Skip to content

Keeshare Support #3106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
plyght wants to merge 32 commits into
base: master
Choose a base branch
from
Open

Keeshare Support #3106

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
32 commits
Select commit Hold shift + click to select a range
2b2e181
init
plyght Nov 30, 2025
356a1c5
updates
plyght Dec 1, 2025
48f0bfa
Refactor KeeShare tests to use PwGroup and update signature verificat…
plyght Dec 1, 2025
58e4b42
Add signature verification enhancements in KeeShare tests and core logic
plyght Dec 1, 2025
d2d17ec
Enhance KeeShare synchronization logic by implementing non-destructiv…
plyght Dec 1, 2025
3017279
Refactor KeeShare to ensure proper resource management by closing the…
plyght Dec 1, 2025
92085a0
Implement background synchronization for KeeShare groups and enhance …
plyght Dec 1, 2025
06f095f
Refactor SyncOtpAuxFile constructor
plyght Dec 2, 2025
21e0ad9
Refactor LoadDb to wrap operation finished handler for KeeShare integ…
plyght Dec 2, 2025
81d6a4a
Enhance KeeShare integration
plyght Dec 2, 2025
94b780b
Refactor public key extraction in KeeShare to utilize X509Certificate…
plyght Dec 2, 2025
b27bad2
Enhance public key extraction in KeeShare by adding support for both …
plyght Dec 2, 2025
442b5e2
Refine PEM format handling in KeeShare by changing checks from Contai…
plyght Dec 2, 2025
56653bd
Implement KeeShare export functionality on database save, enhancing s…
plyght Dec 2, 2025
90fa4e1
Refactor KeeShare tests and Adjust layout properties for better UI re…
plyght Dec 2, 2025
103b2ba
refactor KeeShare public key handling and improve path resolution logic
plyght Dec 2, 2025
93bc6e8
Add static callback for KeeShare check after database load in LoadDb …
plyght Dec 2, 2025
394b1c7
Dispose of kdbxMem in KeeShare to prevent memory leaks during signatu…
plyght Dec 2, 2025
40644a0
Enhance error handling in KeeShare export
plyght Dec 3, 2025
51a84df
Improve null checks and error handling in KeeShare methods
plyght Dec 3, 2025
67c62a7
Add null check for path parameter in ResolvePath method of KeeShare c…
plyght Dec 3, 2025
115cb7e
add workload restore in yml files
PhilippC Dec 8, 2025
eb526a1
fix workload restore in yml files
PhilippC Dec 8, 2025
b21a523
Refactor KeeShare methods
plyght Dec 8, 2025
bd4130b
Add KeeShare functionality for group management
plyght Dec 8, 2025
7a23019
Merge branch 'master' of https://github.com/plyght/keepass2android
plyght Dec 8, 2025
6e2a688
nhance error handling in KeeShare methods
plyght Dec 8, 2025
db3e52f
Enhance error handling in operation callbacks
plyght Dec 8, 2025
32a19f9
Refactor KeeShare key management
plyght Dec 8, 2025
31fdd1b
Refactor activity context usage and enhance error handling in KeeShar…
plyght Dec 8, 2025
9250a08
up
plyght Dec 10, 2025
f0b5e2e
Improve error handling for UUID reconstruction
plyght Dec 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ Thumbs.db

/src/java/kp2akeytransform/.settings

/src/java/PluginQR/.settings

/src/java/workspace/UITest
/src/java/JavaFileStorage/gen/keepass2android/javafilestorage/BuildConfig.java
/src/java/JavaFileStorage/gen/keepass2android/javafilestorage/R.java
Expand Down
73 changes: 73 additions & 0 deletions src/KeeShare.Tests/HasKeeShareGroupsTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
using KeePassLib;
using keepass2android;

namespace KeeShare.Tests
{
public class HasKeeShareGroupsTests
{
[Fact]
public void HasKeeShareGroups_WithNoGroups_ReturnsFalse()
{
var root = new PwGroup();
bool result = keepass2android.KeeShare.HasKeeShareGroups(root);
Assert.False(result);
}

[Fact]
public void HasKeeShareGroups_WithKeeShareActiveTrue_ReturnsTrue()
{
var root = new PwGroup();
root.CustomData.Set("KeeShare.Active", "true");
bool result = keepass2android.KeeShare.HasKeeShareGroups(root);
Assert.True(result);
}

