diff --git a/format-common/api/format-common.api b/format-common/api/format-common.api new file mode 100644 index 00000000..c088a828 --- /dev/null +++ b/format-common/api/format-common.api @@ -0,0 +1,30 @@ +public final class dev/msfjarvis/aps/data/passfile/PasswordEntry { + public static final field Companion Ldev/msfjarvis/aps/data/passfile/PasswordEntry$Companion; + public fun (Ldev/msfjarvis/aps/util/time/UserClock;Ldev/msfjarvis/aps/util/totp/TotpFinder;Lkotlinx/coroutines/CoroutineScope;[B)V + public final fun getExtraContent ()Ljava/util/Map; + public final fun getExtraContentWithoutAuthData ()Ljava/lang/String; + public final fun getPassword ()Ljava/lang/String; + public final fun getTotp ()Lkotlinx/coroutines/flow/StateFlow; + public final fun getUsername ()Ljava/lang/String; + public final fun hasTotp ()Z +} + +public class dev/msfjarvis/aps/util/time/UserClock : java/time/Clock { + public fun ()V + public fun getZone ()Ljava/time/ZoneId; + public fun instant ()Ljava/time/Instant; + public fun withZone (Ljava/time/ZoneId;)Ljava/time/Clock; +} + +public abstract interface class dev/msfjarvis/aps/util/totp/TotpFinder { + public static final field Companion Ldev/msfjarvis/aps/util/totp/TotpFinder$Companion; + public abstract fun findAlgorithm (Ljava/lang/String;)Ljava/lang/String; + public abstract fun findDigits (Ljava/lang/String;)Ljava/lang/String; + public abstract fun findPeriod (Ljava/lang/String;)J + public abstract fun findSecret (Ljava/lang/String;)Ljava/lang/String; +} + +public final class dev/msfjarvis/aps/util/totp/TotpFinder$Companion { + public final fun getTOTP_FIELDS ()[Ljava/lang/String; +} + diff --git a/format-common/build.gradle.kts b/format-common/build.gradle.kts index c1f3eef8..08e2bab6 100644 --- a/format-common/build.gradle.kts +++ b/format-common/build.gradle.kts @@ -6,3 +6,13 @@ plugins { kotlin("jvm") `aps-plugin` } + +dependencies { + compileOnly(libs.androidx.annotation) + implementation(libs.dagger.hilt.core) + implementation(libs.thirdparty.commons.codec) + implementation(libs.thirdparty.kotlinResult) + implementation(libs.kotlin.coroutines.core) + testImplementation(libs.bundles.testDependencies) + testImplementation(libs.kotlin.coroutines.test) +} diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt new file mode 100644 index 00000000..9b7fc8f3 --- /dev/null +++ b/format-common/src/main/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntry.kt @@ -0,0 +1,211 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.data.passfile + +import androidx.annotation.VisibleForTesting +import com.github.michaelbull.result.mapBoth +import dagger.assisted.Assisted +import dagger.assisted.AssistedInject +import dev.msfjarvis.aps.util.time.UserClock +import dev.msfjarvis.aps.util.totp.Otp +import dev.msfjarvis.aps.util.totp.TotpFinder +import kotlin.collections.set +import kotlin.time.ExperimentalTime +import kotlinx.coroutines.CoroutineScope +import kotlinx.coroutines.delay +import kotlinx.coroutines.flow.MutableStateFlow +import kotlinx.coroutines.flow.StateFlow +import kotlinx.coroutines.flow.asStateFlow +import kotlinx.coroutines.launch + +/** Represents a single entry in the password store. */ +@OptIn(ExperimentalTime::class) +public class PasswordEntry +@AssistedInject +constructor( + /** A time source used to calculate the TOTP */ + clock: UserClock, + /** [TotpFinder] implementation to extract data from a TOTP URI */ + totpFinder: TotpFinder, + /** + * A cancellable [CoroutineScope] inside which we constantly emit new TOTP values as time elapses + */ + @Assisted scope: CoroutineScope, + /** The content of this entry, as an array of bytes. */ + @Assisted bytes: ByteArray, +) { + + private val _totp = MutableStateFlow("") + private val content = bytes.decodeToString() + + /** The password text for this entry. Can be null. */ + public val password: String? + + /** The username for this entry. Can be null. */ + public val username: String? + + /** A [String] to [String] [Map] of the extra content of this entry, in a key:value fashion. */ + public val extraContent: Map + + /** + * A [StateFlow] providing the current TOTP. It will emit a single empty string on initialization + * which is replaced with a real TOTP if applicable. Call [hasTotp] to verify whether or not you + * need to observe this value. + */ + public val totp: StateFlow = _totp.asStateFlow() + + /** + * String representation of [extraContent] but with authentication related data such as TOTP URIs + * and usernames stripped. + */ + public val extraContentWithoutAuthData: String + private val digits: String + private val totpSecret: String? + private val totpPeriod: Long + private val totpAlgorithm: String + @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE) internal val extraContentString: String + + init { + val (foundPassword, passContent) = findAndStripPassword(content.split("\n".toRegex())) + password = foundPassword + extraContentString = passContent.joinToString("\n") + extraContentWithoutAuthData = generateExtraContentWithoutAuthData() + extraContent = generateExtraContentPairs() + username = findUsername() + digits = totpFinder.findDigits(content) + totpSecret = totpFinder.findSecret(content) + totpPeriod = totpFinder.findPeriod(content) + totpAlgorithm = totpFinder.findAlgorithm(content) + if (totpSecret != null) { + scope.launch { + updateTotp(clock.millis()) + val remainingTime = totpPeriod - (System.currentTimeMillis() % totpPeriod) + delay(remainingTime) + repeat(Int.MAX_VALUE) { + updateTotp(clock.millis()) + delay(totpPeriod) + } + } + } + } + + public fun hasTotp(): Boolean { + return totpSecret != null + } + + private fun findAndStripPassword(passContent: List): Pair> { + if (TotpFinder.TOTP_FIELDS.any { passContent[0].startsWith(it) }) return Pair(null, passContent) + for (line in passContent) { + for (prefix in PASSWORD_FIELDS) { + if (line.startsWith(prefix, ignoreCase = true)) { + return Pair(line.substring(prefix.length).trimStart(), passContent.minus(line)) + } + } + } + return Pair(passContent[0], passContent.minus(passContent[0])) + } + + private fun generateExtraContentWithoutAuthData(): String { + var foundUsername = false + return extraContentString + .lineSequence() + .filter { line -> + return@filter when { + USERNAME_FIELDS.any { prefix -> line.startsWith(prefix, ignoreCase = true) } && !foundUsername -> { + foundUsername = true + false + } + line.startsWith("otpauth://", ignoreCase = true) || line.startsWith("totp:", ignoreCase = true) -> { + false + } + else -> { + true + } + } + } + .joinToString(separator = "\n") + } + + private fun generateExtraContentPairs(): Map { + fun MutableMap.putOrAppend(key: String, value: String) { + if (value.isEmpty()) return + val existing = this[key] + this[key] = + if (existing == null) { + value + } else { + "$existing\n$value" + } + } + + val items = mutableMapOf() + // Take extraContentWithoutAuthData and onEach line perform the following tasks + extraContentWithoutAuthData.lines().forEach { line -> + // Split the line on ':' and save all the parts into an array + // "ABC : DEF:GHI" --> ["ABC", "DEF", "GHI"] + val splitArray = line.split(":") + // Take the first element of the array. This will be the key for the key-value pair. + // ["ABC ", " DEF", "GHI"] -> key = "ABC" + val key = splitArray.first().trimEnd() + // Remove the first element from the array and join the rest of the string again with + // ':' as separator. + // ["ABC ", " DEF", "GHI"] -> value = "DEF:GHI" + val value = splitArray.drop(1).joinToString(":").trimStart() + + if (key.isNotEmpty() && value.isNotEmpty()) { + // If both key and value are not empty, we can form a pair with this so add it to + // the map. + // key = "ABC", value = "DEF:GHI" + items[key] = value + } else { + // If either key or value is empty, we were not able to form proper key-value pair. + // So append the original line into an "EXTRA CONTENT" map entry + items.putOrAppend(EXTRA_CONTENT, line) + } + } + + return