseConfig: DatabaseConfig
 ) : com.google.android.fhir.db.Database {
 
- val builder =
- when {
- databaseConfig.inMemory -> Room.inMemoryDatabaseBuilder(context, ResourceDatabase::class.java)
- databaseConfig.enableEncryption ->
- Room.databaseBuilder(context, ResourceDatabase::class.java, ENCRYPTED_DATABASE_NAME)
- else -> Room.databaseBuilder(context, ResourceDatabase::class.java, UNENCRYPTED_DATABASE_NAME)
- }
  val db: ResourceDatabase
 
  init {
- if (databaseConfig.enableEncryption &&
- DatabaseEncryptionKeyProvider.isDatabaseEncryptionSupported()
- ) {
- builder.openHelperFactory {
- SQLCipherSupportHelper(it, databaseErrorStrategy = databaseConfig.databaseErrorStrategy) {
- DatabaseEncryptionKeyProvider.getOrCreatePassphrase(DATABASE_PASSPHRASE_NAME)
- }
- }
- }
- db = builder.build()
+ val enableEncryption =
+ databaseConfig.enableEncryption &&
+ DatabaseEncryptionKeyProvider.isDatabaseEncryptionSupported()
+
  // The detection of unintentional switching of database encryption across releases can't be
  // placed inside withTransaction because the database is opened within withTransaction. The
  // default handling of corruption upon open in the room database is to re-create the database,
  // which is undesirable.
- val unexpectedDatabaseName = if (databaseConfig.enableEncryption) {
- ENCRYPTED_DATABASE_NAME
- } else {
- UNENCRYPTED_DATABASE_NAME
- }
+ val unexpectedDatabaseName =
+ if (enableEncryption) {
+ UNENCRYPTED_DATABASE_NAME
+ } else {
+ ENCRYPTED_DATABASE_NAME
+ }
  check(!context.getDatabasePath(unexpectedDatabaseName).exists()) {
  "Unexpected database, $unexpectedDatabaseName, has already existed. " +
  "Check if you have accidentally enabled / disabled database encryption across releases."
  }
+
+ @SuppressWarnings("NewApi")
+ db =
+ // Initializes builder with the database file name
+ when {
+ databaseConfig.inMemory ->
+ Room.inMemoryDatabaseBuilder(context, ResourceDatabase::class.java)
+ enableEncryption ->
+ Room.databaseBuilder(context, ResourceDatabase::class.java, ENCRYPTED_DATABASE_NAME)
+ else ->
+ Room.databaseBuilder(context, ResourceDatabase::class.java, UNENCRYPTED_DATABASE_NAME)
+ }
+ .apply {
+ // Provide the SupportSQLiteOpenHelper which enables the encryption.
+ if (enableEncryption) {
+ openHelperFactory {
+ SQLCipherSupportHelper(
+ it,
+ databaseErrorStrategy = databaseConfig.databaseErrorStrategy
+ ) { DatabaseEncryptionKeyProvider.getOrCreatePassphrase(DATABASE_PASSPHRASE_NAME) }
+ }
+ }
+ }
+ .build()
  }
 
  private val resourceDao by lazy { db.resourceDao().also { it.iParser = iParser } }
@@ -185,8 +197,7 @@ internal class DatabaseImpl(
  */
  const val ENCRYPTED_DATABASE_NAME = "encryptedFhirEngine"
 
- @VisibleForTesting
- const val DATABASE_PASSPHRASE_NAME = "fhirEngine_db_passphrase"
+ @VisibleForTesting const val DATABASE_PASSPHRASE_NAME = "fhirEngine_db_passphrase"
  }
 }
 
@@ -195,6 +206,3 @@ data class DatabaseConfig(
  val enableEncryption: Boolean,
  val databaseErrorStrategy: DatabaseErrorStrategy
 )
-
-private const val LOG_TAG = "Fhir-DatabaseImpl"
-
@@ -24,14 +24,14 @@ import com.google.android.fhir.db.DatabaseEncryptionException
 import com.google.android.fhir.db.DatabaseEncryptionException.DatabaseEncryptionErrorCode.TIMEOUT
 import com.google.android.fhir.db.DatabaseEncryptionException.DatabaseEncryptionErrorCode.UNKNOWN
 import com.google.android.fhir.db.impl.DatabaseImpl.Companion.UNENCRYPTED_DATABASE_NAME
+import java.lang.Exception
+import java.time.Duration
 import kotlinx.coroutines.delay
 import kotlinx.coroutines.runBlocking
 import net.sqlcipher.database.SQLiteDatabase
 import net.sqlcipher.database.SQLiteDatabaseHook
 import net.sqlcipher.database.SQLiteException
 import net.sqlcipher.database.SQLiteOpenHelper
-import java.lang.Exception
-import java.time.Duration
 
 /** A [SupportSQLiteOpenHelper] which initializes a [SQLiteDatabase] with a passphrase. */
 class SQLCipherSupportHelper(
@@ -88,28 +88,28 @@ class SQLCipherSupportHelper(
  }
  val key = runBlocking { getPassphraseWithRetry() }
  return try {
+ standardHelper.getWritableDatabase(key)
+ } catch (ex: SQLiteException) {
+ if (databaseErrorStrategy == DatabaseErrorStrategy.RECREATE_AT_OPEN) {
+ Log.w(LOG_TAG, "Fail to open database. Recreating database.")
+ configuration.context.getDatabasePath(databaseName).delete()
  standardHelper.getWritableDatabase(key)
- } catch (ex: SQLiteException) {
- if (databaseErrorStrategy == DatabaseErrorStrategy.RECREATE_AT_OPEN) {
- Log.w(LOG_TAG, "Fail to open database. Recreating database.")
- configuration.context.getDatabasePath(databaseName).delete()
- standardHelper.getWritableDatabase(key)
- } else {
- throw ex
- }
+ } else {
+ throw ex
  }
+ }
  }
 
  private suspend fun getPassphraseWithRetry(): ByteArray {
- var lastException: DatabaseEncryptionException? =  null
+ var lastException: DatabaseEncryptionException? = null
  for (retryAttempt in 1..MAX_RETRY_ATTEMPTS) {
  try {
  return passphraseFetcher()
  } catch (exception: DatabaseEncryptionException) {
  lastException = exception
  if (exception.errorCode == TIMEOUT) {
-  Log.i(LOG_TAG, "Fail to get the encryption key on attempt: $retryAttempt")
-  delay(retryDelay.toMillis() * retryAttempt)
+ Log.i(LOG_TAG, "Fail to get the encryption key on attempt: $retryAttempt")
+ delay(retryDelay.toMillis() * retryAttempt)
  } else {
  throw exception
  }

@@ -31,11 +31,13 @@ class FhirApplication : Application() {
 
  override fun onCreate() {
  super.onCreate()
+ FhirEngineProvider.init(
+ FhirEngineConfiguration(enableEncryptionIfSupported = true, RECREATE_AT_OPEN)
+ )
  Sync.oneTimeSync<FhirPeriodicSyncWorker>(this)
  }
 
  private fun constructFhirEngine(): FhirEngine {
- FhirEngineProvider.init(FhirEngineConfiguration(enableEncryption = true, RECREATE_AT_OPEN))
  return FhirEngineProvider.getInstance(this)
  }