All Downloads are FREE. Search and download functionalities are using the official Maven repository.

cn.hutool.crypto.digest.otp.HOTP Maven / Gradle / Ivy

There is a newer version: 5.8.33
Show newest version
package cn.hutool.crypto.digest.otp;

import cn.hutool.core.codec.Base32;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.crypto.digest.HMac;
import cn.hutool.crypto.digest.HmacAlgorithm;

/**
 * 

HMAC-based one-time passwords (HOTP) 基于HMAC算法一次性密码生成器, * 规范见:RFC 4226.

* *

基于事件同步,通过某一特定的事件次序及相同的种子值作为输入,通过HASH算法运算出一致的密码。

* *

参考:https://github.com/jchambers/java-otp

* * @author Looly */ public class HOTP { /** * 数子量级 */ private static final int[] MOD_DIVISORS = {1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000}; /** * 默认密码长度. */ public static final int DEFAULT_PASSWORD_LENGTH = 6; /** * 默认HMAC算法. */ public static final HmacAlgorithm HOTP_HMAC_ALGORITHM = HmacAlgorithm.HmacSHA1; private final HMac mac; private final int passwordLength; private final int modDivisor; private final byte[] buffer; /** * 构造,使用默认密码长度和默认HMAC算法(HmacSHA1) * * @param key 共享密码,RFC 4226要求最少128位 */ public HOTP(byte[] key) { this(DEFAULT_PASSWORD_LENGTH, key); } /** * 构造,使用默认HMAC算法(HmacSHA1) * * @param passwordLength 密码长度,可以是6,7,8 * @param key 共享密码,RFC 4226要求最少128位 */ public HOTP(int passwordLength, byte[] key) { this(passwordLength, HOTP_HMAC_ALGORITHM, key); } /** * 构造 * * @param passwordLength 密码长度,可以是6,7,8 * @param algorithm HMAC算法枚举 * @param key 共享密码,RFC 4226要求最少128位 */ public HOTP(int passwordLength, HmacAlgorithm algorithm, byte[] key) { if(passwordLength >= MOD_DIVISORS.length){ throw new IllegalArgumentException("Password length must be < " + MOD_DIVISORS.length); } this.mac = new HMac(algorithm, key); this.modDivisor = MOD_DIVISORS[passwordLength]; this.passwordLength = passwordLength; this.buffer = new byte[8]; } /** * 生成一次性密码 * * @param counter 事件计数的值,8 字节的整数,称为移动因子(moving factor), * 可以是基于计次的动移动因子,也可以是计时移动因子 * @return 一次性密码的int值 */ public synchronized int generate(long counter) { // C 的整数值需要用二进制的字符串表达,比如某个事件计数为 3, // 则C是 "11"(此处省略了前面的二进制的数字0) this.buffer[0] = (byte) ((counter & 0xff00000000000000L) >>> 56); this.buffer[1] = (byte) ((counter & 0x00ff000000000000L) >>> 48); this.buffer[2] = (byte) ((counter & 0x0000ff0000000000L) >>> 40); this.buffer[3] = (byte) ((counter & 0x000000ff00000000L) >>> 32); this.buffer[4] = (byte) ((counter & 0x00000000ff000000L) >>> 24); this.buffer[5] = (byte) ((counter & 0x0000000000ff0000L) >>> 16); this.buffer[6] = (byte) ((counter & 0x000000000000ff00L) >>> 8); this.buffer[7] = (byte) (counter & 0x00000000000000ffL); final byte[] digest = this.mac.digest(this.buffer); return truncate(digest); } /** * 生成共享密钥的Base32表示形式 * * @param numBytes 将生成的种子字节数量。 * @return 共享密钥 * @since 5.7.4 */ public static String generateSecretKey(int numBytes) { return Base32.encode(RandomUtil.getSHA1PRNGRandom(RandomUtil.randomBytes(256)).generateSeed(numBytes)); } /** * 获取密码长度,可以是6,7,8 * * @return 密码长度,可以是6,7,8 */ public int getPasswordLength() { return this.passwordLength; } /** * 获取HMAC算法 * * @return HMAC算法 */ public String getAlgorithm() { return this.mac.getAlgorithm(); } /** * 截断 * * @param digest HMAC的hash值 * @return 截断值 */ private int truncate(byte[] digest) { final int offset = digest[digest.length - 1] & 0x0f; return ((digest[offset] & 0x7f) << 24 | (digest[offset + 1] & 0xff) << 16 | (digest[offset + 2] & 0xff) << 8 | (digest[offset + 3] & 0xff)) % this.modDivisor; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy