aboutsummaryrefslogtreecommitdiff
path: root/format
diff options
context:
space:
mode:
Diffstat (limited to 'format')
-rw-r--r--format/common/build.gradle.kts18
-rw-r--r--format/common/lint-baseline.xml4
-rw-r--r--format/common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt231
-rw-r--r--format/common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt6
-rw-r--r--format/common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt26
-rw-r--r--format/common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt90
-rw-r--r--format/common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt29
-rw-r--r--format/common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt52
-rw-r--r--format/common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt212
-rw-r--r--format/common/src/test/kotlin/app/passwordstore/util/time/TestUserClock.kt33
-rw-r--r--format/common/src/test/kotlin/app/passwordstore/util/totp/OtpTest.kt168
-rw-r--r--format/common/src/test/kotlin/app/passwordstore/util/totp/UriTotpFinderTest.kt55
12 files changed, 924 insertions, 0 deletions
diff --git a/format/common/build.gradle.kts b/format/common/build.gradle.kts
new file mode 100644
index 00000000..b4ac58b6
--- /dev/null
+++ b/format/common/build.gradle.kts
@@ -0,0 +1,18 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+plugins { id("com.github.android-password-store.kotlin-jvm-library") }
+
+dependencies {
+ api(libs.kotlinx.coroutines.core)
+ api(libs.thirdparty.kotlinResult)
+ implementation(projects.coroutineUtils)
+ implementation(libs.androidx.annotation)
+ implementation(libs.dagger.hilt.core)
+ implementation(libs.thirdparty.commons.codec)
+ implementation(libs.thirdparty.uri)
+ testImplementation(libs.bundles.testDependencies)
+ testImplementation(libs.kotlinx.coroutines.test)
+ testImplementation(libs.testing.turbine)
+}
diff --git a/format/common/lint-baseline.xml b/format/common/lint-baseline.xml
new file mode 100644
index 00000000..2ed8a3bb
--- /dev/null
+++ b/format/common/lint-baseline.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<issues format="6" by="lint 8.2.0-alpha14" type="baseline" client="gradle" dependencies="false" name="AGP (8.2.0-alpha14)" variant="all" version="8.2.0-alpha14">
+
+</issues>
diff --git a/format/common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt b/format/common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt
new file mode 100644
index 00000000..1618374f
--- /dev/null
+++ b/format/common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt
@@ -0,0 +1,231 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.data.passfile
+
+import androidx.annotation.VisibleForTesting
+import app.passwordstore.util.time.UserClock
+import app.passwordstore.util.totp.Otp
+import app.passwordstore.util.totp.TotpFinder
+import com.github.michaelbull.result.mapBoth
+import dagger.assisted.Assisted
+import dagger.assisted.AssistedFactory
+import dagger.assisted.AssistedInject
+import kotlin.collections.set
+import kotlin.coroutines.coroutineContext
+import kotlin.time.Duration.Companion.milliseconds
+import kotlin.time.Duration.Companion.seconds
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.flow.Flow
+import kotlinx.coroutines.flow.flow
+import kotlinx.coroutines.isActive
+
+/** Represents a single entry in the password store. */
+public class PasswordEntry
+@AssistedInject
+constructor(
+ /** A time source used to calculate the TOTP */
+ private val clock: UserClock,
+ /** [TotpFinder] implementation to extract data from a TOTP URI */
+ private val totpFinder: TotpFinder,
+ /** The content of this entry, as an array of bytes. */
+ @Assisted bytes: ByteArray,
+) {
+
+ private val content = bytes.decodeToString()
+
+ /** The password text for this entry. Can be null. */
+ public val password: String?
+
+ /** The username for this entry. Can be null. */
+ public val username: String?
+
+ /** A [String] to [String] [Map] of the extra content of this entry, in a key:value fashion. */
+ public val extraContent: Map<String, String>
+
+ /**
+ * Direct [String] representation of the extra content of this entry, before any transforms are
+ * applied. Only use this when the extra content is required in a formatting-preserving manner.
+ */
+ public val extraContentString: String
+
+ /**
+ * A [Flow] providing the current TOTP. It will start emitting only when collected. If this entry
+ * does not have a TOTP secret, the flow will never emit. Users should call [hasTotp] before
+ * collection to check if it is valid to collect this [Flow].
