From 7be88de18ecf088e5a42273f17d9c55616090d12 Mon Sep 17 00:00:00 2001 From: Jens Utbult Date: Wed, 20 Dec 2023 14:47:06 +0100 Subject: [PATCH] Removed unused label argument from key extraction. Ported keyFromAccountName() from android implementation. Fixed unit tests. Removed deprecated methods. --- .../OATH/YKFOATHCalculateAllResponse.m | 2 +- .../Requests/OATH/YKFOATHListResponse.m | 2 +- .../Sessions/OATH/YKFOATHCredentialUtils.h | 6 -- .../Sessions/OATH/YKFOATHCredentialUtils.m | 77 ++----------------- .../Helpers/Additions/YKFNSStringAdditions.h | 2 +- .../Helpers/Additions/YKFNSStringAdditions.m | 3 +- .../Tests/YKNSStringAdditionTests.m | 56 ++++---------- 7 files changed, 26 insertions(+), 122 deletions(-) diff --git a/YubiKit/YubiKit/Connections/Shared/Requests/OATH/YKFOATHCalculateAllResponse.m b/YubiKit/YubiKit/Connections/Shared/Requests/OATH/YKFOATHCalculateAllResponse.m index cd2750f2..ad6217e0 100644 --- a/YubiKit/YubiKit/Connections/Shared/Requests/OATH/YKFOATHCalculateAllResponse.m +++ b/YubiKit/YubiKit/Connections/Shared/Requests/OATH/YKFOATHCalculateAllResponse.m @@ -103,7 +103,7 @@ - (instancetype)initWithKeyResponseData:(NSData *)responseData requestTimetamp:( NSString *account = nil; NSString *label = nil; - [credentialKey ykf_OATHKeyExtractForType:credential.type period:&period issuer:&issuer account:&account label:&label]; + [credentialKey ykf_OATHKeyExtractForType:credential.type period:&period issuer:&issuer account:&account]; credential.issuer = issuer; credential.accountName = account; diff --git a/YubiKit/YubiKit/Connections/Shared/Requests/OATH/YKFOATHListResponse.m b/YubiKit/YubiKit/Connections/Shared/Requests/OATH/YKFOATHListResponse.m index 18f0a7e8..186cbcf1 100644 --- a/YubiKit/YubiKit/Connections/Shared/Requests/OATH/YKFOATHListResponse.m +++ b/YubiKit/YubiKit/Connections/Shared/Requests/OATH/YKFOATHListResponse.m @@ -100,7 +100,7 @@ - (BOOL)readCredentialsFromData:(NSData *)data { NSString *account = nil; NSString *label = nil; - [keyString ykf_OATHKeyExtractForType:credential.type period:&period issuer:&issuer account:&account label:&label]; + [keyString ykf_OATHKeyExtractForType:credential.type period:&period issuer:&issuer account:&account]; credential.period = period; credential.issuer = issuer; credential.accountName = account; diff --git a/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialUtils.h b/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialUtils.h index be69d2a5..fc709536 100644 --- a/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialUtils.h +++ b/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialUtils.h @@ -52,12 +52,6 @@ NS_ASSUME_NONNULL_BEGIN + (NSString *)keyFromAccountName:(NSString *)name issuer:(NSString *_Nullable)issuer period:(NSUInteger)period type:(YKFOATHCredentialType)type; -+ (NSString *)labelFromCredentialIdentifier:(id)credentialIdentifier __deprecated; -+ (NSString *)keyFromCredentialIdentifier:(id)credentialIdentifier __deprecated; - -+ (nullable YKFSessionError *)validateCredentialTemplate:(YKFOATHCredentialTemplate *)credentialTemplate __deprecated; -+ (nullable YKFSessionError *)validateCredential:(YKFOATHCredential *)credential __deprecated; - @end NS_ASSUME_NONNULL_END diff --git a/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialUtils.m b/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialUtils.m index ccb647fe..5ebdc25e 100644 --- a/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialUtils.m +++ b/YubiKit/YubiKit/Connections/Shared/Sessions/OATH/YKFOATHCredentialUtils.m @@ -28,81 +28,16 @@ @implementation