使用山姆·史蒂文斯totp -无法使其工作
使用山姆·史蒂文斯totp -无法使其工作
提问于 2020-12-17 00:08:04
我在GitHub上找到了一个生成和检查令牌的项目。我试着让它工作,但失败了。代码如下:
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import dev.samstevens.totp.code.CodeGenerator;
import dev.samstevens.totp.code.CodeVerifier;
import dev.samstevens.totp.code.DefaultCodeGenerator;
import dev.samstevens.totp.code.DefaultCodeVerifier;
import dev.samstevens.totp.code.HashingAlgorithm;
import dev.samstevens.totp.exceptions.CodeGenerationException;
import dev.samstevens.totp.exceptions.QrGenerationException;
import dev.samstevens.totp.qr.QrData;
import dev.samstevens.totp.qr.QrGenerator;
import dev.samstevens.totp.qr.ZxingPngQrGenerator;
import dev.samstevens.totp.secret.DefaultSecretGenerator;
import dev.samstevens.totp.secret.SecretGenerator;
import dev.samstevens.totp.time.SystemTimeProvider;
import dev.samstevens.totp.time.TimeProvider;
import dev.samstevens.totp.recovery.RecoveryCodeGenerator;
import static dev.samstevens.totp.util.Utils.getDataUriForImage;
/**
* Servlet implementation class TwoFactorAuthentication
*/
public class TwoFactorAuthentication extends HttpServlet {
private static final long serialVersionUID = 1L;
/**
* @see HttpServlet#HttpServlet()
*/
public TwoFactorAuthentication() {
super();
// TODO Auto-generated constructor stub
}
/**
* @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
response.getWriter().append("Served at: ").append(request.getContextPath());
//SecretGenerator secretGenerator = new DefaultSecretGenerator();
//String secret = secretGenerator.generate();
String secret = "XAFXRG3TNMLHENVAQTD5ZJOTC2MHTIVE";
QrData data = new QrData.Builder()
.label("dummyuser@dummy.com")
.secret(secret)
.issuer("PORTAL")
.algorithm(HashingAlgorithm.SHA256) // More on this below
.digits(6)
.period(60)
.build();
String code = request.getQueryString().replace("code=", "");
response.getWriter().append("\r\nCode: " + code);//.append(request.getContextPath());
TimeProvider timeProvider = new SystemTimeProvider();
CodeGenerator codeGenerator = new DefaultCodeGenerator(HashingAlgorithm.SHA256);
DefaultCodeVerifier verifier = new DefaultCodeVerifier(codeGenerator, timeProvider);
verifier.setTimePeriod(60);
verifier.setAllowedTimePeriodDiscrepancy(2);
// secret = the shared secret for the user
// code = the code submitted by the user
boolean successful = verifier.isValidCode(secret, code);
if (successful) System.out.println(successful);
response.getWriter().append("\r\nResult: " + successful);//.append(request.getContextPath());
try {
QrGenerator generator = new ZxingPngQrGenerator();
byte[] imageData = generator.generate(data);
String mimeType = generator.getImageMimeType();
String dataUri = getDataUriForImage(imageData, mimeType);
response.getWriter().append("\r\ndataUri: " + dataUri);//.append(request.getContextPath());
} catch (QrGenerationException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
/**
* @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// TODO Auto-generated method stub
doGet(request, response);
}
}我使用上面看到的项目生成了二维码,并将其扫描到验证器应用程序中,为我生成令牌。无论我给表单提供什么代码,验证器应用程序都会失败。有人能给我解释一下我哪里做错了吗?
回答 1
Stack Overflow用户
发布于 2021-02-08 18:37:09
最近,我在使用Google Authenticator应用时遇到了同样的问题。事实证明,一些身份验证器应用程序会默默忽略URI中的period和digits参数。在Google Authenticator的情况下,它只是分别默认为30和6。
这会导致代码验证失败,因为生成代码的应用程序和验证实用程序使用不同的参数。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/65326929
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号