java动态口令登录实现过程详解

网友投稿 301 2023-01-02


java动态口令登录实现过程详解

1.实现一个ItsClient 客户端用来实例化调用验证功能

public class ItsClient {

private static final String routing = "/v1.0/sectoken/otp_validation";

// ! HTTPS消息验证地址

private String httpsVerifyUrl = "";

// ! otp ipAddr

private String ipAddr = "";

// ! otp port

private String port = "";

// ! otp appID

private String appID = "";

// ! otp appKey

private String appKey = "";

// ! 错误码

private int errorCode = 0;

// ! 错误消息

private String errorMessage = "";

TreeMap errorCodeTable = new TreeMap() {

{

put(200, "请求成功");

put(400, "输入不合法,比如请求数据不是json");

put(401, "AppID不合法");

put(402, "指纹不合法");

put(410, "非法用户,验证otp时,传入的uid有误,找不到用户");

put(411, "错误的otp");

put(412, "一个周期内动态口令只能使用一次");

put(413, "已达一个周期内最大尝试次数");

put(500, "ITS服务器内部错误");

put(601, "参数错误");

put(602, "sha1签名失败");

put(603, "操作json失败");

put(604, "url访问错误:");

put(605, "较验返回指纹失败");

}

};

public ItsClient() {

this.ipAddr = ItsConf.GetIpAddr();

this.port = ItsConf.GetPort();

this.appID = ItsConf.GetOtpAppID();

this.appKey = ItsConf.GetOtpAppKey();

httpsVerifyUrl = "https://" + this.ipAddr + ':' + this.port + routing;

}

 //获取错误信息

public St ring GetErrorMessage() {

return this.errorMessage;

}

        //获取错误码

        public int GetErrorCode() {

return this.errorCode;

}

public void SetError(int errorCode, String extMessage) {

this.errorCode = errorCode;

this.errorMessage = this.errorCodeTable.get(this.errorCode).toString() + extMessage;

}

public static String SHA1(String decript) throws NoSuchAlgorithmException {

String ret = "";

MessageDigest sha1 = MessageDigest.getInstance("SHA1");

byte[] sha1bytes = sha1.digest(decript.getBytes());

if (sha1bytes != null) {

ret = new BASE64Encoder().encode(sha1bytes);

}

return ret;

}

public String EncodeJson(TreeMap map) {

JSONObject jmap = new JSONObject(map);

return jmap.toString();

}

public TreeMap DecodeJson(String jsonStr) throws ParseException {

JSONObject jsonObject = new JSONObject(jsonStr);

TreeMap retMap = new TreeMap();

Iterator iter = jsonObject.keys();

String key = null;

Object value = null;

while (iter.hasNext()) {

key = iter.next();

value = jsonObject.get(key);

retMap.put(key, value);

}

return retMap;

}

public String BuildQueryStr(TreeMap params) {

String queryStr = "";

Iterator itr = params.keySet().iterator();

while (itr.hasNext()) {

String key = itr.next();

queryStr += (key + "=" + params.get(key).toString() + "&");

}

return queryStr.substring(0, queryStr.length() - 1);

}

public boolean IsEmptyOrNull(String param) {

return param == null || param.length() <= 0;

}

/**

* @brief 验证otp

* @param uid ITS主账号UID或已配置的从账号

* @param otp 需要验证的动态口令

* @return bool true: 成功, false: 失败

*/

@SuppressWarnings("serial")

public boolean AuthOtp(final String uid, final String otp) {

if (IsEmptyOrNull(this.ipAddr) || IsEmptyOrNull(this.port) || IsEmptyOrNull(this.appID)

|| IsEmptyOrNull(this.appKey) || IsEmptyOrNull(uid) || IsEmptyOrNull(otp)) {

SetError(601, "");

return false;

}

TreeMap params = new TreeMap() {

{

put("app_id", appID);

put("app_key", appKey);

put("uid", uid);

put("otp", otp);

}

};