items + } + + private fun findUsername(): String? { + extraContentString.splitToSequence("\n").forEach { line -> + for (prefix in USERNAME_FIELDS) { + if (line.startsWith(prefix, ignoreCase = true)) return line.substring(prefix.length).trimStart() + } + } + return null + } + + private fun updateTotp(millis: Long) { + if (totpSecret != null) { + Otp.calculateCode(totpSecret, millis / (1000 * totpPeriod), totpAlgorithm, digits) + .mapBoth({ code -> _totp.value = code }, { throwable -> throw throwable }) + } + } + + internal companion object { + + private const val EXTRA_CONTENT = "Extra Content" + internal val USERNAME_FIELDS = + arrayOf( + "login:", + "username:", + "user:", + "account:", + "email:", + "name:", + "handle:", + "id:", + "identity:", + ) + internal val PASSWORD_FIELDS = + arrayOf( + "password:", + "secret:", + "pass:", + ) + } +} diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt new file mode 100644 index 00000000..087a5028 --- /dev/null +++ b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/time/Clocks.kt @@ -0,0 +1,26 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.util.time + +import java.time.Clock +import java.time.Instant +import java.time.ZoneId +import javax.inject.Inject + +/** + * A subclass of [Clock] that uses [Clock.systemDefaultZone] to get a clock that works for the + * user's current time zone. + */ +public open class UserClock @Inject constructor() : Clock() { + + private val clock = systemDefaultZone() + + override fun withZone(zone: ZoneId): Clock = clock.withZone(zone) + + override fun getZone(): ZoneId = clock.zone + + override fun instant(): Instant = clock.instant() +} diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt new file mode 100644 index 00000000..e6efd794 --- /dev/null +++ b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/Otp.kt @@ -0,0 +1,74 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.util.totp + +import com.github.michaelbull.result.Err +import com.github.michaelbull.result.runCatching +import java.nio.ByteBuffer +import java.util.Locale +import javax.crypto.Mac +import javax.crypto.spec.SecretKeySpec +import kotlin.experimental.and +import org.apache.commons.codec.binary.Base32 + +internal object Otp { + + private val BASE_32 = Base32() + private val STEAM_ALPHABET = "23456789BCDFGHJKMNPQRTVWXY".toCharArray() + + init { + check(STEAM_ALPHABET.size == 26) + } + + fun calculateCode(secret: String, counter: Long, algorithm: String, digits: String) = runCatching { + val algo = "Hmac${algorithm.toUpperCase(Locale.ROOT)}" + val decodedSecret = BASE_32.decode(secret) + val secretKey = SecretKeySpec(decodedSecret, algo) + val digest = + Mac.getInstance(algo).run { + init(secretKey) + doFinal(ByteBuffer.allocate(8).putLong(counter).array()) + } + // Least significant 4 bits are used as an offset into the digest. + val offset = (digest.last() and 0xf).toInt() + // Extract 32 bits at the offset and clear the most significant bit. + val code = digest.copyOfRange(offset, offset + 4) + code[0] = (0x7f and code[0].toInt()).toByte() + val codeInt = ByteBuffer.wrap(code).int + check(codeInt > 0) + if (digits == "s") { + // Steam + var remainingCodeInt = codeInt + buildString { + repeat(5) { + append(STEAM_ALPHABET[remainingCodeInt % 26]) + remainingCodeInt /= 26 + } + } + } else { + // Base 10, 6 to 10 digits + val numDigits = digits.toIntOrNull() + when { + numDigits == null -> { + return Err(IllegalArgumentException("Digits specifier has to be either 's' or numeric")) + } + numDigits < 6 -> { + return Err(IllegalArgumentException("TOTP codes have to be at least 6 digits long")) + } + numDigits > 10 -> { + return Err(IllegalArgumentException("TOTP codes can be at most 10 digits long")) + } + else -> { + // 2^31 = 2_147_483_648, so we can extract at most 10 digits with the first one + // always being 0, 1, or 2. Pad with leading zeroes. + val codeStringBase10 = codeInt.toString(10).padStart(10, '0') + check(codeStringBase10.length == 10) + codeStringBase10.takeLast(numDigits) + } + } + } + } +} diff --git a/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt new file mode 100644 index 00000000..64f22065 --- /dev/null +++ b/format-common/src/main/kotlin/dev/msfjarvis/aps/util/totp/TotpFinder.kt @@ -0,0 +1,26 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.util.totp + +/** Defines a class that can extract relevant parts of a TOTP URL for use by the app. */ +public interface TotpFinder { + + /** Get the TOTP secret from the given extra content. */ + public fun findSecret(content: String): String? + + /** Get the number of digits required in the final OTP. */ + public fun findDigits(content: String): String + + /** Get the TOTP timeout period. */ + public fun findPeriod(content: String): Long + + /** Get the algorithm for the TOTP secret. */ + public fun findAlgorithm(content: String): String + + public companion object { + public val TOTP_FIELDS: Array = arrayOf("otpauth://totp", "totp:") + } +} diff --git a/format-common/src/test/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntryTest.kt b/format-common/src/test/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntryTest.kt new file mode 100644 index 00000000..2520853c --- /dev/null +++ b/format-common/src/test/kotlin/dev/msfjarvis/aps/data/passfile/PasswordEntryTest.kt @@ -0,0 +1,183 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.data.passfile + +import dev.msfjarvis.aps.util.time.TestUserClock +import dev.msfjarvis.aps.util.totp.TotpFinder +import kotlin.test.assertEquals +import kotlin.test.assertNotNull +import kotlin.test.assertNull +import kotlin.test.assertTrue +import kotlin.time.ExperimentalTime +import kotlinx.coroutines.ExperimentalCoroutinesApi +import kotlinx.coroutines.test.TestCoroutineScope +import org.junit.Test + +@OptIn(ExperimentalCoroutinesApi::class, ExperimentalTime::class) +internal class PasswordEntryTest { + + private fun makeEntry(content: String) = PasswordEntry(fakeClock, testFinder, testScope, content.encodeToByteArray()) + + @Test + fun testGetPassword() { + assertEquals("fooooo", makeEntry("fooooo\nbla\n").password) + assertEquals("fooooo", makeEntry("fooooo\nbla").password) + assertEquals("fooooo", makeEntry("fooooo\n").password) + assertEquals("fooooo", makeEntry("fooooo").password) + assertEquals("", makeEntry("\nblubb\n").password) + assertEquals("", makeEntry("\nblubb").password) + assertEquals("", makeEntry("\n").password) + assertEquals("", makeEntry("").password) + for (field in PasswordEntry.PASSWORD_FIELDS) { + assertEquals("fooooo", makeEntry("\n$field fooooo").password) + assertEquals("fooooo", makeEntry("\n${field.toUpperCase()} fooooo").password) + assertEquals("fooooo", makeEntry("GOPASS-SECRET-1.0\n$field fooooo").password) + assertEquals("fooooo", makeEntry("someFirstLine\nUsername: bar\n$field fooooo").password) + } + } + + @Test + fun testGetExtraContent() { + assertEquals("bla\n", makeEntry("fooooo\nbla\n").extraContentString) + assertEquals("bla", makeEntry("fooooo\nbla").extraContentString) + assertEquals("", makeEntry("fooooo\n").extraContentString) + assertEquals("", makeEntry("fooooo").extraContentString) + assertEquals("blubb\n", makeEntry("\nblubb\n").extraContentString) + assertEquals("blubb", makeEntry("\nblubb").extraContentString) + assertEquals("blubb", makeEntry("blubb\npassword: foo").extraContentString) + assertEquals("blubb", makeEntry("password: foo\nblubb").extraContentString) + assertEquals("blubb\nusername: bar", makeEntry("blubb\npassword: foo\nusername: bar").extraContentString) + assertEquals("", makeEntry("\n").extraContentString) + assertEquals("", makeEntry("").extraContentString) + } + + @Test + fun parseExtraContentWithoutAuth() { + var entry = makeEntry("username: abc\npassword: abc\ntest: abcdef") + assertEquals(1, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("test")) + assertEquals("abcdef", entry.extraContent["test"]) + + entry = makeEntry("username: abc\npassword: abc\ntest: :abcdef:") + assertEquals(1, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("test")) + assertEquals(":abcdef:", entry.extraContent["test"]) + + entry = makeEntry("username: abc\npassword: abc\ntest : ::abc:def::") + assertEquals(1, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("test")) + assertEquals("::abc:def::", entry.extraContent["test"]) + + entry = makeEntry("username: abc\npassword: abc\ntest: abcdef\ntest2: ghijkl") + assertEquals(2, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("test2")) + assertEquals("ghijkl", entry.extraContent["test2"]) + + entry = makeEntry("username: abc\npassword: abc\ntest: abcdef\n: ghijkl\n mnopqr:") + assertEquals(2, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("Extra Content")) + assertEquals(": ghijkl\n mnopqr:", entry.extraContent["Extra Content"]) + + entry = makeEntry("username: abc\npassword: abc\n:\n\n") + assertEquals(1, entry.extraContent.size) + assertTrue(entry.extraContent.containsKey("Extra Content")) + assertEquals(":", entry.extraContent["Extra Content"]) + } + + @Test + fun testGetUsername() { + for (field in PasswordEntry.USERNAME_FIELDS) { + assertEquals("username", makeEntry("\n$field username").username) + assertEquals("username", makeEntry("\n${field.toUpperCase()} username").username) + } + assertEquals("username", makeEntry("secret\nextra\nlogin: username\ncontent\n").username) + assertEquals("username", makeEntry("\nextra\nusername: username\ncontent\n").username) + assertEquals("username", makeEntry("\nUSERNaMe: username\ncontent\n").username) + assertEquals("username", makeEntry("\nlogin: username").username) + assertEquals("foo@example.com", makeEntry("\nemail: foo@example.com").username) + assertEquals("username", makeEntry("\nidentity: username\nlogin: another_username").username) + assertEquals("username", makeEntry("\nLOGiN:username").username) + assertNull(makeEntry("secret\nextra\ncontent\n").username) + } + + @Test + fun testHasUsername() { + assertNotNull(makeEntry("secret\nextra\nlogin: username\ncontent\n").username) + assertNull(makeEntry("secret\nextra\ncontent\n").username) + assertNull(makeEntry("secret\nlogin failed\n").username) + assertNull(makeEntry("\n").username) + assertNull(makeEntry("").username) + } + + @Test + fun testGeneratesOtpFromTotpUri() { + val entry = makeEntry("secret\nextra\n$TOTP_URI") + assertTrue(entry.hasTotp()) + val code = entry.totp.value + assertNotNull(code) { "Generated OTP cannot be null" } + assertEquals("818800", code) + } + + @Test + fun testGeneratesOtpWithOnlyUriInFile() { + val entry = makeEntry(TOTP_URI) + assertNull(entry.password) + assertTrue(entry.hasTotp()) + val code = entry.totp.value + assertNotNull(code) { "Generated OTP cannot be null" } + assertEquals("818800", code) + } + + @Test + fun testOnlyLooksForUriInFirstLine() { + val entry = makeEntry("id:\n$TOTP_URI") + assertNotNull(entry.password) + assertTrue(entry.hasTotp()) + assertNull(entry.username) + } + + // https://github.com/android-password-store/Android-Password-Store/issues/1190 + @Test + fun extraContentWithMultipleUsernameFields() { + val entry = makeEntry("pass\nuser: user\nid: id\n$TOTP_URI") + assertTrue(entry.extraContent.isNotEmpty()) + assertTrue(entry.hasTotp()) + assertNotNull(entry.username) + assertEquals("pass", entry.password) + assertEquals("user", entry.username) + assertEquals(mapOf("id" to "id"), entry.extraContent) + } + + companion object { + + const val TOTP_URI = + "otpauth://totp/ACME%20Co:john@example.com?