diff --git a/native/cpp/CommonCpp/DatabaseManagers/DatabaseQueryExecutor.h b/native/cpp/CommonCpp/DatabaseManagers/DatabaseQueryExecutor.h --- a/native/cpp/CommonCpp/DatabaseManagers/DatabaseQueryExecutor.h +++ b/native/cpp/CommonCpp/DatabaseManagers/DatabaseQueryExecutor.h @@ -58,6 +58,7 @@ virtual void storeOlmPersistData(crypto::Persist persist) const = 0; virtual void setNotifyToken(std::string token) const = 0; virtual void clearNotifyToken() const = 0; + virtual void clearSensitiveData() const = 0; }; } // namespace comm diff --git a/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.h b/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.h --- a/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.h +++ b/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.h @@ -10,7 +10,8 @@ namespace comm { class SQLiteQueryExecutor : public DatabaseQueryExecutor { - void migrate(); + void migrate() const; + static void assign_encryption_key(); static auto &getStorage(); static std::once_flag initialized; @@ -57,6 +58,7 @@ void storeOlmPersistData(crypto::Persist persist) const override; void setNotifyToken(std::string token) const override; void clearNotifyToken() const override; + void clearSensitiveData() const override; }; } // namespace comm diff --git a/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp b/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp --- a/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp +++ b/native/cpp/CommonCpp/DatabaseManagers/SQLiteQueryExecutor.cpp @@ -17,6 +17,10 @@ #include #include +#ifdef __ANDROID__ +#include +#endif + #define ACCOUNT_ID 1 namespace comm { @@ -441,7 +445,7 @@ {22, {enable_write_ahead_logging_mode, false}}, {23, {create_metadata_table, true}}}}; -void SQLiteQueryExecutor::migrate() { +void SQLiteQueryExecutor::migrate() const { validate_encryption(); sqlite3 *db; @@ -500,6 +504,15 @@ sqlite3_close(db); } +void SQLiteQueryExecutor::assign_encryption_key() { + CommSecureStore commSecureStore{}; + std::string encryptionKey = comm::crypto::Tools::generateRandomHexString( + SQLiteQueryExecutor::sqlcipherEncryptionKeySize); + commSecureStore.set( + SQLiteQueryExecutor::secureStoreEncryptionKeyID, encryptionKey); + SQLiteQueryExecutor::encryptionKey = encryptionKey; +} + auto &SQLiteQueryExecutor::getStorage() { static auto storage = make_storage( SQLiteQueryExecutor::sqliteFilePath, @@ -560,7 +573,7 @@ void SQLiteQueryExecutor::initialize(std::string &databasePath) { std::call_once(SQLiteQueryExecutor::initialized, [&databasePath]() { SQLiteQueryExecutor::sqliteFilePath = databasePath; - CommSecureStore commSecureStore; + CommSecureStore commSecureStore{}; folly::Optional maybeEncryptionKey = commSecureStore.get(SQLiteQueryExecutor::secureStoreEncryptionKeyID); @@ -568,11 +581,7 @@ SQLiteQueryExecutor::encryptionKey = maybeEncryptionKey.value(); return; } - std::string encryptionKey = comm::crypto::Tools::generateRandomHexString( - SQLiteQueryExecutor::sqlcipherEncryptionKeySize); - commSecureStore.set( - SQLiteQueryExecutor::secureStoreEncryptionKeyID, encryptionKey); - SQLiteQueryExecutor::encryptionKey = encryptionKey; + SQLiteQueryExecutor::assign_encryption_key(); }); } @@ -815,4 +824,23 @@ SQLiteQueryExecutor::getStorage().remove("notify_token"); } +void SQLiteQueryExecutor::clearSensitiveData() const { + if (file_exists(SQLiteQueryExecutor::sqliteFilePath) && + std::remove(SQLiteQueryExecutor::sqliteFilePath.c_str())) { + std::ostringstream errorStream; + errorStream << "Failed to delete database file. Details: " + << strerror(errno); + throw std::system_error(errno, std::generic_category(), errorStream.str()); + } +#ifdef __ANDROID__ + auto jvm_dependent_task = []() { + SQLiteQueryExecutor::assign_encryption_key(); + }; + facebook::jni::ThreadScope::WithClassLoader(jvm_dependent_task); +#else + SQLiteQueryExecutor::assign_encryption_key(); +#endif + this->migrate(); +} + } // namespace comm