Fix rustfmt, clippy, and detekt lint errors

jkmassel · claude · jkmassel · commit 867fb6601786 · 2026-02-24T16:38:01.000-07:00
Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/native/kotlin/api/android/src/main/kotlin/rs/wordpress/api/android/KeystorePasswordTransformer.kt b/native/kotlin/api/android/src/main/kotlin/rs/wordpress/api/android/KeystorePasswordTransformer.kt
@@ -6,14 +6,14 @@ import android.security.keystore.KeyInfo
 import android.security.keystore.KeyProperties
 import android.security.keystore.StrongBoxUnavailableException
 import android.util.Base64
+import uniffi.wp_mobile.PasswordTransformer
+import uniffi.wp_mobile.PasswordTransformerException
 import java.security.KeyStore
 import javax.crypto.Cipher
 import javax.crypto.KeyGenerator
 import javax.crypto.SecretKey
 import javax.crypto.SecretKeyFactory
 import javax.crypto.spec.GCMParameterSpec
-import uniffi.wp_mobile.PasswordTransformer
-import uniffi.wp_mobile.PasswordTransformerException
 
 /**
  * A [PasswordTransformer] implementation that uses the Android Keystore for
@@ -77,6 +77,7 @@ class KeystorePasswordTransformer(alias: String = DEFAULT_ALIAS) : PasswordTrans
         }
     }
 
+    @Suppress("TooGenericExceptionCaught")
     override fun encrypt(password: String): String {
         try {
             val cipher = Cipher.getInstance(TRANSFORMATION)
@@ -91,17 +92,18 @@ class KeystorePasswordTransformer(alias: String = DEFAULT_ALIAS) : PasswordTrans
 
             return Base64.encodeToString(combined, Base64.NO_WRAP)
         } catch (e: Exception) {
-            throw PasswordTransformerException.EncryptionFailed(e.message ?: "Unknown encryption error")
+            throw PasswordTransformerException.EncryptionFailed(
+                "${e::class.simpleName}: ${e.message ?: "Unknown encryption error"}"
+            )
         }
     }
 
+    @Suppress("TooGenericExceptionCaught")
     override fun decrypt(password: String): String {
         try {
             val combined = Base64.decode(password, Base64.NO_WRAP)
 
-            if (combined.size < GCM_IV_SIZE + GCM_TAG_SIZE) {
-                throw IllegalArgumentException("Ciphertext too short")
-            }
+            require(combined.size >= GCM_IV_SIZE + GCM_TAG_SIZE) { "Ciphertext too short" }
 
             val iv = combined.copyOfRange(0, GCM_IV_SIZE)
             val ciphertext = combined.copyOfRange(GCM_IV_SIZE, combined.size)
@@ -114,14 +116,17 @@ class KeystorePasswordTransformer(alias: String = DEFAULT_ALIAS) : PasswordTrans
         } catch (e: PasswordTransformerException) {
             throw e
         } catch (e: Exception) {
-            throw PasswordTransformerException.DecryptionFailed(e.message ?: "Unknown decryption error")
+            throw PasswordTransformerException.DecryptionFailed(
+                "${e::class.simpleName}: ${e.message ?: "Unknown decryption error"}"
+            )
         }
     }
 
     companion object {
         private const val DEFAULT_ALIAS = "wordpress-rs-password-transformer"
         private const val KEYSTORE_PROVIDER = "AndroidKeyStore"
         private const val TRANSFORMATION = "AES/GCM/NoPadding"
+        private const val AES_KEY_SIZE = 256
         private const val GCM_IV_SIZE = 12
         private const val GCM_TAG_SIZE_BITS = 128
         private const val GCM_TAG_SIZE = GCM_TAG_SIZE_BITS / 8
@@ -144,7 +149,7 @@ class KeystorePasswordTransformer(alias: String = DEFAULT_ALIAS) : PasswordTrans
             )
                 .setBlockModes(KeyProperties.BLOCK_MODE_GCM)
                 .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
-                .setKeySize(256)
+                .setKeySize(AES_KEY_SIZE)
 
             if (strongBox && Build.VERSION.SDK_INT >= Build.VERSION_CODES.P) {
                 builder.setIsStrongBoxBacked(true)
diff --git a/wp_mobile/src/persistence/aes_gcm_transformer.rs b/wp_mobile/src/persistence/aes_gcm_transformer.rs
@@ -1,13 +1,15 @@
+use aes_gcm::aead::rand_core::RngCore;
 use aes_gcm::aead::{Aead, KeyInit, OsRng};
 use aes_gcm::{AeadCore, Aes256Gcm, Key, Nonce};
-use base64::engine::general_purpose::STANDARD as BASE64;
 use base64::Engine;
+use base64::engine::general_purpose::STANDARD as BASE64;
 use hkdf::Hkdf;
-use aes_gcm::aead::rand_core::RngCore;
 use sha2::Sha256;
 use zeroize::Zeroize;
 
