Guard against invalid tokens

AndroidManifest.xml

@@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <manifest xmlns:android="http://schemas.android.com/apk/res/android"
-	package="com.chrisheald.flexauth" android:versionCode="1"
-	android:versionName="1.0">
+	package="com.chrisheald.flexauth" android:versionName="1.1.2" android:versionCode="4">
 	<application android:label="@string/app_name" android:icon="@drawable/rowicon"
 		android:debuggable="false">
 		<activity android:name=".FlexAuth" android:label="@string/app_name">

assets/license.txt

@@ -20,4 +20,8 @@ FamFamFam icons used under generic permissive license.
 Source: http://www.famfamfam.com/
 
 Lock icon used under free for noncommercial use license.
-Source: http://www.iconarchive.com/show/mac-icons-by-artua/Lock-icon.html
+Source: http://www.iconarchive.com/show/mac-icons-by-artua/Lock-icon.html
+
+---------------------------------------
+
+FlexAuth is not developed or endorsed by Blizzard Entertainment, Inc. Blizzard and Battle.net are trademarks of Blizzard Entertainment, Inc. 

res/layout/widget.xml

@@ -3,8 +3,8 @@
   xmlns:android="http://schemas.android.com/apk/res/android"
   android:layout_width="wrap_content"
   android:layout_height="wrap_content" android:layout_gravity="center" android:background="@drawable/widgetbg" android:padding="20dp" android:clickable="true" android:id="@+id/widgetBody">
-<ImageView android:id="@+id/ImageView01" android:layout_width="wrap_content" android:layout_height="wrap_content" android:src="@drawable/key" android:layout_gravity="center_vertical" android:layout_below="@+id/widgetName" android:padding="5dp"></ImageView><TextView android:text="@+id/TextView01" android:layout_width="wrap_content" android:layout_height="wrap_content" android:textStyle="bold" android:layout_gravity="center_vertical|center_horizontal" android:id="@+id/widgetCode" android:layout_toRightOf="@+id/ImageView01" android:ellipsize="none" android:layout_alignTop="@+id/ImageView01" android:typeface="monospace" android:textSize="8pt" android:textColor="#ffcc00"></TextView>
+<ImageView android:id="@+id/ImageView01" android:layout_width="wrap_content" android:layout_height="wrap_content" android:src="@drawable/key" android:layout_gravity="center_vertical" android:layout_below="@+id/widgetName" android:padding="5dp"></ImageView><TextView android:text="@+id/TextView01" android:layout_width="wrap_content" android:layout_height="wrap_content" android:textStyle="bold" android:layout_gravity="center_vertical|center_horizontal" android:id="@+id/widgetCode" android:layout_toRightOf="@+id/ImageView01" android:ellipsize="none" android:layout_alignTop="@+id/ImageView01" android:typeface="monospace" android:textSize="7pt" android:textColor="#ffcc00"></TextView>
 
 
-<TextView android:text="@+id/TextView01" android:layout_height="wrap_content" android:id="@+id/widgetName" android:ellipsize="marquee" android:layout_width="fill_parent" android:layout_margin="3dp" android:textSize="5pt" android:textColor="#aaaaaa"></TextView>
+<TextView android:text="@+id/TextView01" android:layout_height="wrap_content" android:id="@+id/widgetName" android:ellipsize="marquee" android:layout_width="fill_parent" android:layout_margin="3dp" android:textSize="5pt" android:textColor="#aaaaaa" android:layout_centerHorizontal="true"></TextView>
 </RelativeLayout>

src/com/chrisheald/flexauth/AddToken.java

@@ -139,12 +139,17 @@ public void saveToken(View target) {
 		} else if(ss.compareTo("") == 0) {
 			error = "Please enter a serial for this token";
 			serial.setError(error);
+		} else if (sl.length() != 40) {
+			error = "Token secret must be exactly 40 characters long";
+			secret.setError(error);
 		} else if(sl.compareTo("") == 0) {
 			error = "Please enter a secret for this token";
 			secret.setError(error);
 		}
+		if(error != null) return;
 		String[] args = {n, ss, sl};				
 		db.execSQL("INSERT INTO accounts (name, serial, secret) VALUES (?, ?, ?)", args);
+
 		Toast.makeText(context, "Token successfully added!", 4).show();
 
 		setResult(Activity.RESULT_OK, new Intent());

src/com/chrisheald/flexauth/FlexAuth.java

@@ -248,6 +248,16 @@ public void onActivityResult(int requestCode, int resultCode, Intent data) {
 	      case(NEW_TOKEN): {
 	    	  if(resultCode == Activity.RESULT_OK) {
 	    		  updateTokenList();
+	    			new AlertDialog.Builder(FlexAuth.this)
+	    			.setMessage("Be sure to back up your token secret to a secure location! If you uninstall the app or delete the entry, the tokens stored here will be erased and you won't be able to generate authenticator codes.\n\nTo restore access, add a new token with your backed up secret.")
+	    			.setTitle("Token added!")
+	    			.setNeutralButton("OK", new DialogInterface.OnClickListener() {
+	    		           public void onClick(DialogInterface dialog, int id) {
+	    		                dialog.cancel();
+	    		           }
+	    				})
+	    			.setIcon(android.R.drawable.stat_sys_warning)
+	    			.show();	    		  
 	    	  }
 	      }
       }

src/com/chrisheald/flexauth/Token.java

@@ -49,14 +49,12 @@ public void setRegion(String r) {
 
 	public String getPassword() throws NoSuchAlgorithmException, InvalidKeyException {
 		long time = (System.currentTimeMillis() + timeOffset) / 30000L;
-		byte[] src = new byte[8];
-		src[0] = 0x0;
-		src[1] = 0x0;
-		src[2] = 0x0;
-		src[3] = 0x0;
+		byte[] src = {0,0,0,0,0,0,0,0};
 		byteBuffer.clear();		
 		System.arraycopy(byteBuffer.putInt((int)time).array(), 0, src, 4, 4);
 
+		if(secret.length() != 40) throw new InvalidKeyException();
+
 		byte[] key = hexStringToByteArray(secret);
 
 		SecretKeySpec signingKey = new SecretKeySpec(key, HMAC_SHA1_ALGORITHM);