TOTP Class

Properties Methods Events Config Settings Errors

The TOTP class allows creation of Time-Based One-Time passwords.

Syntax

ipworksauth.Totp

Remarks

The TOTP class implements the TOTP algorithm defined in RFC 6238 (Time-Based One-Time Password). These types of passwords are commonly used as a second factor of authentication in multi-factor authentication scenarios.

To begin specify the shared secret in the Secret property.

Next, you may set TimeStep. If this property is not set, the class will use a default value.

To create the password call CreatePassword. The Password property will be populated with the new password.

To validate a password set the Password property and call ValidatePassword. The method will return True or False to indicate success or failure.

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.


Password	The Time-Based One Time Password.
Secret	The Base32 encoded shared secret used when creating and validating a password.
TimeStep	The time step (in seconds) used for Time-Based One Time Password creation or validation.
ValidityTime	The validity time of the created password.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.


Config	Sets or retrieves a configuration setting.
CreatePassword	Creates a Time-Based One Time Password.
Reset	Reset the variables to default value.
ValidatePassword	Validates a Time-Based One Time Password.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.


Error	Information about errors during data delivery.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.


CurrentTime	The current time in milliseconds.
FuturePasswordsAccepted	The number of future passwords to accept.
HashAlgorithm	The hash algorithm used to sign the password.
PasswordLength	The length of the generated password.
PreviousPasswordsAccepted	The number of previous passwords to accept.
SecretLength	The length of secret to generate.
ValidityTime	The validity time of the created TOTP password.
BuildInfo	Information about the product's build.
GUIAvailable	Tells the class whether or not a message loop is available for processing events.
LicenseInfo	Information about the current license.
MaskSensitive	Whether sensitive data is masked in log messages.
UseDaemonThreads	Whether threads created by the class are daemon threads.
UseFIPSCompliantAPI	Tells the class whether or not to use FIPS certified APIs.
UseInternalSecurityAPI	Tells the class whether or not to use the system security libraries or an internal implementation.

Password Property (TOTP Class)

The Time-Based One Time Password.

Syntax


public String getPassword();


public void setPassword(String password);

Default Value

Remarks

This property holds the Time-Based One Time Password. This property is populated after calling CreatePassword. This property must be set before calling ValidatePassword.

Secret Property (TOTP Class)

The Base32 encoded shared secret used when creating and validating a password.

Syntax


public String getSecret();


public void setSecret(String secret);

Default Value

Remarks

This property specifies the Base32 encoded shared secret used when creating and validating a password. This should be set before calling CreatePassword or ValidatePassword.

If this is not set before calling CreatePassword a random secret will be automatically generated. This functionality provides an easy way to create new secret values. The length of the secret is defined by SecretLength.

TimeStep Property (TOTP Class)

The time step (in seconds) used for Time-Based One Time Password creation or validation.

Syntax


public int getTimeStep();


public void setTimeStep(int timeStep);

Default Value

Remarks

This property specifies the time step (in seconds) used for Time-Based One Time Password creation or validation. This value must be specified before calling CreatePassword or ValidatePassword.

The default value is 30.

ValidityTime Property (TOTP Class)

The validity time of the created password.

Syntax


public int getValidityTime();

Default Value

Remarks

This property returns the remaining validity time in seconds of the created password. After calling CreatePassword this property may be queried to determine for how many more seconds the password will be valid. If the password is no longer valid this property returns 0.

This property is read-only.

Config Method (Totp Class)

Sets or retrieves a configuration setting.

Syntax

public String config(String configurationString);

Remarks

Config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

CreatePassword Method (Totp Class)

Creates a Time-Based One Time Password.

Syntax

public void createPassword();

Remarks

This method creates a Time-Based One Time Password.

The following properties are applicable when calling CreatePassword.

Secret
TimeStep

Calling CreatePassword populates the Password property with the created password.

If Secret is not specified before calling this method a random secret will be automatically generated.

Reset Method (Totp Class)

Reset the variables to default value.

Syntax

public void reset();

Remarks

This method will reset the variables to default value.

ValidatePassword Method (Totp Class)

Validates a Time-Based One Time Password.

Syntax

public boolean validatePassword();

Remarks

This method validates a Time-Based One Time Password.

The following properties are applicable when calling ValidatePassword.

Password (required)
Secret (required)
TimeStep

The method will return True if the password is validated, False otherwise.

Error Event (Totp Class)

Information about errors during data delivery.

Syntax

public class DefaultTotpEventListener implements TotpEventListener {
  ...
  public void error(TotpErrorEvent e) {}
  ...
}

public class TotpErrorEvent {
  public int errorCode;
  public String description;
}

Remarks

The Error event is fired in case of exceptional conditions during message processing. Normally the class throws an exception.

ErrorCode contains an error code and Description contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

Config Settings (Totp Class)

The class accepts one or more of the following configuration settings. Configuration settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the Config method.

