aboutsummaryrefslogtreecommitdiff
path: root/format-common/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'format-common/src/main')
-rw-r--r--format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt231
-rw-r--r--format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt6
-rw-r--r--format-common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt26
-rw-r--r--format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt90
-rw-r--r--format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt29
-rw-r--r--format-common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt52
6 files changed, 0 insertions, 434 deletions
diff --git a/format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt b/format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt
deleted file mode 100644
index 1618374f..00000000
--- a/format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt
+++ /dev/null
@@ -1,231 +0,0 @@
-/*
- * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
- * SPDX-License-Identifier: GPL-3.0-only
- */
-
-package app.passwordstore.data.passfile
-
-import androidx.annotation.VisibleForTesting
-import app.passwordstore.util.time.UserClock
-import app.passwordstore.util.totp.Otp
-import app.passwordstore.util.totp.TotpFinder
-import com.github.michaelbull.result.mapBoth
-import dagger.assisted.Assisted
-import dagger.assisted.AssistedFactory
-import dagger.assisted.AssistedInject
-import kotlin.collections.set
-import kotlin.coroutines.coroutineContext
-import kotlin.time.Duration.Companion.milliseconds
-import kotlin.time.Duration.Companion.seconds
-import kotlinx.coroutines.delay
-import kotlinx.coroutines.flow.Flow
-import kotlinx.coroutines.flow.flow
-import kotlinx.coroutines.isActive
-
-/** Represents a single entry in the password store. */
-public class PasswordEntry
-@AssistedInject
-constructor(
- /** A time source used to calculate the TOTP */
- private val clock: UserClock,
- /** [TotpFinder] implementation to extract data from a TOTP URI */
- private val totpFinder: TotpFinder,
- /** The content of this entry, as an array of bytes. */
- @Assisted bytes: ByteArray,
-) {
-
- private val content = bytes.decodeToString()
-
- /** The password text for this entry. Can be null. */
- public val password: String?
-
- /** The username for this entry. Can be null. */
- public val username: String?
-
- /** A [String] to [String] [Map] of the extra content of this entry, in a key:value fashion. */
- public val extraContent: Map<String, String>
-
- /**
- * Direct [String] representation of the extra content of this entry, before any transforms are
- * applied. Only use this when the extra content is required in a formatting-preserving manner.
- */
- public val extraContentString: String
-
- /**
- * A [Flow] providing the current TOTP. It will start emitting only when collected. If this entry
- * does not have a TOTP secret, the flow will never emit. Users should call [hasTotp] before
- * collection to check if it is valid to collect this [Flow].
- */
- public val totp: Flow<Totp> = flow {
- require(totpSecret != null) { "Cannot collect this flow without a TOTP secret" }
- do {
- val otp = calculateTotp()
- emit(otp)
- delay(THOUSAND_MILLIS.milliseconds)
- } while (coroutineContext.isActive)
- }
-
- /** Obtain the [Totp.value] for this [PasswordEntry] at the current time. */
- public val currentOtp: String
- get() = calculateTotp().value
-
- /**
- * String representation of [extraContent] but with authentication related data such as TOTP URIs
- * and usernames stripped.
- */
- public val extraContentWithoutAuthData: String
- private val totpSecret: String?
