From 549ee790d3e52bc62565ddf92e6a556e98b5195e Mon Sep 17 00:00:00 2001 From: Harsh Shandilya Date: Fri, 15 Jul 2022 00:53:48 +0530 Subject: all: re-do package structure yet again --- format-common/src/main/AndroidManifest.xml | 6 - .../passwordstore/data/passfile/PasswordEntry.kt | 221 ++++++++++++++++++++ .../kotlin/app/passwordstore/data/passfile/Totp.kt | 8 + .../kotlin/app/passwordstore/util/time/Clocks.kt | 26 +++ .../main/kotlin/app/passwordstore/util/totp/Otp.kt | 78 +++++++ .../app/passwordstore/util/totp/TotpFinder.kt | 29 +++ .../msfjarvis/aps/data/passfile/PasswordEntry.kt | 221 -------------------- .../kotlin/dev/msfjarvis/aps/data/passfile/Totp.kt | 8 - .../kotlin/dev/msfjarvis/aps/util/time/Clocks.kt | 26 --- .../main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt | 78 ------- .../dev/msfjarvis/aps/util/totp/TotpFinder.kt | 29 --- .../data/passfile/PasswordEntryTest.kt | 225 +++++++++++++++++++++ .../app/passwordstore/util/time/TestClocks.kt | 33 +++ .../kotlin/app/passwordstore/util/totp/OtpTest.kt | 148 ++++++++++++++ .../aps/data/passfile/PasswordEntryTest.kt | 225 --------------------- .../dev/msfjarvis/aps/util/time/TestClocks.kt | 33 --- .../kotlin/dev/msfjarvis/aps/util/totp/OtpTest.kt | 148 -------------- 17 files changed, 768 insertions(+), 774 deletions(-) delete mode 100644 format-common/src/main/AndroidManifest.xml create mode 100644 format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt create mode 100644 format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt create mode 100644 format-common/src/main/kotlin/app/passwordstore/util/time/Clocks.kt create mode 100644 format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt create mode 100644 format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt delete mode 100644 format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt delete mode 100644 format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/Totp.kt delete mode 100644 format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt delete mode 100644 format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt delete mode 100644 format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt create mode 100644 format-common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt create mode 100644 format-common/src/test/kotlin/app/passwordstore/util/time/TestClocks.kt create mode 100644 format-common/src/test/kotlin/app/passwordstore/util/totp/OtpTest.kt delete mode 100644 format-common/src/test/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntryTest.kt delete mode 100644 format-common/src/test/kotlin/dev/msfjarvis/aps/util/time/TestClocks.kt delete mode 100644 format-common/src/test/kotlin/dev/msfjarvis/aps/util/totp/OtpTest.kt (limited to 'format-common') diff --git a/format-common/src/main/AndroidManifest.xml b/format-common/src/main/AndroidManifest.xml deleted file mode 100644 index 4148bbbb..00000000 --- a/format-common/src/main/AndroidManifest.xml +++ /dev/null @@ -1,6 +0,0 @@ - - - diff --git a/format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt b/format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt new file mode 100644 index 00000000..9543eb8c --- /dev/null +++ b/format-common/src/main/kotlin/app/passwordstore/data/passfile/PasswordEntry.kt @@ -0,0 +1,221 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package app.passwordstore.data.passfile + +import app.passwordstore.util.time.UserClock +import app.passwordstore.util.totp.Otp +import app.passwordstore.util.totp.TotpFinder +import com.github.michaelbull.result.mapBoth +import dagger.assisted.Assisted +import dagger.assisted.AssistedFactory +import dagger.assisted.AssistedInject +import kotlin.collections.set +import kotlin.coroutines.coroutineContext +import kotlin.time.Duration.Companion.seconds +import kotlin.time.ExperimentalTime +import kotlinx.coroutines.awaitCancellation +import kotlinx.coroutines.delay +import kotlinx.coroutines.flow.Flow +import kotlinx.coroutines.flow.flow +import kotlinx.coroutines.isActive + +/** Represents a single entry in the password store. */ +@OptIn(ExperimentalTime::class) +public class PasswordEntry +@AssistedInject +constructor( + /** A time source used to calculate the TOTP */ + private val clock: UserClock, + /** [TotpFinder] implementation to extract data from a TOTP URI */ + private val totpFinder: TotpFinder, + /** The content of this entry, as an array of bytes. */ + @Assisted bytes: ByteArray, +) { + + private val content = bytes.decodeToString() + + /** The password text for this entry. Can be null. */ + public val password: String? + + /** The username for this entry. Can be null. */ + public val username: String? + + /** A [String] to [String] [Map] of the extra content of this entry, in a key:value fashion. */ + public val extraContent: Map + + /** + * Direct [String] representation of the extra content of this entry, before any transforms are + * applied. Only use this when the extra content is required in a formatting-preserving manner. + */ + public val extraContentString: String + + /** + * A [Flow] providing the current TOTP. It will start emitting only when collected. If this entry + * does not have a TOTP secret, the flow will never emit. Users should call [hasTotp] before + * collection to check if it is valid to collect this [Flow]. + */ + public val totp: Flow = flow { + if (totpSecret != null) { + do { + val otp = calculateTotp() + emit(otp) + delay(1000L) + } while (coroutineContext.isActive) + } else { + awaitCancellation() + } + } + + /** + * String representation of [extraContent] but with authentication related data such as TOTP URIs + * and usernames stripped. + */ + public val extraContentWithoutAuthData: String + private val totpSecret: String? + + init { + val (foundPassword, passContent) = findAndStripPassword(content.split("\n".toRegex())) + password = foundPassword + extraContentString = passContent.joinToString("\n") + extraContentWithoutAuthData = generateExtraContentWithoutAuthData() + extraContent = generateExtraContentPairs() + username = findUsername() + totpSecret = totpFinder.findSecret(content) + } + + public fun hasTotp(): Boolean { + return totpSecret != null + } + + private fun findAndStripPassword(passContent: List): Pair> { + if (TotpFinder.TOTP_FIELDS.any { passContent[0].startsWith(it) }) return Pair(null, passContent) + for (line in passContent) { + for (prefix in