m2u-upass-core / src / my / com / upass / tac / TacController.java @ 0:02300db8682b
History | View | Annotate | Download (6.77 KB)
| 1 |
/*
|
|---|---|
| 2 |
* Copyright TFOS 2009
|
| 3 |
* date description ---
|
| 4 |
* 20090420 include max_used feature
|
| 5 |
*/
|
| 6 |
package my.com.upass.tac; |
| 7 |
|
| 8 |
import java.util.Calendar; |
| 9 |
import java.util.Date; |
| 10 |
import java.util.GregorianCalendar; |
| 11 |
|
| 12 |
import my.com.upass.ConfigBean; |
| 13 |
import my.com.upass.Constants; |
| 14 |
import my.com.upass.pojo.TacBean; |
| 15 |
|
| 16 |
import org.apache.log4j.Logger; |
| 17 |
|
| 18 |
public class TacController { |
| 19 |
|
| 20 |
private static final Logger logger = Logger.getLogger(TacController.class); |
| 21 |
|
| 22 |
private int timeOut = 60000; |
| 23 |
private int maxError = 3; |
| 24 |
private int maxUse = 3; |
| 25 |
private int lifespanTimeout = 3600; |
| 26 |
private int repeatTimeout = 180; |
| 27 |
|
| 28 |
private TacBean tacBeanObject;
|
| 29 |
private ConfigBean config;
|
| 30 |
|
| 31 |
public TacController(TacBean tacBeanObject, ConfigBean config) throws Exception { |
| 32 |
this.tacBeanObject = tacBeanObject;
|
| 33 |
this.config = config;
|
| 34 |
init(); |
| 35 |
} |
| 36 |
|
| 37 |
private void init() { |
| 38 |
try {
|
| 39 |
maxError = config.getTACMaxTryError(); |
| 40 |
maxUse = config.getTACMaxUse(); |
| 41 |
timeOut = config.getTACTTimeOut(); |
| 42 |
repeatTimeout = config.getTACRepeatTimeOut(); |
| 43 |
lifespanTimeout = config.getTACLifeSpanTimeOut(); |
| 44 |
|
| 45 |
} catch (Exception e) { |
| 46 |
logger.error("ERR: TAC_CONTROLLER: Property entry not found..", e);
|
| 47 |
} |
| 48 |
} |
| 49 |
|
| 50 |
public void setObject(TacBean tacBeanObject) { |
| 51 |
this.tacBeanObject = tacBeanObject;
|
| 52 |
} |
| 53 |
|
| 54 |
public TacBean getUpdatedObject() {
|
| 55 |
return (TacBean) tacBeanObject;
|
| 56 |
} |
| 57 |
|
| 58 |
// /////////////////////////////////////////////////////////////////////
|
| 59 |
// Public Generate TAC
|
| 60 |
// Valid State : SET to Constants.PASSWD_STATUS_ENABLE
|
| 61 |
//
|
| 62 |
// 20090603:
|
| 63 |
// if SessionID = null, then continue
|
| 64 |
// if SessionID <> null, if in same session, check REPEAT_TIMEOUT
|
| 65 |
//
|
| 66 |
// /////////////////////////////////////////////////////////////////////
|
| 67 |
public String GenerateTac(String sessionID, String nonce) { |
| 68 |
|
| 69 |
String s = null; |
| 70 |
boolean isSession = false; |
| 71 |
boolean isSameSession = true; |
| 72 |
boolean isFirstTimeRequest = true; |
| 73 |
|
| 74 |
// determine if from same_session and null_session
|
| 75 |
if (sessionID != null) { |
| 76 |
isSession = true;
|
| 77 |
s = tacBeanObject.getSessionId(); |
| 78 |
if (!sessionID.equals(s)) { // new session |
| 79 |
isSameSession = false;
|
| 80 |
tacBeanObject.setSessionId(sessionID); |
| 81 |
} |
| 82 |
} |
| 83 |
tacBeanObject.setNonce(nonce); |
| 84 |
|
| 85 |
// determine if first time TAC request
|
| 86 |
isFirstTimeRequest = (tacBeanObject.getDateCreated() == null) ? true : false; |
| 87 |
|
| 88 |
// logger.info(
|
| 89 |
// "+isFirstTimeRequest:" + isFirstTimeRequest +
|
| 90 |
// "| +isSession:" + isSession +
|
| 91 |
// "| +isSameSession:" + isSameSession + "[" + s + "][" + sessionID + "]");
|
| 92 |
|
| 93 |
if ((!isSession || isSameSession) && !isFirstTimeRequest) {
|
| 94 |
Calendar expiryDate = new GregorianCalendar(); |
| 95 |
expiryDate.setTime(tacBeanObject.getDateCreated()); |
| 96 |
expiryDate.add(Calendar.SECOND, +repeatTimeout);
|
| 97 |
Date ed = expiryDate.getTime();
|
| 98 |
