LiRuochen_WorkFlow/MaxKey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TimeBasedOtpAuthn

Browse Source
This commit is contained in:
MaxKey
2021-03-27 09:27:02 +08:00
parent 7d5ad8ba7f
commit e0454deea9
3 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
maxkey-authentications/maxkey-authentication-otp/src/main/java/org/maxkey/password/onetimepwd/impl/TimeBasedOtpAuthn.java
View File

@@ -23,6 +23,7 @@ import java.util.Date;
import java.util.TimeZone;
import org.apache.commons.codec.binary.Hex;
import org.maxkey.crypto.Base32Utils;
import org.maxkey.crypto.password.PasswordReciprocal;
import org.maxkey.domain.UserInfo;
import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
import org.maxkey.password.onetimepwd.algorithm.TimeBasedOTP;
@@ -46,7 +47,9 @@ public class TimeBasedOtpAuthn extends AbstractOtpAuthn {
public boolean validate(UserInfo userInfo, String token) {
_logger.debug("utcTime : " + dateFormat.format(new Date()));
long currentTimeSeconds = System.currentTimeMillis() / 1000;
byte[] byteSharedSecret = Base32Utils.decode(userInfo.getSharedSecret());
String sharedSecret =
PasswordReciprocal.getInstance().decoder(userInfo.getSharedSecret());
byte[] byteSharedSecret = Base32Utils.decode(sharedSecret);
String hexSharedSecret = Hex.encodeHexString(byteSharedSecret);
String timeBasedToken = "";
if (crypto.equalsIgnoreCase("HmacSHA1")) {