|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace BrainExe\Core\Authentication\TOTP; |
|
4
|
|
|
|
|
5
|
|
|
use Base32\Base32; |
|
6
|
|
|
use BrainExe\Core\Annotations\Inject; |
|
7
|
|
|
use BrainExe\Core\Annotations\Service; |
|
8
|
|
|
use BrainExe\Core\Util\Time; |
|
9
|
|
|
|
|
10
|
|
|
/** |
|
11
|
|
|
* @Service |
|
12
|
|
|
*/ |
|
13
|
|
|
class TOTP |
|
14
|
|
|
{ |
|
15
|
|
|
|
|
16
|
|
|
/** |
|
17
|
|
|
* @var string |
|
18
|
|
|
*/ |
|
19
|
|
|
private $label; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* @var integer |
|
23
|
|
|
*/ |
|
24
|
|
|
private $digits; |
|
25
|
|
|
|
|
26
|
|
|
/** |
|
27
|
|
|
* @var string |
|
28
|
|
|
*/ |
|
29
|
|
|
private $digest; |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
|
|
* @var integer |
|
33
|
|
|
*/ |
|
34
|
|
|
private $interval; |
|
35
|
|
|
|
|
36
|
|
|
/** |
|
37
|
|
|
* @Inject({ |
|
38
|
|
|
* "%totp.label%", |
|
39
|
|
|
* "%totp.digits%", |
|
40
|
|
|
* "%totp.digest%", |
|
41
|
|
|
* "%totp.interval%" |
|
42
|
|
|
* }) |
|
43
|
|
|
* @param string $label |
|
44
|
|
|
* @param integer $digits |
|
45
|
|
|
* @param string $digest |
|
46
|
|
|
* @param integer $interval |
|
47
|
|
|
* @param Time $time |
|
48
|
|
|
*/ |
|
49
|
3 |
|
public function __construct( |
|
50
|
|
|
string $label, |
|
51
|
|
|
int $digits, |
|
52
|
|
|
string $digest, |
|
53
|
|
|
int $interval, |
|
54
|
|
|
Time $time |
|
55
|
|
|
) { |
|
56
|
3 |
|
$this->label = $label; |
|
57
|
3 |
|
$this->digits = $digits; |
|
58
|
3 |
|
$this->digest = $digest; |
|
59
|
3 |
|
$this->interval = $interval; |
|
60
|
3 |
|
$this->time = $time; |
|
|
|
|
|
|
61
|
3 |
|
} |
|
62
|
|
|
|
|
63
|
|
|
/** |
|
64
|
|
|
* @param string $secret |
|
65
|
|
|
* @param int $otp |
|
66
|
|
|
* @param int|null $timestamp |
|
67
|
|
|
* @return bool |
|
68
|
|
|
*/ |
|
69
|
2 |
|
public function verify(string $secret, $otp, int $timestamp = null) : bool |
|
70
|
|
|
{ |
|
71
|
2 |
|
if (null === $timestamp) { |
|
72
|
|
|
$timestamp = $this->time->now(); |
|
73
|
|
|
} |
|
74
|
|
|
|
|
75
|
2 |
|
for ($i = 0; $i <= 4; $i++) { |
|
76
|
2 |
|
$currentOtp = (int)$this->at($timestamp, $secret); |
|
77
|
2 |
|
if ((int)$otp === $currentOtp) { |
|
78
|
1 |
|
return true; |
|
79
|
|
|
} |
|
80
|
|
|
|
|
81
|
2 |
|
$timestamp -= $this->interval; |
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
1 |
|
return false; |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
/** |
|
88
|
|
|
* @param string $secret |
|
89
|
|
|
* @return int |
|
90
|
|
|
*/ |
|
91
|
|
|
public function current(string $secret) |
|
92
|
|
|
{ |
|
93
|
|
|
return $this->at($this->time->now(), $secret); |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
/** |
|
97
|
|
|