+ */
+ public val totp: Flow<Totp> = flow {
+ require(totpSecret != null) { "Cannot collect this flow without a TOTP secret" }
+ do {
+ val otp = calculateTotp()
+ emit(otp)
+ delay(THOUSAND_MILLIS.milliseconds)
+ } while (coroutineContext.isActive)
+ }
+
+ /** Obtain the [Totp.value] for this [PasswordEntry] at the current time. */
+ public val currentOtp: String
+ get() = calculateTotp().value
+
+ /**
+ * String representation of [extraContent] but with authentication related data such as TOTP URIs
+ * and usernames stripped.
+ */
+ public val extraContentWithoutAuthData: String
+ private val totpSecret: String?
+
+ init {
+ val (foundPassword, passContent) = findAndStripPassword(content.split("\n".toRegex()))
+ password = foundPassword
+ extraContentString = passContent.joinToString("\n")
+ extraContentWithoutAuthData = generateExtraContentWithoutAuthData()
+ extraContent = generateExtraContentPairs()
+ username = findUsername()
+ totpSecret = totpFinder.findSecret(content)
+ }
+
+ public fun hasTotp(): Boolean {
+ return totpSecret != null
+ }
+
+ @Suppress("ReturnCount")
+ private fun findAndStripPassword(passContent: List<String>): Pair<String?, List<String>> {
+ if (TotpFinder.TOTP_FIELDS.any { passContent[0].startsWith(it) }) return Pair(null, passContent)
+ for (line in passContent) {
+ for (prefix in PASSWORD_FIELDS) {
+ if (line.startsWith(prefix, ignoreCase = true)) {
+ return Pair(line.substring(prefix.length).trimStart(), passContent.minus(line))
+ }
+ }
+ }
+ return Pair(passContent[0], passContent.minus(passContent[0]))
+ }
+
+ private fun generateExtraContentWithoutAuthData(): String {
+ var foundUsername = false
+ return extraContentString
+ .lineSequence()
+ .filter { line ->
+ return@filter when {
+ USERNAME_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } &&
+ !foundUsername -> {
+ foundUsername = true
+ false
+ }
+ TotpFinder.TOTP_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } -> {
+ false
+ }
+ else -> {
+ true
+ }
+ }
+ }
+ .joinToString(separator = "\n")
+ }
+
+ private fun generateExtraContentPairs(): Map<String, String> {
+ fun MutableMap<String, String>.putOrAppend(key: String, value: String) {
+ if (value.isEmpty()) return
+ val existing = this[key]
+ this[key] =
+ if (existing == null) {
+ value
+ } else {
+ "$existing\n$value"
+ }
+ }
+
+ val items = mutableMapOf<String, String>()
+ extraContentWithoutAuthData.lines().forEach { line ->
+ // Split the line on ':' and save all the parts into an array
+ // "ABC : DEF:GHI" --> ["ABC", "DEF", "GHI"]
+ val splitArray = line.split(":")
+ // Take the first element of the array. This will be the key for the key-value pair.
+ // ["ABC ", " DEF", "GHI"] -> key = "ABC"
+ val key = splitArray.first().trimEnd()
+ // Remove the first element from the array and join the rest of the string again with
+ // ':' as separator.
+ // ["ABC ", " DEF", "GHI"] -> value = "DEF:GHI"
+ val value = splitArray.drop(1).joinToString(":").trimStart()
+
+ if (key.isNotEmpty() && value.isNotEmpty()) {
+ // If both key and value are not empty, we can form a pair with this so add it to
+ // the map.
+ // key = "ABC", value = "DEF:GHI"
+ items[key] = value
+ } else {
+ // If either key or value is empty, we were not able to form proper key-value pair.