-
- init {
- val (foundPassword, passContent) = findAndStripPassword(content.split("\n".toRegex()))
- password = foundPassword
- extraContentString = passContent.joinToString("\n")
- extraContentWithoutAuthData = generateExtraContentWithoutAuthData()
- extraContent = generateExtraContentPairs()
- username = findUsername()
- totpSecret = totpFinder.findSecret(content)
- }
-
- public fun hasTotp(): Boolean {
- return totpSecret != null
- }
-
- @Suppress("ReturnCount")
- private fun findAndStripPassword(passContent: List<String>): Pair<String?, List<String>> {
- if (TotpFinder.TOTP_FIELDS.any { passContent[0].startsWith(it) }) return Pair(null, passContent)
- for (line in passContent) {
- for (prefix in PASSWORD_FIELDS) {
- if (line.startsWith(prefix, ignoreCase = true)) {
- return Pair(line.substring(prefix.length).trimStart(), passContent.minus(line))
- }
- }
- }
- return Pair(passContent[0], passContent.minus(passContent[0]))
- }
-
- private fun generateExtraContentWithoutAuthData(): String {
- var foundUsername = false
- return extraContentString
- .lineSequence()
- .filter { line ->
- return@filter when {
- USERNAME_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } &&
- !foundUsername -> {
- foundUsername = true
- false
- }
- TotpFinder.TOTP_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } -> {
- false
- }
- else -> {
- true
- }
- }
- }
- .joinToString(separator = "\n")
- }
-
- private fun generateExtraContentPairs(): Map<String, String> {
- fun MutableMap<String, String>.putOrAppend(key: String, value: String) {
- if (value.isEmpty()) return
- val existing = this[key]
- this[key] =
- if (existing == null) {
- value
- } else {
- "$existing\n$value"
- }
- }
-
- val items = mutableMapOf<String, String>()
- extraContentWithoutAuthData.lines().forEach { line ->
- // Split the line on ':' and save all the parts into an array
- // "ABC : DEF:GHI" --> ["ABC", "DEF", "GHI"]
- val splitArray = line.split(":")
- // Take the first element of the array. This will be the key for the key-value pair.
- // ["ABC ", " DEF", "GHI"] -> key = "ABC"
- val key = splitArray.first().trimEnd()
- // Remove the first element from the array and join the rest of the string again with
- // ':' as separator.
- // ["ABC ", " DEF", "GHI"] -> value = "DEF:GHI"
- val value = splitArray.drop(1).joinToString(":").trimStart()
-
- if (key.isNotEmpty() && value.isNotEmpty()) {
- // If both key and value are not empty, we can form a pair with this so add it to
- // the map.
- // key = "ABC", value = "DEF:GHI"
- items[key] = value
- } else {
- // If either key or value is empty, we were not able to form proper key-value pair.
- // So append the original line into an "EXTRA CONTENT" map entry
- items.putOrAppend(EXTRA_CONTENT, line)
- }
- }
-
- return items
- }
-
- private fun findUsername(): String? {
- extraContentString.splitToSequence("\n").forEach { line ->
- for (prefix in USERNAME_FIELDS) {
- if (line.startsWith(prefix, ignoreCase = true))
- return line.substring(prefix.length).trimStart()
- }
- }
- return null
- }
-
- private fun calculateTotp(): Totp {
- val digits = totpFinder.findDigits(content)
- val totpPeriod = totpFinder.findPeriod(content)
- val totpAlgorithm = totpFinder.findAlgorithm(content)
- val issuer = totpFinder.findIssuer(content)
- val millis = clock.millis()
- val remainingTime = (totpPeriod - ((millis / THOUSAND_MILLIS) % totpPeriod)).seconds
- Otp.calculateCode(
- totpSecret!!,
- millis / (THOUSAND_MILLIS * totpPeriod),
- totpAlgorithm,
- digits,
- issuer
- )
- .mapBoth(
- { code ->
- return Totp(code, remainingTime)
- },
- { throwable -> throw throwable }
- )
- }
-
- @AssistedFactory
- public interface Factory {
- public fun create(bytes: ByteArray): PasswordEntry
- }
-
- public companion object {
-
- private const val EXTRA_CONTENT = "Extra Content"
- @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
- public val USERNAME_FIELDS: Array<String> =
- arrayOf(
- "login:",
- "username:",
- "user:",
- "account:",
- "email:",
- "mail:",
- "name:",
- "handle:",
- "id:",
- "identity:",
- )
- @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
- public val PASSWORD_FIELDS: Array<String> =
- arrayOf(
- "password:",
- "secret:",
- "pass:",
- )
- private const val THOUSAND_MILLIS = 1000L
- }
-}
diff --git a/format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt b/format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt
deleted file mode 100644
index c279360f..00000000
--- a/format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt
+++ /dev/null
@@ -1,6 +0,0 @@
-package app.passwordstore.data.passfile
-
-import kotlin.time.Duration
-
-/** Holder for a TOTP secret and the duration for which it is valid. */
-public data class Totp(public val value: String, public val remainingTime: Duration)
diff --git a/format-common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt b/format-common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt
deleted file mode 100644
index 4ffeb6a6..00000000
--- a/format-common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
- * SPDX-License-Identifier: GPL-3.0-only
- */
-
-package app.passwordstore.util.time
-
-import java.time.Clock
-import java.time.Instant
-import java.time.ZoneId
-import javax.inject.Inject
-
-/**
- * A subclass of [Clock] that uses [Clock.systemDefaultZone] to get a clock that works for the
- * user's current time zone.
