org.keycloak.credential.OTPCredentialProvider の継承関係図

org.keycloak.credential.OTPCredentialProvider 連携図

公開メンバ関数
void	onCache (RealmModel realm, CachedUserModel user, UserModel delegate)

	OTPCredentialProvider (KeycloakSession session)

boolean	updateCredential (RealmModel realm, UserModel user, CredentialInput input)

void	disableCredentialType (RealmModel realm, UserModel user, String credentialType)

Set< String >	getDisableableCredentialTypes (RealmModel realm, UserModel user)

boolean	supportsCredentialType (String credentialType)

boolean	isConfiguredFor (RealmModel realm, UserModel user, String credentialType)

boolean	isValid (RealmModel realm, UserModel user, CredentialInput input)

静的公開メンバ関数
static boolean	validOTP (RealmModel realm, String token, String secret)

限定公開メンバ関数
List< CredentialModel >	getCachedCredentials (UserModel user, String type)

UserCredentialStore	getCredentialStore ()

boolean	configuredForHOTP (RealmModel realm, UserModel user)

boolean	configuredForTOTP (RealmModel realm, UserModel user)

限定公開変数類
KeycloakSession	session

静的非公開変数類
static final Logger	logger = Logger.getLogger(OTPCredentialProvider.class)

詳解

著者: Bill Burke

バージョン

Revision: 1

構築子と解体子

◆ OTPCredentialProvider()

org.keycloak.credential.OTPCredentialProvider.OTPCredentialProvider ( KeycloakSession session )

inline

                                                           {
         this.session = session;
     }

関数詳解

◆ configuredForHOTP()

boolean org.keycloak.credential.OTPCredentialProvider.configuredForHOTP	(	RealmModel	realm,
		UserModel	user
	)

inlineprotected

                                                                           {
         return !getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.HOTP).isEmpty();
     }

◆ configuredForTOTP()

boolean org.keycloak.credential.OTPCredentialProvider.configuredForTOTP	(	RealmModel	realm,
		UserModel	user
	)

inlineprotected

                                                                           {
         List<CredentialModel> cachedCredentials = getCachedCredentials(user, CredentialModel.TOTP);
         if (cachedCredentials == null) return !getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.TOTP).isEmpty();
         return !cachedCredentials.isEmpty();
     }

◆ disableCredentialType()

void org.keycloak.credential.OTPCredentialProvider.disableCredentialType	(	RealmModel	realm,
		UserModel	user,
		String	credentialType
	)

inline

                                                                                                {
         boolean disableTOTP = false, disableHOTP = false;
         if (CredentialModel.OTP.equals(credentialType)) {
             disableTOTP = true;
             disableHOTP = true;
         } else if (CredentialModel.HOTP.equals(credentialType)) {
             disableHOTP = true;
 
         } else if (CredentialModel.TOTP.equals(credentialType)) {
             disableTOTP = true;
         }
         if (disableHOTP) {
             List<CredentialModel> hotp = getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.HOTP);
             for (CredentialModel cred : hotp) {
                 getCredentialStore().removeStoredCredential(realm, user, cred.getId());
             }
 
         }
         if (disableTOTP) {
             List<CredentialModel> totp = getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.TOTP);
             if (!totp.isEmpty()) {
                 for (CredentialModel cred : totp) {
                     getCredentialStore().removeStoredCredential(realm, user, cred.getId());
                 }
             }
 
         }
         if (disableTOTP || disableHOTP) {
             UserCache userCache = session.userCache();
             if (userCache != null) {
                 userCache.evict(realm, user);
             }
         }
     }

◆ getCachedCredentials()

List<CredentialModel> org.keycloak.credential.OTPCredentialProvider.getCachedCredentials	(	UserModel	user,
		String	type
	)

inlineprotected

                                                                                       {
         if (!(user instanceof CachedUserModel)) return null;
         CachedUserModel cached = (CachedUserModel)user;
         if (cached.isMarkedForEviction()) return null;
         List<CredentialModel> rtn = (List<CredentialModel>)cached.getCachedWith().get(OTPCredentialProvider.class.getName() + "." + type);
         if (rtn == null) return Collections.EMPTY_LIST;
         return rtn;
     }