* @param string $secret |
|
98
|
|
|
* @return string |
|
99
|
|
|
*/ |
|
100
|
1 |
|
public function getUri(string $secret) : string |
|
101
|
|
|
{ |
|
102
|
1 |
|
$opt = []; |
|
103
|
1 |
|
$opt['algorithm'] = $this->digest; |
|
104
|
1 |
|
$opt['digits'] = $this->digits; |
|
105
|
1 |
|
$opt['secret'] = trim(Base32::encode($secret), '='); |
|
106
|
1 |
|
$opt['period'] = $this->interval; |
|
107
|
|
|
|
|
108
|
1 |
|
ksort($opt, SORT_STRING); |
|
109
|
|
|
|
|
110
|
1 |
|
$params = str_replace(['+', '%7E'], ['%20', '~'], http_build_query($opt)); |
|
111
|
|
|
|
|
112
|
1 |
|
return 'otpauth://totp/' . rawurlencode($this->label) . "?$params"; |
|
|
|
|
|
|
113
|
|
|
} |
|
114
|
|
|
|
|
115
|
|
|
/** |
|
116
|
|
|
* @param int $timestamp |
|
117
|
|
|
* @param string $secret |
|
118
|
|
|
* @return int |
|
119
|
|
|
*/ |
|
120
|
2 |
|
private function at($timestamp, $secret) |
|
121
|
|
|
{ |
|
122
|
2 |
|
return $this->generateOTP($this->timecode($timestamp), $secret); |
|
123
|
|
|
} |
|
124
|
|
|
|
|
125
|
|
|
/** |
|
126
|
|
|
* @param integer $input |
|
127
|
|
|
* @param string $secret |
|
128
|
|
|
* @return int |
|
129
|
|
|
*/ |
|
130
|
2 |
|
private function generateOTP($input, $secret) |
|
131
|
|
|
{ |
|
132
|
2 |
|
$hash = hash_hmac($this->digest, $this->intToBytestring($input), $secret); |
|
133
|
2 |
|
$hmac = []; |
|
134
|
|
|
|
|
135
|
2 |
|
foreach (str_split($hash, 2) as $hex) { |
|
136
|
2 |
|
$hmac[] = hexdec($hex); |
|
137
|
|
|
} |
|
138
|
|
|
|
|
139
|
2 |
|
$offset = $hmac[19] & 0xf; |
|
140
|
2 |
|
$code = ($hmac[$offset + 0] & 0x7F) << 24 | |
|
141
|
2 |
|
($hmac[$offset + 1] & 0xFF) << 16 | |
|
142
|
2 |
|
($hmac[$offset + 2] & 0xFF) << 8 | |
|
143
|
2 |
|
($hmac[$offset + 3] & 0xFF); |
|
144
|
|
|
|
|
145
|
2 |
|
return $code % pow(10, $this->digits); |
|
146
|
|
|
} |
|
147
|
|
|
|
|
148
|
|
|
/** |
|
149
|
|
|
* @param int $timestamp |
|
150
|
|
|
* @return int |
|
151
|
|
|
*/ |
|
152
|
2 |
|
private function timecode($timestamp) |
|
153
|
|
|
{ |
|
154
|
2 |
|
return (int)(((int)$timestamp * 1000) / ($this->interval * 1000)); |
|
155
|
|
|
} |
|
156
|
|
|
|
|
157
|
|
|
/** |
|
158
|
|
|
* @param int $int |
|
159
|
|
|
* @return string |
|
160
|
|
|
*/ |
|
161
|
2 |
|
private function intToBytestring($int) |
|
162
|
|
|
{ |
|
163
|
2 |
|
$result = []; |
|
164
|
2 |
|
while ($int != 0) { |
|
165
|
2 |
|
$result[] = chr($int & 0xFF); |
|
166
|
2 |
|
$int >>= 8; |
|
167
|
|
|
} |
|
168
|
|
|
|
|
169
|
2 |
|
return str_pad(implode(array_reverse($result)), 8, "\000", STR_PAD_LEFT); |
|
170
|
|
|
} |
|
171
|
|
|
} |
|
172
|
|
|
|
brainexe /
core
Loading history...
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code:
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: