diff --git a/CHANGELOG.md b/CHANGELOG.md index 0d28553d8..76438a434 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ * 【core 】 HexUtil增加hexToLong、hexToInt(issue#I3YQEV@Gitee) * 【core 】 CsvWriter增加writer.write(csvData)的方法重载(pr#353@Gitee) * 【core 】 新增AbsCollValueMap(issue#I3YXF0@Gitee) +* 【crypto 】 HOPT缓存改为8位,新增方法(pr#356@Gitee) ### 🐞Bug修复 * 【core 】 修复RadixUtil.decode非static问题(issue#I3YPEH@Gitee) diff --git a/hutool-crypto/src/main/java/cn/hutool/crypto/digest/otp/HOTP.java b/hutool-crypto/src/main/java/cn/hutool/crypto/digest/otp/HOTP.java index 24e328104..0f63d8371 100644 --- a/hutool-crypto/src/main/java/cn/hutool/crypto/digest/otp/HOTP.java +++ b/hutool-crypto/src/main/java/cn/hutool/crypto/digest/otp/HOTP.java @@ -5,8 +5,6 @@ import cn.hutool.core.util.RandomUtil; import cn.hutool.crypto.digest.HMac; import cn.hutool.crypto.digest.HmacAlgorithm; -import java.util.Arrays; - /** *

HMAC-based one-time passwords (HOTP) 一次性密码生成器, * 规范见:RFC 4226.

@@ -64,11 +62,13 @@ public class HOTP { * @param key 共享密码,RFC 4226要求最少128位 */ public HOTP(int passwordLength, HmacAlgorithm algorithm, byte[] key) { + if(passwordLength >= MOD_DIVISORS.length){ + throw new IllegalArgumentException("Password length must be < " + MOD_DIVISORS.length); + } this.mac = new HMac(algorithm, key); - this.modDivisor = MOD_DIVISORS[passwordLength]; this.passwordLength = passwordLength; - this.buffer = new byte[this.mac.getMacLength()]; + this.buffer = new byte[8]; } /** @@ -78,7 +78,7 @@ public class HOTP { * 可以是基于计次的动移动因子,也可以是计时移动因子 * @return 一次性密码的int值 */ - public synchronized int generate(final long counter) { + public synchronized int generate(long counter) { // C 的整数值需要用二进制的字符串表达,比如某个事件计数为 3, // 则C是 "11"(此处省略了前面的二进制的数字0) this.buffer[0] = (byte) ((counter & 0xff00000000000000L) >>> 56); @@ -90,36 +90,22 @@ public class HOTP { this.buffer[6] = (byte) ((counter & 0x000000000000ff00L) >>> 8); this.buffer[7] = (byte) (counter & 0x00000000000000ffL); - final byte[] digest = this.mac.digest(Arrays.copyOfRange(this.buffer,0,8)); + final byte[] digest = this.mac.digest(this.buffer); return truncate(digest); } /** - * 生成共享密钥 + * 生成共享密钥的Base32表示形式 * * @param numBytes 将生成的种子字节数量。 * @return 共享密钥 + * @since 5.7.4 */ - public static String generateSecretKey(final int numBytes) { + public static String generateSecretKey(int numBytes) { return Base32.encode(RandomUtil.getSHA1PRNGRandom(RandomUtil.randomBytes(256)).generateSeed(numBytes)); } - /** - * 截断 - * - * @param digest HMAC的hash值 - * @return 截断值 - */ - private int truncate(byte[] digest) { - final int offset = digest[digest.length - 1] & 0x0f; - return ((digest[offset] & 0x7f) << 24 | - (digest[offset + 1] & 0xff) << 16 | - (digest[offset + 2] & 0xff) << 8 | - (digest[offset + 3] & 0xff)) % - this.modDivisor; - } - /** * 获取密码长度,可以是6,7,8 * @@ -137,4 +123,19 @@ public class HOTP { public String getAlgorithm() { return this.mac.getAlgorithm(); } + + /** + * 截断 + * + * @param digest HMAC的hash值 + * @return 截断值 + */ + private int truncate(byte[] digest) { + final int offset = digest[digest.length - 1] & 0x0f; + return ((digest[offset] & 0x7f) << 24 | + (digest[offset + 1] & 0xff) << 16 | + (digest[offset + 2] & 0xff) << 8 | + (digest[offset + 3] & 0xff)) % + this.modDivisor; + } } diff --git a/hutool-crypto/src/main/java/cn/hutool/crypto/digest/otp/TOTP.java b/hutool-crypto/src/main/java/cn/hutool/crypto/digest/otp/TOTP.java index bd3106a35..50ed4e8d0 100644 --- a/hutool-crypto/src/main/java/cn/hutool/crypto/digest/otp/TOTP.java +++ b/hutool-crypto/src/main/java/cn/hutool/crypto/digest/otp/TOTP.java @@ -78,17 +78,19 @@ public class TOTP extends HOTP { /** * 用于验证code是否正确 + * * @param timestamp 验证时间戳 * @param offsetSize 误差范围 * @param code code - * @return 是否通过 + * @return 是否通过 + * @since 5.7.4 */ - public boolean validate(Instant timestamp, final int offsetSize, final int code) { - if(offsetSize == 0){ + public boolean validate(Instant timestamp, int offsetSize, int code) { + if (offsetSize == 0) { return generate(timestamp) == code; } for (int i = -offsetSize; i <= offsetSize; i++) { - if(generate(timestamp.plus(getTimeStep().multipliedBy(i))) == code){ + if (generate(timestamp.plus(getTimeStep().multipliedBy(i))) == code) { return true; } } @@ -99,12 +101,13 @@ public class TOTP extends HOTP { * 生成谷歌认证器的字符串(扫码字符串) * 基于时间的,计数器不适合 * - * @param account 账户名。 + * @param account 账户名。 * @param numBytes 将生成的种子字节数量。 * @return 共享密钥 + * @since 5.7.4 */ - public static String generateGoogleSecretKey(final String account,final int numBytes) { - return StrUtil.format("otpauth://totp/{}?secret={}",account,generateSecretKey(numBytes)); + public static String generateGoogleSecretKey(String account, int numBytes) { + return StrUtil.format("otpauth://totp/{}?secret={}", account, generateSecretKey(numBytes)); } /** diff --git a/hutool-crypto/src/test/java/cn/hutool/crypto/test/digest/OTPTest.java b/hutool-crypto/src/test/java/cn/hutool/crypto/test/digest/OTPTest.java index 2ed9537f4..b073d9c4b 100644 --- a/hutool-crypto/src/test/java/cn/hutool/crypto/test/digest/OTPTest.java +++ b/hutool-crypto/src/test/java/cn/hutool/crypto/test/digest/OTPTest.java @@ -1,43 +1,135 @@ package cn.hutool.crypto.test.digest; import cn.hutool.core.codec.Base32; +import cn.hutool.crypto.digest.HmacAlgorithm; +import cn.hutool.crypto.digest.otp.HOTP; import cn.hutool.crypto.digest.otp.TOTP; import org.junit.Assert; import org.junit.Test; +import java.time.Duration; import java.time.Instant; /** - * @author: xlgogo@outlook.com - * @date: 2021-07-01 18:14 - * @description: + * author: xlgogo@outlook.com + * date: 2021-07-01 18:14 */ public class OTPTest { + @Test - public void genKey(){ + public void genKeyTest() { String key = TOTP.generateSecretKey(8); - System.out.println(key); + Assert.assertEquals(8, Base32.decode(key).length); } @Test - public void valid(){ + public void validTest() { String key = "VYCFSW2QZ3WZO"; // 2021/7/1下午6:29:54 显示code为 106659 //Assert.assertEquals(new TOTP(Base32.decode(key)).generate(Instant.ofEpochSecond(1625135394L)),106659); TOTP totp = new TOTP(Base32.decode(key)); Instant instant = Instant.ofEpochSecond(1625135394L); - Assert.assertTrue(totp.validate(instant,0,106659)); - Assert.assertTrue(totp.validate(instant.plusSeconds(30),1,106659)); - Assert.assertTrue(totp.validate(instant.plusSeconds(60),2,106659)); + Assert.assertTrue(totp.validate(instant, 0, 106659)); + Assert.assertTrue(totp.validate(instant.plusSeconds(30), 1, 106659)); + Assert.assertTrue(totp.validate(instant.plusSeconds(60), 2, 106659)); - Assert.assertFalse(totp.validate(instant.plusSeconds(60),1,106659)); - Assert.assertFalse(totp.validate(instant.plusSeconds(90),2,106659)); + Assert.assertFalse(totp.validate(instant.plusSeconds(60), 1, 106659)); + Assert.assertFalse(totp.validate(instant.plusSeconds(90), 2, 106659)); } @Test - public void googleAuthTest(){ + public void googleAuthTest() { String str = TOTP.generateGoogleSecretKey("xl7@qq.com", 10); - System.out.println(str); + Assert.assertTrue(str.startsWith("otpauth://totp/xl7@qq.com?secret=")); } + @Test + public void longPasswordLengthTest() { + Assert.assertThrows(IllegalArgumentException.class, () -> new