[Fact]
public void HasKeeShareGroups_WithKeeShareActiveFalse_ReturnsFalse()
{
var root = new PwGroup();
root.CustomData.Set("KeeShare.Active", "false");
bool result = keepass2android.KeeShare.HasKeeShareGroups(root);
Assert.False(result);
}

[Fact]
public void HasKeeShareGroups_WithNestedKeeShareGroup_ReturnsTrue()
{
var root = new PwGroup();
var child1 = new PwGroup();
var child2 = new PwGroup();
child2.CustomData.Set("KeeShare.Active", "true");
child1.AddGroup(child2, true);
root.AddGroup(child1, true);
bool result = keepass2android.KeeShare.HasKeeShareGroups(root);
Assert.True(result);
}

[Fact]
public void HasKeeShareGroups_WithMultipleNonKeeShareGroups_ReturnsFalse()
{
var root = new PwGroup();
root.AddGroup(new PwGroup(), true);
root.AddGroup(new PwGroup(), true);
root.AddGroup(new PwGroup(), true);
bool result = keepass2android.KeeShare.HasKeeShareGroups(root);
Assert.False(result);
}

[Fact]
public void HasKeeShareGroups_WithDeeplyNestedKeeShareGroup_ReturnsTrue()
{
var root = new PwGroup();
var level1 = new PwGroup();
var level2 = new PwGroup();
var level3 = new PwGroup();
level3.CustomData.Set("KeeShare.Active", "true");
level2.AddGroup(level3, true);
level1.AddGroup(level2, true);
root.AddGroup(level1, true);
bool result = keepass2android.KeeShare.HasKeeShareGroups(root);
Assert.True(result);
}
}
}
41 changes: 41 additions & 0 deletions src/KeeShare.Tests/KeeShare.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
<Project Sdk="Microsoft.NET.Sdk">

<PropertyGroup>
<TargetFramework>net8.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>

<IsPackable>false</IsPackable>
<IsTestProject>true</IsTestProject>
</PropertyGroup>

<ItemGroup>
<PackageReference Include="coverlet.collector" Version="6.0.0" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
<PackageReference Include="Moq" Version="4.20.70" />
<PackageReference Include="xunit" Version="2.5.3" />
<PackageReference Include="xunit.runner.visualstudio" Version="2.5.3" />
</ItemGroup>

<ItemGroup>
<None Remove="TestData\*.kdbx" />
<None Remove="TestData\*.zip" />
<None Remove="TestData\*.sig" />
</ItemGroup>

<ItemGroup>
<EmbeddedResource Include="TestData\**\*">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</EmbeddedResource>
</ItemGroup>

<ItemGroup>
<Using Include="Xunit" />
</ItemGroup>

<ItemGroup>
<ProjectReference Include="..\keepass2android-app\keepass2android-app.csproj" />
<ProjectReference Include="..\KeePassLib2Android\KeePassLib2Android.csproj" />
</ItemGroup>

</Project>
206 changes: 206 additions & 0 deletions src/KeeShare.Tests/SignatureVerificationTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,206 @@
using System.Security.Cryptography;
using System.Text;
using keepass2android;

namespace KeeShare.Tests
{
public class SignatureVerificationTests
{
/// <summary>
/// Helper to convert bytes to hex string (KeeShare format)
/// </summary>
private static string BytesToHex(byte[] bytes)
{
return BitConverter.ToString(bytes).Replace("-", "").ToLowerInvariant();
}

/// <summary>
/// Helper to format signature in KeeShare format: "rsa|<hex>"
/// </summary>
private static byte[] FormatKeeShareSignature(byte[] signature)
{
string hex = BytesToHex(signature);
return Encoding.UTF8.GetBytes($"rsa|{hex}");
}

[Fact]
public void VerifySignature_WithValidSignature_ReturnsTrue()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] testData = Encoding.UTF8.GetBytes("Test KDBX data content");
byte[] hash = SHA256.HashData(testData);
byte[] signature = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
byte[] signatureData = FormatKeeShareSignature(signature);
bool result = KeeShare.VerifySignatureCore(publicKeyCert, testData, signatureData);
Assert.True(result, "Signature verification should succeed with valid signature");
}

[Fact]
public void VerifySignature_WithValidSignatureWithoutPrefix_ReturnsTrue()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] testData = Encoding.UTF8.GetBytes("Test KDBX data content");
byte[] hash = SHA256.HashData(testData);
byte[] signature = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
// Hex without "rsa|" prefix should also work
string signatureHex = BytesToHex(signature);
byte[] signatureData = Encoding.UTF8.GetBytes(signatureHex);
bool result = KeeShare.VerifySignatureCore(publicKeyCert, testData, signatureData);
Assert.True(result, "Signature verification should succeed with hex signature without prefix");
}

