Package com.warrenstrange.googleauth
Class GoogleAuthenticator
java.lang.Object
com.warrenstrange.googleauth.GoogleAuthenticator
- All Implemented Interfaces:
IGoogleAuthenticator
public final class GoogleAuthenticator extends Object implements IGoogleAuthenticator
This class implements the functionality described in RFC 6238 (TOTP: Time
based one-time password algorithm) and has been tested again Google's
implementation of such algorithm in its Google Authenticator application.
This class lets users create a new 16-bit base32-encoded secret key with
the validation code calculated at time = 0 (the UNIX epoch) and the
URL of a Google-provided QR barcode to let an user load the generated
information into Google Authenticator.
The random number generator used by this class uses the default algorithm and provider. Users can override them by setting the following system properties to the algorithm and provider name of their choice:
This class does not store in any way either the generated keys nor the keys passed during the authorization process.
Java Server side class for Google Authenticator's TOTP generator was inspired by an author's blog post.
-
Field Summary
Fields Modifier and Type Field Description static StringRNG_ALGORITHMThe system property to specify the random number generator algorithm to use.static StringRNG_ALGORITHM_PROVIDERThe system property to specify the random number generator provider to use.static intSCRATCH_CODE_MODULUSModulus used to truncate the scratch code. -
Constructor Summary
Constructors Constructor Description GoogleAuthenticator()GoogleAuthenticator(GoogleAuthenticatorConfig config) -
Method Summary
Modifier and Type Method Description booleanauthorize(String secret, int verificationCode)Checks a verification code against a secret key using the current time.booleanauthorize(String secret, int verificationCode, long time)Checks a verification code against a secret key using the specified time.booleanauthorizeUser(String userName, int verificationCode)This method validates a verification code of the specified user whose private key is retrieved from the configured credential repository using the current time.booleanauthorizeUser(String userName, int verificationCode, long time)This method validates a verification code of the specified user whose private key is retrieved from the configured credential repository.GoogleAuthenticatorKeycreateCredentials()This method generates a new set of credentials including: Secret key. Validation code. A list of scratch codes.GoogleAuthenticatorKeycreateCredentials(String userName)This method generates a new set of credentials invoking the#createCredentialsmethod with no arguments.ICredentialRepositorygetCredentialRepository()This method loads the first available ICredentialRepository registered using the Java service loader API.intgetTotpPassword(String secret)This method generates the current TOTP password.intgetTotpPassword(String secret, long time)This method generates the TOTP password at the specified time.intgetTotpPasswordOfUser(String userName)This method generates the current TOTP password.intgetTotpPasswordOfUser(String userName, long time)This method generates the TOTP password at the specified time.voidsetCredentialRepository(ICredentialRepository repository)This method sets the credential repository used by this instance.
-
Field Details
-
RNG_ALGORITHM
The system property to specify the random number generator algorithm to use.- Since:
- 0.5.0
- See Also:
- Constant Field Values
-
RNG_ALGORITHM_PROVIDER
The system property to specify the random number generator provider to use.- Since:
- 0.5.0
- See Also:
- Constant Field Values
-
SCRATCH_CODE_MODULUS
public static final int SCRATCH_CODE_MODULUSModulus used to truncate the scratch code.
-
-
Constructor Details
-
GoogleAuthenticator
public GoogleAuthenticator() -
GoogleAuthenticator
-
-
Method Details
-
createCredentials
Description copied from interface:IGoogleAuthenticatorThis method generates a new set of credentials including:- Secret key.
- Validation code.
- A list of scratch codes.
The user must register this secret on their device.
- Specified by:
createCredentialsin interfaceIGoogleAuthenticator- Returns:
- secret key
-
createCredentials
Description copied from interface:IGoogleAuthenticatorThis method generates a new set of credentials invoking the#createCredentialsmethod with no arguments. The generated credentials are then saved using the configured#ICredentialRepositoryservice.The user must register this secret on their device.
