org.keycloak.models.utils.TimeBasedOTP クラス

org.keycloak.models.utils.TimeBasedOTP の継承関係図

org.keycloak.models.utils.TimeBasedOTP 連携図

クラス
class	Clock

公開メンバ関数
	TimeBasedOTP ()
	TimeBasedOTP (String algorithm, int numberDigits, int timeIntervalInSeconds, int lookAheadWindow)
String	generateTOTP (String secretKey)
boolean	validateTOTP (String token, byte[] secret)
void	setCalendar (Calendar calendar)
String	generateHOTP (String key, int counter)
int	validateHOTP (String token, String key, int counter)
String	generateOTP (String key, String counter, int returnDigits, String crypto)

静的公開メンバ関数
static String	generateSecret (int length)

静的公開変数類
static final int	DEFAULT_INTERVAL_SECONDS = 30
static final int	DEFAULT_DELAY_WINDOW = 1
static final String	HMAC_SHA1 = "HmacSHA1"
static final String	HMAC_SHA256 = "HmacSHA256"
static final String	HMAC_SHA512 = "HmacSHA512"
static final String	DEFAULT_ALGORITHM = HMAC_SHA1
static final int	DEFAULT_NUMBER_DIGITS = 6

限定公開変数類
final String	algorithm
final int	numberDigits
final int	lookAheadWindow

非公開変数類
Clock	clock

詳解

TOTP: Time-based One-time Password Algorithm Based on http://tools.ietf.org/html/draft-mraihi-totp-timebased-06

著者

anil saldhana

から

Sep 20, 2010

構築子と解体子

TimeBasedOTP() [1/2]

org.keycloak.models.utils.TimeBasedOTP.TimeBasedOTP ( )

inline

                          {
        this(DEFAULT_ALGORITHM, DEFAULT_NUMBER_DIGITS, DEFAULT_INTERVAL_SECONDS, DEFAULT_DELAY_WINDOW);
    }

TimeBasedOTP() [2/2]

org.keycloak.models.utils.TimeBasedOTP.TimeBasedOTP ( String  algorithm, int  numberDigits, int  timeIntervalInSeconds, int  lookAheadWindow  )

inline

引数

algorithm	the encryption algorithm
numberDigits	the number of digits for tokens
timeIntervalInSeconds	the number of seconds a token is valid
lookAheadWindow	the number of previous intervals that should be used to validate tokens.

                                                                                                            {
        super(numberDigits, algorithm, lookAheadWindow);
        this.clock = new Clock(timeIntervalInSeconds);
    }

関数詳解

generateHOTP()

String org.keycloak.models.utils.HmacOTP.generateHOTP ( String  key, int  counter  )

inlineinherited

                                                        {
        String steps = Integer.toHexString(counter).toUpperCase();

        // Just get a 16 digit string
        while (steps.length() < 16)
            steps = "0" + steps;

        return generateOTP(key, steps, numberDigits, algorithm);

    }

generateOTP()

String org.keycloak.models.utils.HmacOTP.generateOTP ( String  key, String  counter, int  returnDigits, String  crypto  )

inlineinherited

This method generates an OTP value for the given set of parameters.

引数

key	the shared secret, HEX encoded
counter	a value that reflects a time
returnDigits	number of digits to return
crypto	the crypto function to use

戻り値

A numeric String in base 10 that includes return digits

例外

java.security.GeneralSecurityException

                                                                                           {
        String result = null;
        byte[] hash;

        // Using the counter
        // First 8 bytes are for the movingFactor
        // Complaint with base RFC 4226 (HOTP)
        while (counter.length() < 16)
            counter = "0" + counter;

        // Get the HEX in a Byte[]
        byte[] msg = hexStr2Bytes(counter);

        // Adding one byte to get the right conversion
        // byte[] k = hexStr2Bytes(key);
        byte[] k = key.getBytes();

        hash = hmac_sha1(crypto, k, msg);

