Add TOTP one-time password generation

Author: labkey-adam

src/org/labkey/remoteapi/totp/CodeGenerationException.java

@@ -0,0 +1,14 @@
+/*
+ * Copyright (c) 2019 Sam Stevens
+ *
+ * Licensed under the MIT License
+ *
+ * https://github.com/samdjstevens v1.7.1
+ */
+package org.labkey.remoteapi.totp;
+
+public class CodeGenerationException extends Exception {
+    public CodeGenerationException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}

src/org/labkey/remoteapi/totp/CodeGenerator.java

@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2019 Sam Stevens
+ *
+ * Licensed under the MIT License
+ *
+ * https://github.com/samdjstevens v1.7.1
+ */
+package org.labkey.remoteapi.totp;
+
+import org.apache.commons.codec.binary.Base32;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidKeyException;
+import java.security.InvalidParameterException;
+import java.security.NoSuchAlgorithmException;
+
+public class CodeGenerator
+{
+    private final HashingAlgorithm algorithm;
+    private final int digits;
+
+    public CodeGenerator(HashingAlgorithm algorithm, int digits) {
+        if (algorithm == null) {
+            throw new InvalidParameterException("HashingAlgorithm must not be null.");
+        }
+        if (digits < 1) {
+            throw new InvalidParameterException("Number of digits must be higher than 0.");
+        }
+
+        this.algorithm = algorithm;
+        this.digits = digits;
+    }
+
+    public String generate(String key, long counter) throws CodeGenerationException {
+        try {
+            byte[] hash = generateHash(key, counter);
+            return getDigitsFromHash(hash);
+        } catch (Exception e) {
+            throw new CodeGenerationException("Failed to generate code. See nested exception.", e);
+        }
+    }
+
+    /**
+     * Generate a HMAC-SHA1 hash of the counter number.
+     */
+    private byte[] generateHash(String key, long counter) throws InvalidKeyException, NoSuchAlgorithmException {
+        byte[] data = new byte[8];
+        long value = counter;
+        for (int i = 8; i-- > 0; value >>>= 8) {
+            data[i] = (byte) value;
+        }
+
+        // Create a HMAC-SHA1 signing key from the shared key
+        Base32 codec = new Base32();
+        byte[] decodedKey = codec.decode(key);
+        SecretKeySpec signKey = new SecretKeySpec(decodedKey, algorithm.getHmacAlgorithm());
+        Mac mac = Mac.getInstance(algorithm.getHmacAlgorithm());
+        mac.init(signKey);
+
+        // Create a hash of the counter value
+        return mac.doFinal(data);
+    }
+
+    /**
+     * Get the n-digit code for a given hash.
+     */
+    private String getDigitsFromHash(byte[] hash) {
+        int offset = hash[hash.length - 1] & 0xF;
+
+        long truncatedHash = 0;
+
+        for (int i = 0; i < 4; ++i) {
+            truncatedHash <<= 8;
+            truncatedHash |= (hash[offset + i] & 0xFF);
+        }
+
+        truncatedHash &= 0x7FFFFFFF;
+        truncatedHash %= Math.pow(10, digits);
+
+        // Left pad with 0s for a n-digit code
+        return String.format("%0" + digits + "d", truncatedHash);
+    }
+}

src/org/labkey/remoteapi/totp/HashingAlgorithm.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2019 Sam Stevens
+ *
+ * Licensed under the MIT License
+ *
+ * https://github.com/samdjstevens v1.7.1
+ */
+
+package org.labkey.remoteapi.totp;
+
+public enum HashingAlgorithm {
+
+    SHA1("HmacSHA1", "SHA1"), //default
+    SHA256("HmacSHA256", "SHA256"),
+    SHA512("HmacSHA512", "SHA512");
+
+    private final String hmacAlgorithm;
+    private final String friendlyName;
+
+    HashingAlgorithm(String hmacAlgorithm, String friendlyName) {
+        this.hmacAlgorithm = hmacAlgorithm;
+        this.friendlyName = friendlyName;
+    }
+
+    public String getHmacAlgorithm() {
+        return hmacAlgorithm;
+    }
+
+    public String getFriendlyName() {
+        return friendlyName;
+    }
+}

src/org/labkey/remoteapi/totp/TimeProvider.java

@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2019 Sam Stevens
+ *
+ * Licensed under the MIT License
+ *
+ * https://github.com/samdjstevens v1.7.1
+ */
+package org.labkey.remoteapi.totp;
+
+import java.time.Instant;
+
+public class TimeProvider {
+    public long getTime() throws RuntimeException {
+        return Instant.now().getEpochSecond();
+    }
+}

src/org/labkey/remoteapi/totp/TotpManager.java

@@ -0,0 +1,20 @@
+package org.labkey.remoteapi.totp;
+
+public class TotpManager
+{
+    // Generate a TOTP one-time password based on the default parameters (30 second time step, 6 digits, SHA1)
+    public static String generateCode(String secretKey) throws CodeGenerationException
+    {
+        return generateCode(secretKey, 30, 6, HashingAlgorithm.SHA1);
+    }
+
+    // Generate a TOTP one-time password using custom parameters
+    public static String generateCode(String secretKey, int timeStep, int digits, HashingAlgorithm hashingAlgorithm) throws CodeGenerationException
+    {
+        TimeProvider timeProvider = new TimeProvider();
+        long currentBucket = Math.floorDiv(timeProvider.getTime(), timeStep);
+        CodeGenerator codeGenerator = new CodeGenerator(hashingAlgorithm, digits);
+
+        return codeGenerator.generate(secretKey, currentBucket);
+    }
+}