◆ getCredentialStore()

UserCredentialStore org.keycloak.credential.OTPCredentialProvider.getCredentialStore ( )

inlineprotected

                                                        {
         return session.userCredentialManager();
     }

◆ getDisableableCredentialTypes()

Set<String> org.keycloak.credential.OTPCredentialProvider.getDisableableCredentialTypes	(	RealmModel	realm,
		UserModel	user
	)

inline

                                                                                        {
         if (!getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.HOTP).isEmpty()
         || !getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.TOTP).isEmpty()) {
             Set<String> set = new HashSet<>();
             set.add(CredentialModel.OTP);
             return set;
         } else {
             return Collections.EMPTY_SET;
         }
     }

◆ isConfiguredFor()

boolean org.keycloak.credential.OTPCredentialProvider.isConfiguredFor	(	RealmModel	realm,
		UserModel	user,
		String	credentialType
	)

inline

                                                                                             {
         if (!supportsCredentialType(credentialType)) return false;
         if (CredentialModel.OTP.equals(credentialType)) {
             if (realm.getOTPPolicy().getType().equals(CredentialModel.HOTP)) {
                 return configuredForHOTP(realm, user);
             } else {
                 return configuredForTOTP(realm, user);
             }
         } else if (CredentialModel.HOTP.equals(credentialType)) {
             return configuredForHOTP(realm, user);
 
         } else if (CredentialModel.TOTP.equals(credentialType)) {
             return configuredForTOTP(realm, user);
         } else {
             return false;
         }
 
     }

◆ isValid()

boolean org.keycloak.credential.OTPCredentialProvider.isValid	(	RealmModel	realm,
		UserModel	user,
		CredentialInput	input
	)

inline

                                                                                     {
         if (! (input instanceof UserCredentialModel)) {
             logger.debug("Expected instance of UserCredentialModel for CredentialInput");
             return false;
 
         }
         String token = ((UserCredentialModel)input).getValue();
         if (token == null) {
             return false;
         }
 
         OTPPolicy policy = realm.getOTPPolicy();
         if (realm.getOTPPolicy().getType().equals(CredentialModel.HOTP)) {
             HmacOTP validator = new HmacOTP(policy.getDigits(), policy.getAlgorithm(), policy.getLookAheadWindow());
             for (CredentialModel cred : getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.HOTP)) {
                 int counter = validator.validateHOTP(token, cred.getValue(), cred.getCounter());
                 if (counter < 0) continue;
                 cred.setCounter(counter);
                 getCredentialStore().updateCredential(realm, user, cred);
                 return true;
             }
         } else {
             TimeBasedOTP validator = new TimeBasedOTP(policy.getAlgorithm(), policy.getDigits(), policy.getPeriod(), policy.getLookAheadWindow());
             List<CredentialModel> creds = getCachedCredentials(user, CredentialModel.TOTP);
             if (creds == null) {
                 creds = getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.TOTP);
             } else {
                 logger.debugv("Cache hit for TOTP for user {0}", user.getUsername());
             }
             for (CredentialModel cred : creds) {
                 if (validator.validateTOTP(token, cred.getValue().getBytes())) {
                     return true;
                 }
             }
 
         }
         return false;
     }

◆ onCache()

void org.keycloak.credential.OTPCredentialProvider.onCache	(	RealmModel	realm,
		CachedUserModel	user,
		UserModel	delegate
	)

inline

                                                                                     {
         List<CredentialModel> creds = getCredentialStore().getStoredCredentialsByType(realm, user, CredentialModel.TOTP);
         user.getCachedWith().put(OTPCredentialProvider.class.getName() + "." + CredentialModel.TOTP, creds);
 