- Specified by:
createCredentialsin interfaceIGoogleAuthenticator- Parameters:
userName- the user name.- Returns:
- secret key
-
getTotpPassword
Description copied from interface:IGoogleAuthenticatorThis method generates the current TOTP password.- Specified by:
getTotpPasswordin interfaceIGoogleAuthenticator- Parameters:
secret- the encoded secret key.- Returns:
- the current TOTP password.
-
getTotpPassword
Description copied from interface:IGoogleAuthenticatorThis method generates the TOTP password at the specified time.- Specified by:
getTotpPasswordin interfaceIGoogleAuthenticator- Parameters:
secret- The encoded secret key.time- The time to use to calculate the password.- Returns:
- the TOTP password at the specified time.
-
getTotpPasswordOfUser
Description copied from interface:IGoogleAuthenticatorThis method generates the current TOTP password.- Specified by:
getTotpPasswordOfUserin interfaceIGoogleAuthenticator- Parameters:
userName- The user whose password must be created.- Returns:
- the current TOTP password.
-
getTotpPasswordOfUser
Description copied from interface:IGoogleAuthenticatorThis method generates the TOTP password at the specified time.- Specified by:
getTotpPasswordOfUserin interfaceIGoogleAuthenticator- Parameters:
userName- The user whose password must be created.time- The time to use to calculate the password.- Returns:
- the TOTP password at the specified time.
-
authorize
Description copied from interface:IGoogleAuthenticatorChecks a verification code against a secret key using the current time.- Specified by:
authorizein interfaceIGoogleAuthenticator- Parameters:
secret- the encoded secret key.verificationCode- the verification code.- Returns:
trueif the validation code is valid,falseotherwise.- See Also:
IGoogleAuthenticator.authorize(String, int, long)
-
authorize
Description copied from interface:IGoogleAuthenticatorChecks a verification code against a secret key using the specified time. The algorithm also checks in a time window whose size determined by thewindowSizeproperty of this class.The default value of 30 seconds recommended by RFC 6238 is used for the interval size.
- Specified by:
authorizein interfaceIGoogleAuthenticator- Parameters:
secret- The encoded secret key.verificationCode- The verification code.time- The time to use to calculate the TOTP password..- Returns:
trueif the validation code is valid,falseotherwise.
-
authorizeUser
Description copied from interface:IGoogleAuthenticatorThis method validates a verification code of the specified user whose private key is retrieved from the configured credential repository using the current time. This method delegates the validation to theIGoogleAuthenticator.authorizeUser(String, int, long).- Specified by:
authorizeUserin interfaceIGoogleAuthenticator- Parameters:
userName- The user whose verification code is to be validated.verificationCode- The validation code.- Returns:
trueif the validation code is valid,falseotherwise.- See Also:
IGoogleAuthenticator.authorize(String, int)
-
authorizeUser
Description copied from interface:IGoogleAuthenticatorThis method validates a verification code of the specified user whose private key is retrieved from the configured credential repository. This method delegates the validation to theIGoogleAuthenticator.authorize(String, int, long)method.- Specified by:
authorizeUserin interfaceIGoogleAuthenticator- Parameters:
userName- The user whose verification code is to be validated.verificationCode- The validation code.time- The time to use to calculate the TOTP password.- Returns:
trueif the validation code is valid,falseotherwise.- See Also:
IGoogleAuthenticator.authorize(String, int)
-
getCredentialRepository
This method loads the first available ICredentialRepository registered using the Java service loader API.- Specified by:
getCredentialRepositoryin interfaceIGoogleAuthenticator- Returns:
- the first registered ICredentialRepository or
nullif none is found.
-
setCredentialRepository
Description copied from interface:IGoogleAuthenticatorThis method sets the credential repository used by this instance. Ifnullis passed to this method, no credential repository will be used, nor discovered using the ServiceLoader API.- Specified by:
setCredentialRepositoryin interfaceIGoogleAuthenticator- Parameters:
repository- The credential repository to use, ornullto disable this feature.
-