Add change password support on SQLiteDatabase

Author: developernotes

sqlcipher/src/androidTest/java/net/zetetic/database/sqlcipher_cts/SQLCipherDatabaseTest.java

@@ -2,17 +2,15 @@
 
 import android.database.Cursor;
 
-import net.zetetic.database.sqlcipher.SQLiteConnection;
 import net.zetetic.database.sqlcipher.SQLiteDatabase;
-import net.zetetic.database.sqlcipher.SQLiteDatabaseHook;
+import net.zetetic.database.sqlcipher.SQLiteDatabaseConfiguration;
+import net.zetetic.database.sqlcipher.SQLiteException;
 
-import org.junit.Before;
 import org.junit.Test;
 
-import java.io.File;
-
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.core.Is.is;
+import static org.hamcrest.core.IsNull.nullValue;
 
 public class SQLCipherDatabaseTest extends AndroidSQLCipherTestCase {
 
@@ -26,6 +24,7 @@ public void testConnectionWithPassword(){
     if(cursor != null && cursor.moveToFirst()){
       a = cursor.getInt(0);
       b = cursor.getInt(1);
+      cursor.close();
     }
     assertThat(a, is(1));
     assertThat(b, is(2));
@@ -42,8 +41,59 @@ public void insertDataQueryByObjectParams(){
     if(cursor != null && cursor.moveToFirst()){
       a1 = cursor.getFloat(0);
       b1 = cursor.getDouble(1);
+      cursor.close();
     }
     assertThat(a1, is(a));
     assertThat(b1, is(b));
   }
+
+  @Test
+  public void shouldChangeDatabasePasswordSuccessfully(){
+    int a = 3, b = 4;
+    int a1 = 0, b1 = 0;
+    String originalPassword = "foo", newPassword = "bar";
+    database = SQLiteDatabase.openOrCreateDatabase(databasePath, originalPassword, null, null);
+    database.execSQL("create table t1(a,b);");
+    database.execSQL("insert into t1(a,b) values(?,?)", new Object[]{a, b});
+    database.changePassword(newPassword);
+    database.close();
+    database = null;
+    try {
+      database = SQLiteDatabase.openOrCreateDatabase(databasePath, originalPassword, null, null);
+      assertThat(database, is(nullValue()));
+    } catch (SQLiteException ex){
+      database = SQLiteDatabase.openOrCreateDatabase(databasePath, newPassword, null, null);
+      Cursor cursor = database.rawQuery("select * from t1;");
+      if(cursor != null && cursor.moveToFirst()){
+        a1 = cursor.getInt(0);
+        b1 = cursor.getInt(1);
+        cursor.close();
+      }
+      assertThat(a1, is(a));
+      assertThat(b1, is(b));
+    }
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void shouldThrowExceptionWhenChangingPasswordOnClosedDatabase(){
+    database = SQLiteDatabase.openOrCreateDatabase(databasePath, "foo", null, null);
+    database.close();
+    database.changePassword("bar");
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void shouldThrowExceptionOnChangePasswordWithReadOnlyDatabase(){
+    database = SQLiteDatabase.openOrCreateDatabase(databasePath.getAbsolutePath(), "foo", null, null);
+    database.execSQL("create table t1(a,b);");
+    database.close();
+    database = null;
+    database = SQLiteDatabase.openDatabase(databasePath.getAbsolutePath(), "foo", null, SQLiteDatabase.OPEN_READONLY, null, null);
+    database.changePassword("bar");
+  }
+
+  @Test(expected = IllegalStateException.class)
+  public void shouldThrowExceptionOnChangePasswordWithInMemoryDatabase(){
+    database = SQLiteDatabase.openOrCreateDatabase(SQLiteDatabaseConfiguration.MEMORY_DB_PATH, "foo", null, null, null);
+    database.changePassword("bar");
+  }
 }

sqlcipher/src/androidTest/java/net/zetetic/database/sqlcipher_cts/SQLCipherVersionTest.java

@@ -2,6 +2,8 @@
 
 import android.database.Cursor;
 
+import net.zetetic.database.sqlcipher.SQLiteDatabase;
+
 import org.junit.Test;
 
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -13,7 +15,8 @@ public class SQLCipherVersionTest extends AndroidSQLCipherTestCase {
   @Test
   public void testCipherVersionReported(){
     String cipherVersion = "";
-    Cursor cursor = database.rawQuery("PRAGMA cipher_version;", new String[]{});
+    database = SQLiteDatabase.openOrCreateDatabase(databasePath, "foo", null, null);
+    Cursor cursor = database.rawQuery("PRAGMA cipher_version;");
     if(cursor != null && cursor.moveToFirst()){
       cipherVersion = cursor.getString(0);
       cursor.close();

sqlcipher/src/main/java/net/zetetic/database/sqlcipher/SQLiteConnection.java

@@ -118,6 +118,7 @@ public final class SQLiteConnection implements CancellationSignal.OnCancelListen
     private int mCancellationSignalAttachCount;
 
     private static native int nativeKey(long connectionPtr, byte[] password);
+    private static native int nativeReKey(long connectionPtr, byte[] newPassword);
     private static native long nativeOpen(String path, int openFlags, String label,
             boolean enableTrace, boolean enableProfile);
     private static native void nativeClose(long connectionPtr);
@@ -209,6 +210,14 @@ void close() {
         dispose(false);
     }
 
