io.mangoo.utils

Class TwoFactorUtils

java.lang.Object

io.mangoo.utils.TwoFactorUtils

public final class TwoFactorUtils
extends Object

Two factor Java implementation for the Time-based One-Time Password (TOTP) algorithm. See: https://github.com/j256/java-two-factor-auth Copyright 2015, Gray Watson Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Author:

graywatson, svenkubiak, WilliamDunne

Method Summary

Modifier and Type	Method and Description
static String	generateBase32Secret() Deprecated. As of release 3.2.0, will be removed in 4.0.0
static String	generateBase32Secret(int length) Deprecated. As of release 3.2.0, will be removed in 4.0.0
static String	generateCurrentNumber(String secret) Return the current number to be checked against the user input, using the time found in System.currentTimeMillis() WARNING: This requires a system clock that is in sync with the world.
static String	generateCurrentNumber(String secret, long currentTimeMillis) Same as getNumber(String) except at a particular time in milliseconds
static String	generateQRCode(String accountName, String secret) Return the QR image URL from Google Charts API.
static String	getNumber(String secret) Deprecated. As of release 3.2.0, will be removed in 4.0.0 WARNING: This requires a system clock that is in sync with the world. For more details of this magic algorithm, see: http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
static String	getQRCode(String accountName, String secret) Deprecated. As of release 3.2.0, replaced by generateQRCode(String, String) This can be shown to the user and scanned by the authenticator program as an easy way to enter the secret
static boolean	validateCurrentNumber(int number, String secret) Validate a given code using the secret, defaults to window of 3 either side, allowing a margin of error equivalent to three windows to adjust for time discrepancies.
static boolean	validateCurrentNumber(int number, String secret, int window) Validate a given code using the secret, provided number, and number of windows to check.
static boolean	validateCurrentNumber(int number, String secret, int window, long time) Validate a given code at a specific time, and specific window
static boolean	validateNumber(int number, String secret, int window, long time) Deprecated. As of release 3.2.0, replaced by validateCurrentNumber(int, String, int, long)

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

generateBase32Secret

@Deprecated
public static String generateBase32Secret()

Deprecated. As of release 3.2.0, will be removed in 4.0.0

Uses default length of 16, to generate the Base32 secret

Returns:

Generate a 16 character secret key in base32 format

generateBase32Secret

@Deprecated
public static String generateBase32Secret(int length)

Deprecated. As of release 3.2.0, will be removed in 4.0.0

method to generate Base32 secret keys for the user

Parameters:

length - how long the key should be

Returns:

Generate a secret key in base32 format (A-Z, 2-7)

validateCurrentNumber

public static boolean validateCurrentNumber(int number,
                                            String secret)

Validate a given code using the secret, defaults to window of 3 either side, allowing a margin of error equivalent to three windows to adjust for time discrepancies. Uses the current time.

Parameters:

number - code provided by user

secret - the secret for the users code

Returns:

boolean if the code is valid

validateNumber

@Deprecated
public static boolean validateNumber(int number,
                                                 String secret,
                                                 int window,
                                                 long time)

Deprecated. As of release 3.2.0, replaced by validateCurrentNumber(int, String, int, long)

Validate a given code at a specific time, and specific window

Parameters:

number - the code provided by the user.

secret - the secret used to generate the users code

window - the number of windows to check around the time

time - the time in milliseconds at which the code should be checked

Returns:

True if the code is valid within the timeframe, false otherwise

validateCurrentNumber

public static boolean validateCurrentNumber(int number,
                                            String secret,
                                            int window,
                                            long time)

Validate a given code at a specific time, and specific window

Parameters:

number - the code provided by the user.

secret - the secret used to generate the users code

window - the number of windows to check around the time

time - the time in milliseconds at which the code should be checked

Returns:

True if the code is valid within the timeframe, false otherwise

validateCurrentNumber

public static boolean validateCurrentNumber(int number,
                                            String secret,
                                            int window)

Validate a given code using the secret, provided number, and number of windows to check. Uses currentTimeMillis for time

Parameters:

number - the code provided by the user

secret - the secret for the users code

window - the number of windows to check around the time

Returns:

True if the code is correct, false otherwise

getNumber

@Deprecated
public static String getNumber(String secret)

Deprecated. As of release 3.2.0, will be removed in 4.0.0 WARNING: This requires a system clock that is in sync with the world. For more details of this magic algorithm, see: http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

Return the current number to be checked against the user input, using the time found in System.currentTimeMillis()

Parameters:

secret - The secret to use

Returns:

The current number to be checked

generateCurrentNumber

public static String generateCurrentNumber(String secret)

Return the current number to be checked against the user input, using the time found in System.currentTimeMillis() WARNING: This requires a system clock that is in sync with the world. For more details of this magic algorithm, see: http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

Parameters:

secret - The secret to use

Returns:

The current number to be checked

generateCurrentNumber

public static String generateCurrentNumber(String secret,
                                           long currentTimeMillis)

Same as getNumber(String) except at a particular time in milliseconds

Parameters:

secret - The secret to use

currentTimeMillis - A provided time in milli seconds

Returns:

The current number to be checked

getQRCode

@Deprecated
public static String getQRCode(String accountName,
                                           String secret)

Deprecated. As of release 3.2.0, replaced by generateQRCode(String, String) This can be shown to the user and scanned by the authenticator program as an easy way to enter the secret

Return the QR image URL from Google Charts API.

Parameters:

accountName - The account name used to display to the user

secret - The secret to use

Returns:

A URL to the Google charts API

generateQRCode

public static String generateQRCode(String accountName,
                                    String secret)

Return the QR image URL from Google Charts API. This can be shown to the user and scanned by the authenticator program as an easy way to enter the secret

Parameters:

accountName - The account name used to display to the user

secret - The secret to use

Returns:

A URL to the Google charts API