PASSWORD_FIELDS) { + if (line.startsWith(prefix, ignoreCase = true)) { + return Pair(line.substring(prefix.length).trimStart(), passContent.minus(line)) + } + } + } + return Pair(passContent[0], passContent.minus(passContent[0])) + } + + private fun generateExtraContentWithoutAuthData(): String { + var foundUsername = false + return extraContentString + .lineSequence() + .filter { line -> + return@filter when { + USERNAME_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } && + !foundUsername -> { + foundUsername = true + false + } + TotpFinder.TOTP_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } -> { + false + } + else -> { + true + } + } + } + .joinToString(separator = "\n") + } + + private fun generateExtraContentPairs(): Map { + fun MutableMap.putOrAppend(key: String, value: String) { + if (value.isEmpty()) return + val existing = this[key] + this[key] = + if (existing == null) { + value + } else { + "$existing\n$value" + } + } + + val items = mutableMapOf() + extraContentWithoutAuthData.lines().forEach { line -> + // Split the line on ':' and save all the parts into an array + // "ABC : DEF:GHI" --> ["ABC", "DEF", "GHI"] + val splitArray = line.split(":") + // Take the first element of the array. This will be the key for the key-value pair. + // ["ABC ", " DEF", "GHI"] -> key = "ABC" + val key = splitArray.first().trimEnd() + // Remove the first element from the array and join the rest of the string again with + // ':' as separator. + // ["ABC ", " DEF", "GHI"] -> value = "DEF:GHI" + val value = splitArray.drop(1).joinToString(":").trimStart() + + if (key.isNotEmpty() && value.isNotEmpty()) { + // If both key and value are not empty, we can form a pair with this so add it to + // the map. + // key = "ABC", value = "DEF:GHI" + items[key] = value + } else { + // If either key or value is empty, we were not able to form proper key-value pair. + // So append the original line into an "EXTRA CONTENT" map entry + items.putOrAppend(EXTRA_CONTENT, line) + } + } + + return items + } + + private fun findUsername(): String? { + extraContentString.splitToSequence("\n").forEach { line -> + for (prefix in USERNAME_FIELDS) { + if (line.startsWith(prefix, ignoreCase = true)) + return line.substring(prefix.length).trimStart() + } + } + return null + } + + private fun calculateTotp(): Totp { + val digits = totpFinder.findDigits(content) + val totpPeriod = totpFinder.findPeriod(content) + val totpAlgorithm = totpFinder.findAlgorithm(content) + val issuer = totpFinder.findIssuer(content) + val millis = clock.millis() + val remainingTime = (totpPeriod - ((millis / 1000) % totpPeriod)).seconds + Otp.calculateCode(totpSecret!!, millis / (1000 * totpPeriod), totpAlgorithm, digits, issuer) + .mapBoth( + { code -> + return Totp(code, remainingTime) + }, + { throwable -> throw throwable } + ) + } + + @AssistedFactory + public interface Factory { + public fun create(bytes: ByteArray): PasswordEntry + } + + internal companion object { + + private const val EXTRA_CONTENT = "Extra Content" + internal val USERNAME_FIELDS = + arrayOf( + "login:", + "username:", + "user:", + "account:", + "email:", + "mail:", + "name:", + "handle:", + "id:", + "identity:", + ) + internal val PASSWORD_FIELDS = + arrayOf( + "password:", + "secret:", + "pass:", + ) + } +} diff --git a/format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt b/format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt new file mode 100644 index 00000000..2f42977b --- /dev/null +++ b/format-common/src/main/kotlin/app/passwordstore/data/passfile/Totp.kt @@ -0,0 +1,8 @@ +package app.passwordstore.data.passfile + +import kotlin.time.Duration +import kotlin.time.ExperimentalTime + +/** Holder for a TOTP secret and the duration for which it is valid. */ +@OptIn(ExperimentalTime::class) +public data class Totp(public val value: String, public val remainingTime: Duration) diff --git a/format-common/src/main/kotlin/app/passwordstore/util/time/Clocks.kt b/format-common/src/main/kotlin/app/passwordstore/util/time/Clocks.kt new file mode 100644 index 00000000..4ffeb6a6 --- /dev/null +++ b/format-common/src/main/kotlin/app/passwordstore/util/time/Clocks.kt @@ -0,0 +1,26 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package app.passwordstore.util.time + +import java.time.Clock +import java.time.Instant +import java.time.ZoneId +import javax.inject.Inject + +/** + * A subclass of [Clock] that uses [Clock.systemDefaultZone] to get a clock that works for the + * user's current time zone. + */ +public open class UserClock @Inject constructor() : Clock() { + + private val clock = systemDefaultZone() + + override fun withZone(zone: ZoneId): Clock = clock.withZone(zone) + + override fun getZone(): ZoneId = clock.zone + + override fun instant(): Instant = clock.instant() +} diff --git a/format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt b/format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt new file mode 100644 index 00000000..72d5cffe --- /dev/null +++ b/format-common/src/main/kotlin/app/passwordstore/util/totp/Otp.kt @@ -0,0 +1,78 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package app.passwordstore.util.totp + +import com.github.michaelbull.result.Err +import com.github.michaelbull.result.runCatching +import java.nio.ByteBuffer +import java.util.Locale +import javax.crypto.Mac +import javax.crypto.spec.SecretKeySpec +import kotlin.experimental.and +import org.apache.commons.codec.binary.Base32 + +internal object Otp { + + private val BASE_32 = Base32() + private val STEAM_ALPHABET = "23456789BCDFGHJKMNPQRTVWXY".toCharArray() + + fun calculateCode( + secret: String, + counter: Long, + algorithm: String, + digits: String, + issuer: String?, + ) = runCatching { + val algo = "Hmac${algorithm.uppercase(Locale.ROOT)}" + val decodedSecret = BASE_32.decode(secret) + val secretKey = SecretKeySpec(decodedSecret, algo) + val digest = + Mac.getInstance(algo).run { + init(secretKey) + doFinal(ByteBuffer.allocate(8).putLong(counter).array()) + } + // Least significant 4 bits are used as an offset into the digest. + val offset = (digest.last() and 0xf).toInt() + // Extract 32 bits at the offset and clear the most significant bit. + val code = digest.copyOfRange(offset, offset + 4) + code[0] = (0x7f and code[0].toInt()).toByte() + val codeInt = ByteBuffer.wrap(code).int + check(codeInt > 0) + // SteamGuard is a horrible OTP implementation that generates