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30" + + val testScope = TestCoroutineScope() + + val fakeClock = TestUserClock() + + // This implementation is hardcoded for the URI above. + val testFinder = + object : TotpFinder { + override fun findSecret(content: String): String { + return "HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ" + } + + override fun findDigits(content: String): String { + return "6" + } + + override fun findPeriod(content: String): Long { + return 30 + } + + override fun findAlgorithm(content: String): String { + return "SHA1" + } + } + } +} diff --git a/format-common/src/test/kotlin/dev/msfjarvis/aps/util/time/TestClocks.kt b/format-common/src/test/kotlin/dev/msfjarvis/aps/util/time/TestClocks.kt new file mode 100644 index 00000000..d75cc900 --- /dev/null +++ b/format-common/src/test/kotlin/dev/msfjarvis/aps/util/time/TestClocks.kt @@ -0,0 +1,27 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.util.time + +import java.time.Clock +import java.time.Instant +import java.time.ZoneId +import java.time.ZoneOffset.UTC + +/** + * Implementation of [UserClock] that is fixed to [Instant.EPOCH] for deterministic time-based tests + */ +internal class TestUserClock(instant: Instant) : UserClock() { + + constructor() : this(Instant.EPOCH) + + private var clock = fixed(instant, UTC) + + override fun withZone(zone: ZoneId): Clock = clock.withZone(zone) + + override fun getZone(): ZoneId = UTC + + override fun instant(): Instant = clock.instant() +} diff --git a/format-common/src/test/kotlin/dev/msfjarvis/aps/util/totp/OtpTest.kt b/format-common/src/test/kotlin/dev/msfjarvis/aps/util/totp/OtpTest.kt new file mode 100644 index 00000000..e6dc372d --- /dev/null +++ b/format-common/src/test/kotlin/dev/msfjarvis/aps/util/totp/OtpTest.kt @@ -0,0 +1,73 @@ +/* + * Copyright © 2014-2021 The Android Password Store Authors. All Rights Reserved. + * SPDX-License-Identifier: GPL-3.0-only + */ + +package dev.msfjarvis.aps.util.totp + +import com.github.michaelbull.result.get +import kotlin.test.assertEquals +import kotlin.test.assertNotNull +import kotlin.test.assertNull +import org.junit.Test + +internal class OtpTest { + + @Test + fun testOtpGeneration6Digits() { + assertEquals("953550", Otp.calculateCode("JBSWY3DPEHPK3PXP", 1593333298159 / (1000 * 30), "SHA1", "6").get()) + assertEquals("275379", Otp.calculateCode("JBSWY3DPEHPK3PXP", 1593333571918 / (1000 * 30), "SHA1", "6").get()) + assertEquals("867507", Otp.calculateCode("JBSWY3DPEHPK3PXP", 1593333600517 / (1000 * 57), "SHA1", "6").get()) + } + + @Test + fun testOtpGeneration10Digits() { + assertEquals("0740900914", Otp.calculateCode("JBSWY3DPEHPK3PXP", 1593333655044 / (1000 * 30), "SHA1", "10").get()) + assertEquals("0070632029", Otp.calculateCode("JBSWY3DPEHPK3PXP", 1593333691405 / (1000 * 30), "SHA1", "10").get()) + assertEquals("1017265882", Otp.calculateCode("JBSWY3DPEHPK3PXP", 1593333728893 / (1000 * 83), "SHA1", "10").get()) + } + + @Test + fun testOtpGenerationIllegalInput() { + assertNull(Otp.calculateCode("JBSWY3DPEHPK3PXP", 10000, "SHA0", "10").get()) + assertNull(Otp.calculateCode("JBSWY3DPEHPK3PXP", 10000, "SHA1", "a").get()) + assertNull(Otp.calculateCode("JBSWY3DPEHPK3PXP", 10000, "SHA1", "5").get()) + assertNull(Otp.calculateCode("JBSWY3DPEHPK3PXP", 10000, "SHA1", "11").get()) + assertNull(Otp.calculateCode("JBSWY3DPEHPK3PXPAAAAB", 10000, "SHA1", "6").get()) + } + + @Test + fun testOtpGenerationUnusualSecrets() { + assertEquals( + "127764", + Otp.calculateCode("JBSWY3DPEHPK3PXPAAAAAAAA", 1593367111963 / (1000 * 30), "SHA1", "6").get() + ) + assertEquals("047515", Otp.calculateCode("JBSWY3DPEHPK3PXPAAAAA", 1593367171420 / (1000 * 30), "SHA1", "6").get()) + } + + @Test + fun testOtpGenerationUnpaddedSecrets() { + // Secret was generated with `echo 'string with some padding needed' | base32` + // We don't care for the resultant OTP's actual value, we just want both the padded and + // unpadded variant to generate the same one. + val unpaddedOtp = + Otp.calculateCode( + "ON2HE2LOM4QHO2LUNAQHG33NMUQHAYLEMRUW4ZZANZSWKZDFMQFA", + 1593367171420 / (1000 * 30), + "SHA1", + "6" + ) + .get() + val paddedOtp = + Otp.calculateCode( + "ON2HE2LOM4QHO2LUNAQHG33NMUQHAYLEMRUW4ZZANZSWKZDFMQFA====", + 1593367171420 / (1000 * 30), + "SHA1", + "6" + ) + .get() + assertNotNull(unpaddedOtp) + assertNotNull(paddedOtp) + assertEquals(unpaddedOtp, paddedOtp) + } +}