+ // So append the original line into an "EXTRA CONTENT" map entry
+ items.putOrAppend(EXTRA_CONTENT, line)
+ }
+ }
+
+ return items
+ }
+
+ private fun findUsername(): String? {
+ extraContentString.splitToSequence("\n").forEach { line ->
+ for (prefix in USERNAME_FIELDS) {
+ if (line.startsWith(prefix, ignoreCase = true))
+ return line.substring(prefix.length).trimStart()
+ }
+ }
+ return null
+ }
+
+ private fun calculateTotp(): Totp {
+ val digits = totpFinder.findDigits(content)
+ val totpPeriod = totpFinder.findPeriod(content)
+ val totpAlgorithm = totpFinder.findAlgorithm(content)
+ val issuer = totpFinder.findIssuer(content)
+ val millis = clock.millis()
+ val remainingTime = (totpPeriod - ((millis / THOUSAND_MILLIS) % totpPeriod)).seconds
+ Otp.calculateCode(
+ totpSecret!!,
+ millis / (THOUSAND_MILLIS * totpPeriod),
+ totpAlgorithm,
+ digits,
+ issuer
+ )
+ .mapBoth(
+ { code ->
+ return Totp(code, remainingTime)
+ },
+ { throwable -> throw throwable }
+ )
+ }
+
+ @AssistedFactory
+ public interface Factory {
+ public fun create(bytes: ByteArray): PasswordEntry
+ }
+
+ public companion object {
+
+ private const val EXTRA_CONTENT = "Extra Content"
+ @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
+ public val USERNAME_FIELDS: Array<String> =
+ arrayOf(
+ "login:",
+ "username:",
+ "user:",
+ "account:",
+ "email:",
+ "mail:",
+ "name:",
+ "handle:",
+ "id:",
+ "identity:",
+ )
+ @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
+ public val PASSWORD_FIELDS: Array<String> =
+ arrayOf(
+ "password:",
+ "secret:",
+ "pass:",
+ )
+ private const val THOUSAND_MILLIS = 1000L
+ }
+}
diff --git a/format/common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt b/format/common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt
new file mode 100644
index 00000000..c279360f
--- /dev/null
+++ b/format/common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt
@@ -0,0 +1,6 @@
+package app.passwordstore.data.passfile
+
+import kotlin.time.Duration
+
+/** Holder for a TOTP secret and the duration for which it is valid. */
+public data class Totp(public val value: String, public val remainingTime: Duration)
diff --git a/format/common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt b/format/common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt
new file mode 100644
index 00000000..4ffeb6a6
--- /dev/null
+++ b/format/common/src/main/kotlin/app/passwordstore/util/time/UserClock.kt
@@ -0,0 +1,26 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.util.time
+
+import java.time.Clock
+import java.time.Instant
+import java.time.ZoneId
+import javax.inject.Inject
+
+/**
+ * A subclass of [Clock] that uses [Clock.systemDefaultZone] to get a clock that works for the
+ * user's current time zone.
+ */
+public open class UserClock @Inject constructor() : Clock() {
+
+ private val clock = systemDefaultZone()
+
+ override fun withZone(zone: ZoneId): Clock = clock.withZone(zone)
+
+ override fun getZone(): ZoneId = clock.zone
+
+ override fun instant(): Instant = clock.instant()
+}
diff --git a/format/common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt b/format/common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt
new file mode 100644
index 00000000..10e771fe
--- /dev/null
+++ b/format/common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt
@@ -0,0 +1,90 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.util.totp
+
+import com.github.michaelbull.result.Err
+import com.github.michaelbull.result.Result
+import com.github.michaelbull.result.runCatching
+import java.nio.ByteBuffer
+import java.util.Locale
+import javax.crypto.Mac
+import javax.crypto.spec.SecretKeySpec
+import kotlin.experimental.and
+import org.apache.commons.codec.binary.Base32
+
+public object Otp {
+
+ private val BASE_32 = Base32()
+ private val STEAM_ALPHABET = "23456789BCDFGHJKMNPQRTVWXY".toCharArray()
+ private const val BYTE_BUFFER_CAPACITY = 8
+ private const val END_INDEX_OFFSET = 4
+ private const val STEAM_GUARD_DIGITS = 5
+ private const val MINIMUM_DIGITS = 6
+ private const val MAXIMUM_DIGITS = 10
+ private const val ALPHABET_LENGTH = 26
+ private const val MOST_SIGNIFICANT_BYTE = 0x7f
+
+ public fun calculateCode(
+ secret: String,
+ counter: Long,
+ algorithm: String,
+ digits: String,
+ issuer: String?,
+ ): Result<String, Throwable> = runCatching {
+ val algo = "Hmac${algorithm.uppercase(Locale.ROOT)}"
+ val decodedSecret = BASE_32.decode(secret)
+ val secretKey = SecretKeySpec(decodedSecret, algo)
+ val digest =
+ Mac.getInstance(algo).run {
+ init(secretKey)
+ doFinal(ByteBuffer.allocate(BYTE_BUFFER_CAPACITY).putLong(counter).array())
+ }
+ // Least significant 4 bits are used as an offset into the digest.
+ val offset = (digest.last() and 0xf).toInt()
+ // Extract 32 bits at the offset and clear the most significant bit.
+ val code = digest.copyOfRange(offset, offset.plus(END_INDEX_OFFSET))
+ code[0] = (MOST_SIGNIFICANT_BYTE and code[0].toInt()).toByte()
+ val codeInt = ByteBuffer.wrap(code).int
+ check(codeInt > 0)
+ // SteamGuard is a horrible OTP implementation that generates non-standard 5 digit OTPs as
+ // well
+ // as uses a custom character set.