non-standard 5 digit OTPs as + // well + // as uses a custom character set. + if (digits == "s" || issuer == "Steam") { + var remainingCodeInt = codeInt + buildString { + repeat(5) { + append(STEAM_ALPHABET[remainingCodeInt % STEAM_ALPHABET.size]) + remainingCodeInt /= 26 + } + } + } else { + // Base 10, 6 to 10 digits + val numDigits = digits.toIntOrNull() + when { + numDigits == null -> { + return Err(IllegalArgumentException("Digits specifier has to be either 's' or numeric")) + } + numDigits < 6 -> { + return Err(IllegalArgumentException("TOTP codes have to be at least 6 digits long")) + } + numDigits > 10 -> { + return Err(IllegalArgumentException("TOTP codes can be at most 10 digits long")) + } + else -> { + // 2^31 = 2_147_483_648, so we can extract at most 10 digits with the first one + // always being 0, 1, or 2. Pad with leading zeroes. + val codeStringBase10 = codeInt.toString(10).padStart(10, '0') + check(codeStringBase10.length == 10) + codeStringBase10.takeLast(numDigits) + } + } + } + } +} diff --git a/format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt b/format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt new file mode 100644 index 00000000..d53d76dc --- /dev/null +++ b/format-common/src/main/kotlin/app/passwordstore/util/totp/TotpFinder.kt @@ -0,0 +1,29 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package app.passwordstore.util.totp + +/** Defines a class that can extract relevant parts of a TOTP URL for use by the app. */ +public interface TotpFinder { + + /** Get the TOTP secret from the given extra content. */ + public fun findSecret(content: String): String? + + /** Get the number of digits required in the final OTP. */ + public fun findDigits(content: String): String + + /** Get the TOTP timeout period. */ + public fun findPeriod(content: String): Long + + /** Get the algorithm for the TOTP secret. */ + public fun findAlgorithm(content: String): String + + /** Get the issuer for the TOTP secret, if any. */ + public fun findIssuer(content: String): String? + + public companion object { + public val TOTP_FIELDS: Array = arrayOf("otpauth://totp", "totp:") + } +} diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt deleted file mode 100644 index a0a85f3e..00000000 --- a/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt +++ /dev/null @@ -1,221 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package dev.msfjarvis.aps.data.passfile - -import com.github.michaelbull.result.mapBoth -import dagger.assisted.Assisted -import dagger.assisted.AssistedFactory -import dagger.assisted.AssistedInject -import dev.msfjarvis.aps.util.time.UserClock -import dev.msfjarvis.aps.util.totp.Otp -import dev.msfjarvis.aps.util.totp.TotpFinder -import kotlin.collections.set -import kotlin.coroutines.coroutineContext -import kotlin.time.Duration.Companion.seconds -import kotlin.time.ExperimentalTime -import kotlinx.coroutines.awaitCancellation -import kotlinx.coroutines.delay -import kotlinx.coroutines.flow.Flow -import kotlinx.coroutines.flow.flow -import kotlinx.coroutines.isActive - -/** Represents a single entry in the password store. */ -@OptIn(ExperimentalTime::class) -public class PasswordEntry -@AssistedInject -constructor( - /** A time source used to calculate the TOTP */ - private val clock: UserClock, - /** [TotpFinder] implementation to extract data from a TOTP URI */ - private val totpFinder: TotpFinder, - /** The content of this entry, as an array of bytes. */ - @Assisted bytes: ByteArray, -) { - - private val content = bytes.decodeToString() - - /** The password text for this entry. Can be null. */ - public val password: String? - - /** The username for this entry. Can be null. */ - public val username: String? - - /** A [String] to [String] [Map] of the extra content of this entry, in a key:value fashion. */ - public val extraContent: Map - - /** - * Direct [String] representation of the extra content of this entry, before any transforms are - * applied. Only use this when the extra content is required in a formatting-preserving manner. - */ - public val extraContentString: String - - /** - * A [Flow] providing the current TOTP. It will start emitting only when collected. If this entry - * does not have a TOTP secret, the flow will never emit. Users should call [hasTotp] before - * collection to check if it is valid to collect this [Flow]. - */ - public val totp: Flow = flow { - if (totpSecret != null) { - do { - val otp = calculateTotp() - emit(otp) - delay(1000L) - } while (coroutineContext.isActive) - } else { - awaitCancellation() - } - } - - /** - * String representation of [extraContent] but with authentication related data such as TOTP URIs - * and usernames stripped. - */ - public val extraContentWithoutAuthData: String - private val totpSecret: String? - - init { - val (foundPassword, passContent) = findAndStripPassword(content.split("\n".toRegex())) - password = foundPassword - extraContentString = passContent.joinToString("\n") - extraContentWithoutAuthData = generateExtraContentWithoutAuthData() - extraContent = generateExtraContentPairs() - username = findUsername() - totpSecret = totpFinder.findSecret(content) - } - - public fun hasTotp(): Boolean { - return totpSecret != null - } - - private fun findAndStripPassword(passContent: List): Pair> { - if (TotpFinder.TOTP_FIELDS.any { passContent[0].startsWith(it) }) return Pair(null, passContent) - for (line in passContent) { - for (prefix in PASSWORD_FIELDS) { - if (line.startsWith(prefix, ignoreCase = true)) { - return Pair(line.substring(prefix.length).trimStart(), passContent.minus(line)) - } - } - } - return Pair(passContent[0], passContent.minus(passContent[0])) - } - - private fun generateExtraContentWithoutAuthData(): String { - var foundUsername = false - return extraContentString - .lineSequence() - .filter { line -> - return@filter when { - USERNAME_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } && - !foundUsername -> { - foundUsername = true - false - } - TotpFinder.TOTP_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } -> { - false - } - else -> { - true - } - } - } - .joinToString(separator = "\n") - } - - private fun generateExtraContentPairs(): Map { - fun MutableMap.putOrAppend(key: String, value: String) { - if (value.isEmpty()) return - val existing = this[key] - this[key] = - if (existing == null) { - value - } else { - "$existing\n$value" - } - } - - val items = mutableMapOf() - extraContentWithoutAuthData.lines().forEach { line -> - // Split the line on ':' and save all the parts into an array - // "ABC : DEF:GHI" --> ["ABC", "DEF", "GHI"] - val splitArray = line.split(":") - // Take the first element of the array. This will be the key for the key-value pair. - // ["ABC ", " DEF", "GHI"] -> key = "ABC" - val key = splitArray.first().trimEnd() - // Remove the first element from the array and join the rest of the string again with - // ':' as separator. - // ["ABC ", " DEF", "GHI"] -> value = "DEF:GHI" - val value = splitArray.drop(1).joinToString(":").trimStart() - - if (key.isNotEmpty() && value.isNotEmpty()) { - // If both key and value are not empty, we can form a pair with this so add it to - // the map. - // key = "ABC", value = "DEF:GHI" - items[key] = value - } else { - // If either key or value is empty, we were not able to form proper key-value pair. - // So append the original line into an "EXTRA CONTENT" map entry - items.putOrAppend(EXTRA_CONTENT, line) - } - } - - return items - } - - private fun findUsername(): String? { - extraContentString.splitToSequence("\n").forEach { line -> - for (prefix in USERNAME_FIELDS) { - if (line.startsWith(prefix, ignoreCase = true)) - return line.substring(prefix.length).trimStart() - } - } - return null - } - - private fun calculateTotp(): Totp { - val digits = totpFinder.findDigits(content) - val totpPeriod = totpFinder.findPeriod(content) - val totpAlgorithm = totpFinder.findAlgorithm(content) - val issuer = totpFinder.findIssuer(content) - val millis = clock.millis() - val remainingTime = (totpPeriod - ((millis / 1000) % totpPeriod)).seconds - Otp.calculateCode(totpSecret!!, millis / (1000 * totpPeriod), totpAlgorithm, digits, issuer) - .mapBoth( - { code -> - return Totp(code, remainingTime) - }, - { throwable -> throw throwable } - ) - } - - @AssistedFactory - public interface Factory { - public fun create(bytes: ByteArray): PasswordEntry - } - - internal companion object { - - private const val EXTRA_CONTENT = "Extra Content" - internal val USERNAME_FIELDS = - arrayOf( - "login:", - "username:", - "user:", - "account:", - "email:", - "mail:", - "name:", - "handle:", - "id:", - "identity:", - ) - internal val PASSWORD_FIELDS = - arrayOf( - "password:", - "secret:", - "pass:", - ) - } -} diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/Totp.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/Totp.kt deleted file mode 100644 index a43cce6a..00000000 --- a/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/Totp.kt +++ /dev/null @@ -1,8 +0,0 @@ -package dev.msfjarvis.aps.data.passfile - -import kotlin.time.Duration -import kotlin.time.ExperimentalTime - -/** Holder for a TOTP secret and the duration for which it is valid. */ -@OptIn(ExperimentalTime::class) -public data class Totp(public val value: String, public val remainingTime: Duration) diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt deleted file mode 100644 index 087a5028..00000000 --- a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt +++ /dev/null @@ -1,26 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package dev.msfjarvis.aps.util.time - -import java.time.Clock -import java.time.Instant -import java.time.ZoneId -import javax.inject.Inject - -/** - * A subclass of [Clock] that uses [Clock.systemDefaultZone] to get a clock that works for the - * user's current time zone. - */ -public open class UserClock @Inject constructor() : Clock() { - - private val clock = systemDefaultZone() - - override fun withZone(zone: ZoneId): Clock = clock.withZone(zone) - - override fun getZone(): ZoneId = clock.zone - - override fun instant(): Instant = clock.instant() -} diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt deleted file mode 100644 index 1a548d92..00000000 --- a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt +++ /dev/null @@ -1,78 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package dev.msfjarvis.aps.util.totp - -import com.github.michaelbull.result.Err -import com.github.michaelbull.result.runCatching -import java.nio.ByteBuffer -import java.util.Locale -import javax.crypto.Mac -import javax.crypto.spec.SecretKeySpec -import kotlin.experimental.and -import org.apache.commons.codec.binary.Base32 - -internal object Otp { - - private val BASE_32 = Base32() - private val STEAM_ALPHABET = "23456789BCDFGHJKMNPQRTVWXY".toCharArray() - - fun calculateCode( - secret: String, - counter: Long, - algorithm: String, - digits: String, - issuer: String?, - ) = runCatching { - val algo = "Hmac${algorithm.uppercase(Locale.ROOT)}" - val decodedSecret = BASE_32.decode(secret) - val secretKey = SecretKeySpec(decodedSecret, algo) - val digest = - Mac.getInstance(algo).run { - init(secretKey) - doFinal(ByteBuffer.allocate(8).putLong(counter).array()) - } - // Least significant 4 bits are used as an offset into the digest. - val offset = (digest.last() and 0xf).toInt() - // Extract 32 bits at the offset and clear the most significant bit. - val code = digest.copyOfRange(offset, offset + 4) - code[0] = (0x7f and code[0].toInt()).toByte() - val codeInt = ByteBuffer.wrap(code).int - check(codeInt > 0) - // SteamGuard is a horrible OTP implementation that generates non-standard 5 digit OTPs as - // well - // as uses a custom character set. - if (digits == "s" || issuer == "Steam") { - var remainingCodeInt = codeInt - buildString { - repeat(5) { - append(STEAM_ALPHABET[remainingCodeInt % STEAM_ALPHABET.size]) - remainingCodeInt /= 26 - } - } - } else { - // Base 10, 6 to 10 digits - val numDigits = digits.toIntOrNull() - when { - numDigits == null -> { - return Err(IllegalArgumentException("Digits specifier has to be either 's' or numeric")) - } - numDigits < 6 -> { - return Err(IllegalArgumentException("TOTP codes have to be at least 6 digits long")) - } - numDigits > 10 -> { - return Err(IllegalArgumentException("TOTP codes can be at most 10 digits long")) - } - else -> { - // 2^31 = 2_147_483_648, so we can extract at most 10 digits with the first one - // always being 0, 1, or 2. Pad with leading zeroes. - val codeStringBase10 = codeInt.toString(10).padStart(10, '0') - check(codeStringBase10.length == 10) - codeStringBase10.takeLast(numDigits) - } - } - } - } -} diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt deleted file mode 100644 index 1cb7de97..00000000 --- a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt +++ /dev/null @@ -1,29 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package dev.msfjarvis.aps.util.totp - -/** Defines a class that can extract relevant parts of a TOTP URL for use by the app. */ -public interface TotpFinder { - - /** Get the TOTP secret from the given extra content. */ - public fun findSecret(content: String): String? - - /** Get the number of digits required in the final OTP. */ - public fun findDigits(content: String): String - - /** Get the TOTP timeout period. */ - public fun findPeriod(content: String): Long - - /** Get the algorithm for the TOTP secret. */ - public fun findAlgorithm(content: String): String - - /** Get the issuer for the TOTP secret, if any. */ - public fun findIssuer(content: String): String? - - public companion object { - public val TOTP_FIELDS: Array = arrayOf("otpauth://totp", "totp:") - } -} diff --git a/format-common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt b/format-common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt new file mode 100644 index 00000000..f492604d --- /dev/null +++ b/format-common/src/test/kotlin/app/passwordstore/data/passfile/PasswordEntryTest.kt @@ -0,0 +1,225 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package app.passwordstore.data.passfile + +import app.cash.turbine.test +import app.passwordstore.test.CoroutineTestRule +import app.passwordstore.util.time.TestUserClock +import app.passwordstore.util.time.UserClock +import app.passwordstore.util.totp.TotpFinder +import java.util.Locale +import kotlin.test.Test +import kotlin.test.assertEquals +import kotlin.test.assertNotNull +import kotlin.test.assertNull +import kotlin.test.assertTrue +import kotlin.time.Duration.Companion.seconds +import kotlin.time.ExperimentalTime +import kotlinx.coroutines.ExperimentalCoroutinesApi +import kotlinx.coroutines.test.runTest +import org.junit.Rule + +@OptIn(ExperimentalCoroutinesApi::class, ExperimentalTime::class) +class PasswordEntryTest { + + @get:Rule val coroutineTestRule: CoroutineTestRule = CoroutineTestRule() + private fun makeEntry(content: String, clock: UserClock = fakeClock) = + PasswordEntry( + clock, + testFinder, + content.encodeToByteArray(), + ) + + @Test + fun getPassword() { + assertEquals("fooooo", makeEntry("fooooo\nbla\n").password) + assertEquals("fooooo", makeEntry("fooooo\nbla").password) + assertEquals("fooooo", makeEntry("fooooo\n").password) + assertEquals("fooooo", makeEntry("fooooo").password) + assertEquals("", makeEntry("\nblubb\n").password) + assertEquals("", makeEntry("\nblubb").password) + assertEquals("", makeEntry("\n").password) + assertEquals("", makeEntry("").password) + for (field in PasswordEntry.PASSWORD_FIELDS) { + assertEquals("fooooo", makeEntry("\n$field fooooo").password) + assertEquals("fooooo", makeEntry("\n${field.uppercase(Locale.getDefault())} fooooo").password) + assertEquals("fooooo", makeEntry("GOPASS-SECRET-1.0\n$field fooooo").password) + assertEquals("fooooo", makeEntry("someFirstLine\nUsername: bar\n$field fooooo").password) + } + } + + @Test + fun getExtraContent() { + assertEquals("bla\n", makeEntry("fooooo\nbla\n").extraContentString) + assertEquals("bla", makeEntry("fooooo\nbla").extraContentString) + assertEquals("", makeEntry("fooooo\n").extraContentString) + assertEquals("", makeEntry("fooooo").extraContentString) + assertEquals("blubb\n", makeEntry("\nblubb\n").extraContentString) + assertEquals("blubb", makeEntry("\nblubb").extraContentString) + assertEquals("blubb", makeEntry("blubb\npassword: foo").extraContentString) + assertEquals("blubb", makeEntry("password: foo\nblubb").extraContentString) + assertEquals( + "blubb\nusername: bar", + makeEntry("blubb\npassword: foo\nusername: bar").extraContentString + ) + assertEquals("", makeEntry("\n").extraContentString) + assertEquals("", makeEntry("").extraContentString) + } + + @Test + fun parseExtraContentWithoutAuth() { + var entry = makeEntry("username: abc\npassword: abc\ntest: abcdef") + assertEquals(1, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("test")) + assertEquals("abcdef", entry.extraContent["test"]) + + entry = makeEntry("username: abc\npassword: abc\ntest: :abcdef:") + assertEquals(1, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("test")) + assertEquals(":abcdef:", entry.extraContent["test"]) + + entry = makeEntry("username: abc\npassword: abc\ntest : ::abc:def::") + assertEquals(1, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("test")) + assertEquals("::abc:def::", entry.extraContent["test"]) + + entry = makeEntry("username: abc\npassword: abc\ntest: abcdef\ntest2: ghijkl") + assertEquals(2, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("test2")) + assertEquals("ghijkl", entry.extraContent["test2"]) + + entry = makeEntry("username: abc\npassword: abc\ntest: abcdef\n: ghijkl\n mnopqr:") + assertEquals(2, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("Extra Content")) + assertEquals(": ghijkl\n mnopqr:", entry.extraContent["Extra Content"]) + + entry = makeEntry("username: abc\npassword: abc\n:\n\n") + assertEquals(1, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("Extra Content")) + assertEquals(":", entry.extraContent["Extra Content"]) + } + + @Test + fun getUsername() { + for (field in PasswordEntry.USERNAME_FIELDS) { + assertEquals("username", makeEntry("\n$field username").username) + assertEquals( + "username", + makeEntry("\n${field.uppercase(Locale.getDefault())} username").username + ) + } + assertEquals("username", makeEntry("secret\nextra\nlogin: username\ncontent\n").username) + assertEquals("username", makeEntry("\nextra\nusername: username\ncontent\n").username) + assertEquals("username", makeEntry("\nUSERNaMe: username\ncontent\n").username) + assertEquals("username", makeEntry("\nlogin: username").username) + assertEquals("foo@example.com", makeEntry("\nemail: foo@example.com").username) + assertEquals("username", makeEntry("\nidentity: username\nlogin: another_username").username) + assertEquals("username", makeEntry("\nLOGiN:username").username) + assertEquals("foo@example.com", makeEntry("pass\nmail: foo@example.com").username) + assertNull(makeEntry("secret\nextra\ncontent\n").username) + } + + @Test + fun hasUsername() { + assertNotNull(makeEntry("secret\nextra\nlogin: username\ncontent\n").username) + assertNull(makeEntry("secret\nextra\ncontent\n").username) + assertNull(makeEntry("secret\nlogin