java source code of TotpUtils

mangooio-master
- .github
  - workflows
    - maven.yml
- settings.xml
- mangooio-maven-archetype
  - src
    - main
      - resources
        archetype-resources
        src
        main
        resources
        translations
        messages_en.properties
        messages.properties
        messages_de.properties
        files
        robots.txt
        assets
        javascripts
        javascript.min.js
        stylesheets
        stylesheet.min.css
        log4j2.xml
        templates
        ApplicationController
        persons.ftl
        index.ftl
        layout.ftl
        log4j2-test.xml
        config.props
        java
        models
        Person.java
        controllers
        ApplicationController.java
        app
        Module.java
        Bootstrap.java
        test
        java
        controllers
        ApplicationControllerTest.java
        dependencies
        pom.xml
        META-INF
        maven
        archetype-metadata.xml
        archetype-post-generate.groovy
    - test
      - resources
        projects
        basic
        archetype.properties
        goal.txt
  - pom.xml
- mangooio-integration-test
  - src
    - main
      - resources
        translations
        messages_en.properties
        messages.properties
        messages_de.properties
        messages_fr.properties
        files
        robots.txt
        less
        myless.less
        sass
        mysass.sass
        assets
        javascript
        myjquery.min.js
        jquery.min.js
        myjquery.js
        stylesheet
        mycss.min.css
        css.min.css
        mycss.css
        css.css
        mysass.min.css
        mysass.css
        myless.min.css
        myless.css
        log4j2.xml
        templates
        ApplicationController
        route.ftl
        index.ftl
        location.ftl
        freemarker.ftl
        unrenderedText.body
        prettytime.ftl
        restricted.ftl
        reverse.ftl
        layout.ftl
        JsonController
        parse.ftl
        FormController
        validateform.ftl
        form.ftl
        multivalued.ftl
        flashify.ftl
        FlashController
        flashed.ftl
        I18nController
        localize.ftl
        umlaute.ftl
        translation.ftl
        special.ftl
        FilterController
        filter.ftl
        ParameterController
        param.ftl
        multiparam.ftl
        AuthenticityController
        form.ftl
        valid.ftl
        token.ftl
        emails
        html.ftl
        simple.ftl
        multipart.ftl
        AuthenticationController
        subject.ftl
        policy.csv
        model.conf
        log4j2-test.xml
        config.props
      - java
        main
        Main.java
        models
        Person.java
        controllers
        FilterController.java
        FormController.java
        JsonController.java
        FlashController.java
        ApplicationController.java
        ParameterController.java
        WebSocketController.java
        BasicAuthenticationController.java
        AuthenticityController.java
        I18nController.java
        SessionController.java
        AuthenticationController.java
        AuthorizationController.java
        subcontrollers
        SubController.java
        filters
        MyGlobalFilter.java
        HeaderFilter.java
        FilterTwo.java
        FilterThree.java
        ContentFilter.java
        FilterOne.java
        jobs
        InfoJobEveryHour.java
        InfoJobEveryMinute.java
        InfoJobEverySecond.java
        InfoJobEveryDay.java
        InfoJob.java
        app
        Module.java
        Bootstrap.java
    - test
      - resources
        attachment.txt
        policy.csv
        messages_en.properties
        model.conf
        mockito-extensions
        org.mockito.plugins.MockMaker
        junit-platform.properties
        messages_de.properties
        messages_fr.properties
      - java
        io
        mangoo
        configuration
        ModuleTest.java
        ConfigTest.java
        providers
        CacheProviderTest.java
        crypto
        CryptoTest.java
        utils
        ByteUtilsTest.java
        CodecUtilsTest.java
        SchedulerUtilsTest.java
        MangooUtilsTest.java
        JsonUtilsTest.java
        RequestUtilsTest.java
        DateUtilsTest.java
        TotpUtilsTest.java
        services
        TestListener.java
        executors
        TestCallable.java
        TestRunnable.java
        ServerSentEventServiceTest.java
        CustomWebTarget.java
        EventBusServiceTest.java
        ConcurrentServicesTest.java
        WebSocketServiceTest.java
        AuthorizationServiceTest.java
        i18n
        MessagesTest.java
        mail
        MailTest.java
        enums
        EnumsTest.java
        scheduler
        SchedulerTest.java
        models
        IdentityTest.java
        CauseTest.java
        JobTest.java
        TestModel.java
        Car.java
        RequestTest.java
        MetricsTest.java
        handlers
        ResourcesHandlerTest.java
        controllers
        FlashControllerTest.java
        AuthorizationControllerTest.java
        FilterControllerTest.java
        DefaultTemplatesTest.java
        FormControllerTest.java
        WebSocketControllerTest.java
        I18nControllerTest.java
        AuthenticityControllerTest.java
        SubControllerTest.java
        ConcurrentControllerTest.java
        ApplicationControllerTest.java
        AuthenticationControllerTest.java
        SessionControllerTest.java
        JsonControllerTest.java
        ParameterControllerTest.java
        HttpMethodsTest.java
        BasicAuthenticationControllerTest.java
        AdminControllerTest.java
        filters
        AuthenticitiyFilterTest.java