[Fact]
public void VerifySignature_WithInvalidSignature_ReturnsFalse()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] testData = Encoding.UTF8.GetBytes("Test KDBX data content");
byte[] invalidSignature = new byte[256];
new Random().NextBytes(invalidSignature);
byte[] signatureData = FormatKeeShareSignature(invalidSignature);
bool result = KeeShare.VerifySignatureCore(publicKeyCert, testData, signatureData);
Assert.False(result, "Signature verification should fail with invalid signature");
}

[Fact]
public void VerifySignature_WithTamperedData_ReturnsFalse()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] originalData = Encoding.UTF8.GetBytes("Original KDBX data");
byte[] hash = SHA256.HashData(originalData);
byte[] signature = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
byte[] signatureData = FormatKeeShareSignature(signature);
byte[] tamperedData = Encoding.UTF8.GetBytes("Tampered KDBX data");
bool result = KeeShare.VerifySignatureCore(publicKeyCert, tamperedData, signatureData);
Assert.False(result, "Signature verification should fail when data is tampered");
}

[Fact]
public void VerifySignature_WithPemFormattedCertificate_ReturnsTrue()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCertBase64 = Convert.ToBase64String(publicKeyBytes);
string publicKeyCertPem = $"-----BEGIN PUBLIC KEY-----\n{publicKeyCertBase64}\n-----END PUBLIC KEY-----";
byte[] testData = Encoding.UTF8.GetBytes("Test KDBX data content");
byte[] hash = SHA256.HashData(testData);
byte[] signature = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
byte[] signatureData = FormatKeeShareSignature(signature);
bool result = KeeShare.VerifySignatureCore(publicKeyCertPem, testData, signatureData);
Assert.True(result, "Signature verification should work with PEM formatted certificate");
}

[Fact]
public void VerifySignature_WithEmptyCertificate_ReturnsFalse()
{
byte[] testData = Encoding.UTF8.GetBytes("Test data");
byte[] signatureData = Encoding.UTF8.GetBytes("rsa|abcd1234");
bool result = KeeShare.VerifySignatureCore("", testData, signatureData);
Assert.False(result, "Signature verification should fail with empty certificate");
}

[Fact]
public void VerifySignature_WithNullData_ReturnsFalse()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] signatureData = Encoding.UTF8.GetBytes("rsa|abcd1234");
bool result = KeeShare.VerifySignatureCore(publicKeyCert, null, signatureData);
Assert.False(result, "Signature verification should fail with null data");
}

[Fact]
public void VerifySignature_WithEmptyData_ReturnsFalse()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] signatureData = Encoding.UTF8.GetBytes("rsa|abcd1234");
bool result = KeeShare.VerifySignatureCore(publicKeyCert, new byte[0], signatureData);
Assert.False(result, "Signature verification should fail with empty data");
}

[Fact]
public void VerifySignature_WithMalformedHexSignature_ReturnsFalse()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] testData = Encoding.UTF8.GetBytes("Test data");
// Invalid hex characters
byte[] signatureData = Encoding.UTF8.GetBytes("rsa|not-valid-hex!@#$GHIJ");
bool result = KeeShare.VerifySignatureCore(publicKeyCert, testData, signatureData);
Assert.False(result, "Signature verification should fail with malformed hex");
}

[Fact]
public void VerifySignature_WithOddLengthHex_ReturnsFalse()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] testData = Encoding.UTF8.GetBytes("Test data");
// Odd-length hex string (invalid)
byte[] signatureData = Encoding.UTF8.GetBytes("rsa|abc");
bool result = KeeShare.VerifySignatureCore(publicKeyCert, testData, signatureData);
Assert.False(result, "Signature verification should fail with odd-length hex");
}

[Fact]
public void VerifySignature_WithSignatureContainingWhitespace_ReturnsTrue()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] testData = Encoding.UTF8.GetBytes("Test KDBX data content");
byte[] hash = SHA256.HashData(testData);
byte[] signature = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
string signatureHex = BytesToHex(signature);
// Add whitespace around the signature
string signatureWithWhitespace = $"\r\n rsa|{signatureHex} \r\n";
byte[] signatureData = Encoding.UTF8.GetBytes(signatureWithWhitespace);
bool result = KeeShare.VerifySignatureCore(publicKeyCert, testData, signatureData);
Assert.True(result, "Signature verification should handle whitespace in signature");
}

