Java tutorial
package fr.ortolang.diffusion.security.authentication; /* * #%L * ORTOLANG * A online network structure for hosting language resources and tools. * * Jean-Marie Pierrel / ATILF UMR 7118 - CNRS / Universit de Lorraine * Etienne Petitjean / ATILF UMR 7118 - CNRS * Jrme Blanchard / ATILF UMR 7118 - CNRS * Bertrand Gaiffe / ATILF UMR 7118 - CNRS * Cyril Pestel / ATILF UMR 7118 - CNRS * Marie Tonnelier / ATILF UMR 7118 - CNRS * Ulrike Fleury / ATILF UMR 7118 - CNRS * Frdric Pierre / ATILF UMR 7118 - CNRS * Cline Moro / ATILF UMR 7118 - CNRS * * This work is based on work done in the equipex ORTOLANG (http://www.ortolang.fr/), by several Ortolang contributors (mainly CNRTL and SLDR) * ORTOLANG is funded by the French State program "Investissements d'Avenir" ANR-11-EQPX-0032 * %% * Copyright (C) 2013 - 2015 Ortolang Team * %% * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Lesser Public License for more details. * * You should have received a copy of the GNU General Lesser Public * License along with this program. If not, see * <http://www.gnu.org/licenses/lgpl-3.0.html>. * #L% */ import java.lang.reflect.UndeclaredThrowableException; import java.nio.ByteBuffer; import java.security.GeneralSecurityException; import java.util.Arrays; import java.util.Random; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base32; public class TOTPHelper { private TOTPHelper() { } private static final Random rand = new Random(); public static String generateSecret() { byte[] buffer = new byte[20]; rand.nextBytes(buffer); Base32 codec = new Base32(); byte[] secretKey = Arrays.copyOf(buffer, 20); byte[] encodedKey = codec.encode(secretKey); return new String(encodedKey); } public static int getCode(String secret) { return generateTOTP(secret, getCurrentInterval()); } public static boolean checkCode(String secret, long code) { long currentInterval = getCurrentInterval(); long hash1 = generateTOTP(secret, currentInterval); long hash2 = generateTOTP(secret, currentInterval - 1); return hash1 == code || hash2 == code; } private static int generateTOTP(String secret, long time) { Base32 codec = new Base32(); byte[] decodedKey = codec.decode(secret); byte[] msg = ByteBuffer.allocate(8).putLong(time).array(); byte[] hash = hmacSha(decodedKey, msg); int offset = hash[hash.length - 1] & 0xf; int binary = ((hash[offset] & 0x7f) << 24) | ((hash[offset + 1] & 0xff) << 16) | ((hash[offset + 2] & 0xff) << 8) | (hash[offset + 3] & 0xff); return binary % 1000000; } private static byte[] hmacSha(byte[] keyBytes, byte[] text) { try { Mac hmac; hmac = Mac.getInstance("HmacSHA1"); SecretKeySpec macKey = new SecretKeySpec(keyBytes, "RAW"); hmac.init(macKey); return hmac.doFinal(text); } catch (GeneralSecurityException gse) { throw new UndeclaredThrowableException(gse); } } private static long getCurrentInterval() { //30 minutes interval return System.currentTimeMillis() / (1000 * 60 * 30); } }