implement totp to generate access token

Author: LabyStudio

build.gradle

@@ -4,7 +4,7 @@ plugins {
 }
 
 group 'de.labystudio'
-version '1.2.0'
+version '1.2.1'
 
 compileJava {
     sourceCompatibility = '1.8'

src/main/java/de/labystudio/spotifyapi/open/OpenSpotifyAPI.java

@@ -1,16 +1,21 @@
 package de.labystudio.spotifyapi.open;
 
 import com.google.gson.Gson;
+import com.google.gson.JsonObject;
 import com.google.gson.stream.JsonReader;
 import de.labystudio.spotifyapi.model.Track;
 import de.labystudio.spotifyapi.open.model.AccessTokenResponse;
 import de.labystudio.spotifyapi.open.model.track.OpenTrack;
+import de.labystudio.spotifyapi.open.util.TOTP;
 
 import javax.imageio.ImageIO;
 import javax.net.ssl.HttpsURLConnection;
 import java.awt.image.BufferedImage;
+import java.io.BufferedReader;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.net.HttpURLConnection;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.util.concurrent.Executor;
@@ -27,10 +32,13 @@ public class OpenSpotifyAPI {
 
     private static final Gson GSON = new Gson();
 
-    private static final String USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/71.0.3578.98";
+    private static final String USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/71.0.3578." + (int) (Math.random() * 90);
 
-    private static final String URL_API_GEN_ACCESS_TOKEN = "https://open.spotify.com/get_access_token?reason=transport&productType=web_player";
+    private static final String URL_API_GEN_ACCESS_TOKEN = "https://open.spotify.com/get_access_token?reason=%s&productType=web-player&totp=%s&totpVer=5";
     private static final String URL_API_TRACKS = "https://api.spotify.com/v1/tracks/%s";
+    private static final String URL_API_SERVER_TIME = "https://open.spotify.com/server-time";
+
+    public static final int[] TOTP_SECRET = {12, 56, 76, 33, 88, 44, 88, 33, 78, 78, 11, 66, 22, 22, 55, 69, 54};
 
     private final Executor executor = Executors.newSingleThreadExecutor();
 
@@ -53,16 +61,86 @@ private void generateAccessTokenAsync(Consumer<AccessTokenResponse> callback) {
         });
     }
 
+    public long requestServerTime() throws IOException {
+        // Get server time
+        URL url = new URL(URL_API_SERVER_TIME);
+        HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+        conn.setRequestMethod("GET");
+        conn.setRequestProperty("Host", "open.spotify.com");
+        conn.setRequestProperty("User-Agent", "Mozilla/5.0");
+        conn.setRequestProperty("accept", "*/*");
+
+        BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
+        String response = reader.readLine();
+        reader.close();
+
+        JsonObject obj = GSON.fromJson(response, JsonObject.class);
+        return obj.get("serverTime").getAsLong();
+    }
+
+    public String generateTotp(long serverTime) {
+        StringBuilder xorResults = new StringBuilder();
+        for (int i = 0; i < TOTP_SECRET.length; i++) {
+            int result = TOTP_SECRET[i] ^ (i % 33 + 9);
+            xorResults.append(result);
+        }
+        StringBuilder hexResult = new StringBuilder();
+        for (int i = 0; i < xorResults.length(); i++) {
+            hexResult.append(String.format("%02x", (int) xorResults.charAt(i)));
+        }
+        byte[] byteArray = new byte[hexResult.length() / 2];
+        for (int i = 0; i < hexResult.length(); i += 2) {
+            int byteValue = Integer.parseInt(hexResult.substring(i, i + 2), 16);
+            byteArray[i / 2] = (byte) byteValue;
+        }
+        return TOTP.generateOtp(byteArray, serverTime);
+    }
+
     /**
      * Generate an access token for the open spotify api
      */
     private AccessTokenResponse generateAccessToken() throws IOException {
+        long serverTime = this.requestServerTime();
+        String totp = this.generateTotp(serverTime);
+
+        AccessTokenResponse response = this.getToken("transport", totp);
+
+        if (!this.hasValidAccessToken(response)) {
+            response = this.getToken("init", totp);
+        }
+
+        if (!this.hasValidAccessToken(response)) {
+            throw new IOException("Could not generate access token");
+        }
+
+        return response;
+    }
+
+    private boolean hasValidAccessToken(AccessTokenResponse response) {
+        return response != null && response.accessToken != null && !response.accessToken.isEmpty();
+    }
+
+    /**
+     * Retrieve access token using totp
+     */
+    private AccessTokenResponse getToken(String mode, String totp) throws IOException {
         // Open connection
-        HttpsURLConnection connection = (HttpsURLConnection) new URL(URL_API_GEN_ACCESS_TOKEN).openConnection();
+        String url = String.format(URL_API_GEN_ACCESS_TOKEN, mode, totp);
+        HttpsURLConnection connection = (HttpsURLConnection) new URL(url).openConnection();
         connection.addRequestProperty("User-Agent", USER_AGENT);
         connection.addRequestProperty("referer", "https://open.spotify.com/");
         connection.addRequestProperty("app-platform", "WebPlayer");
 
