Skip to content

Commit

Permalink
Set Base32 Secret toUppercase()
Browse files Browse the repository at this point in the history
Base32 secret should always be uppercased if not already. #12
  • Loading branch information
amdelamar committed Nov 8, 2019
1 parent e6ca6d0 commit 31c2a72
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 2 deletions.
11 changes: 9 additions & 2 deletions src/main/java/com/amdelamar/jotp/OTP.java
Original file line number Diff line number Diff line change
Expand Up @@ -111,8 +111,11 @@ public static String create(String secret, String base, int digits, Type type)
// validate
validateParameters(secret, base, digits, type);

// Base32 Secret should be UPPERCASED
String uppercaseSecret = secret.toUpperCase();

// convert Base32 secret to Hex
byte[] bytes = new org.apache.commons.codec.binary.Base32().decode(secret);
byte[] bytes = new org.apache.commons.codec.binary.Base32().decode(uppercaseSecret);
String key = new String(Hex.encodeHex(bytes));

if (type == Type.HOTP) {
Expand Down Expand Up @@ -152,6 +155,10 @@ public static boolean verify(String secret, String base, String code, int digits

// validate
validateParameters(secret, base, digits, type);

// Base32 Secret should be UPPERCASED
String uppercaseSecret = secret.toUpperCase();

if (code == null || code.isEmpty()) {
throw new IllegalArgumentException("Code cannot be null or empty.");
}
Expand All @@ -161,7 +168,7 @@ public static boolean verify(String secret, String base, String code, int digits
}

// convert Base32 secret to Hex
byte[] bytes = new org.apache.commons.codec.binary.Base32().decode(secret);
byte[] bytes = new org.apache.commons.codec.binary.Base32().decode(uppercaseSecret);
String key = new String(Hex.encodeHex(bytes));

// generate code to compare
Expand Down
14 changes: 14 additions & 0 deletions src/test/java/com/amdelamar/jotp/OTPTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,20 @@ public void badSecretTests() {
}
}

@Test
public void uppercaseSecretTests() {
try {
String time = OTP.timeInHex();
String t1 = OTP.create("MFRGGZDFMZTWQ2LK", time, 6, Type.TOTP);
String t2 = OTP.create("mfrggzdfmztwq2lk", time, 6, Type.TOTP);
assertEquals(t1, t2);
} catch (Exception e) {
// bad exception
fail("uppercase secret caused a problem");
}

}

@Test
public void badBaseTests() {
try {
Expand Down

0 comments on commit 31c2a72

Please sign in to comment.