+ if (digits == "s" || issuer == "Steam") {
+ var remainingCodeInt = codeInt
+ buildString {
+ repeat(STEAM_GUARD_DIGITS) {
+ append(STEAM_ALPHABET[remainingCodeInt % STEAM_ALPHABET.size])
+ remainingCodeInt /= ALPHABET_LENGTH
+ }
+ }
+ } else {
+ // Base 10, 6 to 10 digits
+ val numDigits = digits.toIntOrNull()
+ when {
+ numDigits == null -> {
+ return Err(IllegalArgumentException("Digits specifier has to be either 's' or numeric"))
+ }
+ numDigits < MINIMUM_DIGITS -> {
+ return Err(
+ IllegalArgumentException("TOTP codes have to be at least $MINIMUM_DIGITS digits long")
+ )
+ }
+ numDigits > MAXIMUM_DIGITS -> {
+ return Err(
+ IllegalArgumentException("TOTP codes can be at most $MAXIMUM_DIGITS digits long")
+ )
+ }
+ else -> {
+ // 2^31 = 2_147_483_648, so we can extract at most 10 digits with the first one
+ // always being 0, 1, or 2. Pad with leading zeroes.
+ val codeStringBase10 = codeInt.toString(MAXIMUM_DIGITS).padStart(MAXIMUM_DIGITS, '0')
+ check(codeStringBase10.length == MAXIMUM_DIGITS)
+ codeStringBase10.takeLast(numDigits)
+ }
+ }
+ }
+ }
+}
diff --git a/format/common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt b/format/common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt
new file mode 100644
index 00000000..d53d76dc
--- /dev/null
+++ b/format/common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt
@@ -0,0 +1,29 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.util.totp
+
+/** Defines a class that can extract relevant parts of a TOTP URL for use by the app. */
+public interface TotpFinder {
+
+ /** Get the TOTP secret from the given extra content. */
+ public fun findSecret(content: String): String?
+
+ /** Get the number of digits required in the final OTP. */
+ public fun findDigits(content: String): String
+
+ /** Get the TOTP timeout period. */
+ public fun findPeriod(content: String): Long
+
+ /** Get the algorithm for the TOTP secret. */
+ public fun findAlgorithm(content: String): String
+
+ /** Get the issuer for the TOTP secret, if any. */
+ public fun findIssuer(content: String): String?
+
+ public companion object {
+ public val TOTP_FIELDS: Array<String> = arrayOf("otpauth://totp", "totp:")
+ }
+}
diff --git a/format/common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt b/format/common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt
new file mode 100644
index 00000000..bb97c90c
--- /dev/null
+++ b/format/common/src/main/kotlin/app/passwordstore/util/totp/UriTotpFinder.kt
@@ -0,0 +1,52 @@
+package app.passwordstore.util.totp
+
+import com.eygraber.uri.Uri
+import javax.inject.Inject
+
+/** [Uri] backed TOTP URL parser. */
+public class UriTotpFinder @Inject constructor() : TotpFinder {
+
+ private companion object {
+ private const val DEFAULT_TOTP_PERIOD = 30L
+ }
+
+ override fun findSecret(content: String): String? {
+ content.split("\n".toRegex()).forEach { line ->
+ if (line.startsWith(TotpFinder.TOTP_FIELDS[0])) {
+ return Uri.parse(line).getQueryParameter("secret")
+ }
+ if (line.startsWith(TotpFinder.TOTP_FIELDS[1], ignoreCase = true)) {
+ return line.split(": *".toRegex(), 2).toTypedArray()[1]
+ }
+ }
+ return null
+ }
+
+ override fun findDigits(content: String): String {
+ return getQueryParameter(content, "digits") ?: "6"
+ }
+
+ override fun findPeriod(content: String): Long {
+ return getQueryParameter(content, "period")?.toLongOrNull() ?: DEFAULT_TOTP_PERIOD
+ }
+
+ override fun findAlgorithm(content: String): String {
+ return getQueryParameter(content, "algorithm") ?: "sha1"
+ }
+
+ override fun findIssuer(content: String): String? {
+ return getQueryParameter(content, "issuer") ?: Uri.parse(content).authority
+ }
+
+ private fun getQueryParameter(content: String, parameterName: String): String? {
+ content.split("\n".toRegex()).forEach { line ->
+ val uri = Uri.parse(line)
+ if (
+ line.startsWith(TotpFinder.TOTP_FIELDS[0]) && uri.getQueryParameter(parameterName) != null
