mirror of
https://gitee.com/chinabugotech/hutool.git
synced 2025-05-09 23:51:34 +08:00
fix HOTP
This commit is contained in:
Looly
parent
c78ef0d082
commit
ed63e3f03f
@ -11,6 +11,7 @@
|
||||
* 【core 】 HexUtil增加hexToLong、hexToInt(issue#I3YQEV@Gitee)
|
||||
* 【core 】 CsvWriter增加writer.write(csvData)的方法重载(pr#353@Gitee)
|
||||
* 【core 】 新增AbsCollValueMap(issue#I3YXF0@Gitee)
|
||||
* 【crypto 】 HOPT缓存改为8位,新增方法(pr#356@Gitee)
|
||||
|
||||
### 🐞Bug修复
|
||||
* 【core 】 修复RadixUtil.decode非static问题(issue#I3YPEH@Gitee)
|
||||
|
||||
@ -5,8 +5,6 @@ import cn.hutool.core.util.RandomUtil;
|
||||
import cn.hutool.crypto.digest.HMac;
|
||||
import cn.hutool.crypto.digest.HmacAlgorithm;
|
||||
|
||||
import java.util.Arrays;
|
||||
|
||||
/**
|
||||
* <p>HMAC-based one-time passwords (HOTP) 一次性密码生成器,
|
||||
* 规范见:<a href="https://tools.ietf.org/html/rfc4226">RFC 4226</a>.</p>
|
||||
@ -64,11 +62,13 @@ public class HOTP {
|
||||
* @param key 共享密码,RFC 4226要求最少128位
|
||||
*/
|
||||
public HOTP(int passwordLength, HmacAlgorithm algorithm, byte[] key) {
|
||||
if(passwordLength >= MOD_DIVISORS.length){
|
||||
throw new IllegalArgumentException("Password length must be < " + MOD_DIVISORS.length);
|
||||
}
|
||||
this.mac = new HMac(algorithm, key);
|
||||
|
||||
this.modDivisor = MOD_DIVISORS[passwordLength];
|
||||
this.passwordLength = passwordLength;
|
||||
this.buffer = new byte[this.mac.getMacLength()];
|
||||
this.buffer = new byte[8];
|
||||
}
|
||||
|
||||
/**
|
||||
@ -78,7 +78,7 @@ public class HOTP {
|
||||
* 可以是基于计次的动移动因子,也可以是计时移动因子
|
||||
* @return 一次性密码的int值
|
||||
*/
|
||||
public synchronized int generate(final long counter) {
|
||||
public synchronized int generate(long counter) {
|
||||
// C 的整数值需要用二进制的字符串表达,比如某个事件计数为 3,
|
||||
// 则C是 "11"(此处省略了前面的二进制的数字0)
|
||||
this.buffer[0] = (byte) ((counter & 0xff00000000000000L) >>> 56);
|
||||
@ -90,36 +90,22 @@ public class HOTP {
|
||||
this.buffer[6] = (byte) ((counter & 0x000000000000ff00L) >>> 8);
|
||||
this.buffer[7] = (byte) (counter & 0x00000000000000ffL);
|
||||
|
||||
final byte[] digest = this.mac.digest(Arrays.copyOfRange(this.buffer,0,8));
|
||||
final byte[] digest = this.mac.digest(this.buffer);
|
||||
|
||||
return truncate(digest);
|
||||
}
|
||||
|
||||
/**
|
||||
* 生成共享密钥
|
||||
* 生成共享密钥的Base32表示形式
|
||||
*
|
||||
* @param numBytes 将生成的种子字节数量。
|
||||
* @return 共享密钥
|
||||
* @since 5.7.4
|
||||
*/
|
||||
public static String generateSecretKey(final int numBytes) {
|
||||
public static String generateSecretKey(int numBytes) {
|
||||
return Base32.encode(RandomUtil.getSHA1PRNGRandom(RandomUtil.randomBytes(256)).generateSeed(numBytes));
|
||||
}
|
||||
|
||||
/**
|
||||
* 截断
|
||||
*
|
||||
* @param digest HMAC的hash值
|
||||
* @return 截断值
|
||||
*/
|
||||
private int truncate(byte[] digest) {
|
||||
final int offset = digest[digest.length - 1] & 0x0f;
|
||||
return ((digest[offset] & 0x7f) << 24 |
|
||||
(digest[offset + 1] & 0xff) << 16 |
|
||||
(digest[offset + 2] & 0xff) << 8 |
|
||||
(digest[offset + 3] & 0xff)) %
|
||||
this.modDivisor;
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取密码长度,可以是6,7,8
|
||||
*
|
||||
@ -137,4 +123,19 @@ public class HOTP {
|
||||
public String getAlgorithm() {
|
||||
return this.mac.getAlgorithm();
|
||||
}
|
||||
|
||||
/**
|
||||
* 截断
|
||||
*
|
||||
* @param digest HMAC的hash值
|
||||
* @return 截断值
|
||||
*/
|
||||
private int truncate(byte[] digest) {
|
||||
final int offset = digest[digest.length - 1] & 0x0f;
|
||||
return ((digest[offset] & 0x7f) << 24 |
|
||||
(digest[offset + 1] & 0xff) << 16 |
|
||||
(digest[offset + 2] & 0xff) << 8 |
|
||||
(digest[offset + 3] & 0xff)) %
|
||||
this.modDivisor;
|
||||
}
|
||||
}
|
||||
|
||||
@ -78,17 +78,19 @@ public class TOTP extends HOTP {
|
||||
|
||||
/**
|
||||
* 用于验证code是否正确
|
||||
*
|
||||
* @param timestamp 验证时间戳
