Google Authenticator 工作流程

实际上 Google Authenticator 采用的是 TOTP 算法(Time-Based One-Time Password,即基于时间的一次性密码),其核心内容包括以下三点。

  1. 安全密钥
    是客户端和服务端约定的安全密钥,也是手机端 APP 身份验证器绑定(手机端通过扫描或者手输安全密钥进行绑定)和验证码的验证都需要的一个唯一的安全密钥,该密钥由加密算法生成,并最后由 Base32 编码而成。
  2. 验证时间
    Google 选择了 30 秒作为时间片,T的数值为 从Unix epoch(1970年1月1日 00:00:00)来经历的 30 秒的个数,所以在 Google Authenticator 中我们可以看见验证码每个 30 秒就会刷新一次。
  3. 签署算法
    Google 使用的是 HMAC-SHA1 算法,全称是:Hash-based message authentication code(哈希运算消息认证码),它是以一个密钥和一个消息为输入,生成一个消息摘要作为输出,这里以 SHA1 算法作为消息输入。
    使用 HMAC 算法是因为只有用户本身知道正确的输入密钥,因此会得到唯一的输出,其算法可以简单表示为:
    hmac = SHA1(secret + SHA1(secret + input))
    事实上,TOTP 是 HMAC-OTP(基于HMAC的一次密码生成)的超集,区别是 TOTP 是以当前时间作为输入,而HMAC-OTP 则是以自增计算器作为输入,该计数器使用时需要进行同步。

demo

GoogleCodeTest

package com.example.springboot_fastweb.controller.test;

import org.apache.commons.codec.binary.Base32;
import org.apache.commons.codec.binary.Base64;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;

/**
 * Java实现谷歌身份验证器
 * 2021-10-25 justin
 */
public class GoogleCodeTest {
    //base64随机字符
    public static String BASE64 = "";
    //谷歌验证码前缀
    public static String PREFIX = "123";
    //谷歌验证码备注
    public static String REMARK = "123";
    //生成的二维码的路径及名称
    public static String DESTPATH = "路径/图片名称.jpg";

    // TODO: 运行即可
    public static void main(String[] args) throws Exception {
        // 1.生成随机密钥
        String code = generateSecretKey();
        System.out.println("密钥:" + code);
        // 2.生成验证码
        Integer verifyCode = getVerifyCode(code);
        System.out.println("验证码:" + verifyCode);
        // 3.将生成的密钥转换为二维码
        QRCode(code);
    }

    //TODO: 1.生成随机密钥 generateSecretKey()方法
    public static String generateSecretKey() throws NoSuchAlgorithmException {
        SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
        sr.setSeed(Base64.decodeBase64(BASE64));
        byte[] buffer = sr.generateSeed(10);
        Base32 codec = new Base32();
        byte[] bEncodedKey = codec.encode(buffer);
        return new String(bEncodedKey);
    }

    //TODO: 2.生成验证码 getVerifyCode()方法
    public static Integer getVerifyCode(String code) {
        byte[] key = new Base32().decode(code);
        long t = (System.currentTimeMillis() / 1000L) / 30L;
        int verifyCode = 0;
        try {
            verifyCode = GoogleCodeTest.generateCode(key, t);
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        }
        return verifyCode;
    }

    //TODO: 2.二维码图片 QRCode()方法
    public static void QRCode(String code) throws Exception {
        //user 为大标题括号内备注 code是验证吗 issuer 是前缀
        String admin = getQRBarcode(PREFIX, code, REMARK);
        //生成二维码
        QRCodeUtil.encode(admin, DESTPATH);
        //解析二维码
        String str = QRCodeUtil.decode(DESTPATH);
        //打印出解析出的内容
        System.out.println("str:" + str);
    }

    public static String getQRBarcode(String user, String secret, String issuer) {
        String format = "otpauth://totp/%s?secret=%s&issuer=%s";
        return String.format(format, user, secret, issuer);
    }

    public static int generateCode(byte[] key, long t) throws NoSuchAlgorithmException, InvalidKeyException {
        byte[] data = new byte[8];
        long value = t;
        for (int i = 8; i-- > 0; value >>>= 8) {
            data[i] = (byte) value;
        }
        SecretKeySpec signKey = new SecretKeySpec(key, "HmacSHA1");
        Mac mac = Mac.getInstance("HmacSHA1");
        mac.init(signKey);
        byte[] hash = mac.doFinal(data);
        int offset = hash[20 - 1] & 0xF;
        // We're using a long because Java hasn't got unsigned int.
        long truncatedHash = 0;
        for (int i = 0; i < 4; ++i) {
            truncatedHash <<= 8;
            // We are dealing with signed bytes:
            // we just keep the first byte.
            truncatedHash |= (hash[offset + i] & 0xFF);
        }
        truncatedHash &= 0x7FFFFFFF;
        truncatedHash %= 1000000;
        return (int) truncatedHash;
    }

    /**
     * 最多可偏移的时间
     * default 3 - max 17
     */
    int window_size = 3;

    public boolean checkCode(String secret, long code, long timeMsec) {
        Base32 codec = new Base32();
        byte[] decodedKey = codec.decode(secret);
        long t = (timeMsec / 1000L) / 30L;
        for (int i = -window_size; i <= window_size; ++i) {
            long hash;
            try {
                hash = generateCode(decodedKey, t + i);
            } catch (Exception e) {
                e.printStackTrace();
                throw new RuntimeException(e.getMessage());
            }
            if (hash == code) {
                return true;
            }
        }
        return false;
    }
}