+ ) {
+ return uri.getQueryParameter(parameterName)
+ }
+ }
+ return null
+ }
+}
diff --git a/format/common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt b/format/common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt
new file mode 100644
index 00000000..865a13c1
--- /dev/null
+++ b/format/common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt
@@ -0,0 +1,212 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.data.passfile
+
+import app.cash.turbine.Event
+import app.cash.turbine.test
+import app.passwordstore.util.time.TestUserClock
+import app.passwordstore.util.time.UserClock
+import app.passwordstore.util.totp.UriTotpFinder
+import java.util.Locale
+import kotlin.test.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertNotNull
+import kotlin.test.assertNull
+import kotlin.test.assertTrue
+import kotlin.time.Duration.Companion.seconds
+import kotlinx.coroutines.delay
+import kotlinx.coroutines.test.runTest
+
+class PasswordEntryTest {
+
+ private val totpFinder = UriTotpFinder()
+
+ private fun makeEntry(content: String, clock: UserClock = fakeClock) =
+ PasswordEntry(
+ clock,
+ totpFinder,
+ content.encodeToByteArray(),
+ )
+
+ @Test
+ fun getPassword() {
+ assertEquals("fooooo", makeEntry("fooooo\nbla\n").password)
+ assertEquals("fooooo", makeEntry("fooooo\nbla").password)
+ assertEquals("fooooo", makeEntry("fooooo\n").password)
+ assertEquals("fooooo", makeEntry("fooooo").password)
+ assertEquals("", makeEntry("\nblubb\n").password)
+ assertEquals("", makeEntry("\nblubb").password)
+ assertEquals("", makeEntry("\n").password)
+ assertEquals("", makeEntry("").password)
+ for (field in PasswordEntry.PASSWORD_FIELDS) {
+ assertEquals("fooooo", makeEntry("\n$field fooooo").password)
+ assertEquals("fooooo", makeEntry("\n${field.uppercase(Locale.getDefault())} fooooo").password)
+ assertEquals("fooooo", makeEntry("GOPASS-SECRET-1.0\n$field fooooo").password)
+ assertEquals("fooooo", makeEntry("someFirstLine\nUsername: bar\n$field fooooo").password)
+ }
+ }
+
+ @Test
+ fun getExtraContent() {
+ assertEquals("bla\n", makeEntry("fooooo\nbla\n").extraContentString)
+ assertEquals("bla", makeEntry("fooooo\nbla").extraContentString)
+ assertEquals("", makeEntry("fooooo\n").extraContentString)
+ assertEquals("", makeEntry("fooooo").extraContentString)
+ assertEquals("blubb\n", makeEntry("\nblubb\n").extraContentString)
+ assertEquals("blubb", makeEntry("\nblubb").extraContentString)
+ assertEquals("blubb", makeEntry("blubb\npassword: foo").extraContentString)
+ assertEquals("blubb", makeEntry("password: foo\nblubb").extraContentString)
+ assertEquals(
+ "blubb\nusername: bar",
+ makeEntry("blubb\npassword: foo\nusername: bar").extraContentString
+ )
+ assertEquals("", makeEntry("\n").extraContentString)
+ assertEquals("", makeEntry("").extraContentString)
+ }
+
+ @Test
+ fun parseExtraContentWithoutAuth() {
+ var entry = makeEntry("username: abc\npassword: abc\ntest: abcdef")
+ assertEquals(1, entry.extraContent.size)
+ assertTrue(entry.extraContent.containsKey("test"))
+ assertEquals("abcdef", entry.extraContent["test"])
+
+ entry = makeEntry("username: abc\npassword: abc\ntest: :abcdef:")
+ assertEquals(1, entry.extraContent.size)
+ assertTrue(entry.extraContent.containsKey("test"))
+ assertEquals(":abcdef:", entry.extraContent["test"])
+
+ entry = makeEntry("username: abc\npassword: abc\ntest : ::abc:def::")
+ assertEquals(1, entry.extraContent.size)
+ assertTrue(entry.extraContent.containsKey("test"))
+ assertEquals("::abc:def::", entry.extraContent["test"])
+
+ entry = makeEntry("username: abc\npassword: abc\ntest: abcdef\ntest2: ghijkl")
+ assertEquals(2, entry.extraContent.size)
+ assertTrue(entry.extraContent.containsKey("test2"))
+ assertEquals("ghijkl", entry.extraContent["test2"])
+
+ entry = makeEntry("username: abc\npassword: abc\ntest: abcdef\n: ghijkl\n mnopqr:")
