代码来源:https://github.com/wstrange/GoogleAuth
验证代码:
package com.warner.java; import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base32; import org.apache.commons.codec.binary.Base64; /** * Java Server side class for Google Authenticator's TOTP generator * Thanks to Enrico's blog for the sample code: * @see http://thegreyblog.blogspot.com/2011/12/google-authenticator-using-it-in-your.html * @see http://code.google.com/p/google-authenticator * @see http://tools.ietf.org/id/draft-mraihi-totp-timebased-06.txt */ public class GoogleAuthenticator { // taken from Google pam docs - we probably don't need to mess with these public static final int SECRET_SIZE = 10; public static final String SEED = "g8GjEvTbW5oVSV7avLBdwIHqGlUYNzKFI7izOF8GwLDVKs2m0QN7vxRs2im5MDaNCWGmcD2rvcZx"; public static final String RANDOM_NUMBER_ALGORITHM = "SHA1PRNG"; int window_size = 3; // default 3 - max 17 (from google docs)最多可偏移的时间 /** * set the windows size. This is an integer value representing the number of 30 second windows * we allow * The bigger the window, the more tolerant of clock skew we are. * @param s window size - must be >=1 and <=17. Other values are ignored */ public void setWindowSize(int s) { if (s >= 1 && s <= 17) window_size = s; } /** * Generate a random secret key. This must be saved by the server and associated with the * users account to verify the code displayed by Google Authenticator. * The user must register this secret on their device. * @return secret key */ public static String generateSecretKey() { SecureRandom sr = null; try { sr = SecureRandom.getInstance(RANDOM_NUMBER_ALGORITHM); sr.setSeed(Base64.decodeBase64(SEED)); byte[] buffer = sr.generateSeed(SECRET_SIZE); Base32 codec = new Base32(); byte[] bEncodedKey = codec.encode(buffer); String encodedKey = new String(bEncodedKey); return encodedKey; }catch (NoSuchAlgorithmException e) { // should never occur... configuration error } return null; } /** * Return a URL that generates and displays a QR barcode. The user scans this bar code with the * Google Authenticator application on their smartphone to register the auth code. They can also * manually enter the * secret if desired * @param user user id (e.g. fflinstone) * @param host host or system that the code is for (e.g. myapp.com) * @param secret the secret that was previously generated for this user * @return the URL for the QR code to scan */ public static String getQRBarcodeURL(String user, String host, String secret) { String format = "https://www.google.com/chart?chs=200x200&chld=M%%7C0&cht=qr&chl=otpauth://totp/%s@%s%%3Fsecret%%3D%s"; return String.format(format, user, host, secret); } /** * Check the code entered by the user to see if it is valid * @param secret The users secret. * @param code The code displayed on the users device * @param t The time in msec (System.currentTimeMillis() for example) * @return */ public boolean check_code(String secret, long code, long timeMsec) { Base32 codec = new Base32(); byte[] decodedKey = codec.decode(secret); // convert unix msec time into a 30 second "window" // this is per the TOTP spec (see the RFC for details) long t = (timeMsec / 1000L) / 30L; // Window is used to check codes generated in the near past. // You can use this value to tune how far you're willing to go. for (int i = -window_size; i <= window_size; ++i) { long hash; try { hash = verify_code(decodedKey, t + i); }catch (Exception e) { // Yes, this is bad form - but // the exceptions thrown would be rare and a static configuration problem e.printStackTrace(); throw new RuntimeException(e.getMessage()); //return false; } if (hash == code) { return true; } } // The validation code is invalid. return false; } private