org.keycloak.models.utils.HmacOTP の継承関係図

org.keycloak.models.utils.HmacOTP 連携図

公開メンバ関数
	HmacOTP (int numberDigits, String algorithm, int delayWindow)

String	generateHOTP (String key, int counter)

int	validateHOTP (String token, String key, int counter)

String	generateOTP (String key, String counter, int returnDigits, String crypto)

静的公開メンバ関数
static String	generateSecret (int length)

静的公開変数類
static final String	HMAC_SHA1 = "HmacSHA1"

static final String	HMAC_SHA256 = "HmacSHA256"

static final String	HMAC_SHA512 = "HmacSHA512"

static final String	DEFAULT_ALGORITHM = HMAC_SHA1

static final int	DEFAULT_NUMBER_DIGITS = 6

限定公開変数類
final String	algorithm

final int	numberDigits

final int	lookAheadWindow

非公開メンバ関数
byte []	hmac_sha1 (String crypto, byte[] keyBytes, byte[] text)

byte []	hexStr2Bytes (String hex)

静的非公開変数類
static final int []	DIGITS_POWER = {1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000}

詳解

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ HmacOTP()

org.keycloak.models.utils.HmacOTP.HmacOTP	(	int	numberDigits,
		String	algorithm,
		int	delayWindow
	)

inline

                                                                         {
         this.numberDigits = numberDigits;
         this.algorithm = algorithm;
         this.lookAheadWindow = delayWindow;
     }

関数詳解

◆ generateHOTP()

String org.keycloak.models.utils.HmacOTP.generateHOTP	(	String	key,
		int	counter
	)

inline

                                                         {
         String steps = Integer.toHexString(counter).toUpperCase();
 
         // Just get a 16 digit string
         while (steps.length() < 16)
             steps = "0" + steps;
 
         return generateOTP(key, steps, numberDigits, algorithm);
 
     }

◆ generateOTP()

String org.keycloak.models.utils.HmacOTP.generateOTP	(	String	key,
		String	counter,
		int	returnDigits,
		String	crypto
	)

inline

This method generates an OTP value for the given set of parameters.

引数

key	the shared secret, HEX encoded
counter	a value that reflects a time
returnDigits	number of digits to return
crypto	the crypto function to use

戻り値: A numeric String in base 10 that includes return digits

例外

java.security.GeneralSecurityException

                                                                                            {
         String result = null;
         byte[] hash;
 
         // Using the counter
         // First 8 bytes are for the movingFactor
         // Complaint with base RFC 4226 (HOTP)
         while (counter.length() < 16)
             counter = "0" + counter;
 
         // Get the HEX in a Byte[]
         byte[] msg = hexStr2Bytes(counter);
 
         // Adding one byte to get the right conversion
         // byte[] k = hexStr2Bytes(key);
         byte[] k = key.getBytes();
 
         hash = hmac_sha1(crypto, k, msg);
 
         // put selected bytes into result int
         int offset = hash[hash.length - 1] & 0xf;
 
         int binary = ((hash[offset] & 0x7f) << 24) | ((hash[offset + 1] & 0xff) << 16) | ((hash[offset + 2] & 0xff) << 8)
                 | (hash[offset + 3] & 0xff);
 
         int otp = binary % DIGITS_POWER[returnDigits];
 
         result = Integer.toString(otp);
 
         while (result.length() < returnDigits) {
             result = "0" + result;
         }
         return result;
     }

◆ generateSecret()

static String org.keycloak.models.utils.HmacOTP.generateSecret ( int length )

inlinestatic

                                                     {
         String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890";
         SecureRandom r = new SecureRandom();
         StringBuilder sb = new StringBuilder();
         for (int i = 0; i < length; i++) {
             char c = chars.charAt(r.nextInt(chars.length()));
             sb.append(c);
         }
         return sb.toString();
     }

◆ hexStr2Bytes()

byte [] org.keycloak.models.utils.HmacOTP.hexStr2Bytes ( String hex )

inlineprivate

This method converts HEX string to Byte[]