String qureyStr = this.BuildQueryStr(params);

String fingerprint = "";

try {

fingerprint = SHA1(qureyStr);

} catch (Exception ex) {

ex.printStackTrace();

SetError(602, ex.getMessage());

return false;

}

params.remove("app_key");

params.put("fingerprint", fingerprint);

String postStr = "";

try {

postStr = EncodeJson(params);

} catch (Exception ex) {

ex.printStackTrace();

SetError(603, "json encode" + ex.getMessage());

return false;

}

HttpsClient conn = null;

String res = "";

try {

conn = new HttpsClient();

res = conn.post(this.httpsVerifyUrl, postStr); // 访问接口调取返回结果

} catch (Exception ex) {

ex.printStackTrace();

SetError(604, ex.getMessage());

return false;

}

TreeMap ret = null;

try {

ret = DecodeJson(res);

} catch (Exception ex) {

ex.printStackTrace();

SetError(603, "json decode " + ex.getMessage());

return false;

}

int retCode = (Integer) ret.get("status"); 

if (200 != retCode) {

SetError(retCode, "");

return false;

}

return true;

}

}

2.实现一个HttpsClient 请求工具

public class HttpsClient {

    final static HostnameVerifier doNotVerifier = new HostnameVerifier() {  

        public boolean verify(String hostname, SSLSession session) {  

            return true;

        }

    };

    /** 

     * @brief 发送请求 

     * @param httpsUrl 请求的地址 

     * @param postStr 请求的数据 

     * @throws Exception 

     */  

    public String post(String httpsUrl, String postStr) throws Exception {  

        HttpsURLConnection conn = null;

        StringBuffer recvBuff = new StringBuffer();  

        String resData = ""; 

        try {

            conn = (HttpsURLConnection) (new URL(httpsUrl)).openConnection();  

            conn.setHostnameVerifier(doNotVerifier);

            conn.setDoInput(true);  

            conn.setDoOutput(true);

            conn.setRequestMethod("POST");

            conn.setRequestProperty("Content-Type", " application/json");

            conn.setRequestProperty("Content-Length", String.valueOf(postStr.getBytes("utf-8").length));  

            conn.setUseCaches(false);

            //设置为utf-8可以解决服务器接收时读取的数据中文乱码问题  

            conn.getOutputStream().write(postStr.getBytes("utf-8"));  

            conn.getOutputStream().flush();  

            conn.getOutputStream().close();  

            BufferedReader in = new BufferedReader(new InputStreamReader(conn.getInputStream()));  

            String line;

            while ((line = in.readLine()) != null) {  

                recvBuff.append(line);  

            } 

            resData = recvBuff.toString();

            return resData;

        } catch (MalformedURLException ex) {

             throw ex;  

        } catch (IOException ex) {  

             throw ex;  

        } catch (Exception ex) {  

             throw ex;  

        }  

    } 

}

3.实现Its一个配置用来配置Its服务器信息接口访问地址

public class ItsConf {

// ITS服务器地址 1.1.1.1 或 xxx.xxx.com的形式

private static String ipAddr = "";

// ITS服务器端口

private static String port = "";

// OTP服务的AppID

private static String otpAppID = "";

// OTP服务的AppKey

private static String otpAppKey = "";

public static String GetIpAddr() {

return ipAddr;

}

public static String GetPort() {

return port;

}

public static String GetOtpAppID() {

return otpAppID;

}

public static String GetOtpAppKey() {

return otpAppKey;

}

}

4.接下来就是LoginContorller 完成口令认证

//username 用户名

//code动态口令密码

ItsClient itsClient = new ItsClient();

if(itsClient.AuthOtp(username, code)){

//认证成功,跳转页面

}

5.登陆页面就省略了,自己完成吧


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:短信的接口测试工具(常见的接口测试工具)
下一篇:java多实现接口(java实现接口是什么意思)
相关文章

 发表评论

暂时没有评论,来抢沙发吧~