mirror of
https://gitee.com/chinabugotech/hutool.git
synced 2025-07-21 15:09:48 +08:00
fix HOTP
This commit is contained in:
Looly
@@ -5,8 +5,6 @@ import cn.hutool.core.util.RandomUtil;
|
||||
import cn.hutool.crypto.digest.HMac;
|
||||
import cn.hutool.crypto.digest.HmacAlgorithm;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* <p>HMAC-based one-time passwords (HOTP) 一次性密码生成器,
|
||||
* 规范见:<a href="https://tools.ietf.org/html/rfc4226">RFC 4226</a>.</p>
|
||||
@@ -64,11 +62,13 @@ public class HOTP {
|
||||
* @param key 共享密码,RFC 4226要求最少128位
|
||||
*/
|
||||
public HOTP(int passwordLength, HmacAlgorithm algorithm, byte[] key) {
|
||||
if(passwordLength >= MOD_DIVISORS.length){
|
||||
throw new IllegalArgumentException("Password length must be < " + MOD_DIVISORS.length);
|
||||
}
|
||||
this.mac = new HMac(algorithm, key);
|
||||
|
||||
this.modDivisor = MOD_DIVISORS[passwordLength];
|
||||
this.passwordLength = passwordLength;
|
||||
this.buffer = new byte[this.mac.getMacLength()];
|
||||
this.buffer = new byte[8];
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -78,7 +78,7 @@ public class HOTP {
|
||||
* 可以是基于计次的动移动因子,也可以是计时移动因子
|
||||
* @return 一次性密码的int值
|
||||
*/
|
||||
public synchronized int generate(final long counter) {
|
||||
public synchronized int generate(long counter) {
|
||||
// C 的整数值需要用二进制的字符串表达,比如某个事件计数为 3,
|
||||
// 则C是 "11"(此处省略了前面的二进制的数字0)
|
||||
this.buffer[0] = (byte) ((counter & 0xff00000000000000L) >>> 56);
|
||||
@@ -90,36 +90,22 @@ public class HOTP {
|
||||
this.buffer[6] = (byte) ((counter & 0x000000000000ff00L) >>> 8);
|
||||
this.buffer[7] = (byte) (counter & 0x00000000000000ffL);
|
||||
|
||||
final byte[] digest = this.mac.digest(Arrays.copyOfRange(this.buffer,0,8));
|
||||
final byte[] digest = this.mac.digest(this.buffer);
|
||||
|
||||
return truncate(digest);
|
||||
}
|
||||
|
||||
/**
|
||||
* 生成共享密钥
|
||||
* 生成共享密钥的Base32表示形式
|
||||
*
|
||||
* @param numBytes 将生成的种子字节数量。
|
||||
* @return 共享密钥
|
||||
* @since 5.7.4
|
||||
*/
|
||||
public static String generateSecretKey(final int numBytes) {
|
||||
public static String generateSecretKey(int numBytes) {
|
||||
return Base32.encode(RandomUtil.getSHA1PRNGRandom(RandomUtil.randomBytes(256)).generateSeed(numBytes));
|
||||
}
|
||||
|
||||
/**
|
||||
* 截断
|
||||
*
|
||||
* @param digest HMAC的hash值
|
||||
* @return 截断值
|
||||
*/
|
||||
private int truncate(byte[] digest) {
|
||||
final int offset = digest[digest.length - 1] & 0x0f;
|
||||
return ((digest[offset] & 0x7f) << 24 |
|
||||
(digest[offset + 1] & 0xff) << 16 |
|
||||
(digest[offset + 2] & 0xff) << 8 |
|
||||
(digest[offset + 3] & 0xff)) %
|
||||
this.modDivisor;
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取密码长度,可以是6,7,8
|
||||
*
|
||||
@@ -137,4 +123,19 @@ public class HOTP {
|
||||
public String getAlgorithm() {
|
||||
return this.mac.getAlgorithm();
|
||||
}
|
||||
|
||||
/**
|
||||
* 截断
|
||||
*
|
||||
* @param digest HMAC的hash值
|
||||
* @return 截断值
|
||||
*/
|
||||
private int truncate(byte[] digest) {
|
||||
final int offset = digest[digest.length - 1] & 0x0f;
|
||||
return ((digest[offset] & 0x7f) << 24 |
|
||||
(digest[offset + 1] & 0xff) << 16 |
|
||||
(digest[offset + 2] & 0xff) << 8 |
|
||||
(digest[offset + 3] & 0xff)) %
|
||||
this.modDivisor;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -78,17 +78,19 @@ public class TOTP extends HOTP {
|
||||
|
||||
/**
|
||||
* 用于验证code是否正确
|
||||
*
|
||||
* @param timestamp 验证时间戳
|
||||
* @param offsetSize 误差范围
|
||||
* @param code code
|
||||
* @return 是否通过
|
||||
* @return 是否通过
|
||||
* @since 5.7.4
|
||||
*/
|
||||
public boolean validate(Instant timestamp, final int offsetSize, final int code) {
|
||||
if(offsetSize == 0){
|
||||
public boolean validate(Instant timestamp, int offsetSize, int code) {
|
||||
if (offsetSize == 0) {
|
||||
return generate(timestamp) == code;
|
||||
}
|
||||
for (int i = -offsetSize; i <= offsetSize; i++) {
|
||||
if(generate(timestamp.plus(getTimeStep().multipliedBy(i))) == code){
|
||||
if (generate(timestamp.plus(getTimeStep().multipliedBy(i))) == code) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -99,12 +101,13 @@ public class TOTP extends HOTP {
|
||||
* 生成谷歌认证器的字符串(扫码字符串)
|
||||
* 基于时间的,计数器不适合
|
||||
*
|
||||
* @param account 账户名。
|
||||
* @param account 账户名。
|
||||
* @param numBytes 将生成的种子字节数量。
|
||||
* @return 共享密钥
|
||||
* @since 5.7.4
|
||||
*/
|
||||
public static String generateGoogleSecretKey(final String account,final int numBytes) {
|
||||
return StrUtil.format("otpauth://totp/{}?secret={}",account,generateSecretKey(numBytes));
|
||||
public static String generateGoogleSecretKey(String account, int numBytes) {
|
||||
return StrUtil.format("otpauth://totp/{}?secret={}", account, generateSecretKey(numBytes));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user