YKFOATHCredentialUtils -+ (NSString *)labelFromCredentialIdentifier:(id)credentialIdentifier __deprecated { - YKFAssertReturnValue(credentialIdentifier.accountName, @"Missing OATH credential account. Cannot build the credential label.", nil); - - if (credentialIdentifier.issuer) { - return [NSString stringWithFormat:@"%@:%@", credentialIdentifier.issuer, credentialIdentifier.accountName]; - } else { - return credentialIdentifier.accountName; - } -} - + (NSString *)keyFromAccountName:(NSString *)name issuer:(NSString *)issuer period:(NSUInteger)period type:(YKFOATHCredentialType)type { - NSString *label; - if (issuer) { - label = [NSString stringWithFormat:@"%@:%@", issuer, name]; - } else { - label = name; - } + NSMutableString *accountId = [NSMutableString new]; if (type == YKFOATHCredentialTypeTOTP && period != YKFOATHCredentialDefaultPeriod) { - return [NSString stringWithFormat:@"%ld/%@", (unsigned long)period, label]; - } else { - return label; - } -} - -+ (NSString *)keyFromCredentialIdentifier:(id)credentialIdentifier { - NSString *keyLabel = [YKFOATHCredentialUtils keyFromAccountName:credentialIdentifier.accountName issuer:credentialIdentifier.issuer period:credentialIdentifier.period type:credentialIdentifier.type]; - - if (credentialIdentifier.type == YKFOATHCredentialTypeTOTP) { - if (credentialIdentifier.period != YKFOATHCredentialDefaultPeriod) { - return [NSString stringWithFormat:@"%ld/%@", (unsigned long)credentialIdentifier.period, keyLabel]; - } - else { - return keyLabel; - } - } else { - return keyLabel; - } -} - - -+ (YKFSessionError *)validateCredentialTemplate:(YKFOATHCredentialTemplate *)credentialTemplate { - YKFParameterAssertReturnValue(credentialTemplate, nil); - - if ([YKFOATHCredentialUtils keyFromCredentialIdentifier:credentialTemplate].length > YKFOATHCredentialValidatorMaxNameSize) { - return [YKFOATHError errorWithCode:YKFOATHErrorCodeNameTooLong]; - } - NSData *credentialSecret = credentialTemplate.secret; - int shaAlgorithmBlockSize = 0; - switch (credentialTemplate.algorithm) { - case YKFOATHCredentialAlgorithmSHA1: - shaAlgorithmBlockSize = CC_SHA1_BLOCK_BYTES; - break; - case YKFOATHCredentialAlgorithmSHA256: - shaAlgorithmBlockSize = CC_SHA256_BLOCK_BYTES; - break; - case YKFOATHCredentialAlgorithmSHA512: - shaAlgorithmBlockSize = CC_SHA512_BLOCK_BYTES; - break; - default: - YKFAssertReturnValue(NO, @"Invalid OATH algorithm.", nil); + [accountId appendFormat:@"%ld/", (unsigned long)period]; } - if (credentialSecret.length > shaAlgorithmBlockSize) { - return [YKFOATHError errorWithCode:YKFOATHErrorCodeSecretTooLong]; + if (issuer != nil) { + [accountId appendFormat:@"%@:", issuer]; } - return nil; + [accountId appendString:name]; + return accountId ; } -+ (YKFSessionError *)validateCredential:(YKFOATHCredential *)credential { - YKFParameterAssertReturnValue(credential, nil); - - if ([YKFOATHCredentialUtils keyFromCredentialIdentifier:credential].length > YKFOATHCredentialValidatorMaxNameSize) { - return [YKFOATHError errorWithCode:YKFOATHErrorCodeNameTooLong]; - } - return nil; -} - - @end diff --git a/YubiKit/YubiKit/Helpers/Additions/YKFNSStringAdditions.h b/YubiKit/YubiKit/Helpers/Additions/YKFNSStringAdditions.h index f8f2c015..7033e76e 100644 --- a/YubiKit/YubiKit/Helpers/Additions/YKFNSStringAdditions.h +++ b/YubiKit/YubiKit/Helpers/Additions/YKFNSStringAdditions.h @@ -17,6 +17,6 @@ @interface NSString(NSString_OATH) -- (void)ykf_OATHKeyExtractForType:(YKFOATHCredentialType)type period:(NSUInteger *)period issuer:(NSString **)issuer account:(NSString **)account label:(NSString **)label; +- (void)ykf_OATHKeyExtractForType:(YKFOATHCredentialType)type period:(NSUInteger *)period issuer:(NSString **)issuer account:(NSString **)account; @end diff --git a/YubiKit/YubiKit/Helpers/Additions/YKFNSStringAdditions.m b/YubiKit/YubiKit/Helpers/Additions/YKFNSStringAdditions.m index 89b6aeaf..003cfba1 100644 --- a/YubiKit/YubiKit/Helpers/Additions/YKFNSStringAdditions.m +++ b/YubiKit/YubiKit/Helpers/Additions/YKFNSStringAdditions.m @@ -16,7 +16,7 @@ @implementation NSString(NSString_OATH) -- (void)ykf_OATHKeyExtractForType:(YKFOATHCredentialType)type period:(NSUInteger *)period issuer:(NSString **)issuer account:(NSString **)account label:(NSString **)label { +- (void)ykf_OATHKeyExtractForType:(YKFOATHCredentialType)type period:(NSUInteger *)period issuer:(NSString **)issuer account:(NSString **)account { if (type == YKFOATHCredentialTypeTOTP) { NSError *error = NULL; @@ -42,6 +42,7 @@ - (void)ykf_OATHKeyExtractForType:(YKFOATHCredentialType)type period:(NSUInteger *account = [self substringWithRange:accountRange]; } } else { + //Invalid id, use it directly as name. *account = self; } } else { diff --git a/YubiKit/YubiKitTests/Tests/YKNSStringAdditionTests.m b/YubiKit/YubiKitTests/Tests/YKNSStringAdditionTests.m index dd922e4f..3ceb9e63 100644 --- a/YubiKit/YubiKitTests/Tests/YKNSStringAdditionTests.m +++ b/YubiKit/YubiKitTests/Tests/YKNSStringAdditionTests.m @@ -21,11 +21,9 @@ - (void)test_WhenKeyContainsSlashAndPeriodExists_PeriodIsParsed { NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertEqual(period, 60, @""); - XCTAssertTrue([label isEqualToString:@"Yubico:account@gmail.com"], @""); } - (void)test_WhenKeyContainsSlashAndPeriodNotExists_PeriodIsZero { @@ -34,11 +32,9 @@ - (void)test_WhenKeyContainsSlashAndPeriodNotExists_PeriodIsZero { NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertEqual(period, 0, @""); - XCTAssertTrue([label isEqualToString:@"/Yubico:account@gmail.com"], @""); } - (void)test_WhenKeyContainsSlashInTheMiddleOfText_PeriodIsZero { @@ -47,11 +43,9 @@ - (void)test_WhenKeyContainsSlashInTheMiddleOfText_PeriodIsZero { NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertEqual(period, 0, @""); - XCTAssertTrue([label isEqualToString:@"Yubico/demo:account@gmail.com"], @""); } - (void)test_WhenKeyContainsSlashAndPeriodExistsAndIssuerNotExists_PeriodIsParsedAndIssuerIsNilAndAccountIsParsed { @@ -62,10 +56,9 @@ - (void)test_WhenKeyContainsSlashAndPeriodExistsAndIssuerNotExists_PeriodIsParse NSString *account = nil; NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertNil(issuer, @"Issuer parsed as nil"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@"account@gmail.com"], @""); XCTAssertTrue([account isEqualToString:@"account@gmail.com"], @""); XCTAssertEqual(period, 60, @""); } @@ -76,12 +69,10 @@ - (void)test_WhenKeyPeriodNotExistsAndIssuerNotExists_PeriodIsZeroAndIssuerIsNil NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertNil(issuer, @"Issuer parsed as nil"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@"account@gmail.com"], @""); XCTAssertTrue([account isEqualToString:@"account@gmail.com"], @""); XCTAssertEqual(period, 0, @""); } @@ -92,14 +83,11 @@ - (void)test_WhenKeyAccountContainsColonAndPeriodNotExistsAndIssuerNotExists_Per NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; - XCTAssertNotNil(issuer, @"Issuer is parsed"); + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; + XCTAssertNil(issuer, @"Issuer is not nil"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@":account@gmail.com"], @""); - XCTAssertTrue([issuer