Z-Archive » Maybank Projects » M2U UPASS Project

import my.com.upass.services.ChangeStaticPasswordService;

	protected ChangeStaticPasswordService changeStaticPasswordService = new ChangeStaticPasswordService(this);

	public MinimalUPassControllerV2() {

		initializeConfigurations();

	}

	public int verifyStaticPasswordPerApp(

			String appAccessId, String hashedSecretKey,

			String username, String hashedPassword) {

		int rc = verifyStaticPasswordService.verifyStaticPassword(

				appAccessId, hashedSecretKey, true,

				MinimalConstants.UTYPE_STATE_USER);

		if (rc != MinimalConstants.ERR_SUCCESS)

			return rc;

		Integer appId = null;

		try {

			appId = appAccessMgtService.getAppIdForAdmin(appAccessId, null);

			List appIdsForUser = appAccessMgtService.listAppIdsForUser(username, null);

			rc = appIdsForUser.contains(appId) ?

					MinimalConstants.ERR_SUCCESS

					: MinimalConstants.ERR_USERALIAS_NOT_FOUND;

			if (rc != MinimalConstants.ERR_SUCCESS)

				return rc;

			rc = verifyStaticPasswordService.verifyStaticPassword(

					username, hashedPassword, false, 0);

		} catch (MultipleAppAccessesFound e) {

			rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;

			e.printStackTrace();

		}

		logger.info("verifyStaticPassword - user alias: [" + username + "] Return: " + rc);

		return rc;

	}

	public int updateProfileShallowly(

			String appAccessId, String hashedSecretKey,

			UserProfile profile, Session txSession) {

	/**

	 * This method generate static password and to be using SP_VerifyStaticPassword()

	 * 

	 * @param userAlias

	 * @param newPassword

	 * @param oldPassword

	 * @return ERR_code defined in the Constants<br/>

	 *         ERR_SUCCESS<br/>

	 *         ERR_SYSTEM_NOT_READY<br/>

	 *         ERR_USERALIAS_NOT_FOUND<br/>

	 *         ERR_INVALID_STATE - user not active or temporary suspended.<br/>

	 *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

	 *         ERR_EXCEED_MAX_TRIES - used ModifyUser to reset password.<br/>

	 *         ERR_INVALID_CREDENTIAL<br/>

	 *         ERR_REUSED_PASSWD - reuse previous generated password.<br/>

	 */

	public int SP_ChangeStaticPassword(String userAlias, String newPassword, String oldPassword) {

		int rc = changeStaticPasswordService.changeStaticPassword(userAlias, newPassword, oldPassword, true);

		logger.info("SP_ChangeStaticPassword - user alias: [" + userAlias + "] Return: " + rc);

		return rc;

	}

	public List listUserAppAccesses(String username, final Session txSession) throws Exception {

			accesses = query.setString("userAlias", username).list();

	 * @param username

	public List listUserAppAccesses(String username, char accessType, final Session txSession)

					.setString("userAlias", username)

import my.com.upass.maybank.entities.IbccUser;

import my.com.upass.maybank.entities.UserProfile;

		return minUpcV2.verifyStaticPasswordPerApp(

				appAccessId, hashedSecretKey, username, hashedPassword);

		MinimalUserBean minUser = new MinimalUserBean();

		minUser.setUsername(username);

		minUser.setHashedPassword(hashedPassword);

		M2uUser m2uUser = new M2uUser();

		m2uUser.setPan1(pan1);

		m2uUser.setPan2(pan2);

		m2uUser.setMinUser(minUser);

		return newUser(appAccessId, hashedSecretKey, m2uUser);

	}

	public int newPublicUser(

			String appAccessId, String hashedSecretKey,

			String username, String hashedPassword, String panCc) {

		IbccUser ibccUser = new IbccUser();

		ibccUser.setPanCc(panCc);

		MinimalUserBean minUser = new MinimalUserBean();

		minUser.setUsername(username);

		minUser.setHashedPassword(hashedPassword);

		ibccUser.setMinUser(minUser);

		return newUser(appAccessId, hashedSecretKey, ibccUser);

	}

	public int changePassword(

			String appAccessId, String hashedSecretKey,

			String username, String oldHashedPassword, String newHashedPassword) {

		return minUpcV2.UA_ModifyUser(appAccessId, hashedSecretKey, username, "", newHashedPassword);

