Decide on Touch ID setting whether user needs

to authenticate on loading and storing a passphrase
2026-05-17 10:11:27 +00:00 · 2024-07-28 09:27:24 +02:00
parent 10bce1fb06
commit 2194360c8a
3 changed files with 18 additions and 2 deletions
--- a/src/main/java/org/cryptomator/common/keychain/KeychainManager.java
+++ b/src/main/java/org/cryptomator/common/keychain/KeychainManager.java
@@ -49,6 +49,11 @@ public class KeychainManager implements KeychainAccessProvider {
 		setPassphraseStored(key, true);
 	}

+	public void storePassphraseForAuthenticatedUser(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
+		getKeychainOrFail().storePassphrase(key, displayName, passphrase);
+		setPassphraseStored(key, true);
+	}
+
 	@Override
 	public char[] loadPassphrase(String key) throws KeychainAccessException {
 		char[] passphrase = getKeychainOrFail().loadPassphrase(key);
@@ -56,6 +61,12 @@ public class KeychainManager implements KeychainAccessProvider {
 		return passphrase;
 	}

+	public char[] loadPassphraseForAuthenticatedUser(String key) throws KeychainAccessException {
+		char[] passphrase = getKeychainOrFail().loadPassphrase(key);
+		setPassphraseStored(key, passphrase != null);
+		return passphrase;
+	}
+
 	@Override
 	public void deletePassphrase(String key) throws KeychainAccessException {
 		getKeychainOrFail().deletePassphrase(key);
--- a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingModule.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingModule.java
@@ -28,7 +28,7 @@ public interface MasterkeyFileLoadingModule {
 			return Optional.empty();
 		} else {
 			try {
-				return Optional.ofNullable(keychain.loadPassphrase(vault.getId()));
+				return vault.getVaultSettings().useTouchID.get() ? Optional.ofNullable(keychain.loadPassphraseForAuthenticatedUser(vault.getId())) : Optional.ofNullable(keychain.loadPassphrase(vault.getId()));
 			} catch (KeychainAccessException e) {
 				LoggerFactory.getLogger(MasterkeyFileLoadingModule.class).error("Failed to load entry from system keychain.", e);
 				return Optional.empty();
--- a/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java
+++ b/src/main/java/org/cryptomator/ui/keyloading/masterkeyfile/MasterkeyFileLoadingStrategy.java
@@ -113,8 +113,13 @@ public class MasterkeyFileLoadingStrategy implements KeyLoadingStrategy {

 	private void savePasswordToSystemkeychain(Passphrase passphrase) {
 		if (keychain.isSupported()) {
+			LOG.info(vault.getVaultSettings().useTouchID.get() ? "Using store WITH fingerprint" : "Using store WITH OUT fingerprint");
 			try {
-				keychain.storePassphrase(vault.getId(), vault.getDisplayName(), passphrase);
+				if (vault.getVaultSettings().useTouchID.get()) {
+					keychain.storePassphraseForAuthenticatedUser(vault.getId(), vault.getDisplayName(), passphrase);
+				} else {
+					keychain.storePassphrase(vault.getId(), vault.getDisplayName(), passphrase);
+				}
 			} catch (KeychainAccessException e) {
 				LOG.error("Failed to store passphrase in system keychain.", e);
 			}