|
||||
* @param offsetSize 误差范围
|
||||
* @param code code
|
||||
* @return 是否通过
|
||||
* @return 是否通过
|
||||
* @since 5.7.4
|
||||
*/
|
||||
public boolean validate(Instant timestamp, final int offsetSize, final int code) {
|
||||
if(offsetSize == 0){
|
||||
public boolean validate(Instant timestamp, int offsetSize, int code) {
|
||||
if (offsetSize == 0) {
|
||||
return generate(timestamp) == code;
|
||||
}
|
||||
for (int i = -offsetSize; i <= offsetSize; i++) {
|
||||
if(generate(timestamp.plus(getTimeStep().multipliedBy(i))) == code){
|
||||
if (generate(timestamp.plus(getTimeStep().multipliedBy(i))) == code) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@ -99,12 +101,13 @@ public class TOTP extends HOTP {
|
||||
* 生成谷歌认证器的字符串(扫码字符串)
|
||||
* 基于时间的,计数器不适合
|
||||
*
|
||||
* @param account 账户名。
|
||||
* @param account 账户名。
|
||||
* @param numBytes 将生成的种子字节数量。
|
||||
* @return 共享密钥
|
||||
* @since 5.7.4
|
||||
*/
|
||||
public static String generateGoogleSecretKey(final String account,final int numBytes) {
|
||||
return StrUtil.format("otpauth://totp/{}?secret={}",account,generateSecretKey(numBytes));
|
||||
public static String generateGoogleSecretKey(String account, int numBytes) {
|
||||
return StrUtil.format("otpauth://totp/{}?secret={}", account, generateSecretKey(numBytes));
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -1,43 +1,135 @@
|
||||
package cn.hutool.crypto.test.digest;
|
||||
|
||||
import cn.hutool.core.codec.Base32;
|
||||
import cn.hutool.crypto.digest.HmacAlgorithm;
|
||||
import cn.hutool.crypto.digest.otp.HOTP;
|
||||
import cn.hutool.crypto.digest.otp.TOTP;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.time.Duration;
|
||||
import java.time.Instant;
|
||||
|
||||
/**
|
||||
* @author: xlgogo@outlook.com
|
||||
* @date: 2021-07-01 18:14
|
||||
* @description:
|
||||
* author: xlgogo@outlook.com
|
||||
* date: 2021-07-01 18:14
|
||||
*/
|
||||
public class OTPTest {
|
||||
|
||||
@Test
|
||||
public void genKey(){
|
||||
public void genKeyTest() {
|
||||
String key = TOTP.generateSecretKey(8);
|
||||
System.out.println(key);
|
||||
Assert.assertEquals(8, Base32.decode(key).length);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void valid(){
|
||||
public void validTest() {
|
||||
String key = "VYCFSW2QZ3WZO";
|
||||
// 2021/7/1下午6:29:54 显示code为 106659
|
||||
//Assert.assertEquals(new TOTP(Base32.decode(key)).generate(Instant.ofEpochSecond(1625135394L)),106659);
|
||||
TOTP totp = new TOTP(Base32.decode(key));
|
||||
Instant instant = Instant.ofEpochSecond(1625135394L);
|
||||
Assert.assertTrue(totp.validate(instant,0,106659));
|
||||
Assert.assertTrue(totp.validate(instant.plusSeconds(30),1,106659));
|
||||
Assert.assertTrue(totp.validate(instant.plusSeconds(60),2,106659));
|
||||
Assert.assertTrue(totp.validate(instant, 0, 106659));
|
||||
Assert.assertTrue(totp.validate(instant.plusSeconds(30), 1, 106659));
|
||||
Assert.assertTrue(totp.validate(instant.plusSeconds(60), 2, 106659));
|
||||
|
||||
Assert.assertFalse(totp.validate(instant.plusSeconds(60),1,106659));
|
||||
Assert.assertFalse(totp.validate(instant.plusSeconds(90),2,106659));
|
||||
Assert.assertFalse(totp.validate(instant.plusSeconds(60), 1, 106659));
|
||||
Assert.assertFalse(totp.validate(instant.plusSeconds(90), 2, 106659));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void googleAuthTest(){
|
||||
public void googleAuthTest() {
|
||||
String str = TOTP.generateGoogleSecretKey("xl7@qq.com", 10);
|
||||
System.out.println(str);
|
||||
Assert.assertTrue(str.startsWith("otpauth://totp/xl7@qq.com?secret="));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void longPasswordLengthTest() {
|
||||
Assert.assertThrows(IllegalArgumentException.class, () -> new HOTP(9, "123".getBytes()));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void generateHOPTTest(){
