IssueHOTPBlobGenerate.java

Example of generating, checking and re-synchronizing a HOTP Blob OATH using the HSM. With seed generated inside the HSM.

See Note on examples.

package doxy.examples;
 
 
import com.dinamonetworks.Dinamo;
import br.com.trueaccess.TacException;
import br.com.trueaccess.TacNDJavaLib;
 
public class IssueHOTPBlobGenerate {
    static String ip = "127.0.0.1";
    static String user = "master";
    static String password = "12345678";
    
    public static void main(String[] args) throws TacException {
 
        Dinamo api = new Dinamo();
        api.openSession(ip, user, password);
 
        String masterKeyName = "master_key";
 
        /*
         * Create a master key.
         * */
        System.out.println("--> Create master key");
        api.createKey(masterKeyName, TacNDJavaLib.ALG_AES_256, true);
 
        /*
         * Generates the HOTP Blog with the seed generated within HSM.
         * */
        System.out.println("--> Generate HOTP BLOB");
        byte[] hotpGenBlob = api.generateOATHHotpBlob(masterKeyName);
 
 
        /*
         * Recovers the seed of the Blog OATH generated by HSM.
         *
         * This seed can be transformed from binary to Base32
         * and imported into the client (Google Authenticator, for example).
         *
         * */
        System.out.println("--> Retrieve seed from BLOB HOTP");
        byte[] hotpGenBlobSeed = api.getOATHSeed(masterKeyName, hotpGenBlob);
 
        /*
         * This call simulates the OTP client. It generates the next OTP, without changing
         * the content of the OATH blob.
         * */
        System.out.println("--> Generate next OTP");
        String nextOtp = api.getNextOATHOTP(masterKeyName,
                                            TacNDJavaLib.ISSUE_OATH_MIN_OTP_LEN,
                                            hotpGenBlob);
 
        /*
         * Checks the OTP and updates the Blob.
         * The previous Blob can and should be discarded.
         *
         * */
        System.out.println("--> Check OTP");
        hotpGenBlob = api.checkOATHBlobOTP(masterKeyName, nextOtp, hotpGenBlob);
 
 
        /*
         * Re-synchronizes the HOTP blob and updates the blob.
         * Use when the blob OATH is out of sync.
         * The previous Blob can and should be discarded.
         *
         * 2 consecutive OTPs are passed for the HSM to adjust the event window.
         *
         * */
        System.out.println("--> Re-synchronize BLOB HOTP");
        hotpGenBlob = api.resyncOATHBlobOTP(masterKeyName, "457762", "251104", hotpGenBlob);
 
        /*
         * Deletes the master key.
         * */
        System.out.println("--> Deletes master key");
        api.deleteKey(masterKeyName);
 
        api.closeSession();
    }
}