	}

	public int resetPassword(

			String appAccessId, String hashedSecretKey,

			String username, String newHashedPassword) {

		// TODO Auto-generated method stub

		throw new NotImplementedException();

	}

	// protected methods

	protected int newUser(

			String appAccessId, String hashedSecretKey, UserProfile profile) {

			rc = minUpcV2.addUser(appAccessId, hashedSecretKey, profile.getMinUser(), session);

				rc = minUpcV2.updateProfileShallowly(appAccessId, hashedSecretKey, profile, session);

import java.util.ArrayList;

import java.util.Iterator;

import java.util.LinkedList;

	public List/* <Integer> */listAppIdsForUser(String username, Session txSession)

			throws MultipleAppAccessesFound {

		List appIds = new ArrayList(5);

		UserDAO userDao;

		try {

			userDao = MinimalDAOFactory.minimalInstance().getUserDAO();

			List accessList = userDao.listUserAppAccesses(username, txSession);

			Iterator iterator = accessList.iterator();

			while (iterator.hasNext()) {

				UserAppAccess access = (UserAppAccess) iterator.next();

				appIds.add(new Integer(access.getAppId()));

			}

		} catch (Exception e) {

			e.printStackTrace();

		}

		return appIds;

	}

/**

 * Copyright (c) 2010 Penril Datability (M) Sdn Bhd All rights reserved.

 *

 * This software is copyrighted. Under the copyright laws, this software

 * may not be copied, in whole or in part, without prior written consent

 * of Penril Datability (M) Sdn Bhd or its assignees. This software is

 * provided under the terms of a license between Penril Datability (M)

 * Sdn Bhd and the recipient, and its use is subject to the terms of that

 * license.

 */

package my.com.upass.services;

import my.com.upass.MinimalConstants;

import my.com.upass.MinimalUPassControllerV2;

import my.com.upass.dao.MinimalDAOFactory;

import my.com.upass.dao.UserDAO;

import my.com.upass.factory.MinimalUPassFactory;

import my.com.upass.pojo.MinimalUserBean;

import my.com.upass.spassword.PasswordController;

/**

 * PROGRAMMER: Danniell

 * CHANGE-NO:

 * TASK-NO:

 * DATE CREATED: Dec 28, 2011

 * TAG AS:

 * REASON(S):

 * MODIFICATION:

 */

/**

 * <Class description>

 */

public class ChangeStaticPasswordService

{

	private MinimalUPassControllerV2 upc;

	public ChangeStaticPasswordService(MinimalUPassControllerV2 upc)

	{

		this.upc = upc;

	}

	public int changeStaticPassword(String userAlias, String newPassword, String oldPassword,

			boolean checkChangeInterval)

	{

		int rc = MinimalConstants.ERR_SYSTEM_NOT_READY;

		try

		{

			UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO();

			MinimalUserBean userBean = userDao.getUserFromStore(userAlias, null);

			if (userBean == null)

			{

				return MinimalConstants.ERR_USERALIAS_NOT_FOUND;

			}

			userBean.getPdateCreated();

			// verify user

			PasswordController pc = MinimalUPassFactory.getPasswordController(userBean, upc.getConfigurationsMap());

			if (checkChangeInterval == true)

			{

				rc = pc.checkRegeneratePassword();

				if (rc == MinimalConstants.ERR_PASSWD_CHANGE_INTERVAL)

				{

					return MinimalConstants.ERR_PASSWD_CHANGE_INTERVAL;

				}

			}

			rc = pc.VerifyPassword(oldPassword);

			if (rc == MinimalConstants.ERR_SUCCESS ||

					rc == MinimalConstants.ERR_PASSWD_EXPIRED ||

					rc == MinimalConstants.ERR_PASSWD_EXPIRED_NOTIFICATION)

			{

				rc = pc.GeneratePassword(newPassword, true);

			}

			userBean = (MinimalUserBean) pc.getUpdatedObject();

			// update database

			boolean lrc = userDao.updateUserToStore(userBean, null);

			if (!lrc)

			{

				rc = MinimalConstants.ERR_SYSTEM_NOT_READY;

			}

		} catch (Exception e)

		{

			e.printStackTrace();

		}

		return rc;

	}

}

/**

 * Copyright (c) 2010 Penril Datability (M) Sdn Bhd All rights reserved.