引数

hex	the HEX string

戻り値: A byte array

                                             {
         // Adding one byte to get the right conversion
         // values starting with "0" can be converted
         byte[] bArray = new BigInteger("10" + hex, 16).toByteArray();
 
         // Copy all the REAL bytes, not the "first"
         byte[] ret = new byte[bArray.length - 1];
         for (int i = 0; i < ret.length; i++)
             ret[i] = bArray[i + 1];
         return ret;
     }

◆ hmac_sha1()

byte [] org.keycloak.models.utils.HmacOTP.hmac_sha1	(	String	crypto,
		byte []	keyBytes,
		byte []	text
	)

inlineprivate

This method uses the JCE to provide the crypto algorithm. HMAC computes a Hashed Message Authentication Code with the crypto hash algorithm as a parameter.

引数

crypto	the crypto algorithm (HmacSHA1, HmacSHA256, HmacSHA512)
keyBytes	the bytes to use for the HMAC key
text	the message or text to be authenticated.

例外

java.security.NoSuchAlgorithmException
java.security.InvalidKeyException

                                                                           {
         byte[] value;
 
         try {
             Mac hmac = Mac.getInstance(crypto);
             SecretKeySpec macKey = new SecretKeySpec(keyBytes, "RAW");
 
             hmac.init(macKey);
 
             value = hmac.doFinal(text);
         } catch (Exception e) {
             throw new RuntimeException(e);
         }
 
         return value;
     }

◆ validateHOTP()

int org.keycloak.models.utils.HmacOTP.validateHOTP	(	String	token,
		String	key,
		int	counter
	)

inline

引数

token
key
counter

戻り値: -1 if not a match. A positive number means successful validation. This positive number is also the new value of the counter

                                                                    {
 
         int newCounter = counter;
         for (newCounter = counter; newCounter <= counter + lookAheadWindow; newCounter++) {
             String candidate = generateHOTP(key, newCounter);
             if (candidate.equals(token)) {
                 return newCounter + 1;
             }
 
         }
         return -1;
     }

メンバ詳解

◆ algorithm

final String org.keycloak.models.utils.HmacOTP.algorithm

protected

◆ DEFAULT_ALGORITHM

final String org.keycloak.models.utils.HmacOTP.DEFAULT_ALGORITHM = HMAC_SHA1

static

◆ DEFAULT_NUMBER_DIGITS

final int org.keycloak.models.utils.HmacOTP.DEFAULT_NUMBER_DIGITS = 6

static

◆ DIGITS_POWER

final int [] org.keycloak.models.utils.HmacOTP.DIGITS_POWER = {1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000}

staticprivate

◆ HMAC_SHA1

final String org.keycloak.models.utils.HmacOTP.HMAC_SHA1 = "HmacSHA1"

static

◆ HMAC_SHA256

final String org.keycloak.models.utils.HmacOTP.HMAC_SHA256 = "HmacSHA256"

static

◆ HMAC_SHA512

final String org.keycloak.models.utils.HmacOTP.HMAC_SHA512 = "HmacSHA512"

static

◆ lookAheadWindow

final int org.keycloak.models.utils.HmacOTP.lookAheadWindow

protected

◆ numberDigits

final int org.keycloak.models.utils.HmacOTP.numberDigits

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/models/utils/HmacOTP.java

公開メンバ関数

静的公開メンバ関数

静的公開変数類

限定公開変数類

非公開メンバ関数

静的非公開変数類

詳解

構築子と解体子

◆ HmacOTP()

関数詳解

◆ generateHOTP()

◆ generateOTP()

◆ generateSecret()

◆ hexStr2Bytes()

◆ hmac_sha1()

◆ validateHOTP()

メンバ詳解

◆ algorithm

◆ DEFAULT_ALGORITHM

◆ DEFAULT_NUMBER_DIGITS

◆ DIGITS_POWER

◆ HMAC_SHA1

◆ HMAC_SHA256

◆ HMAC_SHA512

◆ lookAheadWindow

◆ numberDigits