HOTP(9, "123".getBytes())); + } + + @Test + public void generateHOPTTest(){ + byte[] key = "12345678901234567890".getBytes(); + final HOTP hotp = new HOTP(key); + Assert.assertEquals(755224, hotp.generate(0)); + Assert.assertEquals(287082, hotp.generate(1)); + Assert.assertEquals(359152, hotp.generate(2)); + Assert.assertEquals(969429, hotp.generate(3)); + Assert.assertEquals(338314, hotp.generate(4)); + Assert.assertEquals(254676, hotp.generate(5)); + Assert.assertEquals(287922, hotp.generate(6)); + Assert.assertEquals(162583, hotp.generate(7)); + Assert.assertEquals(399871, hotp.generate(8)); + Assert.assertEquals(520489, hotp.generate(9)); + } + + @Test + public void getTimeStepTest() { + final Duration timeStep = Duration.ofSeconds(97); + + final TOTP totp = new TOTP(timeStep, "123".getBytes()); + + Assert.assertEquals(timeStep, totp.getTimeStep()); + } + + @Test + public void generateHmacSHA1TOPTTest(){ + HmacAlgorithm algorithm = HmacAlgorithm.HmacSHA1; + byte[] key = "12345678901234567890".getBytes(); + TOTP totp = new TOTP(Duration.ofSeconds(30), 8, algorithm, key); + + int generate = totp.generate(Instant.ofEpochSecond(59L)); + Assert.assertEquals(94287082, generate); + generate = totp.generate(Instant.ofEpochSecond(1111111109L)); + Assert.assertEquals(7081804, generate); + generate = totp.generate(Instant.ofEpochSecond(1111111111L)); + Assert.assertEquals(14050471, generate); + generate = totp.generate(Instant.ofEpochSecond(1234567890L)); + Assert.assertEquals(89005924, generate); + generate = totp.generate(Instant.ofEpochSecond(2000000000L)); + Assert.assertEquals(69279037, generate); + generate = totp.generate(Instant.ofEpochSecond(20000000000L)); + Assert.assertEquals(65353130, generate); + } + + @Test + public void generateHmacSHA256TOPTTest(){ + HmacAlgorithm algorithm = HmacAlgorithm.HmacSHA256; + byte[] key = "12345678901234567890123456789012".getBytes(); + TOTP totp = new TOTP(Duration.ofSeconds(30), 8, algorithm, key); + + int generate = totp.generate(Instant.ofEpochSecond(59L)); + Assert.assertEquals(46119246, generate); + generate = totp.generate(Instant.ofEpochSecond(1111111109L)); + Assert.assertEquals(68084774, generate); + generate = totp.generate(Instant.ofEpochSecond(1111111111L)); + Assert.assertEquals(67062674, generate); + generate = totp.generate(Instant.ofEpochSecond(1234567890L)); + Assert.assertEquals(91819424, generate); + generate = totp.generate(Instant.ofEpochSecond(2000000000L)); + Assert.assertEquals(90698825, generate); + generate = totp.generate(Instant.ofEpochSecond(20000000000L)); + Assert.assertEquals(77737706, generate); + } + + @Test + public void generateHmacSHA512TOPTTest(){ + HmacAlgorithm algorithm = HmacAlgorithm.HmacSHA512; + byte[] key = "1234567890123456789012345678901234567890123456789012345678901234".getBytes(); + TOTP totp = new TOTP(Duration.ofSeconds(30), 8, algorithm, key); + + int generate = totp.generate(Instant.ofEpochSecond(59L)); + Assert.assertEquals(90693936, generate); + generate = totp.generate(Instant.ofEpochSecond(1111111109L)); + Assert.assertEquals(25091201, generate); + generate = totp.generate(Instant.ofEpochSecond(1111111111L)); + Assert.assertEquals(99943326, generate); + generate = totp.generate(Instant.ofEpochSecond(1234567890L)); + Assert.assertEquals(93441116, generate); + generate = totp.generate(Instant.ofEpochSecond(2000000000L)); + Assert.assertEquals(38618901, generate); + generate = totp.generate(Instant.ofEpochSecond(20000000000L)); + Assert.assertEquals(47863826, generate); + } }