        cache
        CacheTest.java
        core
        ServerTest.java
        templating
        TemplateContextTest.java
        TemplateEngineTest.java
        TestExtension.java
        routing
        ResponseTest.java
        bindings
        InjectionTest.java
        SessionTest.java
        AuthenticationTest.java
        FlashTest.java
        ValidatorTest.java
        FormTest.java
        AttachmentTest.java
        RouterTest.java
        routes
        WebSocketRouteTest.java
        RequestRouteTest.java
        FileRouteTest.java
        ControllerRouteTest.java
        ServerSentEventRouteTest.java
        PathRouteTest.java
        persistence
        DatastoreTest.java
  - pom.xml
  - key
    - privatekey.txt
- mangooio-maven-plugin
  - src
    - main
      - resources
        log4j2.xml
      - java
        io
        mangoo
        build
        Watcher.java
        Trigger.java
        Minification.java
        Runner.java
        maven
        DependenciesMojo.java
        MinifyMojo.java
        MangooMojo.java
        enums
        Suffix.java
    - test
      - java
        io
        mangoo
        utils
        MinificationTest.java
  - pom.xml
- pom.xml
- LICENSE
- mangooio-core
  - src
    - main
      - resources
        templates
        @admin
        login.ftl
        tools.ftl
        scheduler.ftl
        header.ftl
        logger.ftl
        index.ftl
        footer.ftl
        twofactor.ftl
        routes.ftl
        assets
        js
        scripts.js
        jquery.min.js
        stupidtable.min.js
        css
        bulma.min.css
        admin.min.css
        styles.min.css
        exception.css
        defaults.css
        favicons
        favicon.ico
        site.webmanifest
        defaults
        exception.ftl
        429.html
        401.html
        404.html
        403.html
        400.html
        500.html
        logo.txt
        version.properties
      - java
        io
        mangoo
        crypto
        totp
        TOTPValidator.java
        TOTPBuilder.java
        OTPKey.java
        TOTP.java
        Crypto.java
        utils
        ByteUtils.java
        JsonUtils.java
        TotpUtils.java
        MangooUtils.java
        SchedulerUtils.java
        DateUtils.java
        CodecUtils.java
        RequestUtils.java
        services
        EventBusService.java
        WebSocketService.java
        AuthorizationService.java
        ServerSentEventService.java
        ConcurrentService.java
        i18n
        Messages.java
        email
        MailEvent.java
        Mail.java
        admin
        AdminFilter.java
        AdminController.java
        enums
        Mode.java
        Header.java
        Required.java
        Template.java
        CacheName.java
        ClaimKey.java
        Default.java
        Binding.java
        Http.java
        Key.java
        Validation.java
        HmacShaAlgorithm.java
        scheduler
        SchedulerFactory.java
        Scheduler.java
        models
        Identity.java
        Source.java
        Metrics.java
        Job.java
        filters
        AuthenticityFilter.java
        annotations
        FilterWith.java
        Schedule.java
        cache
        CacheImpl.java
        CacheProvider.java
        Cache.java
        exceptions
        MangooSchedulerException.java
        MangooEventBusException.java
        MangooMailerException.java
        MangooTemplateEngineException.java
        MangooEncryptionException.java
        core
        Server.java
        Module.java
        Shutdown.java
        Config.java
        Application.java
        interfaces
        MangooRoute.java
        MangooWebSocket.java
        MangooAuthorizationService.java
        filters
        OncePerRequestFilter.java
        PerRequestFilter.java
        MangooBootstrap.java
        templating
        TemplateContext.java
        directives
        TokenDirective.java
        FormDirective.java
        methods
        PrettyTimeMethod.java
        RouteMethod.java
        LocationMethod.java
        I18nMethod.java
        TemplateEngine.java
        routing
        Attachment.java
        bindings
        Validator.java
        Form.java
        Authentication.java
        Session.java
        Flash.java
        Request.java
        Response.java
        handlers
        InboundCookiesHandler.java
        DispatcherHandler.java
        BinaryHandler.java
        MetricsHandler.java
        OutboundCookiesHandler.java
        ExceptionHandler.java
        CorsHandler.java
        FormHandler.java
        ServerSentEventHandler.java
        RequestHandler.java
        LimitHandler.java
        AuthenticationHandler.java
        ResponseHandler.java
        LocaleHandler.java
        AuthorizationHandler.java
        WebSocketHandler.java
        FallbackHandler.java
        listeners
        ServerSentEventCloseListener.java
        MetricsListener.java
        WebSocketCloseListener.java
        Router.java
        Bind.java
        routes
        FileRoute.java
        ServerSentEventRoute.java
        WebSocketRoute.java
        RequestRoute.java
        ControllerRoute.java
        PathRoute.java
        On.java
        persistence
        Datastore.java
        BaseModel.java
  - pom.xml
- owasp-suppression.xml
- SECURITY.md
- mangooio-test
  - src
    - main
      - java
        io
        mangoo
        test
        TestRunner.java
        email
        SmtpMock.java
        hamcrest
        RegexMatcher.java
        http
        TestResponse.java
        TestBrowser.java
        TestRequest.java
  - pom.xml
  - .gitignore
- mangooio-dependencies
  - src
    - main
      - java
        io
        mangoo
        Dependencies.java
  - pom.xml
- README.md
- .gitlab-ci.yml
- .gitignore

