Package com.yubico.yubikit.yubiotp

Class YubiOtpSession

java.lang.Object
com.yubico.yubikit.core.application.ApplicationSession<YubiOtpSession>
com.yubico.yubikit.yubiotp.YubiOtpSession
All Implemented Interfaces:
Closeable, AutoCloseable
public class YubiOtpSession extends com.yubico.yubikit.core.application.ApplicationSession<YubiOtpSession>
Application to use and configure the OTP application of the YubiKey. This applications supports configuration of the two YubiKey "OTP slots" which are typically activated by pressing the capacitive sensor on the YubiKey for either a short or long press.

Each slot can be configured with one of the following types of credentials: - YubiOTP - a Yubico OTP (One Time Password) credential. - OATH-HOTP - a counter based (HOTP) OATH OTP credential (see https://tools.ietf.org/html/rfc4226). - Static Password - a static (non-changing) password. - Challenge-Response - a HMAC-SHA1 key which can be accessed programmatically.

Additionally for NFC enabled YubiKeys, one slot can be configured to be output over NDEF as part of a URL payload.

  • Field Details

    • DEFAULT_NDEF_URI

      public static final String DEFAULT_NDEF_URI
      See Also:

    • FEATURE_CHECK_CONFIGURED

      public static final com.yubico.yubikit.core.application.Feature<YubiOtpSession> FEATURE_CHECK_CONFIGURED
      Support for checking if a slot is configured via the ConfigState.

    • FEATURE_CHECK_TOUCH_TRIGGERED

      public static final com.yubico.yubikit.core.application.Feature<YubiOtpSession> FEATURE_CHECK_TOUCH_TRIGGERED
      Support for checking if a configured slot requires touch via the ConfigState.

    • FEATURE_CHALLENGE_RESPONSE

      public static final com.yubico.yubikit.core.application.Feature<YubiOtpSession> FEATURE_CHALLENGE_RESPONSE
      Support for HMAC-SHA1 challenge response functionality.

    • FEATURE_SWAP

      public static final com.yubico.yubikit.core.application.Feature<YubiOtpSession> FEATURE_SWAP
      Support for swapping slot configurations.

    • FEATURE_UPDATE

      public static final com.yubico.yubikit.core.application.Feature<YubiOtpSession> FEATURE_UPDATE
      Support for updating an already configured slot.

    • FEATURE_NDEF

      public static final com.yubico.yubikit.core.application.Feature<YubiOtpSession> FEATURE_NDEF
      Support for NDEF configuration.

  • Constructor Details

    • YubiOtpSession

      public YubiOtpSession(com.yubico.yubikit.core.smartcard.SmartCardConnection connection) throws IOException, com.yubico.yubikit.core.application.ApplicationNotAvailableException
      Create new instance of YubiOtpSession using an SmartCardConnection. NOTE: Not all functionality is available over all transports. Over USB, some functionality may be blocked when not using an OtpConnection.
      Parameters:
      connection - an Iso7816Connection with a YubiKey
      Throws:
      IOException - in case of connection error
      com.yubico.yubikit.core.application.ApplicationNotAvailableException - if the application is missing or disabled

    • YubiOtpSession

      public YubiOtpSession(com.yubico.yubikit.core.otp.OtpConnection connection) throws IOException
      Create new instance of YubiOtpSession using an OtpConnection.
      Parameters:
      connection - an OtpConnection with YubiKey
      Throws:
      IOException - in case of connection error

  • Method Details

    • create

      public static void create(com.yubico.yubikit.core.YubiKeyDevice device, com.yubico.yubikit.core.util.Callback<com.yubico.yubikit.core.util.Result<YubiOtpSession,Exception>> callback)
      Connects to a YubiKeyDevice and establishes a new session with a YubiKeys OTP application.

      This method will use whichever connection type is available.

      Parameters:
      device - A YubiKey device to use

    • close

      public void close() throws IOException
      Throws:
      IOException

    • getConfigurationState

      public ConfigurationState getConfigurationState()
      Get the configuration state of the application.
      Returns:
      the current configuration state of the two slots.

    • getVersion

      public com.yubico.yubikit.core.Version getVersion()
      Get the firmware version of the YubiKey
      Specified by:
      getVersion in class com.yubico.yubikit.core.application.ApplicationSession<YubiOtpSession>
      Returns:
      Yubikey firmware version

    • getSerialNumber

      public int getSerialNumber() throws IOException, com.yubico.yubikit.core.application.CommandException
      Get the serial number of the YubiKey. Note that the EXTFLAG_SERIAL_API_VISIBLE flag must be set for this command to work.
      Returns:
      the serial number
      Throws:
      IOException - in case of communication error
      com.yubico.yubikit.core.application.CommandException - in case of an error response from the YubiKey

    • swapConfigurations

      public void swapConfigurations() throws IOException, com.yubico.yubikit.core.application.CommandException
      Swaps the two slot configurations with each other.
      Throws:
      IOException - in case of communication error
      com.yubico.yubikit.core.application.CommandException - in case of an error response from the YubiKey

    • deleteConfiguration

      public void deleteConfiguration(Slot slot, @Nullable byte[] curAccCode) throws IOException, com.yubico.yubikit.core.application.CommandException
      Delete the contents of a slot.

      NOTE: Attempting to delete an empty slot will under certain circumstances fail, resulting in a CommandRejectedException being thrown. Prefer to check if a slot is configured before calling delete.

      Parameters:
      slot - the slot to delete
      curAccCode - the currently set access code, if needed
      Throws:
      IOException - in case of communication error
      com.yubico.yubikit.core.application.CommandException - in case of an error response from the YubiKey

    • putConfiguration

      public void putConfiguration(Slot slot, SlotConfiguration configuration, @Nullable byte[] accCode, @Nullable byte[] curAccCode) throws IOException, com.yubico.yubikit.core.application.CommandException
      Write a configuration to a slot, overwriting previous configuration (if present).
      Parameters:
      slot - the slot to write to
      configuration - the new configuration to write
      accCode - the access code to set (or null, to not set an access code)
      curAccCode - the current access code, if one is set for the target slot
      Throws:
      IOException - in case of communication error
      com.yubico.yubikit.core.application.CommandException - in case of an error response from the YubiKey

    • updateConfiguration

      public void updateConfiguration(Slot slot, UpdateConfiguration configuration, @Nullable byte[] accCode, @Nullable byte[] curAccCode) throws IOException, com.yubico.yubikit.core.application.CommandException
      Update the configuration of a slot, keeping the credential.

      This functionality requires support for FEATURE_UPDATE, available on YubiKey 2.3 or later.

      Parameters:
      slot - the slot to update
      configuration - the updated flags tp set
      accCode - the access code to set
      curAccCode - the current access code, if needed
      Throws:
      IOException - in case of communication error
      com.yubico.yubikit.core.application.CommandException - in case of an error response from the YubiKey

    • setNdefConfiguration

      public void setNdefConfiguration(Slot slot, @Nullable String uri, @Nullable byte[] curAccCode) throws IOException, com.yubico.yubikit.core.application.CommandException
      Configure the NFC NDEF payload, and which slot to use.

      This functionality requires support for FEATURE_NDEF, available on YubiKey 3 or later.

      Parameters:
      slot - the YubiKey slot to append to the uri payload
      uri - the URI prefix (if null, the default "https://my.yubico.com/yk/#" will be used)
      curAccCode - the current access code, if needed
      Throws:
      IOException - in case of communication error
      com.yubico.yubikit.core.application.CommandException - in case of an error response from the YubiKey

    • calculateHmacSha1

      public byte[] calculateHmacSha1(Slot slot, byte[] challenge, @Nullable com.yubico.yubikit.core.application.CommandState state) throws IOException, com.yubico.yubikit.core.application.CommandException
      Calculates HMAC-SHA1 on given challenge (using secret that configured/programmed on YubiKey)

      This functionality requires support for FEATURE_CHALLENGE_RESPONSE, available on YubiKey 2.2 or later.

      Parameters:
      slot - the slot on YubiKey that configured with challenge response secret
      challenge - generated challenge that will be sent
      state - if false, the command will be aborted in case the credential requires user touch
      Returns:
      response on challenge returned from YubiKey
      Throws:
      IOException - in case of communication error, or no key configured in slot
      com.yubico.yubikit.core.application.CommandException - in case of an error response from the YubiKey