failed\n").username) + assertNull(makeEntry("\n").username) + assertNull(makeEntry("").username) + } + + @Test + fun generatesOtpFromTotpUri() = runTest { + val entry = makeEntry("secret\nextra\n$TOTP_URI") + assertTrue(entry.hasTotp()) + entry.totp.test { + val otp = expectMostRecentItem() + assertEquals("818800", otp.value) + assertEquals(30.seconds, otp.remainingTime) + cancelAndIgnoreRemainingEvents() + } + } + + /** + * Same as [testGeneratesOtpFromTotpUri], but advances the clock by 5 seconds. This exercises the + * [Totp.remainingTime] calculation logic, and acts as a regression test to resolve the bug which + * blocked https://msfjarvis.dev/aps/issue/1550. + */ + @Test + fun generatedOtpHasCorrectRemainingTime() = runTest { + val entry = makeEntry("secret\nextra\n$TOTP_URI", TestUserClock.withAddedSeconds(5)) + assertTrue(entry.hasTotp()) + entry.totp.test { + val otp = expectMostRecentItem() + assertEquals("818800", otp.value) + assertEquals(25.seconds, otp.remainingTime) + cancelAndIgnoreRemainingEvents() + } + } + + @Test + fun generatesOtpWithOnlyUriInFile() = runTest { + val entry = makeEntry(TOTP_URI) + assertNull(entry.password) + entry.totp.test { + val otp = expectMostRecentItem() + assertEquals("818800", otp.value) + assertEquals(30.seconds, otp.remainingTime) + cancelAndIgnoreRemainingEvents() + } + } + + @Test + fun onlyLooksForUriInFirstLine() { + val entry = makeEntry("id:\n$TOTP_URI") + assertNotNull(entry.password) + assertTrue(entry.hasTotp()) + assertNull(entry.username) + } + + // https://github.com/android-password-store/Android-Password-Store/issues/1190 + @Test + fun extraContentWithMultipleUsernameFields() { + val entry = makeEntry("pass\nuser: user\nid: id\n$TOTP_URI") + assertTrue(entry.extraContent.isNotEmpty()) + assertTrue(entry.hasTotp()) + assertNotNull(entry.username) + assertEquals("pass", entry.password) + assertEquals("user", entry.username) + assertEquals(mapOf("id" to "id"), entry.extraContent) + } + + companion object { + + const val TOTP_URI = + "otpauth://totp/ACME%20Co:john@example.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30" + + val fakeClock = TestUserClock() + + // This implementation is hardcoded for the URI above. + val testFinder = + object : TotpFinder { + override fun findSecret(content: String): String { + return "HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ" + } + + override fun findDigits(content: String): String { + return "6" + } + + override fun findPeriod(content: String): Long { + return 30 + } + + override fun findAlgorithm(content: String): String { + return "SHA1" + } + override fun findIssuer(content: String): String { + return "ACME Co" + } + } + } +} diff --git a/format-common/src/test/kotlin/app/passwordstore/util/time/TestClocks.kt b/format-common/src/test/kotlin/app/passwordstore/util/time/TestClocks.kt new file mode 100644 index 00000000..8a860a39 --- /dev/null +++ b/format-common/src/test/kotlin/app/passwordstore/util/time/TestClocks.kt @@ -0,0 +1,33 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package app.passwordstore.util.time + +import java.time.Clock +import java.time.Instant +import java.time.ZoneId +import java.time.ZoneOffset.UTC + +/** + * Implementation of [UserClock] that is fixed to [Instant.EPOCH] for deterministic time-based tests + */ +class TestUserClock(instant: Instant) : UserClock() { + + constructor() : this(Instant.EPOCH) + + private var clock = fixed(instant, UTC) + + override fun withZone(zone: ZoneId): Clock = clock.withZone(zone) + + override fun getZone(): ZoneId = UTC + + override fun instant(): Instant = clock.instant() + + companion object { + fun withAddedSeconds(secondsToAdd: Long): TestUserClock { + return TestUserClock(Instant.EPOCH.plusSeconds(secondsToAdd)) + } + } +} diff --git a/format-common/src/test/kotlin/app/passwordstore/util/totp/OtpTest.kt b/format-common/src/test/kotlin/app/passwordstore/util/totp/OtpTest.kt new file mode 100644 index 00000000..bf8cd186 --- /dev/null +++ b/format-common/src/test/kotlin/app/passwordstore/util/totp/OtpTest.kt @@ -0,0 +1,148 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package app.passwordstore.util.totp + +import com.github.michaelbull.result.get +import kotlin.test.Test +import kotlin.test.assertEquals +import kotlin.test.assertNotNull +import kotlin.test.assertNull + +class OtpTest { + + private fun generateOtp( + counter: Long, + secret: String = "JBSWY3DPEHPK3PXP", + algorithm: String = "SHA1", + digits: String = "6", + issuer: String? = null, + ): String? { + return Otp.calculateCode(secret, counter, algorithm, digits, issuer).get() + } + + @Test + fun otpGeneration6Digits() { + assertEquals( + "953550", + generateOtp( + counter = 1593333298159 / (1000 * 30), + ) + ) + assertEquals( + "275379", + generateOtp( + counter = 1593333571918 / (1000 * 30), + ) + ) + assertEquals( + "867507", + generateOtp( + counter = 1593333600517 / (1000 * 57), + ) + ) + } + + @Test + fun otpGeneration10Digits() { + assertEquals( + "0740900914", + generateOtp( + counter = 1593333655044 / (1000 * 30), + digits = "10", + ) + ) + assertEquals( + "0070632029", + generateOtp( + counter = 1593333691405 / (1000 * 30), + digits = "10", + ) + ) + assertEquals( + "1017265882", + generateOtp( + counter = 1593333728893 / (1000 * 83), + digits = "10", + ) + ) + } + + @Test + fun otpGenerationIllegalInput() { + assertNull( + generateOtp( + counter = 10000, + algorithm = "SHA0", + digits = "10", + ) + ) + assertNull( + generateOtp( + counter = 10000, + digits = "a", + ) + ) + assertNull( + generateOtp( + counter = 10000, + algorithm = "SHA1", + digits = "5", + ) + ) + assertNull( + generateOtp( + counter = 10000, + digits = "11", + ) + ) + assertNull( + generateOtp( + counter = 10000, + secret = "JBSWY3DPEHPK3PXPAAAAB", + digits = "6", + ) + ) + } + + @Test + fun otpGenerationUnusualSecrets() { + assertEquals( + "127764", + generateOtp( + counter = 1593367111963 / (1000 * 30), + secret = "JBSWY3DPEHPK3PXPAAAAAAAA", + ) + ) + assertEquals( + "047515", + generateOtp( + counter = 1593367171420 / (1000 * 30), + secret = "JBSWY3DPEHPK3PXPAAAAA", + ) + ) + } + + @Test + fun otpGenerationUnpaddedSecrets() { + // Secret was generated with `echo 'string with some padding needed' | base32` + // We don't care for the resultant OTP's actual value, we just want both the padded and + // unpadded variant to generate the same one. + val unpaddedOtp = + generateOtp( + counter = 1593367171420 / (1000 * 30), + secret = "ON2HE2LOM4QHO2LUNAQHG33NMUQHAYLEMRUW4ZZANZSWKZDFMQFA", + ) + val paddedOtp = + generateOtp( + 1593367171420 / (1000 * 30), + secret = "ON2HE2LOM4QHO2LUNAQHG33NMUQHAYLEMRUW4ZZANZSWKZDFMQFA====", + ) + + assertNotNull(unpaddedOtp) + assertNotNull(paddedOtp) + assertEquals(unpaddedOtp, paddedOtp) + } +} diff --git a/format-common/src/test/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntryTest.kt b/format-common/src/test/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntryTest.kt deleted file mode 100644 index 27fbe0e2..00000000 --- a/format-common/src/test/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntryTest.kt +++ /dev/null @@ -1,225 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package dev.msfjarvis.aps.data.passfile - -import app.cash.turbine.test -import dev.msfjarvis.aps.test.CoroutineTestRule -import dev.msfjarvis.aps.util.time.TestUserClock -import dev.msfjarvis.aps.util.time.UserClock -import dev.msfjarvis.aps.util.totp.TotpFinder -import java.util.Locale -import kotlin.test.Test -import kotlin.test.assertEquals -import kotlin.test.assertNotNull -import kotlin.test.assertNull -import kotlin.test.assertTrue -import kotlin.time.Duration.Companion.seconds -import kotlin.time.ExperimentalTime -import kotlinx.coroutines.ExperimentalCoroutinesApi -import kotlinx.coroutines.test.runTest -import org.junit.Rule - -@OptIn(ExperimentalCoroutinesApi::class, ExperimentalTime::class) -class PasswordEntryTest { - - @get:Rule val coroutineTestRule: CoroutineTestRule = CoroutineTestRule() - private fun makeEntry(content: String, clock: UserClock = fakeClock) = - PasswordEntry( - clock, - testFinder, - content.encodeToByteArray(), - ) - - @Test - fun getPassword() { - assertEquals("fooooo", makeEntry("fooooo\nbla\n").password) - assertEquals("fooooo", makeEntry("fooooo\nbla").password) - assertEquals("fooooo", makeEntry("fooooo\n").password) - assertEquals("fooooo", makeEntry("fooooo").password) - assertEquals("", makeEntry("\nblubb\n").password) - assertEquals("", makeEntry("\nblubb").password) - assertEquals("", makeEntry("\n").password) - assertEquals("", makeEntry("").password) - for (field in PasswordEntry.PASSWORD_FIELDS) { - assertEquals("fooooo", makeEntry("\n$field fooooo").password) - assertEquals("fooooo", makeEntry("\n${field.uppercase(Locale.getDefault())} fooooo").password) - assertEquals("fooooo", makeEntry("GOPASS-SECRET-1.0\n$field fooooo").password) - assertEquals("fooooo", makeEntry("someFirstLine\nUsername: bar\n$field fooooo").password) - } - } - - @Test - fun getExtraContent() { - assertEquals("bla\n", makeEntry("fooooo\nbla\n").extraContentString) - assertEquals("bla", makeEntry("fooooo\nbla").extraContentString) - assertEquals("", makeEntry("fooooo\n").extraContentString) - assertEquals("", makeEntry("fooooo").extraContentString) - assertEquals("blubb\n", makeEntry("\nblubb\n").extraContentString) - assertEquals("blubb", makeEntry("\nblubb").extraContentString) - assertEquals("blubb", makeEntry("blubb\npassword: foo").extraContentString) - assertEquals("blubb", makeEntry("password: foo\nblubb").extraContentString) - assertEquals( - "blubb\nusername: bar", - makeEntry("blubb\npassword: foo\nusername: bar").extraContentString - ) - assertEquals("", makeEntry("\n").extraContentString) - assertEquals("", makeEntry("").extraContentString) - } - - @Test - fun parseExtraContentWithoutAuth() { - var entry = makeEntry("username: abc\npassword: abc\ntest: abcdef") - assertEquals(1, entry.extraContent.size) - assertTrue(entry.extraContent.containsKey("test")) - assertEquals("abcdef", entry.extraContent["test"]) - - entry = makeEntry("username: abc\npassword: abc\ntest: :abcdef:") - assertEquals(1, entry.extraContent.size) - assertTrue(entry.extraContent.containsKey("test")) - assertEquals(":abcdef:", entry.extraContent["test"]) - - entry = makeEntry("username: abc\npassword: abc\ntest : ::abc:def::") - assertEquals(1, entry.extraContent.size) - assertTrue(entry.extraContent.containsKey("test")) - assertEquals("::abc:def::", entry.extraContent["test"]) - - entry = makeEntry("username: abc\npassword: abc\ntest: abcdef\ntest2: ghijkl") - assertEquals(2, entry.extraContent.size) - assertTrue(entry.extraContent.containsKey("test2")) - assertEquals("ghijkl", entry.extraContent["test2"]) - - entry = makeEntry("username: abc\npassword: abc\ntest: abcdef\n: ghijkl\n mnopqr:") - assertEquals(2, entry.extraContent.size) - assertTrue(entry.extraContent.containsKey("Extra Content")) - assertEquals(": ghijkl\n mnopqr:", entry.extraContent["Extra Content"]) - - entry = makeEntry("username: abc\npassword: abc\n:\n\n") - assertEquals(1, entry.extraContent.size) - assertTrue(entry.extraContent.containsKey("Extra Content")) - assertEquals(":", entry.extraContent["Extra Content"]) - } - - @Test - fun getUsername() { - for (field in PasswordEntry.USERNAME_FIELDS) { - assertEquals("username", makeEntry("\n$field username").username) - assertEquals( - "username", - makeEntry("\n${field.uppercase(Locale.getDefault())} username").username - ) - } - assertEquals("username", makeEntry("secret\nextra\nlogin: username\ncontent\n").username) - assertEquals("username", makeEntry("\nextra\nusername: username\ncontent\n").username) - assertEquals("username", makeEntry("\nUSERNaMe: username\ncontent\n").username) - assertEquals("username", makeEntry("\nlogin: username").username) - assertEquals("foo@example.com", makeEntry("\nemail: foo@example.com").username) - assertEquals("username", makeEntry("\nidentity: username\nlogin: another_username").username) - assertEquals("username", makeEntry("\nLOGiN:username").username) - assertEquals("foo@example.com", makeEntry("pass\nmail: foo@example.com").username) - assertNull(makeEntry("secret\nextra\ncontent\n").username) - } - - @Test - fun hasUsername() { - assertNotNull(makeEntry("secret\nextra\nlogin: username\ncontent\n").username) - assertNull(makeEntry("secret\nextra\ncontent\n").username) - assertNull(makeEntry("secret\nlogin failed\n").username) - assertNull(makeEntry("\n").username) - assertNull(makeEntry("").username) - } - - @Test - fun generatesOtpFromTotpUri() = runTest { - val entry = makeEntry("secret\nextra\n$TOTP_URI") - assertTrue(entry.hasTotp()) - entry.totp.test { - val otp = expectMostRecentItem() - assertEquals("818800", otp.value) - assertEquals(30.seconds, otp.remainingTime) - cancelAndIgnoreRemainingEvents() - } - } - - /** - * Same