TOTP Config Settings

CurrentTime: The current time in milliseconds.

Specifies the current time Unix time in milliseconds (time since January 1 1970). Normally the component will query the system for the current time when creating or validating TOTP passwords. In the event that the system time is incorrect or cannot be retrieved you may set this value to the current time. This value will be reset to 0 after calling CreatePassword.

FuturePasswordsAccepted: The number of future passwords to accept.

When set to a positive value, the class will accept passwords which are generated {FuturePasswordsAccepted} * TimeStep seconds in the future. The default value is 0.

HashAlgorithm: The hash algorithm used to sign the password.

This setting specifies the hash algorithm used to sign the password. Possible values are:

SHA1 (default)
SHA256
SHA512

PasswordLength: The length of the generated password.

This setting specifies the length of the generated password. Possible values are:

6 (default)
7
8

PreviousPasswordsAccepted: The number of previous passwords to accept.

When set to a positive value, the class will accept passwords which were generated {PreviousPasswordsAccepted} * TimeStep seconds in the past. The default value is 0.

SecretLength: The length of secret to generate.

When Secret is empty and CreatePassword is called a random secret value will be generated. This setting determines the length of the randomly generated secret. The default value is 32.

ValidityTime: The validity time of the created TOTP password.

This setting returns the remaining validity time in seconds of the created TOTP password. After calling CreatePassword this setting may be queried to determine for how many more seconds the password will be valid. If the password is no longer valid this setting returns 0. This is not applicable to HOTP passwords.

Base Config Settings

BuildInfo: Information about the product's build.

When queried, this setting will return a string containing information about the product's build.

GUIAvailable: Tells the class whether or not a message loop is available for processing events.

In a GUI-based application, long-running blocking operations may cause the application to stop responding to input until the operation returns. The class will attempt to discover whether or not the application has a message loop and, if one is discovered, it will process events in that message loop during any such blocking operation.

In some non-GUI applications, an invalid message loop may be discovered that will result in errant behavior. In these cases, setting GUIAvailable to false will ensure that the class does not attempt to process external events.

LicenseInfo: Information about the current license.

When queried, this setting will return a string containing information about the license this instance of a class is using. It will return the following information:

Product: The product the license is for.
Product Key: The key the license was generated from.
License Source: Where the license was found (e.g., RuntimeLicense, License File).
License Type: The type of license installed (e.g., Royalty Free, Single Server).
Last Valid Build: The last valid build number for which the license will work.

MaskSensitive: Whether sensitive data is masked in log messages.

In certain circumstances it may be beneficial to mask sensitive data, like passwords, in log messages. Set this to true to mask sensitive data. The default is false.

This setting only works on these classes: AS3Receiver, AS3Sender, Atom, Client(3DS), FTP, FTPServer, IMAP, OFTPClient, SSHClient, SCP, Server(3DS), Sexec, SFTP, SFTPServer, SSHServer, TCPClient, TCPServer.

UseDaemonThreads: Whether threads created by the class are daemon threads.

If set to True (default), when the class creates a thread, the thread's Daemon property will be explicitly set to True. When set to False, the class will not set the Daemon property on the created thread. The default value is True.

UseFIPSCompliantAPI: Tells the class whether or not to use FIPS certified APIs.

When set to true, the class will utilize the underlying operating system's certified APIs. Java editions, regardless of OS, utilize Bouncy Castle FIPS, while all the other Windows editions make use of Microsoft security libraries.

The Java edition requires installation of the FIPS certified Bouncy Castle library regardless of the target operating system. This can be downloaded from https://www.bouncycastle.org/fips-java/. Only the "Provider" library is needed. The jar file should then be installed in a JRE search path.

In the application where the component will be used the following classes must be imported:

import java.security.Security; import org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider;

The Bouncy Castle provider must be added as a valid provider and must also be configured to operate in FIPS mode:

System.setProperty("org.bouncycastle.fips.approved_only","true"); Security.addProvider(new BouncyCastleFipsProvider()); FIPS mode can be enabled by setting the UseFIPSCompliantAPI configuration setting to true. This is a static setting which applies to all instances of all classes of the toolkit within the process. It is recommended to enable or disable this setting once before the component has been used to establish a connection. Enabling FIPS while an instance of the component is active and connected may result in unexpected behavior.

For more details please see the FIPS 140-2 Compliance article.

Note: Enabling FIPS-compliance requires a special license; please contact sales@nsoftware.com for details.

UseInternalSecurityAPI: Tells the class whether or not to use the system security libraries or an internal implementation.

When set to false, the class will use the system security libraries by default to perform cryptographic functions where applicable.

Setting this setting to true tells the class to use the internal implementation instead of using the system security libraries.

This setting is set to false by default on all platforms.

Trappable Errors (Totp Class)

TOTP Errors

114 Can't create password.
115 Can't validate password.