+ assertEquals(2, entry.extraContent.size)
+ assertTrue(entry.extraContent.containsKey("Extra Content"))
+ assertEquals(": ghijkl\n mnopqr:", entry.extraContent["Extra Content"])
+
+ entry = makeEntry("username: abc\npassword: abc\n:\n\n")
+ assertEquals(1, entry.extraContent.size)
+ assertTrue(entry.extraContent.containsKey("Extra Content"))
+ assertEquals(":", entry.extraContent["Extra Content"])
+ }
+
+ @Test
+ fun getUsername() {
+ for (field in PasswordEntry.USERNAME_FIELDS) {
+ assertEquals("username", makeEntry("\n$field username").username)
+ assertEquals(
+ "username",
+ makeEntry("\n${field.uppercase(Locale.getDefault())} username").username
+ )
+ }
+ assertEquals("username", makeEntry("secret\nextra\nlogin: username\ncontent\n").username)
+ assertEquals("username", makeEntry("\nextra\nusername: username\ncontent\n").username)
+ assertEquals("username", makeEntry("\nUSERNaMe: username\ncontent\n").username)
+ assertEquals("username", makeEntry("\nlogin: username").username)
+ assertEquals("foo@example.com", makeEntry("\nemail: foo@example.com").username)
+ assertEquals("username", makeEntry("\nidentity: username\nlogin: another_username").username)
+ assertEquals("username", makeEntry("\nLOGiN:username").username)
+ assertEquals("foo@example.com", makeEntry("pass\nmail: foo@example.com").username)
+ assertNull(makeEntry("secret\nextra\ncontent\n").username)
+ }
+
+ @Test
+ fun hasUsername() {
+ assertNotNull(makeEntry("secret\nextra\nlogin: username\ncontent\n").username)
+ assertNull(makeEntry("secret\nextra\ncontent\n").username)
+ assertNull(makeEntry("secret\nlogin failed\n").username)
+ assertNull(makeEntry("\n").username)
+ assertNull(makeEntry("").username)
+ }
+
+ @Test
+ fun generatesOtpFromTotpUri() = runTest {
+ val entry = makeEntry("secret\nextra\n$TOTP_URI")
+ assertTrue(entry.hasTotp())
+ entry.totp.test {
+ val otp = expectMostRecentItem()
+ assertEquals("818800", otp.value)
+ assertEquals(30.seconds, otp.remainingTime)
+ cancelAndIgnoreRemainingEvents()
+ }
+ }
+
+ /**
+ * Same as [generatesOtpFromTotpUri], but advances the clock by 5 seconds. This exercises the
+ * [Totp.remainingTime] calculation logic, and acts as a regression test to resolve the bug which
+ * blocked https://github.com/Android-Password-Store/Android-Password-Store/issues/1550.
+ */
+ @Test
+ fun generatedOtpHasCorrectRemainingTime() = runTest {
+ val entry = makeEntry("secret\nextra\n$TOTP_URI", TestUserClock.withAddedSeconds(5))
+ assertTrue(entry.hasTotp())
+ entry.totp.test {
+ val otp = expectMostRecentItem()
+ assertEquals("818800", otp.value)
+ assertEquals(25.seconds, otp.remainingTime)
+ cancelAndIgnoreRemainingEvents()
+ }
+ }
+
+ @Test
+ fun generatesOtpWithOnlyUriInFile() = runTest {
+ val entry = makeEntry(TOTP_URI)
+ assertNull(entry.password)
+ entry.totp.test {
+ val otp = expectMostRecentItem()
+ assertEquals("818800", otp.value)
+ assertEquals(30.seconds, otp.remainingTime)
+ cancelAndIgnoreRemainingEvents()
+ }
+ }
+
+ @Test
+ fun emitsTotpEverySecond() = runTest {
+ val entry = makeEntry(TOTP_URI)
+ entry.totp.test {
+ delay(3000L)
+ val events = cancelAndConsumeRemainingEvents()
+ assertEquals(3, events.size)
+ assertTrue { events.all { event -> event is Event.Item<Totp> } }
+ }
+ }
+
+ @Test
+ fun onlyLooksForUriInFirstLine() {
+ val entry = makeEntry("id:\n$TOTP_URI")
+ assertNotNull(entry.password)
+ assertTrue(entry.hasTotp())
+ assertNull(entry.username)
+ }
+
+ // https://github.com/android-password-store/Android-Password-Store/issues/1190
+ @Test
+ fun extraContentWithMultipleUsernameFields() {
+ val entry = makeEntry("pass\nuser: user\nid: id\n$TOTP_URI")
+ assertTrue(entry.extraContent.isNotEmpty())
+ assertTrue(entry.hasTotp())
+ assertNotNull(entry.username)
+ assertEquals("pass", entry.password)
+ assertEquals("user", entry.username)
+ assertEquals(mapOf("id" to "id"), entry.extraContent)