+        int code = connection.getResponseCode();
+        if (code != HttpURLConnection.HTTP_OK) {
+            InputStream errorStream = connection.getErrorStream();
+            if (errorStream != null) {
+                JsonReader reader = new JsonReader(new InputStreamReader(errorStream));
+                JsonObject response = GSON.fromJson(reader, JsonObject.class);
+                throw new IOException("Could not retrieve access token: " + response.toString());
+            }
+        }
+
         // Read response
         JsonReader reader = new JsonReader(new InputStreamReader(connection.getInputStream()));
         return GSON.fromJson(reader, AccessTokenResponse.class);

src/main/java/de/labystudio/spotifyapi/open/util/Base32.java

@@ -0,0 +1,65 @@
+package de.labystudio.spotifyapi.open.util;
+
+import java.util.Arrays;
+
+class Base32 {
+
+    private static final String ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";
+    private static final int[] DECODE_MAP = new int[256];
+
+    static {
+        Arrays.fill(DECODE_MAP, -1);
+        for (int i = 0; i < ALPHABET.length(); i++) {
+            DECODE_MAP[ALPHABET.charAt(i)] = i;
+        }
+    }
+
+    public static String encode(byte[] data) {
+        StringBuilder encoded = new StringBuilder();
+        int index = 0, digit = 0, currByte, nextByte;
+        int dataLength = data.length;
+        for (int i = 0; i < dataLength; i++) {
+            currByte = data[i] & 0xFF;
+            index = (index + 8) % 5;
+            digit = currByte >> index;
+            encoded.append(ALPHABET.charAt(digit));
+            if (index == 0 && i + 1 < dataLength) {
+                nextByte = data[i + 1] & 0xFF;
+                digit = ((currByte & ((1 << index) - 1)) << (5 - index)) | (nextByte >> (index + 3));
+                encoded.append(ALPHABET.charAt(digit));
+            }
+        }
+        return encoded.toString();
+    }
+
+    public static byte[] decode(String encoded) {
+        // Remove any padding characters ('=')
+        encoded = encoded.replace("=", "");
+
+        int length = encoded.length();
+        int byteLength = (length * 5) / 8;
+        byte[] decoded = new byte[byteLength];
+        int buffer = 0;
+        int bitsLeft = 0;
+        int decodedIndex = 0;
+
+        for (int i = 0; i < length; i++) {
+            char c = encoded.charAt(i);
+            int value = DECODE_MAP[c];
+            if (value == -1) {
+                throw new IllegalArgumentException("Invalid Base32 character: " + c);
+            }
+
+            buffer = (buffer << 5) | value;
+            bitsLeft += 5;
+
+            if (bitsLeft >= 8) {
+                bitsLeft -= 8;
+                decoded[decodedIndex++] = (byte) (buffer >> bitsLeft);
+                buffer &= (1 << bitsLeft) - 1;
+            }
+        }
+
+        return decoded;
+    }
+}

src/main/java/de/labystudio/spotifyapi/open/util/TOTP.java

@@ -0,0 +1,51 @@
+package de.labystudio.spotifyapi.open.util;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+public class TOTP {
+
+    private static final String DEFAULT_ALGORITHM = "HmacSHA1";
+
+    private static final int DEFAULT_DIGITS = 6;
+    private static final int DEFAULT_PERIOD = 30;
+
+    public static String generateOtp(byte[] secret, long time) {
+        long counter = time / DEFAULT_PERIOD;
+
+
+        // Convert counter to byte array (Big Endian)
+        ByteBuffer buffer = ByteBuffer.allocate(8).order(ByteOrder.BIG_ENDIAN);
+        buffer.putLong(counter);
+        byte[] counterBytes = buffer.array();
+
+        try {
+            Mac mac = Mac.getInstance(DEFAULT_ALGORITHM);
+            mac.init(new SecretKeySpec(secret, DEFAULT_ALGORITHM));
+            byte[] hmac = mac.doFinal(counterBytes);
+
+            // Extract dynamic offset
+            int offset = hmac[hmac.length - 1] & 0x0F;
+
+            // Compute binary value
+            int binary = ((hmac[offset] & 0x7F) << 24) |
+                    ((hmac[offset + 1] & 0xFF) << 16) |
+                    ((hmac[offset + 2] & 0xFF) << 8) |
+                    (hmac[offset + 3] & 0xFF);
+
+            // Compute OTP
+            int otp = binary % ((int) Math.pow(10, DEFAULT_DIGITS));
+
+            // Return zero-padded OTP
+            return String.format("%0" + DEFAULT_DIGITS + "d", otp);
+        } catch (NoSuchAlgorithmException | InvalidKeyException e) {
+            throw new IllegalStateException("Failed to generate TOTP", e);
+        }
+    }
+
+
+}

src/test/java/OpenSpotifyApiTest.java

@@ -0,0 +1,11 @@
+import de.labystudio.spotifyapi.open.OpenSpotifyAPI;
+import de.labystudio.spotifyapi.open.model.track.OpenTrack;
+
+public class OpenSpotifyApiTest {
+
+    public static void main(String[] args) throws Exception {
+        OpenSpotifyAPI openSpotifyAPI = new OpenSpotifyAPI();
+        OpenTrack openTrack = openSpotifyAPI.requestOpenTrack("38T0tPVZHcPZyhtOcCP7pF");
+        System.out.println(openTrack.name);
+    }
+}

src/test/java/TOTPTest.java

@@ -0,0 +1,14 @@
+import de.labystudio.spotifyapi.open.OpenSpotifyAPI;
+
+public class TOTPTest {
+
+    public static void main(String[] args) throws Exception {
+        OpenSpotifyAPI openSpotifyAPI = new OpenSpotifyAPI();
+        String totp = openSpotifyAPI.generateTotp(0);
+        if (!totp.equals("371625")) {
+            throw new Exception("Invalid TOTP: " + totp);
+        }
+        System.out.println(totp);
+    }
+
+}