2.二维码工具类

QRCodeUtil

package com.example.springboot_fastweb.controller.test;

import cn.hutool.extra.qrcode.BufferedImageLuminanceSource;
import com.google.zxing.*;
import com.google.zxing.common.BitMatrix;
import com.google.zxing.common.HybridBinarizer;
import com.google.zxing.qrcode.decoder.ErrorCorrectionLevel;

import javax.imageio.ImageIO;
import java.awt.*;
import java.awt.geom.RoundRectangle2D;
import java.awt.image.BufferedImage;
import java.io.File;
import java.io.OutputStream;
import java.util.Hashtable;

/**
 * 工具类
 */
public class QRCodeUtil {
    private static final String CHARSET = "utf-8";
    private static final String FORMAT_NAME = "JPG";
    // 二维码尺寸
    private static final int QRCODE_SIZE = 300;
    // LOGO宽度
    private static final int WIDTH = 60;
    // LOGO高度
    private static final int HEIGHT = 60;

    private static BufferedImage createImage(String content, String imgPath, boolean needCompress) throws Exception {
        Hashtable hints = new Hashtable();
        hints.put(EncodeHintType.ERROR_CORRECTION, ErrorCorrectionLevel.H);
        hints.put(EncodeHintType.CHARACTER_SET, CHARSET);
        hints.put(EncodeHintType.MARGIN, 1);
        BitMatrix bitMatrix = new MultiFormatWriter().encode(content, BarcodeFormat.QR_CODE, QRCODE_SIZE, QRCODE_SIZE,
                hints);
        int width = bitMatrix.getWidth();
        int height = bitMatrix.getHeight();
        BufferedImage image = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
        for (int x = 0; x < width; x++) {
            for (int y = 0; y < height; y++) {
                image.setRGB(x, y, bitMatrix.get(x, y) ? 0xFF000000 : 0xFFFFFFFF);
            }
        }
        if (imgPath == null || "".equals(imgPath)) {
            return image;
        }
        // 插入图片
        QRCodeUtil.insertImage(image, imgPath, needCompress);
        return image;
    }

    private static void insertImage(BufferedImage source, String imgPath, boolean needCompress) throws Exception {
        File file = new File(imgPath);
        if (!file.exists()) {
            System.err.println("" + imgPath + "   该文件不存在!");
            return;
        }
        Image src = ImageIO.read(new File(imgPath));
        int width = src.getWidth(null);
        int height = src.getHeight(null);
        if (needCompress) { // 压缩LOGO
            if (width > WIDTH) {
                width = WIDTH;
            }
            if (height > HEIGHT) {
                height = HEIGHT;
            }
            Image image = src.getScaledInstance(width, height, Image.SCALE_SMOOTH);
            BufferedImage tag = new BufferedImage(width, height, BufferedImage.TYPE_INT_RGB);
            Graphics g = tag.getGraphics();
            g.drawImage(image, 0, 0, null); // 绘制缩小后的图
            g.dispose();
            src = image;
        }
        // 插入LOGO
        Graphics2D graph = source.createGraphics();
        int x = (QRCODE_SIZE - width) / 2;
        int y = (QRCODE_SIZE - height) / 2;
        graph.drawImage(src, x, y, width, height, null);
        Shape shape = new RoundRectangle2D.Float(x, y, width, width, 6, 6);
        graph.setStroke(new BasicStroke(3f));
        graph.draw(shape);
        graph.dispose();
    }

    /**
     * 生成二维码encode
     *
     * @param content
     * @param imgPath
     * @param destPath
     * @param needCompress
     * @throws Exception
     */
    public static void encode(String content, String imgPath, String destPath, boolean needCompress) throws Exception {
        BufferedImage image = QRCodeUtil.createImage(content, imgPath, needCompress);
        mkdirs(destPath);
        // String file = new Random().nextInt(99999999)+".jpg";
        // ImageIO.write(image, FORMAT_NAME, new File(destPath+"/"+file));
        ImageIO.write(image, FORMAT_NAME, new File(destPath));
    }

    public static BufferedImage encode(String content, String imgPath, boolean needCompress) throws Exception {
        BufferedImage image = QRCodeUtil.createImage(content, imgPath, needCompress);
        return image;
    }

    public static void mkdirs(String destPath) {
        File file = new File(destPath);
        // 当文件夹不存在时,mkdirs会自动创建多层目录,区别于mkdir.(mkdir如果父目录不存在则会抛出异常)
        if (!file.exists() && !file.isDirectory()) {
            file.mkdirs();
        }
    }

    public static void encode(String content, String imgPath, String destPath) throws Exception {
        QRCodeUtil.encode(content, imgPath, destPath, false);
    }

    public static void encode(String content, String destPath) throws Exception {
        QRCodeUtil.encode(content, null, destPath, false);
    }

    public static void encode(String content, String imgPath, OutputStream output, boolean needCompress)
            throws Exception {
        BufferedImage image = QRCodeUtil.createImage(content, imgPath, needCompress);
        ImageIO.write(image, FORMAT_NAME, output);
    }

    public static void encode(String content, OutputStream output) throws Exception {
        QRCodeUtil.encode(content, null, output, false);
    }

    /**
     * 解析二维码decode
     *
     * @param file
     * @return
     * @throws Exception
     */
    public static String decode(File file) throws Exception {
        BufferedImage image;
        image = ImageIO.read(file);
        if (image == null) {
            return null;
        }
        BufferedImageLuminanceSource source = new BufferedImageLuminanceSource(image);
        BinaryBitmap bitmap = new BinaryBitmap(new HybridBinarizer(source));
        Result result;
        Hashtable hints = new Hashtable();
        hints.put(DecodeHintType.CHARACTER_SET, CHARSET);
        result = new MultiFormatReader().decode(bitmap, hints);
        String resultStr = result.getText();
        return resultStr;
    }

    public static String decode(String path) throws Exception {
        return QRCodeUtil.decode(new File(path));
    }

}