- */
-public open class UserClock @Inject constructor() : Clock() {
-
- private val clock = systemDefaultZone()
-
- override fun withZone(zone: ZoneId): Clock = clock.withZone(zone)
-
- override fun getZone(): ZoneId = clock.zone
-
- override fun instant(): Instant = clock.instant()
-}
diff --git a/format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt b/format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt
deleted file mode 100644
index 10e771fe..00000000
--- a/format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt
+++ /dev/null
@@ -1,90 +0,0 @@
-/*
- * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
- * SPDX-License-Identifier: GPL-3.0-only
- */
-
-package app.passwordstore.util.totp
-
-import com.github.michaelbull.result.Err
-import com.github.michaelbull.result.Result
-import com.github.michaelbull.result.runCatching
-import java.nio.ByteBuffer
-import java.util.Locale
-import javax.crypto.Mac
-import javax.crypto.spec.SecretKeySpec
-import kotlin.experimental.and
-import org.apache.commons.codec.binary.Base32
-
-public object Otp {
-
- private val BASE_32 = Base32()
- private val STEAM_ALPHABET = "23456789BCDFGHJKMNPQRTVWXY".toCharArray()
- private const val BYTE_BUFFER_CAPACITY = 8
- private const val END_INDEX_OFFSET = 4
- private const val STEAM_GUARD_DIGITS = 5
- private const val MINIMUM_DIGITS = 6
- private const val MAXIMUM_DIGITS = 10
- private const val ALPHABET_LENGTH = 26
- private const val MOST_SIGNIFICANT_BYTE = 0x7f
-
- public fun calculateCode(
- secret: String,
- counter: Long,
- algorithm: String,
- digits: String,
- issuer: String?,
- ): Result<String, Throwable> = runCatching {
- val algo = "Hmac${algorithm.uppercase(Locale.ROOT)}"
- val decodedSecret = BASE_32.decode(secret)
- val secretKey = SecretKeySpec(decodedSecret, algo)
- val digest =
- Mac.getInstance(algo).run {
- init(secretKey)
- doFinal(ByteBuffer.allocate(BYTE_BUFFER_CAPACITY).putLong(counter).array())
- }
- // Least significant 4 bits are used as an offset into the digest.
- val offset = (digest.last() and 0xf).toInt()
- // Extract 32 bits at the offset and clear the most significant bit.
- val code = digest.copyOfRange(offset, offset.plus(END_INDEX_OFFSET))
- code[0] = (MOST_SIGNIFICANT_BYTE and code[0].toInt()).toByte()
- val codeInt = ByteBuffer.wrap(code).int
- check(codeInt > 0)
- // SteamGuard is a horrible OTP implementation that generates non-standard 5 digit OTPs as
- // well
- // as uses a custom character set.
