Mule 4 TOTP Connector to Generate Code Compatible to Google Authentication

Agenda

• Introduction
• TOTP Connector Details
• Usage Scenarios

Introduction

In this article, we'll enable a MuleSoft application to validate am authentication code generated by Google Authentication where a user's account is registered based on a key.

TOTP Connector Details

While accepting the input key as an input, it will be decoded with the Base32 class.

public String generate(String key) {

        if (key == null || key.isEmpty()) {

            throw new ModuleException("Empty key", TotpErrors.EMPTY_KEY);

        }

        String normalizedBase32Key = key.replace(" ", "").toUpperCase();

        Base32 base32 = new Base32();

        byte[] bytes = base32.decode(normalizedBase32Key);

        String hexKey = Hex.encodeHexString(bytes);

        long time = (System.currentTimeMillis() / 1000) / 30;

        String hexTime = Long.toHexString(time);

        return TOTP.generateTOTP(hexKey, hexTime, "6");

    }

xxxxxxxxxx

    public static String generateTOTP(String key, String time,

            String returnDigits) {

        return generateTOTP(key, time, returnDigits, "HmacSHA1");

    }

xxxxxxxxxx

public static String generateTOTP(String key, String time,

            String returnDigits, String crypto) {

        int codeDigits = Integer.decode(returnDigits).intValue();

        String result = null;

        // Using the counter

        // First 8 bytes are for the movingFactor

        // Compliant with base RFC 4226 (HOTP)

        while (time.length() < 16)

            time = "0" + time;

        // Get the HEX in a Byte[]

        byte[] msg = hexStr2Bytes(time);

        byte[] k = hexStr2Bytes(key);

        byte[] hash = hmac_sha(crypto, k, msg);

        // put selected bytes into result int

        int offset = hash[hash.length - 1] & 0xf;

        int binary = ((hash[offset] & 0x7f) << 24)

                | ((hash[offset + 1] & 0xff) << 16)

                | ((hash[offset + 2] & 0xff) << 8) | (hash[offset + 3] & 0xff);

        int otp = binary % DIGITS_POWER[codeDigits];

        result = Integer.toString(otp);

        while (result.length() < codeDigits) {

            result = "0" + result;

        }

        return result;

    }

After it's decoded with Base32, it creates a key that has the crypto type and generates a six digit time-based code.

Usage Scenarios

A connector is useful for authenticating a Google Authentication code with MuleSoft integration to authorize an application to access protected resources.

Demo 

Register an Account in Google Authentication 

Follow the below steps.

Step 1: Add an account.Step 2: Choose the 'Enter account details' option and enter an account name and key as shown in the below screenshot:

Step 3: Click on the 'Add' option to register an account in the Google Authentication app. Once we're successfully registered, we should see an auto-generated number in the app. This number will be automatically updated after a given amount of time.

Now our account is registered in the Google authentication app. The next step to install a custom TOTP connector in Anypoint Studio and include it in our flow to validate it. The code generated by MuleSoft's flow should be equal to the code generated in the Google Authentication app.

After completing the code for the TOTP Connector, build and install the connector in Anypoint Studio with the following steps.

Build and Install in a Local Maven Repository          

Execute the below command:

xxxxxxxxxx

mvn clean package -skipTest install

We can see that build is successful and installed in the local Maven repository.

Add a TOTP Connector Dependency to Your MuleSoft Application

xxxxxxxxxx

<dependency>

            <groupId>org.mule.consulting</groupId>

            <artifactId>totp</artifactId>

            <version>1.0.2</version>

            <classifier>mule-plugin</classifier>  

</dependency>

Design a MuleSoft Flow

In the below code block, we have configured our MuleSoft flow and are receiving a key value from the payload's Account element.

xxxxxxxxxx

<?xml version="1.0" encoding="UTF-8"?>

<mule xmlns:totp="http://www.mulesoft.org/schema/mule/totp" xmlns:http="http://www.mulesoft.org/schema/mule/http"

    xmlns="http://www.mulesoft.org/schema/mule/core"

    xmlns:doc="http://www.mulesoft.org/schema/mule/documentation" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd

http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd

http://www.mulesoft.org/schema/mule/totp http://www.mulesoft.org/schema/mule/totp/current/mule-totp.xsd">

    <http:listener-config name="HTTP_Listener_config" doc:name="HTTP Listener config" doc:id="0af1b6d3-bc53-4be3-9d7b-e44a7e9b21bc" >

        <http:listener-connection host="0.0.0.0" port="8081" />

    </http:listener-config>

    <sub-flow name="validate" doc:id="9658467c-fef7-459d-a269-c5342542e95f" >

        <totp:validate doc:name="Validate" doc:id="fee78e8b-68e8-4e80-8e50-b7bf8f3b72ff" key="mphasis" inbound_totp="#[payload]" />

    </sub-flow>

    <flow name="authenticationgoogleFlow" doc:id="0e144c5e-c5de-410f-a08d-8d5f77208760" >

        <http:listener doc:name="Listener" doc:id="34542653-c960-47e7-9147-df56e6b68c63" config-ref="HTTP_Listener_config" path="/totp"/>

        <totp:generate doc:name="Generate" doc:id="309fa864-f41f-4d5d-8d1e-777ff590ba59" key="#[payload.'Account']"/>

    </flow>

</mule>

Now, test and verify that the codes generated by the Google Authentication App are the same.

Code Generated by MuleSoft Flow

Code Generate by Google Authentication App for the Same Key and Specific Time Duration 

Here, we can find both codes are the same for the same time interval and key.