How to create OTP in android using java

How to create OTP in android using java 

With the increase of the hackers especially in android Two-Factor Auth has became primary for most of the tech gaints in order to protect their users from the hackers hence today in this article we are going to show you how to generate OTP using java code in android.


Two-factor authentication uses a one-time password (OTP), which combines something the user knows (a username and password) and something the user has (typically, a token or key fob that produces a six-digit number, valid only for a short period of time and available on demand).


If your business is already using two-factor authentication, then you are also familiar with the various issues around token usability and logistics. Replacing lost or broken tokens and users mistyping their one-time passwords are just two of the headaches currently affecting help desks and IT departments.


The purpose of this article is to provide a high level overview of the one-time password (OTP) functionalities and show how to use the OTP APIs in Android.

otp 


Code and Explanations

OTP has three major functionalities: OTP provisioning, OTP generation, and OTP verification. There are also APIs for querying OTP capability and the OTP version on the system.
OTP Provisioning


InvokeIPTProv extends the AsyncTask to execute the provisioning in the background. It first creates the security service (Provision Service) and then starts the provisioning process


@Override
protected Void doInBackground(Void... params) {
ChaabiProvision prov = new ChaabiProvision(); 
 try {
prov.execute().get(PROV_MAX_TIMEOUT, TimeUnit.MILLISECONDS);
} catch (InterruptedException e) {
error = "Provisioning failed: " + e.getClass().getName() + ": "
+ e.getLocalizedMessage();
e.printStackTrace();
}  
catch (ExecutionException e) 
{
error = "Provisioning failed: " + e.getClass().getName() + ": "
+ e.getLocalizedMessage();
e.printStackTrace();
 } 
catch (TimeoutException e) {
error = "Provisioning failed: " + e.getClass().getName() + ": "
+ e.getLocalizedMessage();
e.printStackTrace();
}
return null;
} 


OTP Generation

Before we start generating the OTP, we need to check if the device has already successfully completed the provisioning process.


// Read token if exists
if (!readData()) {
tvOTPGenerate
.setText("OTP generation failed: No token exists. Please do provisioning.");
return;
}

Then we can invoke the Async call to generate the OTP.


boolean invokeResyncGenerateOTP(IPTWrapper obj) {
try {
// Send request to the server for resync message and process
// the received resync message
InvokeIPTResync ipt_obj = new InvokeIPTResync();
boolean status = ipt_obj.execute().get();
if (status) {

// Processes the server resync message
obj.ProcessResyncMessage(encrToken_b64, serverResyncMessage);

// Invoke OTP generation again
// Check if token is of type OCRA
if (tokenInfo
.equalsIgnoreCase(OTPDemoActivity.OCRA_TOKEN_INFO)) {
invokeGenerateOTP(obj, true);
} else {
invokeGenerateOTP(obj, false);
}
displayOTP();
progressDialog.dismiss();
} else {
String error = "Receive server resync message failed.";
tvOTPGenerate.setText(error);
progressDialog.dismiss();
OTPDemoActivity.OTP = null;
return false;
}
} catch (IhaException e) {
String error = "OTP generation failed. Message: "
+ e.getLocalizedMessage() + " Error code: " + e.GetError();
tvOTPGenerate.setText(error);
progressDialog.dismiss();
OTPDemoActivity.OTP = null;
return false;
} catch (Exception e) {
String error = "OTP generation failed: " + e.getClass().getName()
+ ": " + e.getLocalizedMessage();
tvOTPGenerate.setText(error);
progressDialog.dismiss();
OTPDemoActivity.OTP = null;
return false;
}
return true;
}


OTP Verification

Once the OTP is generated, we can then check if it is valid.


ChaabiOTPVerify otp_ver = new ChaabiOTPVerify();
try 
{
otp_ver.execute()
.get(OTP_VERIFY_TIMEOUT, TimeUnit.MILLISECONDS);
} 
 catch (InterruptedException e) {
error = "OTP verification failed: " + e.getClass().getName()
+ ": " + e.getLocalizedMessage();
e.printStackTrace();
} 
catch (ExecutionException e)
  {
error = "OTP verification failed: " + e.getClass().getName()
+ ": " + e.getLocalizedMessage();
e.printStackTrace();
}
 catch (TimeoutException e) {
error = "OTP verification failed: " + e.getClass().getName()
+ ": " + e.getLocalizedMessage(); 
 e.printStackTrace();
}
return null;	} catch (JSONException e) {
error = e.getClass().getName() + ": " + e.getLocalizedMessage();
status = false;
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
error = e.getClass().getName() + ": " + e.getLocalizedMessage();
status = false;
e.printStackTrace();
} catch (ClientProtocolException e) {
error = e.getClass().getName() + ": " + e.getLocalizedMessage();
status = false;
e.printStackTrace();
} catch (IOException e) {
error = e.getClass().getName() + ": " + e.getLocalizedMessage();
status = false;
e.printStackTrace();
}
Log.v(LOG_TAG, "Return results: " + status);
return status;
}


Query OTP Capability

Built-in, hardware-based OTP is not available on all mobile devices, so it would be helpful to first query the system if the OTP capability is available.

private boolean isOTPCapable() 
{ 
 try 
{
IPTWrapper caps = new IPTWrapper();
String cap = caps.GetCapabilities();
displayMessage("Capabilities: " + cap);
return true; 
}  
catch (IhaException e) 
{
String error = "GetCapabilities() failed. Message: "
+ e.getLocalizedMessage() + " Error code: "
+ e.GetError(); 
 notifyUser("Failed: " + error);
return false;
}  
catch (Exception e)
 {
String error = "GetCapabilities() failed: "
+ e.getClass().getName() + ": "
+ e.getLocalizedMessage(); 
 notifyUser("Failed: " + error);
return false;
}
}


Conclusion

By generating the OTP it will help you secure your user data
Take your time to share feedback on this article.





Source:CodingSec

2 comments:

  1. Whether it is android using or login / sign up checks , OTP verification has become an integral part of user verification. It is more widespread and safe because it is difficult to hack. Secure Password Generator

    ReplyDelete

Powered by Blogger.