diff --git a/native/cpp/CommonCpp/DatabaseManagers/DatabaseQueryExecutor.h b/native/cpp/CommonCpp/DatabaseManagers/DatabaseQueryExecutor.h --- a/native/cpp/CommonCpp/DatabaseManagers/DatabaseQueryExecutor.h +++ b/native/cpp/CommonCpp/DatabaseManagers/DatabaseQueryExecutor.h @@ -58,6 +58,7 @@ virtual void storeOlmPersistData(crypto::Persist persist) const = 0; virtual void setNotifyToken(std::string token) const = 0; virtual void clearNotifyToken() const = 0; + virtual void clearSensitiveData() const = 0; }; } // namespace comm diff --git a/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.h b/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.h --- a/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.h +++ b/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.h @@ -10,7 +10,8 @@ namespace comm { class SQLiteQueryExecutor : public DatabaseQueryExecutor { - void migrate(); + void migrate() const; + static void assign_encryption_key(); static auto &getStorage(); static std::once_flag initialized; @@ -57,6 +58,7 @@ void storeOlmPersistData(crypto::Persist persist) const override; void setNotifyToken(std::string token) const override; void clearNotifyToken() const override; + void clearSensitiveData() const override; }; } // namespace comm diff --git a/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp b/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp --- a/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp +++ b/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp @@ -456,7 +456,7 @@ {22, {enable_write_ahead_logging_mode, false}}, {23, {create_metadata_table, true}}}}; -void SQLiteQueryExecutor::migrate() { +void SQLiteQueryExecutor::migrate() const { validate_encryption(); sqlite3 *db; @@ -515,6 +515,15 @@ sqlite3_close(db); } +void SQLiteQueryExecutor::assign_encryption_key() { + CommSecureStore commSecureStore{}; + std::string encryptionKey = comm::crypto::Tools::generateRandomHexString( + SQLiteQueryExecutor::sqlcipherEncryptionKeySize); + commSecureStore.set( + SQLiteQueryExecutor::secureStoreEncryptionKeyID, encryptionKey); + SQLiteQueryExecutor::encryptionKey = encryptionKey; +} + auto &SQLiteQueryExecutor::getStorage() { static auto storage = make_storage( SQLiteQueryExecutor::sqliteFilePath, @@ -575,7 +584,7 @@ void SQLiteQueryExecutor::initialize(std::string &databasePath) { std::call_once(SQLiteQueryExecutor::initialized, [&databasePath]() { SQLiteQueryExecutor::sqliteFilePath = databasePath; - CommSecureStore commSecureStore; + CommSecureStore commSecureStore{}; folly::Optional maybeEncryptionKey = commSecureStore.get(SQLiteQueryExecutor::secureStoreEncryptionKeyID); @@ -583,11 +592,7 @@ SQLiteQueryExecutor::encryptionKey = maybeEncryptionKey.value(); return; } - std::string encryptionKey = comm::crypto::Tools::generateRandomHexString( - SQLiteQueryExecutor::sqlcipherEncryptionKeySize); - commSecureStore.set( - SQLiteQueryExecutor::secureStoreEncryptionKeyID, encryptionKey); - SQLiteQueryExecutor::encryptionKey = encryptionKey; + SQLiteQueryExecutor::assign_encryption_key(); }); } @@ -830,4 +835,19 @@ SQLiteQueryExecutor::getStorage().remove("notify_token"); } +void SQLiteQueryExecutor::clearSensitiveData() const { + if (file_exists(SQLiteQueryExecutor::sqliteFilePath) && + std::remove(SQLiteQueryExecutor::sqliteFilePath.c_str())) { + std::ostringstream errorStream; + errorStream << "Failed to delete database file. Details: " + << strerror(errno); + throw std::system_error(errno, std::generic_category(), errorStream.str()); + } + auto native_dependent_task = []() { + SQLiteQueryExecutor::assign_encryption_key(); + }; + run_with_native_accessible(native_dependent_task); + this->migrate(); +} + } // namespace comm