     }

◆ supportsCredentialType()

boolean org.keycloak.credential.OTPCredentialProvider.supportsCredentialType ( String credentialType )

inline

                                                                  {
         return CredentialModel.OTP.equals(credentialType)
                 || CredentialModel.HOTP.equals(credentialType)
                 || CredentialModel.TOTP.equals(credentialType);
     }

◆ updateCredential()

boolean org.keycloak.credential.OTPCredentialProvider.updateCredential	(	RealmModel	realm,
		UserModel	user,
		CredentialInput	input
	)

inline

                                                                                              {
         if (!supportsCredentialType(input.getType())) return false;
 
         if (!(input instanceof UserCredentialModel)) {
             logger.debug("Expected instance of UserCredentialModel for CredentialInput");
             return false;
         }
         UserCredentialModel inputModel = (UserCredentialModel)input;
         CredentialModel model = null;
         if (inputModel.getDevice() != null) {
             model = getCredentialStore().getStoredCredentialByNameAndType(realm, user, inputModel.getDevice(), CredentialModel.TOTP);
             if (model == null) {
                 model = getCredentialStore().getStoredCredentialByNameAndType(realm, user, inputModel.getDevice(), CredentialModel.HOTP);
             }
         }
         if (model == null) {
             // delete all existing
             disableCredentialType(realm, user, CredentialModel.OTP);
             model = new CredentialModel();
         }
 
         OTPPolicy policy = realm.getOTPPolicy();
         model.setDigits(policy.getDigits());
         model.setCounter(policy.getInitialCounter());
         model.setAlgorithm(policy.getAlgorithm());
         model.setType(input.getType());
         model.setValue(inputModel.getValue());
         model.setDevice(inputModel.getDevice());
         model.setPeriod(policy.getPeriod());
         model.setCreatedDate(Time.currentTimeMillis());
         if (model.getId() == null) {
             getCredentialStore().createCredential(realm, user, model);
         } else {
             getCredentialStore().updateCredential(realm, user, model);
         }
         UserCache userCache = session.userCache();
         if (userCache != null) {
             userCache.evict(realm, user);
         }
         return true;
 
 
 
     }

◆ validOTP()

static boolean org.keycloak.credential.OTPCredentialProvider.validOTP	(	RealmModel	realm,
		String	token,
		String	secret
	)

inlinestatic

                                                                                   {
         OTPPolicy policy = realm.getOTPPolicy();
         if (policy.getType().equals(UserCredentialModel.TOTP)) {
             TimeBasedOTP validator = new TimeBasedOTP(policy.getAlgorithm(), policy.getDigits(), policy.getPeriod(), policy.getLookAheadWindow());
             return validator.validateTOTP(token, secret.getBytes());
         } else {
             HmacOTP validator = new HmacOTP(policy.getDigits(), policy.getAlgorithm(), policy.getLookAheadWindow());
             int c = validator.validateHOTP(token, secret, policy.getInitialCounter());
             return c > -1;
         }
 
     }

メンバ詳解

◆ logger

final Logger org.keycloak.credential.OTPCredentialProvider.logger = Logger.getLogger(OTPCredentialProvider.class)

staticprivate

◆ session

KeycloakSession org.keycloak.credential.OTPCredentialProvider.session

protected

このクラス詳解は次のファイルから抽出されました:

D:/AppData/doxygen/keycloak/rest-service/src/services/src/main/java/org/keycloak/credential/OTPCredentialProvider.java

公開メンバ関数

静的公開メンバ関数

限定公開メンバ関数

限定公開変数類

静的非公開変数類

詳解

構築子と解体子

◆ OTPCredentialProvider()

関数詳解

◆ configuredForHOTP()

◆ configuredForTOTP()

◆ disableCredentialType()

◆ getCachedCredentials()

◆ getCredentialStore()

◆ getDisableableCredentialTypes()

◆ isConfiguredFor()

◆ isValid()

◆ onCache()

◆ supportsCredentialType()

◆ updateCredential()

◆ validOTP()

メンバ詳解

◆ logger

◆ session