public interface OathDevice
Modifier and Type | Method and Description |
---|---|
SecureString |
getHotp(AuthInput authInput)
Gets an event based OTP (HOTP).
|
int |
getLastOtpLifespan()
Return lifespan of the last OTP computed by this device.
|
SecureString |
getOcraOtp(AuthInput authInput,
SecureByteArray serverChallengeQuestion,
SecureByteArray clientChallengeQuestion,
SecureByteArray passwordHash,
SecureByteArray session)
Gets an OCRA OTP.
|
SecureString |
getOcraPasswordHash(SecureString password)
Get password hash value according the algorithm defined by settings.
|
SecureString |
getTotp(AuthInput authInput)
Gets a time based OTP (TOTP).
|
SecureString getHotp(AuthInput authInput) throws IdpException
authInput
- the AuthInputIllegalStateException
- when the associated token has the
OathToken.TokenCapability.DUAL_SEED
capability because only time based algorithms are supported
for this capability.IdpRuntimeException
- when there is a cryptography operation failure.IdpException
- this is generic exception, you can directly catch this
exception or catch each specific exception below.IdpStorageException
- when there is a database operation failure.DeviceFingerprintException
- when the token's fingerprint checksum does not match.PasswordManagerException
- when the TOKEN domain is not logged in (using one of the
password managers)IdpAuthException
- when the TOKEN is not migratedSecureString getTotp(AuthInput authInput) throws IdpException
authInput
- the AuthInputIdpRuntimeException
- when there is a cryptography operation failure.IdpException
- this is generic exception, you can directly catch this exception or catch each specific exception below.IdpStorageException
- when there is a database operation failureDeviceFingerprintException
- when the token's fingerprint checksum does not match.PasswordManagerException
- when the TOKEN domain is not logged in (using one of the password managers)IdpAuthException
- when the TOKEN is not migratedSecureString getOcraOtp(AuthInput authInput, SecureByteArray serverChallengeQuestion, SecureByteArray clientChallengeQuestion, SecureByteArray passwordHash, SecureByteArray session) throws IdpException
authInput
- the AuthInputserverChallengeQuestion
- the server question. mandatory field, cannot be nullclientChallengeQuestion
- the client question, null
if not usedpasswordHash
- the hash value of password, null
if not used. if
used, length must be compliant with hash algorithm defined in
Ocra settings.session
- the session data, null
if not used. The
SecureString
session
is expected to be created from a string using the "UTF-8"
encoding (see
SecureContainerFactory.fromString(java.lang.String)
or its variants). This input must not be encoded by the caller
in any way. Internally the session will be padded with leading
null characters until it reaches the session byte length (e.g.
session length of 5 and the string input of "info" results in
00696E666F).IllegalArgumentException
- when the serverChallengeQuestion or the
clientChallengeQuestion is longer than the value set by
SoftOathSettings.setOcraMaximumChallengeQuestionLength(int)
.IllegalArgumentException
- when the passwordHash is null but the value set by
SoftOathSettings.setOcraPasswordHashAlgorithm(com.gemalto.idp.mobile.otp.oath.soft.SoftOathSettings.OcraPasswordHashAlgorithm)
is not NONE or when the passwordHash length is not compliant
with the value returned by
SoftOathSettings.setOcraPasswordHashAlgorithm(com.gemalto.idp.mobile.otp.oath.soft.SoftOathSettings.OcraPasswordHashAlgorithm)
.IllegalArgumentException
- when the session is not null but the value set by
SoftOathSettings.setOcraSessionLength(int)
is -1
or vice versa.IllegalArgumentException
- when the session's byte length is longer than the value set
by
SoftOathSettings.setOcraSessionLength(int)
.IllegalArgumentException
- when the session cannot be decoded using UTF-8.IllegalStateException
- when the token's key length is not compatible with the OCRA
hash algorithm set by
SoftOathSettings.setOcraHashAlgorithm(com.gemalto.idp.mobile.otp.oath.soft.SoftOathSettings.OathHashAlgorithm)
.IllegalStateException
- when the associated token has the
OathToken.TokenCapability.DUAL_SEED
capability and the OCRA suite is event based because only
time based algorithms are supported for this capability.IdpRuntimeException
- when there is a cryptography operation failure.IdpException
- this is generic exception, you can directly catch this
exception or catch each specific exception below.IdpStorageException
- when there is a database operation failure.DeviceFingerprintException
- when the token's fingerprint checksum does not match.PasswordManagerException
- when the TOKEN domain is not logged in (using one of the
password managers).IdpAuthException
- when the TOKEN is not migratedSecureString getOcraPasswordHash(SecureString password)
password
- the password, can be null
.null
if password is null
or hash
algorithm for Ocra password is set to
SoftOathSettings.OcraPasswordHashAlgorithm.NONE
by the device settings
int getLastOtpLifespan()
The following example illustrates the usage:
// Create OATH settings (see OathFactory) MutableSoftOathSettings oathSettings = ... // Create a OATH device (see OathFactory) OathDevice device = ... // Compute a time-based OTP with device device.getTotp(pin); // Each time getLastOtpLifespan is called, it returns the // remaining lifespan in seconds of the last time-based OTP. Lifespan is // computed with respect of device's settings (in this example it returns // the lifespan according to Gemalto device fixed settings, i.e. 30-seconds timestep). int lifespan = device.getLastOtpLifespan();