Java实现谷歌身份验证器

ゝ一世哀愁。 2023-07-05 13:12 183阅读 0赞

  1. 生成一个随机秘钥

    public static String generateSecretKey() throws NoSuchAlgorithmException { 

    1.     SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
    2.     sr.setSeed(Base64.decodeBase64("fooabrbalabala"));
    3.     byte[] buffer = sr.generateSeed(10);
    4.     Base32 codec = new Base32();
    5.     byte[] bEncodedKey = codec.encode(buffer);
    6.     return new String(bEncodedKey);
    7. }

  2. 生成二维码

    public static String getQRBarcode(String user, String secret, String issuer) { 

    1.     String format = "otpauth://totp/%s?secret=%s&issuer=%s";
    2.     return String.format(format, user, secret, issuer);
    3. }

  3. 扫码添加
    根据服务端生成的二维码字符串生成二维码图片,用户在身份验真器扫码添加。
    e.g.

    otpauth://totp/yimcarson?secret=VIABPOEXKBBMLZD2&issuer=CSDN

身份验证器二维码

Google身份验证器截屏

  1. 生成验证码
    身份验证器每个30秒更新一次验证码,服务端校验时根据系统时间和密钥生成验证码。

    public static int generateCode(byte[] key, long t) throws NoSuchAlgorithmException, InvalidKeyException { 

    1.     byte[] data = new byte[8];
    2.     long value = t;
    3.     for (int i = 8; i-- > 0; value >>>= 8) { 
    4.         data[i] = (byte) value;
    5.     }
    6.     SecretKeySpec signKey = new SecretKeySpec(key, "HmacSHA1");
    7.     Mac mac = Mac.getInstance("HmacSHA1");
    8.     mac.init(signKey);
    9.     byte[] hash = mac.doFinal(data);
    10.     int offset = hash[20 - 1] & 0xF;
    11.     // We're using a long because Java hasn't got unsigned int.
    12.     long truncatedHash = 0;
    13.     for (int i = 0; i < 4; ++i) { 
    14.         truncatedHash <<= 8;
    15.         // We are dealing with signed bytes:
    16.         // we just keep the first byte.
    17.         truncatedHash |= (hash[offset + i] & 0xFF);
    18.     }
    19.     truncatedHash &= 0x7FFFFFFF;
    20.     truncatedHash %= 1000000;
    21.     return (int) truncatedHash;
    22. }

    @Test

    1. public void generateCode() throws InvalidKeyException, NoSuchAlgorithmException { 
    2.     byte[] key = new Base32().decode("H3GKOORXVD76URAB");
    3.     long t = (System.currentTimeMillis() / 1000L) / 30L;
    4.     int code = GoogleAuthenticator.generateCode(key, t);
    5.     System.out.println(code);
    6. }

  2. 校验验证码
    为了避免用户输入、网路等延时因素引起的校验问题,服务端通常会根据时间校验多个值。

    /* 最多可偏移的时间 default 3 - max 17 /

    1. int window_size = 3;
    2. public boolean checkCode(String secret, long code, long timeMsec) { 
    3.     Base32 codec = new Base32();
    4.     byte[] decodedKey = codec.decode(secret);
    5.     long t = (timeMsec / 1000L) / 30L;
    6.     for (int i = -window_size; i <= window_size; ++i) { 
    7.         long hash;
    8.         try { 
    9.             hash = generateCode(decodedKey, t + i);
    10.         } catch (Exception e) { 
    11.             e.printStackTrace();
    12.             throw new RuntimeException(e.getMessage());
    13.         }
    14.         if (hash == code) { 
    15.             return true;
    16.         }
    17.     }
    18.     return false;
    19. }

发表评论

表情:
评论列表 (有 0 条评论,183人围观)

还没有评论,来说两句吧...

相关阅读