OTP Code validation problem #44
Description
HI ,
I have generated the otp using java-otp.jar file , trying to validate the generated otp code using otp.verify ( which is part otp-java.3.2.1) . Below is the sample code.
Note: I am using java7
I have a server which uses TOTP builder and built with java 8 .
I have a client build with java 7 , To get the access , i have used "TimeBasedOneTimePasswordGenerator".
Is it right approach to use the otp code generated with generateOneTimePassword() and validate with totp.verify(TOTP.Builder(x).build and then with totp.verify()?
Could you please help me , what is the wrong in the below code
import com.bastiaanjansen.otp.HMACAlgorithm;
import com.bastiaanjansen.otp.TOTP;
import com.eatthepath.otp.TimeBasedOneTimePasswordGenerator;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.UndeclaredThrowableException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.time.Duration;
import java.time.Instant;
import java.time.Duration;
import java.util.Base64;
import java.util.Calendar;
import java.util.Date;
import java.util.TimeZone;
import java.util.concurrent.TimeUnit;
import org.apache.commons.codec.binary.Base32;
import static com.eatthepath.otp.TimeBasedOneTimePasswordGenerator.TOTP_ALGORITHM_HMAC_SHA512;
import static java.util.concurrent.TimeUnit.SECONDS;
public class Checktotp {
// Coverting the Secret Key to String
public static String convertSecretKeyToString(SecretKey secretKey) throws NoSuchAlgorithmException {
byte[] rawData = secretKey.getEncoded();
String encodedKey = Base64.getEncoder().encodeToString(rawData);
System.out.println("ALG USed" + secretKey.getAlgorithm());
System.out.println("Format is " + secretKey.getFormat());
return encodedKey;
}
// Converting the String to Secret Key
public static SecretKey convertStringToSecretKeyto(String encodedKey) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException {
byte[] decodedKey = Base64.getDecoder().decode(encodedKey); //encodedKey.getBytes();
SecretKey originalKey = new SecretKeySpec(encodedKey.getBytes(), 0,decodedKey.length ,"AES");
return originalKey;
}
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException, UnsupportedEncodingException {
TOTP totp_latest;
final SecretKey key;
String sec = "RktZUlBCNUQyUU5ERVlRWkY2WE9XQkY3TUU0REw1Q1NZRlZOQkZUQkdaUUVEVUNOU1I1UlpHWlQ3MlFDVDVFUUFJSUZMVzMzR09TRTQ1S1pCVURaUlJTNklLRUI2RFIzV1hFSVJQWT0";
key = convertStringToSecretKeyto(sec);
byte[] secret1 = Base64.getDecoder().decode(sec);
totp_latest = new TOTP.Builder(secret1)
.withPasswordLength(6)
.withAlgorithm(HMACAlgorithm.SHA512)
.withPeriod(Duration.ofSeconds(10))
.build();
// Generating the otp using otp-java-1.3.2
totp_latest.now();
System.out.println("OTP Code with Latest Jar File otp-java-1.3.2 " + totp_latest.now());
// Generating the otp using java-otp-0.1.0 .jar
String code1 = otpNow(sec);
System.out.println("OTP Code with old Jar File java-otp.0.1.0.jar " + code1);
if ( totp_latest.verify(code1)) {
System.out.println("The OTP is matched ");
}
else {
System.out.println("OTP Code is Not Matched");
}
}
public static String otpNow(String key) throws InvalidKeyException, NoSuchAlgorithmException {
// decode the base64 encoded string
byte[] decodedKey = Base64.getDecoder().decode(key);
// rebuild key using SecretKeySpec
SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");
final TimeBasedOneTimePasswordGenerator totp = new TimeBasedOneTimePasswordGenerator(30, SECONDS, 6, TOTP_ALGORITHM_HMAC_SHA512);
final Date now = new Date();
String code = String.valueOf(totp.generateOneTimePassword(originalKey,now ));
return code;
}
}