package io.mangoo.utils;
    
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Objects;
import java.util.Random;
import java.util.concurrent.TimeUnit;

import org.apache.commons.codec.binary.Base32;
import org.apache.commons.lang3.RegExUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

import io.mangoo.crypto.totp.TOTP;
import io.mangoo.enums.HmacShaAlgorithm;
import io.mangoo.enums.Required;

/**
 * 
 * @author svenkubiak
 *
 */
public class TotpUtils {
    private static final Logger LOG = LogManager.getLogger(TotpUtils.class);
    private static final Base32 base32 = new Base32();
    private static final HmacShaAlgorithm ALGORITHM = HmacShaAlgorithm.HMAC_SHA_512;
    private static final int DIGITS = 6;
    private static final int MAX_CHARACTERS = 32;
    private static final int PERIOD = 30;
    private static final int ITERATIONS = 26;
    private static final int BYTES_SECRET = 64;
    
    private TotpUtils() {
    }
    
    /**
     * Generates a 64 byte (512 bit) secret
     * 
     * @return A 64 characters random string based on SecureRandom
     */
    public static String createSecret() {
        Random random = new SecureRandom();
        StringBuilder buffer = new StringBuilder(BYTES_SECRET);
        for (int i = 0; i < BYTES_SECRET; i++) {
            int value = random.nextInt(MAX_CHARACTERS);
            if (value < ITERATIONS) {
                buffer.append((char) ('A' + value));
            } else {
                buffer.append((char) ('2' + (value - ITERATIONS)));
            }
        }
        
        return buffer.toString();
    }
    
    /**
     * Creates the current TOTP based on the following default values:
     * SHA512 algorithm, 6 digits, 30 seconds time period
     * 
     * @param secret The secret to use
     * 
     * @return The totp value or null if generation failed
     */
    public static String getTotp(String secret) {
        Objects.requireNonNull(secret, Required.SECRET.toString());
        
        String value = null;
        try {
            TOTP builder = TOTP.key(secret.getBytes(StandardCharsets.US_ASCII.name()))
                    .timeStep(TimeUnit.SECONDS.toMillis(PERIOD))
                    .digits(DIGITS)
                    .hmacSha(ALGORITHM)
                    .build();
            
            value = builder.value();
        } catch (UnsupportedEncodingException e) {
            LOG.error("Failed to create TOTP",  e);
        }
        
        return value;
    }
    
    /**
     * Creates the current TOTP based on the given parameters
     * 
     * @param secret The secret to use
     * @param algorithm The algorithm to use
     * @param digits The digits to use (6 or 8)
     * @param period The time period in seconds
     * 
     * @return The totp value or null if generation failed
     */
    public static String getTotp(String secret, HmacShaAlgorithm algorithm, int digits, int period) {
        Objects.requireNonNull(secret, Required.SECRET.toString());
        Objects.requireNonNull(algorithm, Required.ALGORITHM.toString());
        