- if (digits == "s" || issuer == "Steam") {
- var remainingCodeInt = codeInt
- buildString {
- repeat(STEAM_GUARD_DIGITS) {
- append(STEAM_ALPHABET[remainingCodeInt % STEAM_ALPHABET.size])
- remainingCodeInt /= ALPHABET_LENGTH
- }
- }
- } else {
- // Base 10, 6 to 10 digits
- val numDigits = digits.toIntOrNull()
- when {
- numDigits == null -> {
- return Err(IllegalArgumentException("Digits specifier has to be either 's' or numeric"))
- }
- numDigits < MINIMUM_DIGITS -> {
- return Err(
- IllegalArgumentException("TOTP codes have to be at least $MINIMUM_DIGITS digits long")
- )
- }
- numDigits > MAXIMUM_DIGITS -> {
- return Err(
- IllegalArgumentException("TOTP codes can be at most $MAXIMUM_DIGITS digits long")
- )
- }
- else -> {
- // 2^31 = 2_147_483_648, so we can extract at most 10 digits with the first one
- // always being 0, 1, or 2. Pad with leading zeroes.
- val codeStringBase10 = codeInt.toString(MAXIMUM_DIGITS).padStart(MAXIMUM_DIGITS, '0')
- check(codeStringBase10.length == MAXIMUM_DIGITS)
- codeStringBase10.takeLast(numDigits)
- }
- }
- }
- }
-}
diff --git a/format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt b/format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt
deleted file mode 100644
index d53d76dc..00000000
--- a/format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt
+++ /dev/null
@@ -1,29 +0,0 @@
-/*
- * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
- * SPDX-License-Identifier: GPL-3.0-only
- */
-
-package app.passwordstore.util.totp
-
-/** Defines a class that can extract relevant parts of a TOTP URL for use by the app. */
-public interface TotpFinder {
-
- /** Get the TOTP secret from the given extra content. */
- public fun findSecret(content: String): String?
-
- /** Get the number of digits required in the final OTP. */
- public fun findDigits(content: String): String
-
- /** Get the TOTP timeout period. */
- public fun findPeriod(content: String): Long
-
- /** Get the algorithm for the TOTP secret. */
- public fun findAlgorithm(content: String): String
-
- /** Get the issuer for the TOTP secret, if any. */
- public fun findIssuer(content: String): String?
-
- public companion object {
- public val TOTP_FIELDS: Array<String> = arrayOf("otpauth://totp", "totp:")
- }
-}
diff --git a/format-common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt b/format-common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt
deleted file mode 100644
index bb97c90c..00000000
--- a/format-common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt
+++ /dev/null
@@ -1,52 +0,0 @@
-package app.passwordstore.util.totp
-
-import com.eygraber.uri.Uri
-import javax.inject.Inject
-
-/** [Uri] backed TOTP URL parser. */
-public class UriTotpFinder @Inject constructor() : TotpFinder {
-
- private companion object {
- private const val DEFAULT_TOTP_PERIOD = 30L
- }
-
- override fun findSecret(content: String): String? {
- content.split("\n".toRegex()).forEach { line ->
- if (line.startsWith(TotpFinder.TOTP_FIELDS[0])) {
- return Uri.parse(line).getQueryParameter("secret")
- }
- if (line.startsWith(TotpFinder.TOTP_FIELDS[1], ignoreCase = true)) {
- return line.split(": *".toRegex(), 2).toTypedArray()[1]
- }
- }
- return null
- }
-
- override fun findDigits(content: String): String {
- return getQueryParameter(content, "digits") ?: "6"
- }
-
- override fun findPeriod(content: String): Long {
- return getQueryParameter(content, "period")?.toLongOrNull() ?: DEFAULT_TOTP_PERIOD
- }
-
- override fun findAlgorithm(content: String): String {
- return getQueryParameter(content, "algorithm") ?: "sha1"
- }
-
- override fun findIssuer(content: String): String? {
- return getQueryParameter(content, "issuer") ?: Uri.parse(content).authority
- }
-
- private fun getQueryParameter(content: String, parameterName: String): String? {
- content.split("\n".toRegex()).forEach { line ->
- val uri = Uri.parse(line)
- if (
- line.startsWith(TotpFinder.TOTP_FIELDS[0]) && uri.getQueryParameter(parameterName) != null
- ) {
- return uri.getQueryParameter(parameterName)
- }
- }
- return null
- }
-}