Merge pull request #600 from alexbakker/fix-593

Strip " " and "-" when parsing secrets

app/src/main/java/com/beemdevelopment/aegis/helpers/EditTextHelper.java

@@ -9,22 +9,10 @@ public class EditTextHelper {
     private EditTextHelper() {
     }
 
-    public static void clearEditText(EditText text) {
-        text.getText().clear();
-    }
-
     public static char[] getEditTextChars(EditText text) {
-        return getEditTextChars(text, false);
+        Editable editable = text.getText();
-    }
+        char[] chars = new char[editable.length()];
-
+        editable.getChars(0, editable.length(), chars, 0);
-    public static char[] getEditTextChars(EditText text, boolean removeSpaces) {
-        String editTextString = text.getText().toString();
-        if (removeSpaces) {
-            editTextString = editTextString.replaceAll("\\s","");
-        }
-
-        char[] chars = new char[editTextString.length()];
-        editTextString.getChars(0, editTextString.length(), chars, 0);
         return chars;
     }
 

app/src/main/java/com/beemdevelopment/aegis/otp/GoogleAuthInfo.java

@@ -50,7 +50,7 @@ public class GoogleAuthInfo implements Serializable {
 
         builder.appendQueryParameter("digits", Integer.toString(_info.getDigits()));
         builder.appendQueryParameter("algorithm", _info.getAlgorithm(false));
-        builder.appendQueryParameter("secret", new String(Base32.encode(_info.getSecret())));
+        builder.appendQueryParameter("secret", Base32.encode(_info.getSecret()));
 
         if (_issuer != null && !_issuer.equals("")) {
             builder.path(String.format("%s:%s", _issuer, _accountName));
@@ -82,15 +82,13 @@ public class GoogleAuthInfo implements Serializable {
             throw new GoogleAuthInfoException("Parameter 'secret' is not present");
         }
 
-        // decode secret
         byte[] secret;
         try {
-            secret = Base32.decode(encodedSecret);
+            secret = parseSecret(encodedSecret);
         } catch (EncodingException e) {
             throw new GoogleAuthInfoException("Bad secret", e);
         }
 
-        // check the otp type
         OtpInfo info;
         try {
             String type = uri.getHost();
@@ -174,6 +172,14 @@ public class GoogleAuthInfo implements Serializable {
         return new GoogleAuthInfo(info, accountName, issuer);
     }
 
+    /**
+     * Decodes the given base 32 secret, while being tolerant of whitespace and dashes.
+     */
+    public static byte[] parseSecret(String s) throws EncodingException {
+        s = s.trim().replace("-", "").replace(" ", "");
+        return Base32.decode(s);
+    }
+
     public static Export parseExportUri(String s) throws GoogleAuthInfoException {
         Uri uri = Uri.parse(s);
         if (uri == null) {

app/src/main/java/com/beemdevelopment/aegis/ui/EditEntryActivity.java

@@ -37,6 +37,7 @@ import com.beemdevelopment.aegis.encoding.EncodingException;
 import com.beemdevelopment.aegis.helpers.EditTextHelper;
 import com.beemdevelopment.aegis.helpers.SpinnerHelper;
 import com.beemdevelopment.aegis.helpers.TextDrawableHelper;
+import com.beemdevelopment.aegis.otp.GoogleAuthInfo;
 import com.beemdevelopment.aegis.otp.HotpInfo;
 import com.beemdevelopment.aegis.otp.OtpInfo;
 import com.beemdevelopment.aegis.otp.OtpInfoException;
@@ -515,7 +516,8 @@ public class EditEntryActivity extends AegisActivity {
 
         byte[] secret;
         try {
-            secret = Base32.decode(new String(EditTextHelper.getEditTextChars(_textSecret, true)));
+            String secretString = new String(EditTextHelper.getEditTextChars(_textSecret));
+            secret = GoogleAuthInfo.parseSecret(secretString);
             if (secret.length == 0) {
                 throw new ParseException("Secret cannot be empty");
             }