From 5a9da45a8e0956958e2ab6520da3c850146548eb Mon Sep 17 00:00:00 2001
From: Alexander Bakker <ab@alexbakker.me>
Date: Sat, 24 Oct 2020 14:21:49 +0200
Subject: [PATCH] Strip " " and "-" when parsing secrets

---
 .../aegis/helpers/EditTextHelper.java          | 18 +++---------------
 .../aegis/otp/GoogleAuthInfo.java              | 14 ++++++++++----
 .../aegis/ui/EditEntryActivity.java            |  4 +++-
 3 files changed, 16 insertions(+), 20 deletions(-)

diff --git a/app/src/main/java/com/beemdevelopment/aegis/helpers/EditTextHelper.java b/app/src/main/java/com/beemdevelopment/aegis/helpers/EditTextHelper.java
index 4896925c..cc946703 100644
--- a/app/src/main/java/com/beemdevelopment/aegis/helpers/EditTextHelper.java
+++ b/app/src/main/java/com/beemdevelopment/aegis/helpers/EditTextHelper.java
@@ -9,22 +9,10 @@ public class EditTextHelper {
     private EditTextHelper() {
     }
 
-    public static void clearEditText(EditText text) {
-        text.getText().clear();
-    }
-
     public static char[] getEditTextChars(EditText text) {
-        return getEditTextChars(text, false);
-    }
-
-    public static char[] getEditTextChars(EditText text, boolean removeSpaces) {
-        String editTextString = text.getText().toString();
-        if (removeSpaces) {
-            editTextString = editTextString.replaceAll("\\s","");
-        }
-
-        char[] chars = new char[editTextString.length()];
-        editTextString.getChars(0, editTextString.length(), chars, 0);
+        Editable editable = text.getText();
+        char[] chars = new char[editable.length()];
+        editable.getChars(0, editable.length(), chars, 0);
         return chars;
     }
 
diff --git a/app/src/main/java/com/beemdevelopment/aegis/otp/GoogleAuthInfo.java b/app/src/main/java/com/beemdevelopment/aegis/otp/GoogleAuthInfo.java
index 4c42f094..227804be 100644
--- a/app/src/main/java/com/beemdevelopment/aegis/otp/GoogleAuthInfo.java
+++ b/app/src/main/java/com/beemdevelopment/aegis/otp/GoogleAuthInfo.java
@@ -50,7 +50,7 @@ public class GoogleAuthInfo implements Serializable {
 
         builder.appendQueryParameter("digits", Integer.toString(_info.getDigits()));
         builder.appendQueryParameter("algorithm", _info.getAlgorithm(false));
-        builder.appendQueryParameter("secret", new String(Base32.encode(_info.getSecret())));
+        builder.appendQueryParameter("secret", Base32.encode(_info.getSecret()));
 
         if (_issuer != null && !_issuer.equals("")) {
             builder.path(String.format("%s:%s", _issuer, _accountName));
@@ -82,15 +82,13 @@ public class GoogleAuthInfo implements Serializable {
             throw new GoogleAuthInfoException("Parameter 'secret' is not present");
         }
 
-        // decode secret
         byte[] secret;
         try {
-            secret = Base32.decode(encodedSecret);
+            secret = parseSecret(encodedSecret);
         } catch (EncodingException e) {
             throw new GoogleAuthInfoException("Bad secret", e);
         }
 
-        // check the otp type
         OtpInfo info;
         try {
             String type = uri.getHost();
@@ -174,6 +172,14 @@ public class GoogleAuthInfo implements Serializable {
         return new GoogleAuthInfo(info, accountName, issuer);
     }
 
+    /**
+     * Decodes the given base 32 secret, while being tolerant of whitespace and dashes.
+     */
+    public static byte[] parseSecret(String s) throws EncodingException {
+        s = s.trim().replace("-", "").replace(" ", "");
+        return Base32.decode(s);
+    }
+
     public static Export parseExportUri(String s) throws GoogleAuthInfoException {
         Uri uri = Uri.parse(s);
         if (uri == null) {
diff --git a/app/src/main/java/com/beemdevelopment/aegis/ui/EditEntryActivity.java b/app/src/main/java/com/beemdevelopment/aegis/ui/EditEntryActivity.java
index 5b786355..a5c2dc9c 100644
--- a/app/src/main/java/com/beemdevelopment/aegis/ui/EditEntryActivity.java
+++ b/app/src/main/java/com/beemdevelopment/aegis/ui/EditEntryActivity.java
@@ -37,6 +37,7 @@ import com.beemdevelopment.aegis.encoding.EncodingException;
 import com.beemdevelopment.aegis.helpers.EditTextHelper;
 import com.beemdevelopment.aegis.helpers.SpinnerHelper;
 import com.beemdevelopment.aegis.helpers.TextDrawableHelper;
+import com.beemdevelopment.aegis.otp.GoogleAuthInfo;
 import com.beemdevelopment.aegis.otp.HotpInfo;
 import com.beemdevelopment.aegis.otp.OtpInfo;
 import com.beemdevelopment.aegis.otp.OtpInfoException;
@@ -515,7 +516,8 @@ public class EditEntryActivity extends AegisActivity {
 
         byte[] secret;
         try {
-            secret = Base32.decode(new String(EditTextHelper.getEditTextChars(_textSecret, true)));
+            String secretString = new String(EditTextHelper.getEditTextChars(_textSecret));
+            secret = GoogleAuthInfo.parseSecret(secretString);
             if (secret.length == 0) {
                 throw new ParseException("Secret cannot be empty");
             }