+ }
+
+ companion object {
+
+ @Suppress("MaxLineLength")
+ const val TOTP_URI =
+ "otpauth://totp/ACME%20Co:john@example.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30"
+
+ val fakeClock = TestUserClock()
+ }
+}
diff --git a/format/common/src/test/kotlin/app/passwordstore/util/time/TestUserClock.kt b/format/common/src/test/kotlin/app/passwordstore/util/time/TestUserClock.kt
new file mode 100644
index 00000000..8a860a39
--- /dev/null
+++ b/format/common/src/test/kotlin/app/passwordstore/util/time/TestUserClock.kt
@@ -0,0 +1,33 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.util.time
+
+import java.time.Clock
+import java.time.Instant
+import java.time.ZoneId
+import java.time.ZoneOffset.UTC
+
+/**
+ * Implementation of [UserClock] that is fixed to [Instant.EPOCH] for deterministic time-based tests
+ */
+class TestUserClock(instant: Instant) : UserClock() {
+
+ constructor() : this(Instant.EPOCH)
+
+ private var clock = fixed(instant, UTC)
+
+ override fun withZone(zone: ZoneId): Clock = clock.withZone(zone)
+
+ override fun getZone(): ZoneId = UTC
+
+ override fun instant(): Instant = clock.instant()
+
+ companion object {
+ fun withAddedSeconds(secondsToAdd: Long): TestUserClock {
+ return TestUserClock(Instant.EPOCH.plusSeconds(secondsToAdd))
+ }
+ }
+}
diff --git a/format/common/src/test/kotlin/app/passwordstore/util/totp/OtpTest.kt b/format/common/src/test/kotlin/app/passwordstore/util/totp/OtpTest.kt
new file mode 100644
index 00000000..54ac492d
--- /dev/null
+++ b/format/common/src/test/kotlin/app/passwordstore/util/totp/OtpTest.kt
@@ -0,0 +1,168 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.util.totp
+
+import com.github.michaelbull.result.get
+import kotlin.test.Test
+import kotlin.test.assertEquals
+import kotlin.test.assertNotNull
+import kotlin.test.assertNull
+
+class OtpTest {
+
+ private fun generateOtp(
+ counter: Long,
+ secret: String = "JBSWY3DPEHPK3PXP",
+ algorithm: String = "SHA1",
+ digits: String = "6",
+ issuer: String? = null,
+ ): String? {
+ return Otp.calculateCode(secret, counter, algorithm, digits, issuer).get()
+ }
+
+ @Test
+ fun otpGeneration6Digits() {
+ assertEquals(
+ "953550",
+ generateOtp(
+ counter = 1593333298159 / (1000 * 30),
+ )
+ )
+ assertEquals(
+ "275379",
+ generateOtp(
+ counter = 1593333571918 / (1000 * 30),
+ )
+ )
+ assertEquals(
+ "867507",
+ generateOtp(
+ counter = 1593333600517 / (1000 * 57),
+ )
+ )
+ }
+
+ @Test
+ fun otpGeneration10Digits() {
+ assertEquals(
+ "0740900914",
+ generateOtp(
+ counter = 1593333655044 / (1000 * 30),
+ digits = "10",
+ )
+ )
+ assertEquals(
+ "0070632029",
+ generateOtp(
+ counter = 1593333691405 / (1000 * 30),
+ digits = "10",
+ )
+ )
+ assertEquals(
+ "1017265882",
+ generateOtp(
+ counter = 1593333728893 / (1000 * 83),
+ digits = "10",
+ )
+ )
+ }
+
+ @Test
+ fun otpGenerationIllegalInput() {
+ assertNull(
+ generateOtp(
+ counter = 10000,
+ algorithm = "SHA0",
+ digits = "10",
+ )
+ )
+ assertNull(
+ generateOtp(
+ counter = 10000,
+ digits = "a",
+ )
+ )
+ assertNull(
+ generateOtp(
+ counter = 10000,
+ algorithm = "SHA1",
+ digits = "5",
+ )
+ )
+ assertNull(
+ generateOtp(
+ counter = 10000,
+ digits = "11",
+ )
+ )
+ assertNull(
+ generateOtp(
+ counter = 10000,
+ secret = "JBSWY3DPEHPK3PXPAAAAB",
+ digits = "6",
+ )
+ )
+ }
+
+ @Test
+ fun otpGenerationUnusualSecrets() {
+ assertEquals(
+ "127764",
+ generateOtp(
+ counter = 1593367111963 / (1000 * 30),
+ secret = "JBSWY3DPEHPK3PXPAAAAAAAA",
+ )
+ )
+ assertEquals(
+ "047515",
+ generateOtp(
+ counter = 1593367171420 / (1000 * 30),
+ secret = "JBSWY3DPEHPK3PXPAAAAA",
+ )
+ )
+ }
+
+ @Test
+ fun otpGenerationUnpaddedSecrets() {
+ // Secret was generated with `echo 'string with some padding needed' | base32`
+ // We don't care for the resultant OTP's actual value, we just want both the padded and
+ // unpadded variant to generate the same one.