        String value = null;
        try {
            TOTP builder = TOTP.key(secret.getBytes(StandardCharsets.US_ASCII.name()))
                    .timeStep(TimeUnit.SECONDS.toMillis(period))
                    .digits(digits)
                    .hmacSha(algorithm)
                    .build();
            
            value = builder.value();
        } catch (UnsupportedEncodingException e) {
            LOG.error("Failed to create TOTP",  e);
        }
        
        return value;
    }
    
    /**
     * Verifies a given TOTP based on the following default values:
     * SHA512 algorithm, 6 digits, 30 seconds time period
     * 
     * @param secret The secret to use
     * @param totp The TOTP to verify
     * 
     * @return True if the TOTP is valid, false otherwise
     */
    public static boolean verifiedTotp(String secret, String totp) {
        Objects.requireNonNull(secret, Required.SECRET.toString());
        Objects.requireNonNull(totp, Required.TOTP.toString());
        
        String value = null;
        try {
            TOTP builder = TOTP.key(secret.getBytes(StandardCharsets.US_ASCII.name()))
                .timeStep(TimeUnit.SECONDS.toMillis(PERIOD))
                .digits(DIGITS)
                .hmacSha(ALGORITHM)
                .build();
            
            value = builder.value();
        } catch (UnsupportedEncodingException e) {
            LOG.error("Failed to verify TOTP",  e);
        }
        
        return totp.equals(value);
    }
    
    /**
     * Generates a QR code link from google charts API to share a secret with a user
     * 
     * @param name The name of the account
     * @param issuer The name of the issuer
     * @param secret The secret to use
     * @param algorithm The algorithm to use
     * @param digits The number of digits to use
     * @param period The period to use
     * 
     * @return An URL to Google charts API with the QR code
     */
    public static String getQRCode(String name, String issuer, String secret, HmacShaAlgorithm algorithm, String digits, String period) {
        Objects.requireNonNull(name, Required.ACCOUNT_NAME.toString());
        Objects.requireNonNull(secret, Required.SECRET.toString());
        Objects.requireNonNull(issuer, Required.ISSUER.toString());
        Objects.requireNonNull(algorithm, Required.ALGORITHM.toString());
        Objects.requireNonNull(digits, Required.DIGITS.toString());
        Objects.requireNonNull(period, Required.PERIOD.toString());
        
        var buffer = new StringBuilder();
        buffer.append("https://chart.googleapis.com/chart?chs=200x200&cht=qr&chl=200x200&chld=M|0&cht=qr&chl=")
            .append(getOtpauthURL(name, issuer, secret, algorithm, digits, period));
        
        return buffer.toString();
    }
    
    /**
     * Generates a otpauth code to share a secret with a user
     * 
     * @param name The name of the account
     * @param issuer The name of the issuer
     * @param secret The secret to use
     * @param algorithm The algorithm to use
     * @param digits The number of digits to use
     * @param period The period to use
     * 
     * @return An otpauth url
     */
    public static String getOtpauthURL(String name, String issuer, String secret, HmacShaAlgorithm algorithm, String digits, String period) {
        Objects.requireNonNull(name, Required.ACCOUNT_NAME.toString());
        Objects.requireNonNull(secret, Required.SECRET.toString());
        Objects.requireNonNull(issuer, Required.ISSUER.toString());
        Objects.requireNonNull(algorithm, Required.ALGORITHM.toString());
        Objects.requireNonNull(digits, Required.DIGITS.toString());
        Objects.requireNonNull(period, Required.PERIOD.toString());
        
        var buffer = new StringBuilder();
        buffer.append("otpauth://totp/")
            .append(name)
            .append("?secret=")
            .append(RegExUtils.replaceAll(base32.encodeAsString(secret.getBytes(StandardCharsets.UTF_8)), "=", ""))
            .append("&algorithm=")
            .append(algorithm.getAlgorithm())
            .append("&issuer=")
            .append(issuer)
            .append("&digits=")
            .append(digits)
            .append("&period=")
            .append(period);
        
        String url = "";
        try {
            url = URLEncoder.encode(buffer.toString(), StandardCharsets.UTF_8.name());
        } catch (UnsupportedEncodingException e) {
            LOG.error("Failed to encode otpauth url", e);
        }
        
        return url;
    }
}