isEqualToString:@""], @""); - XCTAssertTrue([account isEqualToString:@"account@gmail.com"], @""); + XCTAssertTrue([account isEqualToString:@":account@gmail.com"], @""); XCTAssertEqual(period, 0, @""); } @@ -109,12 +97,10 @@ - (void)test_WhenKeyPeriodNotExistsAndIssuerContainsColon_PeriodIsZeroAndLableIs NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertNotNil(issuer, @"Issuer is parsed"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@"Yubico:demo:account@gmail.com"], @""); XCTAssertTrue([issuer isEqualToString:@"Yubico"], @""); XCTAssertTrue([account isEqualToString:@"demo:account@gmail.com"], @""); XCTAssertEqual(period, 0, @""); @@ -126,12 +112,10 @@ - (void)test_WhenKeyPeriodExistsAndIssuerContainsColon_PeriodIsParsedAndLableIsP NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertNotNil(issuer, @"Issuer is parsed"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@"Yubico:demo:account@gmail.com"], @""); XCTAssertTrue([issuer isEqualToString:@"Yubico"], @""); XCTAssertTrue([account isEqualToString:@"demo:account@gmail.com"], @""); XCTAssertEqual(period, 15, @""); @@ -143,12 +127,10 @@ - (void)test_WhenKeyPeriodNotExistsAndAccountContainsSlash_PeriodIsZeroAndLableI NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertNotNil(issuer, @"Issuer is parsed"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@"YubicoDemo:account/test"], @""); XCTAssertTrue([issuer isEqualToString:@"YubicoDemo"], @""); XCTAssertTrue([account isEqualToString:@"account/test"], @""); XCTAssertEqual(period, 0, @""); @@ -160,12 +142,10 @@ - (void)test_WhenKeyPeriodNotExistsAndIssuerContainsSlashAndAccountContainsSlash NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertNotNil(issuer, @"Issuer is parsed"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@"Yubico/demo:account/test"], @""); XCTAssertTrue([issuer isEqualToString:@"Yubico/demo"], @""); XCTAssertTrue([account isEqualToString:@"account/test"], @""); XCTAssertEqual(period, 0, @""); @@ -177,12 +157,10 @@ - (void)test_WhenKeyPeriodExistsAndAccountContainsSlash_PeriodIsParsedAndLableIs NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertNotNil(issuer, @"Issuer is parsed"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@"YubicoDemo:account/test"], @""); XCTAssertTrue([issuer isEqualToString:@"YubicoDemo"], @""); XCTAssertTrue([account isEqualToString:@"account/test"], @""); XCTAssertEqual(period, 15, @""); @@ -194,12 +172,10 @@ - (void)test_WhenKeyPeriodExistsAndIssuerContainsSlashAndAccountContainsSlash_Pe NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertNotNil(issuer, @"Issuer is parsed"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@"Yubico/demo:account/test"], @""); XCTAssertTrue([issuer isEqualToString:@"Yubico/demo"], @""); XCTAssertTrue([account isEqualToString:@"account/test"], @""); XCTAssertEqual(period, 15, @""); @@ -211,12 +187,10 @@ - (void)test_WhenKeyPeriodNotExistsAccountContainsColon_PeriodIsZeroAndLableIsPa NSUInteger period = 0; NSString *issuer = nil; NSString *account = nil; - NSString *label = nil; - [credentialKey ykf_OATHKeyExtractPeriod: &period issuer: &issuer account: &account label: &label]; + [credentialKey ykf_OATHKeyExtractForType:YKFOATHCredentialTypeTOTP period:&period issuer:&issuer account:&account]; XCTAssertNotNil(issuer, @"Issuer is parsed"); XCTAssertNotNil(account, @"Account is parsed"); - XCTAssertTrue([label isEqualToString:@"Yubico Demo:account:test"], @""); XCTAssertTrue([issuer isEqualToString:@"Yubico Demo"], @""); XCTAssertTrue([account isEqualToString:@"account:test"], @""); XCTAssertEqual(period, 0, @"");