+ val unpaddedOtp =
+ generateOtp(
+ counter = 1593367171420 / (1000 * 30),
+ secret = "ON2HE2LOM4QHO2LUNAQHG33NMUQHAYLEMRUW4ZZANZSWKZDFMQFA",
+ )
+ val paddedOtp =
+ generateOtp(
+ counter = 1593367171420 / (1000 * 30),
+ secret = "ON2HE2LOM4QHO2LUNAQHG33NMUQHAYLEMRUW4ZZANZSWKZDFMQFA====",
+ )
+
+ assertNotNull(unpaddedOtp)
+ assertNotNull(paddedOtp)
+ assertEquals(unpaddedOtp, paddedOtp)
+ }
+
+ @Test
+ fun generateSteamTotp() {
+ val issuerOtp =
+ generateOtp(
+ counter = 48297900 / (1000 * 30),
+ secret = "STK7746GVMCHMNH5FBIAQXGPV3I7ZHRG",
+ issuer = "Steam",
+ )
+ val digitsOtp =
+ generateOtp(
+ counter = 48297900 / (1000 * 30),
+ secret = "STK7746GVMCHMNH5FBIAQXGPV3I7ZHRG",
+ digits = "s",
+ )
+ assertNotNull(issuerOtp)
+ assertNotNull(digitsOtp)
+ assertEquals("6M3CT", issuerOtp)
+ assertEquals("6M3CT", digitsOtp)
+ }
+}
diff --git a/format/common/src/test/kotlin/app/passwordstore/util/totp/UriTotpFinderTest.kt b/format/common/src/test/kotlin/app/passwordstore/util/totp/UriTotpFinderTest.kt
new file mode 100644
index 00000000..e462c490
--- /dev/null
+++ b/format/common/src/test/kotlin/app/passwordstore/util/totp/UriTotpFinderTest.kt
@@ -0,0 +1,55 @@
+/*
+ * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved.
+ * SPDX-License-Identifier: GPL-3.0-only
+ */
+
+package app.passwordstore.util.totp
+
+import kotlin.test.Test
+import kotlin.test.assertEquals
+
+class UriTotpFinderTest {
+
+ private val totpFinder = UriTotpFinder()
+
+ @Test
+ fun findSecret() {
+ assertEquals("HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ", totpFinder.findSecret(TOTP_URI))
+ assertEquals(
+ "HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ",
+ totpFinder.findSecret("name\npassword\ntotp: HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ")
+ )
+ assertEquals("HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ", totpFinder.findSecret(PASS_FILE_CONTENT))
+ }
+
+ @Test
+ fun findDigits() {
+ assertEquals("12", totpFinder.findDigits(TOTP_URI))
+ assertEquals("12", totpFinder.findDigits(PASS_FILE_CONTENT))
+ }
+
+ @Test
+ fun findPeriod() {
+ assertEquals(25, totpFinder.findPeriod(TOTP_URI))
+ assertEquals(25, totpFinder.findPeriod(PASS_FILE_CONTENT))
+ }
+
+ @Test
+ fun findAlgorithm() {
+ assertEquals("SHA256", totpFinder.findAlgorithm(TOTP_URI))
+ assertEquals("SHA256", totpFinder.findAlgorithm(PASS_FILE_CONTENT))
+ }
+
+ @Test
+ fun findIssuer() {
+ assertEquals("ACME Co", totpFinder.findIssuer(TOTP_URI))
+ assertEquals("ACME Co", totpFinder.findIssuer(PASS_FILE_CONTENT))
+ }
+
+ companion object {
+
+ const val TOTP_URI =
+ "otpauth://totp/ACME%20Co:john@example.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA256&digits=12&period=25"
+ const val PASS_FILE_CONTENT = "password\n$TOTP_URI"
+ }
+}