hsm_client/java/_ocra_gen_8java-example.html

package doxy.examples;


import java.math.BigInteger;

import java.security.MessageDigest;


import com.dinamonetworks.Dinamo;


import br.com.trueaccess.TacException;

import br.com.trueaccess.TacNDJavaLib;


public class OcraGen {


    private static final byte[] QN08_12345678 = hexToBytes("BC614E");

    private static final byte[] QN08_99999999 = hexToBytes("5f5e0ff0");


    public static void main(String[] args) throws Exception {

        String ip       = "127.0.0.1";

        String user     = "master";

        String password = "12345678";


        System.out.println("Connecting to Dinamo at " + ip + " with user " + user);


        Dinamo api = new Dinamo();

        api.openSession(ip, user, password);


        // RFC 6287 Appendix B.1 key: "12345678901234567890" (20 bytes, SHA-1)

        byte[] keyMaterial = "12345678901234567890".getBytes("US-ASCII");

        String skId = "ocra_sha1_example";


        try {

            // Importa a chave HMAC-SHA1 no HSM

            api.importKey(skId, TacNDJavaLib.PLAINTEXTKEY_BLOB,

                          TacNDJavaLib.ALG_HMAC_SHA1, keyMaterial, false);


            // --- Exemplo 1: OCRA-1:HOTP-SHA1-6:QN08 (sem contador, sem PIN) ---

            // Suite: SHA-1, 6 dígitos, desafio numérico de 8 dígitos

            String suite = "OCRA-1:HOTP-SHA1-6:QN08";

            byte[] question = QN08_99999999;


            String otp = api.oathOcraGen(

                    0,         // sem flags opcionais

                    6,         // 6 dígitos

                    skId,

                    suite,

                    null,      // sem contador

                    question,

                    null,      // sem PIN hash

                    null,      // sem sessão

                    null);     // sem timestamp


            System.out.printf("Suite   : %s%n", suite);

            System.out.printf("Desafio : %d%n", 99999999);

            System.out.printf("OTP     : %s%n%n", otp);


            // --- Exemplo 2: OCRA-1:HOTP-SHA256-8:C-QN08-PSHA1 (com contador e PIN) ---

            // Reimporta como SHA-256

            api.deleteKey(skId);

            byte[] k32 = hexToBytes(

                    "3132333435363738393031323334353637383930" +

                    "313233343536373839303132");

            api.importKey(skId, TacNDJavaLib.PLAINTEXTKEY_BLOB,

                          TacNDJavaLib.ALG_HMAC_SHA2_256, k32, false);


            suite = "OCRA-1:HOTP-SHA256-8:C-QN08-PSHA1";

            byte[] counter  = hexToBytes("0000000000000000");

            byte[] pinHash  = MessageDigest.getInstance("SHA-1").digest("1234".getBytes("US-ASCII"));

            question        = QN08_12345678;

            int setup       = TacNDJavaLib.DN_OATH_OCRA_USE_CTR | TacNDJavaLib.DN_OATH_OCRA_USE_PH20;


            otp = api.oathOcraGen(

                    setup,

                    8,

                    skId,

                    suite,

                    counter,

                    question,

                    pinHash,

                    null,

                    null);


            System.out.printf("Suite   : %s%n", suite);

            System.out.printf("Contador: %d%n", 0);

            System.out.printf("Desafio : %d%n", 12345678);

            System.out.printf("OTP     : %s%n", otp);


        } finally {

            try { api.deleteKey(skId); } catch (TacException ignore) {}

            api.closeSession();

        }

    }


    private static byte[] hexToBytes(String hex) {

        int len = hex.length();

        byte[] out = new byte[len / 2];

        for (int i = 0; i < len; i += 2) {

            out[i / 2] = (byte) new BigInteger(hex.substring(i, i + 2), 16).intValue();

        }

        return out;

    }

}