public static boolean validOTP(RealmModel realm, String token, String secret) { OTPPolicy policy = realm.getOTPPolicy(); if (policy.getType().equals(UserCredentialModel.TOTP)) { TimeBasedOTP validator = new TimeBasedOTP(policy.getAlgorithm(), policy.getDigits(), policy.getPeriod(), policy.getLookAheadWindow()); return validator.validateTOTP(token, secret.getBytes()); } else { HmacOTP validator = new HmacOTP(policy.getDigits(), policy.getAlgorithm(), policy.getLookAheadWindow()); int c = validator.validateHOTP(token, secret, policy.getInitialCounter()); return c > -1; } }
@Override public OTPPolicy getOTPPolicy() { if (otpPolicy == null) { otpPolicy = new OTPPolicy(); otpPolicy.setDigits(realm.getOtpPolicyDigits()); otpPolicy.setAlgorithm(realm.getOtpPolicyAlgorithm()); otpPolicy.setInitialCounter(realm.getOtpPolicyInitialCounter()); otpPolicy.setLookAheadWindow(realm.getOtpPolicyLookAheadWindow()); otpPolicy.setType(realm.getOtpPolicyType()); otpPolicy.setPeriod(realm.getOtpPolicyPeriod()); } return otpPolicy; }
@Override public boolean supports(OTPPolicy policy) { if (policy.digits != 6) { return false; } if (!policy.getAlgorithm().equals("HmacSHA1")) { return false; } if (policy.getType().equals("totp") && policy.getPeriod() != 30) { return false; } return true; } }
public static boolean validTOTP(RealmModel realm, UserModel user, String otp) { UserCredentialValueModel passwordCred = null; OTPPolicy policy = realm.getOTPPolicy(); TimeBasedOTP validator = new TimeBasedOTP(policy.getAlgorithm(), policy.getDigits(), policy.getPeriod(), policy.getLookAheadWindow()); for (UserCredentialValueModel cred : user.getCredentialsDirectly()) { if (cred.getType().equals(UserCredentialModel.TOTP)) { if (validator.validateTOTP(otp, cred.getValue().getBytes())) { return true; } } } return false; } public static boolean validSecret(RealmModel realm, UserModel user, String secret) {
if (UserCredentialModel.isOtp(type)) { OTPPolicy otpPolicy = realm.getOTPPolicy(); if (!cred.getAlgorithm().equals(otpPolicy.getAlgorithm()) || cred.getDigits() != otpPolicy.getDigits()) { return false; if (type.equals(UserCredentialModel.TOTP) && cred.getPeriod() != otpPolicy.getPeriod()) { return false;
public static boolean validHOTP(RealmModel realm, UserModel user, String otp) { UserCredentialValueModel passwordCred = null; OTPPolicy policy = realm.getOTPPolicy(); HmacOTP validator = new HmacOTP(policy.getDigits(), policy.getAlgorithm(), policy.getLookAheadWindow()); for (UserCredentialValueModel cred : user.getCredentialsDirectly()) { if (cred.getType().equals(UserCredentialModel.HOTP)) { int counter = validator.validateHOTP(otp, cred.getValue(), cred.getCounter()); if (counter < 0) return false; cred.setCounter(counter); user.updateCredentialDirectly(cred); return true; } } return false; }
public TotpBean(KeycloakSession session, RealmModel realm, UserModel user, URI baseUri) { this.enabled = session.users().configuredForCredentialType(realm.getOTPPolicy().getType(), realm, user); this.contextUrl = baseUri.getPath(); this.totpSecret = randomString(20); this.totpSecretEncoded = Base32.encode(totpSecret.getBytes()); this.keyUri = realm.getOTPPolicy().getKeyURI(realm, user, this.totpSecret); }
@Override public void setOTPPolicy(OTPPolicy policy) { realm.setOtpPolicyAlgorithm(policy.getAlgorithm()); realm.setOtpPolicyDigits(policy.getDigits()); realm.setOtpPolicyInitialCounter(policy.getInitialCounter()); realm.setOtpPolicyLookAheadWindow(policy.getLookAheadWindow()); realm.setOtpPolicyType(policy.getType()); realm.setOtpPolicyPeriod(policy.getPeriod()); em.flush(); }
@Override public OTPPolicy getOTPPolicy() { if (otpPolicy == null) { otpPolicy = new OTPPolicy(); otpPolicy.setDigits(realm.getOtpPolicyDigits()); otpPolicy.setAlgorithm(realm.getOtpPolicyAlgorithm()); otpPolicy.setInitialCounter(realm.getOtpPolicyInitialCounter()); otpPolicy.setLookAheadWindow(realm.getOtpPolicyLookAheadWindow()); otpPolicy.setType(realm.getOtpPolicyType()); otpPolicy.setPeriod(realm.getOtpPolicyPeriod()); } return otpPolicy; }
@Override public void setOTPPolicy(OTPPolicy policy) { realm.setOtpPolicyAlgorithm(policy.getAlgorithm()); realm.setOtpPolicyDigits(policy.getDigits()); realm.setOtpPolicyInitialCounter(policy.getInitialCounter()); realm.setOtpPolicyLookAheadWindow(policy.getLookAheadWindow()); realm.setOtpPolicyType(policy.getType()); realm.setOtpPolicyPeriod(policy.getPeriod()); updateRealm(); }
public static OTPPolicy toPolicy(RealmRepresentation rep) { OTPPolicy policy = new OTPPolicy(); if (rep.getOtpPolicyType() != null) policy.setType(rep.getOtpPolicyType()); if (rep.getOtpPolicyLookAheadWindow() != null) policy.setLookAheadWindow(rep.getOtpPolicyLookAheadWindow()); if (rep.getOtpPolicyInitialCounter() != null) policy.setInitialCounter(rep.getOtpPolicyInitialCounter()); if (rep.getOtpPolicyAlgorithm() != null) policy.setAlgorithm(rep.getOtpPolicyAlgorithm()); if (rep.getOtpPolicyDigits() != null) policy.setDigits(rep.getOtpPolicyDigits()); if (rep.getOtpPolicyPeriod() != null) policy.setPeriod(rep.getOtpPolicyPeriod()); return policy; } public static void importRealm(KeycloakSession session, RealmRepresentation rep, RealmModel newRealm) {
rep.setOtpPolicyAlgorithm(otpPolicy.getAlgorithm()); rep.setOtpPolicyPeriod(otpPolicy.getPeriod()); rep.setOtpPolicyDigits(otpPolicy.getDigits()); rep.setOtpPolicyInitialCounter(otpPolicy.getInitialCounter()); rep.setOtpPolicyType(otpPolicy.getType()); rep.setOtpPolicyLookAheadWindow(otpPolicy.getLookAheadWindow()); if (realm.getBrowserFlow() != null) rep.setBrowserFlow(realm.getBrowserFlow().getAlias()); if (realm.getRegistrationFlow() != null) rep.setRegistrationFlow(realm.getRegistrationFlow().getAlias());