[Fact]
public void VerifySignature_WithUppercaseHex_ReturnsTrue()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] testData = Encoding.UTF8.GetBytes("Test KDBX data content");
byte[] hash = SHA256.HashData(testData);
byte[] signature = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
// Use uppercase hex
string signatureHex = BitConverter.ToString(signature).Replace("-", "").ToUpperInvariant();
byte[] signatureData = Encoding.UTF8.GetBytes($"rsa|{signatureHex}");
bool result = KeeShare.VerifySignatureCore(publicKeyCert, testData, signatureData);
Assert.True(result, "Signature verification should handle uppercase hex");
}

[Fact]
public void VerifySignature_WithUppercaseRsaPrefix_ReturnsTrue()
{
using var rsa = RSA.Create(2048);
var publicKeyBytes = rsa.ExportSubjectPublicKeyInfo();
var publicKeyCert = Convert.ToBase64String(publicKeyBytes);
byte[] testData = Encoding.UTF8.GetBytes("Test KDBX data content");
byte[] hash = SHA256.HashData(testData);
byte[] signature = rsa.SignHash(hash, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
string signatureHex = BytesToHex(signature);
// Use uppercase "RSA|" prefix
byte[] signatureData = Encoding.UTF8.GetBytes($"RSA|{signatureHex}");
bool result = KeeShare.VerifySignatureCore(publicKeyCert, testData, signatureData);
Assert.True(result, "Signature verification should handle uppercase RSA prefix");
}
}
}
22 changes: 21 additions & 1 deletion src/Kp2aBusinessLogic/database/edit/LoadDB.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ public class LoadDb : OperationWithFinishHandler

public LoadDb(IKp2aApp app, IOConnectionInfo ioc, Task<MemoryStream> databaseData, CompositeKey compositeKey,
string keyfileOrProvider, OnOperationFinishedHandler operationFinishedHandler,
bool updateLastUsageTimestamp, bool makeCurrent, IDatabaseModificationWatcher modificationWatcher = null) : base(app, operationFinishedHandler)
bool updateLastUsageTimestamp, bool makeCurrent, IDatabaseModificationWatcher modificationWatcher = null) : base(app, WrapHandlerForKeeShare(app, operationFinishedHandler))
{
_modificationWatcher = modificationWatcher ?? new NullDatabaseModificationWatcher();
_app = app;
Expand All @@ -59,6 +59,26 @@ public LoadDb(IKp2aApp app, IOConnectionInfo ioc, Task<MemoryStream> databaseDat
_rememberKeyfile = app.GetBooleanPreference(PreferenceKey.remember_keyfile);
}

private static OnOperationFinishedHandler WrapHandlerForKeeShare(IKp2aApp app, OnOperationFinishedHandler originalHandler)
{
if (originalHandler == null)
Copy link
Owner

@PhilippC PhilippC Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this intentional? Even if there is no originalHandler, shouldn't OnLoadCompleteKeeShareCheck run anyway?

return null;

return new ActionOnOperationFinished(app, (success, message, context) =>
{
originalHandler.SetResult(success, message, false, null);
if (success && app.CurrentDb?.KpDatabase?.IsOpen == true &&
KeeShare.HasKeeShareGroups(app.CurrentDb.KpDatabase.RootGroup))
{
KeeShare.Check(app, originalHandler);
}
else
{
originalHandler.Run();
}
});
}

protected bool success = false;
private bool _updateLastUsageTimestamp;
private readonly bool _makeCurrent;
Expand Down
3 changes: 2 additions & 1 deletion src/keepass2android-app/AssemblyInfo.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ You should have received a copy of the GNU General Public License
along with Keepass2Android. If not, see <http://www.gnu.org/licenses/>.
*/

using System.Runtime.CompilerServices;


[assembly: InternalsVisibleTo("KeeShare.Tests")]


2 changes: 1 addition & 1 deletion src/keepass2android-app/EntryActivity.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,7 +238,7 @@ protected void SetEntryView()
protected void SetupEditButtons()
{
View edit = FindViewById(Resource.Id.entry_edit);
if (App.Kp2a.CurrentDb.CanWrite && _historyIndex < 0)
if (App.Kp2a.CurrentDb.CanWrite && _historyIndex < 0 && !KeeShare.IsReadOnlyBecauseKeeShareImport(Entry))
{
edit.Visibility = ViewStates.Visible;
edit.Click += (sender, e) =>
Expand Down
Loading
Loading