 *

 * This software is copyrighted. Under the copyright laws, this software

 * may not be copied, in whole or in part, without prior written consent

 * of Penril Datability (M) Sdn Bhd or its assignees. This software is

 * provided under the terms of a license between Penril Datability (M)

 * Sdn Bhd and the recipient, and its use is subject to the terms of that

 * license.

 */

package my.com.upass.services;

import java.util.Date;

import java.util.StringTokenizer;

import my.com.upass.MinimalConstants;

import my.com.upass.MinimalUPassControllerV2;

import my.com.upass.dao.MinimalDAOFactory;

import my.com.upass.dao.UserDAO;

import my.com.upass.factory.MinimalUPassFactory;

import my.com.upass.pojo.MinimalUserBean;

import my.com.upass.spassword.PasswordController;

/**

 * PROGRAMMER: Danniell

 * CHANGE-NO:

 * TASK-NO:

 * DATE CREATED: Dec 29, 2011

 * TAG AS:

 * REASON(S):

 * MODIFICATION:

 */

/**

 * <Class description>

 */

public class CheckPasswordReusedService

{

	private MinimalUPassControllerV2 upc;

	public CheckPasswordReusedService(MinimalUPassControllerV2 upc)

	{

		this.upc = upc;

	}

	public int CheckPasswordReused(String userAlias, String password)

	{

		String token;

		if (userAlias == null || password == null)

		{

			return MinimalConstants.ERR_INVALID_INPUT;

		}

		try

		{

			UserDAO userDao = MinimalDAOFactory.minimalInstance().getUserDAO();

			MinimalUserBean userBean = userDao.getUserFromStore(userAlias, null);

			if (userBean == null)

			{

				return MinimalConstants.ERR_USERALIAS_NOT_FOUND;

			}

			// verify user state, must be active (not inactive|locked|deleted)

			switch (userBean.getUstate())

			{

			case (MinimalConstants.UID_STATE_ACTIVE):

				break;

			case (MinimalConstants.UID_STATE_TMP_LOCKED):

				Date now = new Date();

				if (userBean.getUdateLockedTo().after(now))

				{

					return MinimalConstants.ERR_INVALID_STATE;

				}

				break;

			default:

				return MinimalConstants.ERR_INVALID_STATE;

			}

			PasswordController pc = MinimalUPassFactory.getPasswordController(

					userBean, upc.getConfigurationsMap());

			String cipherText = pc.SHA256(userBean.getUserAlias(), password);

			if (userBean.getPhistoryList() != null)

			{

				StringTokenizer stz = new StringTokenizer(

						userBean.getPhistoryList(), ":");

				while (stz.hasMoreTokens())

				{

					token = stz.nextToken();

					if (cipherText.equals(token))

					{

						return MinimalConstants.ERR_REUSED_PASSWD;

					}

				}

			}

			return MinimalConstants.ERR_SUCCESS;

		} catch (Exception e)

		{

			e.printStackTrace();

			return MinimalConstants.ERR_SYSTEM_NOT_READY;

		}

	}

}

package my.com.upass.services;

import my.com.upass.ConfigBean;

import my.com.upass.MinimalConstants;

import my.com.upass.MinimalUPassControllerV2;

import my.com.upass.pojo.MinimalUserBean;

import my.com.upass.spassword.PasswordController;

public class VerifyPasswordComplexityService {

	private MinimalUPassControllerV2 upc;

	public VerifyPasswordComplexityService(MinimalUPassControllerV2 upc) {

		this.upc = upc;

	}

	public int verifyPasswordComplexity(String userPassword, int applicationId) {

		int rc = MinimalConstants.ERR_SYSTEM_NOT_READY;

		try {

			MinimalUserBean ub = new MinimalUserBean();

			PasswordController pc = new PasswordController(ub, upc.getConfigurationsMap());

			ConfigBean configBean = pc.getConfigBean();

			if (pc.patternValidator(userPassword, configBean.getPasswordAcceptPattern())) {

				rc = MinimalConstants.ERR_SUCCESS;

			} else {

				rc = MinimalConstants.ERR_PASSWD_WEAK;

			}

		} catch (Exception e) {

			e.printStackTrace();

		}

		return rc;

	}

}