设为首页收藏本站

IT技术擎 - 最棒的IT web技术交流社区

 找回密码
 注册为IT技术擎人

QQ登录

只需一步,快速开始

搜索
热搜: php h5 jquery
查看: 11|回复: 0

[其他] java实现谷歌二步验证 (Google Authenticator)

[复制链接]

1万

主题

1万

帖子

3万

积分

版主

Rank: 7Rank: 7Rank: 7

积分
37750
发表于 4 天前 | 显示全部楼层 |阅读模式
准备:
  一个谷歌二步验证APP,  我用的是ios 身份宝

资料:
  1.Google Authenticator 原理及Java实现 //主要参考
    https://blog.csdn.net/lizhengjava/article/details/76947962#
  2.谷歌验证 (Google Authenticator) 的实现原理是什么?
    https://www.zhihu.com/question/20462696
  3.谷歌验证,又称两步验证,
    https://www.360shouzhuan.com/android/news/youxi/1632.htm
这个是谷歌二步验证, 获取key, 与验证,
  1. packagecom.rekoo;
  2. //Google Authenticator
  3. //只从google出了双重身份验证后,就方便了大家,等同于有了google一个级别的安全,但是我们该怎么使用google authenticator (双重身份验证),
  4. //下面是java的算法,这样大家都可以得到根据key得到公共的秘钥了,直接复制,记得导入JAR包:
  5. //
  6. //commons-codec-1.8.jar
  7. //
  8. //junit-4.10.jar
  9. //测试方法:
  10. //
  11. //1、执行测试代码中的"genSecret”方法,将生成一个KEY(用户为testuser),URL打开是一张二维码图片。
  12. //
  13. //2、在手机中下载"GOOGLE身份验证器”。
  14. //
  15. //3、在身份验证器中配置账户,输入账户名(第一步中的用户testuser)、密钥(第一步生成的KEY),选择基于时间。
  16. //
  17. //4、运行authcode方法将key和要测试的验证码带进去(codes,key),就可以知道是不是正确的秘钥了!返回值布尔
  18. //main我就不写了大家~~因为这个可以当做util工具直接调用就行了
  19. //
  20. importjava.security.InvalidKeyException;
  21. importjava.security.NoSuchAlgorithmException;
  22. importjava.security.SecureRandom;
  23. importjavax.crypto.Mac;
  24. importjavax.crypto.spec.SecretKeySpec;
  25. importorg.apache.commons.codec.binary.Base32;
  26. importorg.apache.commons.codec.binary.Base64;publicclassGoogleAuthenticator {
  27. //taken from Google pam docs - we probably don't need to mess with these publicstaticfinalintSECRET_SIZE = 10;
  28. publicstaticfinalString SEED = "g8GjEvTbW5oVSV7avLBdwIHqGlUYNzKFI7izOF8GwLDVKs2m0QN7vxRs2im5MDaNCWGmcD2rvcZx";
  29. publicstaticfinalString RANDOM_NUMBER_ALGORITHM = "SHA1PRNG";
  30. intwindow_size = 3; //default 3 - max 17 (from google docs)最多可偏移的时间 publicvoidsetWindowSize(ints) {if(s >= 1 & & s <= 17) window_size =s; }
  31. publicstaticBoolean authcode(String codes, String savedSecret) {//enter the code shown on device. Edit this and run it fast before the //code expires! longcode =Long.parseLong(codes);longt =System.currentTimeMillis(); GoogleAuthenticator ga = newGoogleAuthenticator(); ga.setWindowSize(15); //should give 5 * 30 seconds of grace... booleanr =ga.check_code(savedSecret, code, t);returnr; }
  32. publicstaticString genSecret(String name) { String secret =GoogleAuthenticator.generateSecretKey();//GoogleAuthenticator.getQRBarcodeURL("testuser","testhost", secret); GoogleAuthenticator.getQRBarcodeURL(name, "testhost", secret);returnsecret; }
  33. publicstaticString generateSecretKey() { SecureRandom sr = null;try{ sr =SecureRandom.getInstance(RANDOM_NUMBER_ALGORITHM); sr.setSeed(Base64.decodeBase64(SEED));byte[] buffer =sr.generateSeed(SECRET_SIZE); Base32 codec = newBase32();byte[] bEncodedKey =codec.encode(buffer); String encodedKey = newString(bEncodedKey);returnencodedKey; }
  34. catch(NoSuchAlgorithmException e) {//should never occur... configuration error }returnnull; }
  35. publicstaticString getQRBarcodeURL(String user, String host, String secret) { String format = "https://www.google.com/chart?chs=200x200 &chld=M%%7C0 &cht=qr &chl=otpauth://totp/%s@%s%%3Fsecret%%3D%s";returnString.format(format, user, host, secret); }
  36. publicbooleancheck_code(String secret, longcode, longtimeMsec) { Base32 codec = newBase32();byte[] decodedKey =codec.decode(secret);//convert unix msec time into a 30 second "window" //this is per the TOTP spec (see the RFC for details) longt = (timeMsec / 1000L) / 30L;//Window is used to check codes generated in the near past. //You can use this value to tune how far you're willing to go. for(inti = -window_size; i <= window_size; ++i) {longhash;try{ hash = verify_code(decodedKey, t +i); }
  37. catch(Exception e) {//Yes, this is bad form - but //the exceptions thrown would be rare and a static configuration problem e.printStackTrace();thrownewRuntimeException(e.getMessage());//return false; }if(hash ==code) {returntrue; } }//The validation code is invalid. returnfalse; }
  38. privatestaticintverify_code(byte[] key, longt) throwsNoSuchAlgorithmException, InvalidKeyException {byte[] data = newbyte[8];longvalue =t;for(inti = 8; i-- > 0; value > > >= 8) { data[i] = (byte) value; } SecretKeySpec signKey = newSecretKeySpec(key, "HmacSHA1"); Mac mac = Mac.getInstance("HmacSHA1"); mac.init(signKey);byte[] hash =mac.doFinal(data);intoffset = hash[20 - 1] & 0xF;//We're using a long because Java hasn't got unsigned int. longtruncatedHash = 0;for(inti = 0; i < 4; ++i) { truncatedHash < <= 8;//We are dealing with signed bytes: //we just keep the first byte. truncatedHash |= (hash[offset + i] & 0xFF); } truncatedHash &= 0x7FFFFFFF; truncatedHash %= 1000000;return(int) truncatedHash; }
  39. publicstaticvoidmain(String[] args) { String secret = genSecret("testuser");//获取key System.out.println("secret : "+secret); String key = ""; Boolean authcode =authcode(key, secret);//验证 if(authcode){ System.out.printf("真..........."); }
  40. else{ System.out.printf("假........."); } }
  41. }
复制代码

最后: 亲爱的读者, 可以粉我一下吗?
Google Authenticator 原理及Java实现
该用户未在地球留下任何的痕迹

本版积分规则

QQ|小黑屋|帮助|IT技术擎 ( 沪ICP备15054863号  

GMT+8, 2018-9-19 01:45

Powered by Discuz! X3.2 Licensed

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表