View Javadoc
1   /**
2    * Portions of this software was developed by employees of the National Institute
3    * of Standards and Technology (NIST), an agency of the Federal Government and is
4    * being made available as a public service. Pursuant to title 17 United States
5    * Code Section 105, works of NIST employees are not subject to copyright
6    * protection in the United States. This software may be subject to foreign
7    * copyright. Permission in the United States and in foreign countries, to the
8    * extent that NIST may hold copyright, to use, copy, modify, create derivative
9    * works, and distribute this software and its documentation without fee is hereby
10   * granted on a non-exclusive basis, provided that this notice and disclaimer
11   * of warranty appears in all copies.
12   *
13   * THE SOFTWARE IS PROVIDED 'AS IS' WITHOUT ANY WARRANTY OF ANY KIND, EITHER
14   * EXPRESSED, IMPLIED, OR STATUTORY, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTY
15   * THAT THE SOFTWARE WILL CONFORM TO SPECIFICATIONS, ANY IMPLIED WARRANTIES OF
16   * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND FREEDOM FROM
17   * INFRINGEMENT, AND ANY WARRANTY THAT THE DOCUMENTATION WILL CONFORM TO THE
18   * SOFTWARE, OR ANY WARRANTY THAT THE SOFTWARE WILL BE ERROR FREE.  IN NO EVENT
19   * SHALL NIST BE LIABLE FOR ANY DAMAGES, INCLUDING, BUT NOT LIMITED TO, DIRECT,
20   * INDIRECT, SPECIAL OR CONSEQUENTIAL DAMAGES, ARISING OUT OF, RESULTING FROM,
21   * OR IN ANY WAY CONNECTED WITH THIS SOFTWARE, WHETHER OR NOT BASED UPON WARRANTY,
22   * CONTRACT, TORT, OR OTHERWISE, WHETHER OR NOT INJURY WAS SUSTAINED BY PERSONS OR
23   * PROPERTY OR OTHERWISE, AND WHETHER OR NOT LOSS WAS SUSTAINED FROM, OR AROSE OUT
24   * OF THE RESULTS OF, OR USE OF, THE SOFTWARE OR SERVICES PROVIDED HEREUNDER.
25   */
26  
27  package gov.nist.secauto.swid.client.totp;
28  
29  import gov.nist.secauto.swid.client.totp.Hotp.HashAlgorithm;
30  
31  import java.util.Calendar;
32  import java.util.GregorianCalendar;
33  import java.util.TimeZone;
34  
35  /**
36   * A direct implementation of https://tools.ietf.org/html/rfc6238.
37   * 
38   */
39  public class Totp {
40    // the size of the time step in seconds
41    private int timeStepSeconds;
42    // the time adjustment from UNIX time in seconds (based on UTC and the
43    // epoch)
44    private long T0;
45    // the internal HOTP implementation
46    private Hotp hotp;
47  
48    /**
49     * Creates a default Totp instance with a 30 second time step, T0 of 0 using HMAC-SHA-1 producing an
50     * 8 digit output.
51     */
52    public Totp() {
53      this(30, 0L, HashAlgorithm.SHA1, 8);
54    }
55  
56    /**
57     * Creates a Totp instance with a 30 second time step, T0 of 0 using the provided parameters.
58     * 
59     * @param algorithm
60     *          the algorithm to use
61     * @param digits
62     *          the number of digits
63     */
64    public Totp(HashAlgorithm algorithm, int digits) {
65      this(30, 0L, algorithm, digits);
66    }
67  
68    /**
69     * Creates a Totp instance with a 30 second time step, T0 of 0 using the provided parameters.
70     * 
71     * @param timeStepSeconds
72     *          the size of the time step in seconds (this is X in the RFC)
73     * @param algorithm
74     *          the algorithm to use
75     * @param T0
76     *          the time adjustment from UNIX time in seconds (based on UTC and the epoch)
77     * @param digits
78     *          the number of digits
79     * @see Hotp
80     */
81    public Totp(int timeStepSeconds, long T0, HashAlgorithm algorithm, int digits) {
82      if (timeStepSeconds <= 0) {
83        throw new IllegalArgumentException("timeStepSeconds must be greater than zero");
84      }
85      this.timeStepSeconds = timeStepSeconds;
86      this.T0 = T0;
87      this.hotp = new Hotp(algorithm, digits);
88    }
89  
90    /**
91     * Calculates a TOTP result using the provided key and the current time
92     * 
93     * @param key
94     *          the key/seed to use for calculating the value
95     * @return the TOTP value for the current time point
96     */
97    public String totp(byte[] key) {
98      return totp(key, currentTime());
99    }
100 
101   /**
102    * Calculates a TOTP result using the provided key and provided time
103    * 
104    * @param key
105    *          the key/seed to use for calculating the value
106    * @param time
107    *          the time value to use
108    * @return the TOTP value for the provided time point
109    */
110   public String totp(byte[] key, long time) {
111     long T = (time - T0) / timeStepSeconds;
112     return hotp.generate(key, T);
113   }
114 
115   /**
116    * @return the current UNIX time (based on UTC and epoch) in seconds
117    */
118   private long currentTime() {
119     Calendar calendar = GregorianCalendar.getInstance(TimeZone.getTimeZone("UTC"));
120     return calendar.getTimeInMillis() / 1000;
121   }
122 }