as [testGeneratesOtpFromTotpUri], but advances the clock by 5 seconds. This exercises the - * [Totp.remainingTime] calculation logic, and acts as a regression test to resolve the bug which - * blocked https://msfjarvis.dev/aps/issue/1550. - */ - @Test - fun generatedOtpHasCorrectRemainingTime() = runTest { - val entry = makeEntry("secret\nextra\n$TOTP_URI", TestUserClock.withAddedSeconds(5)) - assertTrue(entry.hasTotp()) - entry.totp.test { - val otp = expectMostRecentItem() - assertEquals("818800", otp.value) - assertEquals(25.seconds, otp.remainingTime) - cancelAndIgnoreRemainingEvents() - } - } - - @Test - fun generatesOtpWithOnlyUriInFile() = runTest { - val entry = makeEntry(TOTP_URI) - assertNull(entry.password) - entry.totp.test { - val otp = expectMostRecentItem() - assertEquals("818800", otp.value) - assertEquals(30.seconds, otp.remainingTime) - cancelAndIgnoreRemainingEvents() - } - } - - @Test - fun onlyLooksForUriInFirstLine() { - val entry = makeEntry("id:\n$TOTP_URI") - assertNotNull(entry.password) - assertTrue(entry.hasTotp()) - assertNull(entry.username) - } - - // https://github.com/android-password-store/Android-Password-Store/issues/1190 - @Test - fun extraContentWithMultipleUsernameFields() { - val entry = makeEntry("pass\nuser: user\nid: id\n$TOTP_URI") - assertTrue(entry.extraContent.isNotEmpty()) - assertTrue(entry.hasTotp()) - assertNotNull(entry.username) - assertEquals("pass", entry.password) - assertEquals("user", entry.username) - assertEquals(mapOf("id" to "id"), entry.extraContent) - } - - companion object { - - const val TOTP_URI = - "otpauth://totp/ACME%20Co:john@example.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30" - - val fakeClock = TestUserClock() - - // This implementation is hardcoded for the URI above. - val testFinder = - object : TotpFinder { - override fun findSecret(content: String): String { - return "HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ" - } - - override fun findDigits(content: String): String { - return "6" - } - - override fun findPeriod(content: String): Long { - return 30 - } - - override fun findAlgorithm(content: String): String { - return "SHA1" - } - override fun findIssuer(content: String): String { - return "ACME Co" - } - } - } -} diff --git a/format-common/src/test/kotlin/dev/msfjarvis/aps/util/time/TestClocks.kt b/format-common/src/test/kotlin/dev/msfjarvis/aps/util/time/TestClocks.kt deleted file mode 100644 index ee74a40d..00000000 --- a/format-common/src/test/kotlin/dev/msfjarvis/aps/util/time/TestClocks.kt +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package dev.msfjarvis.aps.util.time - -import java.time.Clock -import java.time.Instant -import java.time.ZoneId -import java.time.ZoneOffset.UTC - -/** - * Implementation of [UserClock] that is fixed to [Instant.EPOCH] for deterministic time-based tests - */ -class TestUserClock(instant: Instant) : UserClock() { - - constructor() : this(Instant.EPOCH) - - private var clock = fixed(instant, UTC) - - override fun withZone(zone: ZoneId): Clock = clock.withZone(zone) - - override fun getZone(): ZoneId = UTC - - override fun instant(): Instant = clock.instant() - - companion object { - fun withAddedSeconds(secondsToAdd: Long): TestUserClock { - return TestUserClock(Instant.EPOCH.plusSeconds(secondsToAdd)) - } - } -} diff --git a/format-common/src/test/kotlin/dev/msfjarvis/aps/util/totp/OtpTest.kt b/format-common/src/test/kotlin/dev/msfjarvis/aps/util/totp/OtpTest.kt deleted file mode 100644 index db74de3e..00000000 --- a/format-common/src/test/kotlin/dev/msfjarvis/aps/util/totp/OtpTest.kt +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. - * SPDX-License-Identifier: GPL-3.0-only - */ - -package dev.msfjarvis.aps.util.totp - -import com.github.michaelbull.result.get -import kotlin.test.Test -import kotlin.test.assertEquals -import kotlin.test.assertNotNull -import kotlin.test.assertNull - -class OtpTest { - - private fun generateOtp( - counter: Long, - secret: String = "JBSWY3DPEHPK3PXP", - algorithm: String = "SHA1", - digits: String = "6", - issuer: String? = null, - ): String? { - return Otp.calculateCode(secret, counter, algorithm, digits, issuer).get() - } - - @Test - fun otpGeneration6Digits() { - assertEquals( - "953550", - generateOtp( - counter = 1593333298159 / (1000 * 30), - ) - ) - assertEquals( - "275379", - generateOtp( - counter = 1593333571918 / (1000 * 30), - ) - ) - assertEquals( - "867507", - generateOtp( - counter = 1593333600517 / (1000 * 57), - ) - ) - } - - @Test - fun otpGeneration10Digits() { - assertEquals( - "0740900914", - generateOtp( - counter = 1593333655044 / (1000 * 30), - digits = "10", - ) - ) - assertEquals( - "0070632029", - generateOtp( - counter = 1593333691405 / (1000 * 30), - digits = "10", - ) - ) - assertEquals( - "1017265882", - generateOtp( - counter = 1593333728893 / (1000 * 83), - digits = "10", - ) - ) - } - - @Test - fun otpGenerationIllegalInput() { - assertNull( - generateOtp( - counter = 10000, - algorithm = "SHA0", - digits = "10", - ) - ) - assertNull( - generateOtp( - counter = 10000, - digits = "a", - ) - ) - assertNull( - generateOtp( - counter = 10000, - algorithm = "SHA1", - digits = "5", - ) - ) - assertNull( - generateOtp( - counter = 10000, - digits = "11", - ) - ) - assertNull( - generateOtp( - counter = 10000, - secret = "JBSWY3DPEHPK3PXPAAAAB", - digits = "6", - ) - ) - } - - @Test - fun otpGenerationUnusualSecrets() { - assertEquals( - "127764", - generateOtp( - counter = 1593367111963 / (1000 * 30), - secret = "JBSWY3DPEHPK3PXPAAAAAAAA", - ) - ) - assertEquals( - "047515", - generateOtp( - counter = 1593367171420 / (1000 * 30), - secret = "JBSWY3DPEHPK3PXPAAAAA", - ) - ) - } - - @Test - fun otpGenerationUnpaddedSecrets() { - // Secret was generated with `echo 'string with some padding needed' | base32` - // We don't care for the resultant OTP's actual value, we just want both the padded and - // unpadded variant to generate the same one. - val unpaddedOtp = - generateOtp( - counter = 1593367171420 / (1000 * 30), - secret = "ON2HE2LOM4QHO2LUNAQHG33NMUQHAYLEMRUW4ZZANZSWKZDFMQFA", - ) - val paddedOtp = - generateOtp( - 1593367171420 / (1000 * 30), - secret = "ON2HE2LOM4QHO2LUNAQHG33NMUQHAYLEMRUW4ZZANZSWKZDFMQFA====", - ) - - assertNotNull(unpaddedOtp) - assertNotNull(paddedOtp) - assertEquals(unpaddedOtp, paddedOtp) - } -} -- cgit v1.2.3