        // put selected bytes into result int
        int offset = hash[hash.length - 1] & 0xf;

        int binary = ((hash[offset] & 0x7f) << 24) | ((hash[offset + 1] & 0xff) << 16) | ((hash[offset + 2] & 0xff) << 8)
                | (hash[offset + 3] & 0xff);

        int otp = binary % DIGITS_POWER[returnDigits];

        result = Integer.toString(otp);

        while (result.length() < returnDigits) {
            result = "0" + result;
        }
        return result;
    }

generateSecret()

static String org.keycloak.models.utils.HmacOTP.generateSecret ( int  length )

inlinestaticinherited

                                                    {
        String chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVW1234567890";
        SecureRandom r = new SecureRandom();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < length; i++) {
            char c = chars.charAt(r.nextInt(chars.length()));
            sb.append(c);
        }
        return sb.toString();
    }

generateTOTP()

String org.keycloak.models.utils.TimeBasedOTP.generateTOTP ( String  secretKey )

inline

Generates a token.

引数

secretKey

the secret key to derive the token from.

                                                 {
        long T = this.clock.getCurrentInterval();

        String steps = Long.toHexString(T).toUpperCase();

        // Just get a 16 digit string
        while (steps.length() < 16)
            steps = "0" + steps;

        return generateOTP(secretKey, steps, this.numberDigits, this.algorithm);
    }

setCalendar()

void org.keycloak.models.utils.TimeBasedOTP.setCalendar ( Calendar  calendar )

inline

                                               {
        this.clock.setCalendar(calendar);
    }

validateHOTP()

int org.keycloak.models.utils.HmacOTP.validateHOTP ( String  token, String  key, int  counter  )

inlineinherited

引数

token
key
counter

戻り値

-1 if not a match. A positive number means successful validation. This positive number is also the new value of the counter

                                                                   {

        int newCounter = counter;
        for (newCounter = counter; newCounter <= counter + lookAheadWindow; newCounter++) {
            String candidate = generateHOTP(key, newCounter);
            if (candidate.equals(token)) {
                return newCounter + 1;
            }

        }
        return -1;
    }

validateTOTP()

boolean org.keycloak.models.utils.TimeBasedOTP.validateTOTP ( String  token, byte []  secret  )

inline

Validates a token using a secret key.

引数

token	OTP string to validate
secret	Shared secret

戻り値

                                                             {
        long currentInterval = this.clock.getCurrentInterval();

        for (int i = this.lookAheadWindow; i >= 0; --i) {
            String steps = Long.toHexString(currentInterval - i).toUpperCase();

            // Just get a 16 digit string
            while (steps.length() < 16)
                steps = "0" + steps;

            String candidate = generateOTP(new String(secret), steps, this.numberDigits, this.algorithm);

            if (candidate.equals(token)) {
                return true;
            }
        }

        return false;
    }

メンバ詳解

algorithm

final String org.keycloak.models.utils.HmacOTP.algorithm

protectedinherited

clock

Clock org.keycloak.models.utils.TimeBasedOTP.clock

private

DEFAULT_ALGORITHM

final String org.keycloak.models.utils.HmacOTP.DEFAULT_ALGORITHM = HMAC_SHA1

staticinherited

DEFAULT_DELAY_WINDOW

final int org.keycloak.models.utils.TimeBasedOTP.DEFAULT_DELAY_WINDOW = 1

static

DEFAULT_INTERVAL_SECONDS

final int org.keycloak.models.utils.TimeBasedOTP.DEFAULT_INTERVAL_SECONDS = 30

static

DEFAULT_NUMBER_DIGITS

final int org.keycloak.models.utils.HmacOTP.DEFAULT_NUMBER_DIGITS = 6

staticinherited

HMAC_SHA1

final String org.keycloak.models.utils.HmacOTP.HMAC_SHA1 = "HmacSHA1"

staticinherited

HMAC_SHA256

final String org.keycloak.models.utils.HmacOTP.HMAC_SHA256 = "HmacSHA256"

staticinherited

HMAC_SHA512

final String org.keycloak.models.utils.HmacOTP.HMAC_SHA512 = "HmacSHA512"

staticinherited

lookAheadWindow

final int org.keycloak.models.utils.HmacOTP.lookAheadWindow

protectedinherited

numberDigits

final int org.keycloak.models.utils.HmacOTP.numberDigits

protectedinherited

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/oidc-service/src/main/java/org/keycloak/models/utils/TimeBasedOTP.java