In this post, I will show with example how to verify HOTP.
In my previous posts, under OTP I showed with example how to generate HOTP.
To verify an HOTP we can use non-static overloaded “verify” methods in “HOTP” class.
Below is the complete code for your reference.
Main Class
1 package defaultPackage;
2
3 import com.bastiaanjansen.otp.HOTP;
4 import com.bastiaanjansen.otp.SecretGenerator;
5
6 public class Example3 {
7 public static void main(String[] args) throws InterruptedException {
8 byte[] secret = SecretGenerator.generate();
9 HOTP.Builder builder = new HOTP.Builder(secret);
10 HOTP hotp = builder.build();
11 String otp = hotp.generate(1L);
12 System.out.println(otp);
13 System.out.println(hotp.verify(otp, 1L));
14 Thread.sleep(1000);
15 System.out.println(hotp.verify(otp, 11L, 5));
16 Thread.sleep(6000);
17 System.out.println(hotp.verify(otp, 11L, 5));
18 }
19 }In the above code at line 11, we generate the hotp.
At line 13, we verify the hotp by calling “verify” method, passing the otp and the counter as an arguments.
At line 15, we verify the hotp after 1 sec by calling another version of “verify” method and this time we are passing the otp, counter, and delay window.
Delay window is the duration within which the otp generated will be valid. So at line 15 and 17, we have duration 5 seconds since its generation.
As a result of which the output of println at line 15 will be true whereas the output of println at line 17 will be false.
In a client server scenario, the secret has to be shared between client and server and both has to keep track of counter.
In this way we can verify the generated hotp.
Code Recipes Blog 