|
||||
byte[] key = "12345678901234567890".getBytes();
|
||||
final HOTP hotp = new HOTP(key);
|
||||
Assert.assertEquals(755224, hotp.generate(0));
|
||||
Assert.assertEquals(287082, hotp.generate(1));
|
||||
Assert.assertEquals(359152, hotp.generate(2));
|
||||
Assert.assertEquals(969429, hotp.generate(3));
|
||||
Assert.assertEquals(338314, hotp.generate(4));
|
||||
Assert.assertEquals(254676, hotp.generate(5));
|
||||
Assert.assertEquals(287922, hotp.generate(6));
|
||||
Assert.assertEquals(162583, hotp.generate(7));
|
||||
Assert.assertEquals(399871, hotp.generate(8));
|
||||
Assert.assertEquals(520489, hotp.generate(9));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getTimeStepTest() {
|
||||
final Duration timeStep = Duration.ofSeconds(97);
|
||||
|
||||
final TOTP totp = new TOTP(timeStep, "123".getBytes());
|
||||
|
||||
Assert.assertEquals(timeStep, totp.getTimeStep());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void generateHmacSHA1TOPTTest(){
|
||||
HmacAlgorithm algorithm = HmacAlgorithm.HmacSHA1;
|
||||
byte[] key = "12345678901234567890".getBytes();
|
||||
TOTP totp = new TOTP(Duration.ofSeconds(30), 8, algorithm, key);
|
||||
|
||||
int generate = totp.generate(Instant.ofEpochSecond(59L));
|
||||
Assert.assertEquals(94287082, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(1111111109L));
|
||||
Assert.assertEquals(7081804, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(1111111111L));
|
||||
Assert.assertEquals(14050471, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(1234567890L));
|
||||
Assert.assertEquals(89005924, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(2000000000L));
|
||||
Assert.assertEquals(69279037, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(20000000000L));
|
||||
Assert.assertEquals(65353130, generate);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void generateHmacSHA256TOPTTest(){
|
||||
HmacAlgorithm algorithm = HmacAlgorithm.HmacSHA256;
|
||||
byte[] key = "12345678901234567890123456789012".getBytes();
|
||||
TOTP totp = new TOTP(Duration.ofSeconds(30), 8, algorithm, key);
|
||||
|
||||
int generate = totp.generate(Instant.ofEpochSecond(59L));
|
||||
Assert.assertEquals(46119246, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(1111111109L));
|
||||
Assert.assertEquals(68084774, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(1111111111L));
|
||||
Assert.assertEquals(67062674, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(1234567890L));
|
||||
Assert.assertEquals(91819424, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(2000000000L));
|
||||
Assert.assertEquals(90698825, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(20000000000L));
|
||||
Assert.assertEquals(77737706, generate);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void generateHmacSHA512TOPTTest(){
|
||||
HmacAlgorithm algorithm = HmacAlgorithm.HmacSHA512;
|
||||
byte[] key = "1234567890123456789012345678901234567890123456789012345678901234".getBytes();
|
||||
TOTP totp = new TOTP(Duration.ofSeconds(30), 8, algorithm, key);
|
||||
|
||||
int generate = totp.generate(Instant.ofEpochSecond(59L));
|
||||
Assert.assertEquals(90693936, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(1111111109L));
|
||||
Assert.assertEquals(25091201, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(1111111111L));
|
||||
Assert.assertEquals(99943326, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(1234567890L));
|
||||
Assert.assertEquals(93441116, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(2000000000L));
|
||||
Assert.assertEquals(38618901, generate);
|
||||
generate = totp.generate(Instant.ofEpochSecond(20000000000L));
|
||||
Assert.assertEquals(47863826, generate);
|
||||
}
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user