java實現Google二步驗證 (Google Authenticator)

標籤：throw   pad   second   family   target   賬戶   ros   秘鑰   exception   

準備:

　　一個Google二步驗證APP,  我用的是ios 身份寶

資料:

　　1.Google Authenticator 原理及Java實現   //主要參考

　　　　76947962#

　　2.Google驗證 (Google Authenticator) 的實現原理是什嗎？

　　　　https://www.zhihu.com/question/20462696

　　3.Google驗證，又稱兩步驗證，

　　　　https://www.360shouzhuan.com/android/news/youxi/1632.htm

 

這個是Google二步驗證, 擷取key, 與驗證,  

package com.rekoo;//Google  Authenticator// 只從google出了雙重身分識別驗證後，就方便了大家，等同於有了google一個層級的安全，但是我們該怎麼使用google authenticator (雙重身分識別驗證)，//下面是java的演算法，這樣大家都可以得到根據key得到公用的秘鑰了,直接複製，記得匯入JAR包：////commons-codec-1.8.jar////junit-4.10.jar//測試方法：////1、執行測試代碼中的“genSecret”方法，將產生一個KEY（使用者為testuser），URL開啟是一張二維碼圖片。////2、在手機中下載“GOOGLE身分識別驗證器”。////3、在身分識別驗證器中配置賬戶，輸入賬戶名（第一步中的使用者testuser）、密鑰（第一步產生的KEY），選擇基於時間。////4、運行authcode方法將key和要測試的驗證碼帶進去（codes，key），就可以知道是不是正確的秘鑰了！傳回值布爾//main我就不寫了大家~~因為這個可以當做util工具直接調用就行了//import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;import java.security.SecureRandom;import javax.crypto.Mac;import javax.crypto.spec.SecretKeySpec;import org.apache.commons.codec.binary.Base32;import org.apache.commons.codec.binary.Base64;public class GoogleAuthenticator {    // taken from Google pam docs - we probably don‘t need to mess with these    public static final int SECRET_SIZE = 10;    public static final String SEED = "g8GjEvTbW5oVSV7avLBdwIHqGlUYNzKFI7izOF8GwLDVKs2m0QN7vxRs2im5MDaNCWGmcD2rvcZx";    public static final String RANDOM_NUMBER_ALGORITHM = "SHA1PRNG";    int window_size = 3; // default 3 - max 17 (from google docs)最多可位移的時間    public void setWindowSize(int s) {        if (s >= 1 && s <= 17)            window_size = s;    }    public static Boolean authcode(String codes, String savedSecret) {        // enter the code shown on device. Edit this and run it fast before the        // code expires!        long code = Long.parseLong(codes);        long t = System.currentTimeMillis();        GoogleAuthenticator ga = new GoogleAuthenticator();        ga.setWindowSize(15); // should give 5 * 30 seconds of grace...        boolean r = ga.check_code(savedSecret, code, t);        return r;    }    public static String genSecret(String name) {        String secret = GoogleAuthenticator.generateSecretKey();        //GoogleAuthenticator.getQRBarcodeURL("testuser","testhost", secret);        GoogleAuthenticator.getQRBarcodeURL(name,                "testhost", secret);        return secret;    }    public static String generateSecretKey() {        SecureRandom sr = null;        try {            sr = SecureRandom.getInstance(RANDOM_NUMBER_ALGORITHM);            sr.setSeed(Base64.decodeBase64(SEED));            byte[] buffer = sr.generateSeed(SECRET_SIZE);            Base32 codec = new Base32();            byte[] bEncodedKey = codec.encode(buffer);            String encodedKey = new String(bEncodedKey);            return encodedKey;        }catch (NoSuchAlgorithmException e) {            // should never occur... configuration error        }        return null;    }    public static String getQRBarcodeURL(String user, String host, String secret) {        String format = "https://www.google.com/chart?chs=200x200&chld=M%%7C0&cht=qr&chl=otpauth://totp/%[email protected]%s%%3Fsecret%%3D%s";        return String.format(format, user, host, secret);    }    public boolean check_code(String secret, long code, long timeMsec) {        Base32 codec = new Base32();        byte[] decodedKey = codec.decode(secret);        // convert unix msec time into a 30 second "window"        // this is per the TOTP spec (see the RFC for details)        long t = (timeMsec / 1000L) / 30L;        // Window is used to check codes generated in the near past.        // You can use this value to tune how far you‘re willing to go.        for (int i = -window_size; i <= window_size; ++i) {            long hash;            try {                hash = verify_code(decodedKey, t + i);            }catch (Exception e) {                // Yes, this is bad form - but                // the exceptions thrown would be rare and a static configuration problem                e.printStackTrace();                throw new RuntimeException(e.getMessage());                //return false;            }            if (hash == code) {                return true;            }        }        // The validation code is invalid.        return false;    }    private static int verify_code(byte[] key, long t) throws NoSuchAlgorithmException, InvalidKeyException {        byte[] data = new byte[8];        long value = t;        for (int i = 8; i-- > 0; value >>>= 8) {            data[i] = (byte) value;        }        SecretKeySpec signKey = new SecretKeySpec(key, "HmacSHA1");        Mac mac = Mac.getInstance("HmacSHA1");        mac.init(signKey);        byte[] hash = mac.doFinal(data);        int offset = hash[20 - 1] & 0xF;        // We‘re using a long because Java hasn‘t got unsigned int.        long truncatedHash = 0;        for (int i = 0; i < 4; ++i) {            truncatedHash <<= 8;            // We are dealing with signed bytes:            // we just keep the first byte.            truncatedHash |= (hash[offset + i] & 0xFF);        }        truncatedHash &= 0x7FFFFFFF;        truncatedHash %= 1000000;        return (int) truncatedHash;    }    public static void main(String[] args) {        String secret = genSecret("testuser");//擷取key        System.out.println("secret : "+secret);        String key = "";        Boolean authcode = authcode(key, secret);//驗證        if(authcode){            System.out.printf("真...........");        }else {            System.out.printf("假.........");        }    }}

 

 

最後: 親愛的讀者, 可以粉我一下嗎? 

 

 

java實現Google二步驗證 (Google Authenticator)