We were trying to implement Token Based Authentication for our existing netsuite integration and the new implementation is working as expected for netsuite accounts with two factor authentication is not enabled.
From netsuite documentation we came to know that few extra things to take care for the account with two factor authentication is enabled. As per the document we need to generate an OTP and sent it along with Authorization header. For generating OTP netsuite recommended to follow this link. We have implemented c# equivalent of the same. But when using generated OTP in Authorization header we received Invalid Login attempt Error. Netsuite login audit log says "wrongsecondfator". Below is our implementation
public string generateTOTP(string key,int returnDigits)
{
ulong T = new TOTP_SHA1(key).CounterNow();
string time = T.ToString("X");
string result = null;
// Using the counter
// First 8 bytes are for the movingFactor
// Compliant with base RFC 4226 (HOTP)
while (time.Length < 16)
time = "0" + time;
var hexString1 = ConvertStringToHex(key,Encoding.Default);
byte[] msg = hexStr2Bytes(time);
byte[] k = hexStr2Bytes(hexString1);
byte[] hash = hmac_sha(k, msg);
// put selected bytes into result int
int offset = hash[hash.Length - 1] & 0xf;
int binary =
((hash[offset] & 0x7f) << 24) |
((hash[offset + 1] & 0xff) << 16) |
((hash[offset + 2] & 0xff) << 8) |
(hash[offset + 3] & 0xff);
int otp = binary % DIGITS_POWER[returnDigits];
result = Convert.ToString(otp);
while (result.Length < returnDigits)
{
result = "0" + result;
}
return result;
}
private static int[] DIGITS_POWER { get; set; } = { 1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000 };
private byte[] K;
public TOTP_SHA1(string tfasecretkey)
{
K = Encoding.ASCII.GetBytes(tfasecretkey);
}
public UInt64 CounterNow(int T1 = 30)
{
var secondsSinceEpoch = (DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds;
return (UInt64)Math.Floor(secondsSinceEpoch / T1);
}
private static byte[] hexStr2Bytes(String hex)
{
return Enumerable.Range(0, hex.Length)
.Where(x => x % 2 == 0)
.Select(x => Convert.ToByte(hex.Substring(x, 2), 16))
.ToArray();
}
private static byte[] hmac_sha(byte[] keyBytes,byte[] text)
{
var hmac = HMACSHA512.Create();
hmac.Key = keyBytes;
return hmac.ComputeHash(text);
}
public static string ConvertStringToHex(String input, System.Text.Encoding encoding)
{
Byte[] stringBytes = encoding.GetBytes(input);
StringBuilder sbBytes = new StringBuilder(stringBytes.Length * 2);
foreach (byte b in stringBytes)
{
sbBytes.AppendFormat("{0:X2}", b);
}
return sbBytes.ToString();
}
The feedback from netsuite support team regarding this error is otp generated is not meeting the requirements.
Any help would be appreciated. Thanks in advance.