-use super::account_repository::{DecryptedPassword, EncryptedPassword, PasswordTransformer, PasswordTransformerError};
+use super::account_repository::{
+    DecryptedPassword, EncryptedPassword, PasswordTransformer, PasswordTransformerError,
+};
 
 const SALT_SIZE: usize = 32;
 
@@ -85,19 +87,22 @@ impl AesGcmPasswordTransformer {
 
 #[uniffi::export]
 impl PasswordTransformer for AesGcmPasswordTransformer {
-    fn encrypt(&self, password: DecryptedPassword) -> Result<EncryptedPassword, PasswordTransformerError> {
+    fn encrypt(
+        &self,
+        password: DecryptedPassword,
+    ) -> Result<EncryptedPassword, PasswordTransformerError> {
         let mut salt = [0u8; SALT_SIZE];
         OsRng.fill_bytes(&mut salt);
 
         let mut key = self.derive_key(&salt);
         let cipher = Aes256Gcm::new(&key);
         let nonce = Aes256Gcm::generate_nonce(&mut OsRng);
 
-        let result = cipher
-            .encrypt(&nonce, password.0.as_bytes())
-            .map_err(|e| PasswordTransformerError::EncryptionFailed {
+        let result = cipher.encrypt(&nonce, password.0.as_bytes()).map_err(|e| {
+            PasswordTransformerError::EncryptionFailed {
                 reason: e.to_string(),
-            });
+            }
+        });
         key.zeroize();
         let ciphertext = result?;
 
@@ -110,40 +115,60 @@ impl PasswordTransformer for AesGcmPasswordTransformer {
         Ok(EncryptedPassword(encoded))
     }
 
-    fn decrypt(&self, password: EncryptedPassword) -> Result<DecryptedPassword, PasswordTransformerError> {
+    fn decrypt(
+        &self,
+        password: EncryptedPassword,
+    ) -> Result<DecryptedPassword, PasswordTransformerError> {
         let parse_err = |msg: &str| PasswordTransformerError::DecryptionFailed {
             reason: msg.to_string(),
         };
 
         let mut parts = password.0.splitn(3, ':');
-        let salt_b64 = parts.next().ok_or_else(|| parse_err("invalid encrypted password format"))?;
-        let nonce_b64 = parts.next().ok_or_else(|| parse_err("invalid encrypted password format"))?;
-        let ciphertext_b64 = parts.next().ok_or_else(|| parse_err("invalid encrypted password format"))?;
-
-        let salt = BASE64.decode(salt_b64).map_err(|e| PasswordTransformerError::DecryptionFailed {
-            reason: e.to_string(),
-        })?;
-        let nonce_bytes = BASE64.decode(nonce_b64).map_err(|e| PasswordTransformerError::DecryptionFailed {
-            reason: e.to_string(),
-        })?;
+        let salt_b64 = parts
+            .next()
+            .ok_or_else(|| parse_err("invalid encrypted password format"))?;
+        let nonce_b64 = parts
+            .next()
+            .ok_or_else(|| parse_err("invalid encrypted password format"))?;
+        let ciphertext_b64 = parts
+            .next()
+            .ok_or_else(|| parse_err("invalid encrypted password format"))?;
+
+        let salt =
+            BASE64
+                .decode(salt_b64)
+                .map_err(|e| PasswordTransformerError::DecryptionFailed {
+                    reason: e.to_string(),
+                })?;
+        let nonce_bytes =
+            BASE64
+                .decode(nonce_b64)
+                .map_err(|e| PasswordTransformerError::DecryptionFailed {
+                    reason: e.to_string(),
+                })?;
         if nonce_bytes.len() != 12 {
             return Err(PasswordTransformerError::DecryptionFailed {
-                reason: format!("invalid nonce length: expected 12, got {}", nonce_bytes.len()),
+                reason: format!(
+                    "invalid nonce length: expected 12, got {}",
+                    nonce_bytes.len()
+                ),
             });
         }
         let nonce = Nonce::from_slice(&nonce_bytes);
-        let ciphertext = BASE64.decode(ciphertext_b64).map_err(|e| PasswordTransformerError::DecryptionFailed {
-            reason: e.to_string(),
+        let ciphertext = BASE64.decode(ciphertext_b64).map_err(|e| {
+            PasswordTransformerError::DecryptionFailed {
+                reason: e.to_string(),
+            }
         })?;
 
         let mut key = self.derive_key(&salt);
         let cipher = Aes256Gcm::new(&key);
 
-        let result = cipher
-            .decrypt(&nonce, ciphertext.as_ref())
-            .map_err(|e| PasswordTransformerError::DecryptionFailed {
+        let result = cipher.decrypt(nonce, ciphertext.as_ref()).map_err(|e| {
+            PasswordTransformerError::DecryptionFailed {
                 reason: e.to_string(),
-            });
+            }
+        });
         key.zeroize();
         let plaintext = result?;
 
