import java.nio.ByteBuffer; import java.security.SecureRandom; import java.util.ArrayList; import java.util.List; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; /** * https://tools.ietf.org/html/rfc6238 * https://weblogs.java.net/blog/evanx/archive/2012/11/07/google-authenticator-thus-enabled */ public class TOTP { static String encodedKey; public static String getQRBarcodeURL(String user, String host, String secret) { String format = “https://www.google.com/chart?chs=200×200&chld=M%%7C0&cht=qr&chl=otpauth://totp/%s@%s%%3Fsecret%%3D%s”; return String.format(format, user, host, secret); } public static void main(String[] args) throws Exception { byte[] secretKey = new byte[10]; new SecureRandom().nextBytes(secretKey); encodedKey = Base32.encodeRfc(secretKey); System.out.println(“secret => ” + encodedKey); System.out.println(getQRBarcodeURL(“jo.27”, “acekorea.info”, encodedKey)); long X = 30; long T0 = 0; long t = (System.currentTimeMillis() – T0) / 1000 / X; System.out.println(getCode(encodedKey, t)); System.out.println(getCodeList(encodedKey, t, 5)); } public static boolean verifyCode(String secret, int code, long timeIndex, int variance) throws Exception { byte[] secretBytes = Base32.decodeRfc(secret); for (int i = -variance; i <= variance; i++) { if (getCode(secretBytes, timeIndex + i) == code) { return true; } } return false; } private static long getCode(byte[] secret, long timeIndex) throws Exception { SecretKeySpec signKey = new SecretKeySpec(secret, “HmacSHA1”); ByteBuffer buffer = ByteBuffer.allocate(8); buffer.putLong(timeIndex); byte[] timeBytes = buffer.array(); Mac mac = Mac.getInstance(“HmacSHA1”); mac.init(signKey); byte[] hash = mac.doFinal(timeBytes); int offset = hash[19] & 0xf; long truncatedHash = hash[offset] & 0x7f; for (int i = 1; i < 4; i++) { truncatedHash <<= 8; truncatedHash |= hash[offset + i] & 0xff; } return (truncatedHash %= 1000000); } static long getCode(String secret, long timeIndex) throws Exception { return getCode(Base32.decodeRfc(secret), timeIndex); } static List getCodeList(String secret, long timeIndex, int variance) throws Exception { List list = new ArrayList(); for (int i = -variance; i <= variance; i++) { list.add(getCode(secret, timeIndex + i)); } return list; } } ]]>