+    void changePassword(byte[] newPassword){
+        int result = nativeReKey(mConnectionPtr, newPassword);
+        Log.i(TAG, String.format("Database rekey operation returned:%s", result));
+        if(result != 0){
+            throw new SQLiteException(String.format("Failed to rekey database, result code:%s", result));
+        }
+    }
+
     private void open() {
         mConnectionPtr = nativeOpen(mConfiguration.path, mConfiguration.openFlags,
                 mConfiguration.label,

sqlcipher/src/main/java/net/zetetic/database/sqlcipher/SQLiteConnectionPool.java

@@ -31,6 +31,7 @@
 
 import java.io.Closeable;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Map;
 import java.util.WeakHashMap;
 import java.util.concurrent.atomic.AtomicBoolean;
@@ -294,6 +295,13 @@ public void reconfigure(SQLiteDatabaseConfiguration configuration) {
                 }
             }
 
+            boolean passwordChanged = !Arrays.equals(configuration.password, mConfiguration.password);
+            if(passwordChanged){
+                mAvailablePrimaryConnection.changePassword(configuration.password);
+                mConfiguration.updateParametersFrom(configuration);
+                reconfigureAllConnectionsLocked();
+            }
+
             if (mConfiguration.openFlags != configuration.openFlags) {
                 // If we are changing open flags and WAL mode at the same time, then
                 // we have no choice but to close the primary connection beforehand

sqlcipher/src/main/java/net/zetetic/database/sqlcipher/SQLiteDatabase.java

@@ -2375,6 +2375,30 @@ public boolean isDatabaseIntegrityOk() {
         return true;
     }
 
+    public void changePassword(String newPassword) {
+        changePassword(getBytes(newPassword));
+    }
+
+    public void changePassword(byte[] newPassword) {
+        synchronized (mLock) {
+            throwIfNotOpenLocked();
+            if (isReadOnlyLocked()) {
+                throw new IllegalStateException("Can't change password for readonly databases.");
+            }
+            if (mConfigurationLocked.isInMemoryDb()) {
+                throw new IllegalStateException("Can't change password for in-memory databases.");
+            }
+            byte[] originalPassword = mConfigurationLocked.password;
+            mConfigurationLocked.password = newPassword;
+            try {
+                mConnectionPoolLocked.reconfigure(mConfigurationLocked);
+            } catch (RuntimeException ex) {
+                mConfigurationLocked.password = originalPassword;
+                throw ex;
+            }
+        }
+    }
+
     @Override
     public String toString() {
         return "SQLiteDatabase: " + getPath();

sqlcipher/src/main/jni/sqlcipher/android_database_SQLiteConnection.cpp

@@ -159,6 +159,27 @@ static jint nativeKey(JNIEnv* env, jclass clazz, jlong connectionPtr, jbyteArray
     return rc;
 }
 
+    static jint nativeReKey(JNIEnv* env, jclass clazz, jlong connectionPtr, jbyteArray keyArray) {
+        int rc = SQLITE_ERROR;
+        jsize size = 0;
+        jbyte *key = nullptr;
+        auto* connection = reinterpret_cast<SQLiteConnection*>(connectionPtr);
+        if(connection) {
+            ALOGV("ReKeying connection %p", connection->db);
+            key = env->GetByteArrayElements(keyArray, nullptr);
+            size = env->GetArrayLength(keyArray);
+            rc = sqlite3_rekey(connection->db, key, size);
+        }
+        if(key) {
+            env->ReleaseByteArrayElements(keyArray, key, JNI_ABORT);
+        }
+        if (rc != SQLITE_OK) {
+            ALOGE("sqlite3_rekey(%p) failed: %d", connection->db, rc);
+            throw_sqlite3_exception(env, connection->db, "Could not rekey db.");
+        }
+        return rc;
+    }
+
 static jlong nativeOpen(JNIEnv* env, jclass clazz, jstring pathStr, jint openFlags,
         jstring labelStr, jboolean enableTrace, jboolean enableProfile) {
     int sqliteFlags;
@@ -835,6 +856,8 @@ static JNINativeMethod sMethods[] =
     /* name, signature, funcPtr */
     {"nativeKey", "(J[B)I",
             (void*)nativeKey },
+    {"nativeReKey", "(J[B)I",
+            (void*)nativeReKey },
     {"nativeOpen", "(Ljava/lang/String;ILjava/lang/String;ZZ)J",
             (void*)nativeOpen },
     { "nativeClose", "(J)V",