static int verify_code(byte[] key, long t) throws NoSuchAlgorithmException, InvalidKeyException { byte[] data = new byte[8]; long value = t; for (int i = 8; i-- > 0; value >>>= 8) { data[i] = (byte) value; } SecretKeySpec signKey = new SecretKeySpec(key, "HmacSHA1"); Mac mac = Mac.getInstance("HmacSHA1"); mac.init(signKey); byte[] hash = mac.doFinal(data); int offset = hash[20 - 1] & 0xF; // We're using a long because Java hasn't got unsigned int. long truncatedHash = 0; for (int i = 0; i < 4; ++i) { truncatedHash <<= 8; // We are dealing with signed bytes: // we just keep the first byte. truncatedHash |= (hash[offset + i] & 0xFF); } truncatedHash &= 0x7FFFFFFF; truncatedHash %= 1000000; return (int) truncatedHash; } }
测试代码:
package com.warner.test; import org.junit.Test; import com.warner.java.GoogleAuthenticator; /* * Not really a unit test- but it shows usage */ public class GoogleAuthTest { @Test public void genSecretTest() { String secret = GoogleAuthenticator.generateSecretKey(); String url = GoogleAuthenticator.getQRBarcodeURL("testuser", "testhost", secret); System.out.println("Please register " + url); System.out.println("Secret key is " + secret); } // Change this to the saved secret from the running the above test. static String savedSecret = "F6EUJJMYK7GDC4KI"; @Test public void authTest() { // enter the code shown on device. Edit this and run it fast before the code expires! long code = 349394; long t = System.currentTimeMillis(); GoogleAuthenticator ga = new GoogleAuthenticator(); ga.setWindowSize(5); //should give 5 * 30 seconds of grace... boolean r = ga.check_code(savedSecret, code, t); System.out.println("Check code = " + r); } }
所需JAR包:
commons-codec-1.8.jar
junit-4.10.jar
测试方法:
1、执行测试代码中的“genSecretTest”方法,将生成一个URL和一个KEY(用户为testuser),URL打开是一张二维码图片。
2、在手机中下载“GOOGLE身份验证器”。
3、在身份验证器中配置账户,输入账户名(第一步中的用户testuser)、密钥(第一步生成的KEY),选择基于时间。
4、修改测试代码中的“savedSecret”属性,用身份验证器中显示的数字替换测试代码中方法authTest中的code,运行authTest方法即可。
相关推荐
java服务端实现谷歌动态密码验证,包含二唯码字段,阿里身份宝的下载路径为:..._used=&channel=WEB&fdh=no&id_file=012200c6-9b29-11e6-95c0-00163ed833e7&instance=softonic_en&type=PROGRAM&url=...
googleAuthenticator windows版 googleAuth winAuth win10版 谷歌双向认证win版程序
googleauth 动态密码win版 googleauthenticator windows版 winauth win10版
GoogleAuthenticator谷歌身份验证器官方最新安卓版.apk
Google Authenticator in ASP.NET (C#) DEMO 可以直接运行通过. https://blog.csdn.net/qq934021379/article/details/89177477
Google Authenticator_v5.0 谷歌认证器,可以用于无线安全认证等相关安全设置。建议先百度相关知识再下载
谷歌身份验证器,即Google Authenticator(Google身份验证器)v2.33 谷歌推出的一款动态口令工具,解决大家的google账户遭到恶意攻击的问题。
Google身份验证器 Google Authenticator.apk,用于gitlab双重身份认证
Google Authenticator v5.10.rar 安卓版 官方原版
本篇文章主要介绍了java使用google身份验证器实现动态口令验证的示例,具有一定的参考价值,有兴趣的可以了解一下
google-authenticator, Google认证器的开源版本( Android 应用 除外) 谷歌认证 OpenSourceGoogle认证项目包括几个移动平台的一次性密码发生器的实现。 使用开放标准开发的开放标准( ) 为开放身份验证( 认捐) 服务...
谷歌身份验证器,即Google Authenticator(Google身份验证器)v2.33 谷歌推出的一款动态口令工具,解决大家的google账户遭到恶意攻击的问题。在SSH账号和密码之间再增加一个验证码,只有输入正确的验证码之后,再...
Authenticator)。 要求 构建和使用此库所需的最低 Java 版本是 Java 7。 安装 向您的构建环境添加依赖项。 如果您使用的是 Maven: <groupId>com.warrenstrange</groupId> <artifactId>googleauth <version>1.4.0 ...
Laravel开发-laravel-google-authenticator 这是一个框架无关的PHP库,用于使用Google验证器服务生成一次性密码。此库还可以用作Laravel 5应用程序的服务提供商。
GoogleAuthenticator, 使用谷歌验证程序应用并检查这里PHP脚本的代码 Google认证器 来自 http://code.google.com/p/google-authenticator/的端口你可以在这里使用谷歌验证程序应用程序来生成一次性密码/令牌,并通过...
php版本的安全验证 摘自google 提供生成/验证的google验证码 用于学习使用博客有使用教程可以参考
该脚本还利用了 PHPGangsta 的 Google Authenticator Library PHPGansta Google 身份验证器库 谷歌身份验证器安卓 iOS(iPhone 和 iPad) Windows Phone 如何使用首先,检查脚本。 这就是好东西的地方。 在login....
google-authenticator-5-10.apk 谷歌身份验证器 更新版本可以扫二维码,安卓版,可以生成动态码
谷歌身份验证器( Google Authenticator)
Google Authenticator Chrome插件