if (ed.after(new Date())) { |
| 99 |
return "***" + Constants.ERR_TAC_ALREADY_EXIST; |
| 100 |
} |
| 101 |
} |
| 102 |
TacCrypto tac = new TacCrypto(tacBeanObject);
|
| 103 |
String sTac = tac.getTac();
|
| 104 |
String offset = tac.getOffset();
|
| 105 |
Date timestamp = tac.getTimeStamp();
|
| 106 |
|
| 107 |
// logger.info( "+" + sTac + " | " + offset + " | " + timestamp);
|
| 108 |
|
| 109 |
tacBeanObject.setCipherText(offset); |
| 110 |
tacBeanObject.setDateCreated(timestamp); |
| 111 |
tacBeanObject.setDateFirstUsed(null);
|
| 112 |
tacBeanObject.setState(Constants.PASSWD_STATUS_ENABLE); |
| 113 |
tacBeanObject.setUseCount(0); // 20090420 :: cater for max use |
| 114 |
|
| 115 |
return sTac;
|
| 116 |
} // end generate
|
| 117 |
|
| 118 |
// /////////////////////////////////////////////////////////////////////
|
| 119 |
// Public Verify TAC
|
| 120 |
// Valid State : Constants.PASSWD_STATUS_ENABLE
|
| 121 |
// SET to PASSWD_STATUS_ONETIMEUSED
|
| 122 |
// /////////////////////////////////////////////////////////////////////
|
| 123 |
public int VerifyTac(String inTac) { |
| 124 |
return VerifyTac(inTac, null, null); |
| 125 |
} |
| 126 |
|
| 127 |
public int VerifyTac(String inTac, String sessionID) { |
| 128 |
return VerifyTac(inTac, null, null); |
| 129 |
} |
| 130 |
|
| 131 |
public int VerifyTac(String inTac, String sessionID, String nonce) { |
| 132 |
int rc = Constants.ERR_UNKNOWN;
|
| 133 |
|
| 134 |
// if session ID present, it must matched
|
| 135 |
if (sessionID != null) { |
| 136 |
String s = tacBeanObject.getSessionId();
|
| 137 |
// s.trim();
|
| 138 |
if (!sessionID.equals(s)) {
|
| 139 |
return Constants.ERR_INVALID_SESSION;
|
| 140 |
} |
| 141 |
} |
| 142 |
tacBeanObject.setNonce(nonce); // nonce is not store in db, so must set here
|
| 143 |
|
| 144 |
if (tacBeanObject.getCipherText() == null || |
| 145 |
tacBeanObject.getDateCreated() == null) {
|
| 146 |
return Constants.ERR_INVALID_STATE; // error |
| 147 |
} |
| 148 |
Date ts = new Date(); |
| 149 |
tacBeanObject.setDateLastUsed(ts); |
| 150 |
|
| 151 |
if (tacBeanObject.getState() != Constants.PASSWD_STATUS_ENABLE) {
|
| 152 |
tacBeanObject.setErrorCount(tacBeanObject.getErrorCount() + 1);
|
| 153 |
return Constants.ERR_INVALID_STATE; // error |
| 154 |
} |
| 155 |
if (tacBeanObject.getErrorCount() > maxError - 1) { |
| 156 |
tacBeanObject.setErrorCount(tacBeanObject.getErrorCount() + 1);
|
| 157 |
return Constants.ERR_EXCEED_MAX_TRIES; // error |
| 158 |
} |
| 159 |
// tacBeanObject.setTUseCount( tacBeanObject.getTUseCount() + 1 );
|
| 160 |
if (maxUse > 0 & tacBeanObject.getUseCount() >= maxUse) { |
| 161 |
return Constants.ERR_EXCEED_MAX_USE;
|
| 162 |
} |
| 163 |
|
| 164 |
TacCrypto tac = new TacCrypto(tacBeanObject, inTac, timeOut);
|
| 165 |
|
| 166 |
if (tacBeanObject.getDateFirstUsed() == null) { |
| 167 |
tacBeanObject.setDateFirstUsed(ts); |
| 168 |
|
| 169 |
} else {
|
| 170 |
// check life span upon first usage
|
| 171 |
Calendar expiryDate = Calendar.getInstance(); |
| 172 |
expiryDate.add(Calendar.SECOND, +lifespanTimeout);
|
| 173 |
Date ed = expiryDate.getTime();
|
| 174 |
if (tacBeanObject.getDateCreated().after(ed)) {
|
| 175 |
// logger.info("lifespanTimeout after " + ed);
|
| 176 |
return Constants.ERR_PASSWD_EXPIRED;
|
| 177 |
} |
| 178 |
} |
| 179 |
if (tac.getIsValid()) {
|
| 180 |
tacBeanObject.setErrorCount(0); // reset error count |
| 181 |
tacBeanObject.setUseCount(tacBeanObject.getUseCount() + 1); // add 1 to use_count |
| 182 |
return Constants.ERR_SUCCESS;
|
| 183 |
|
| 184 |
} else {
|
| 185 |
String sc = tac.getStatusCode();
|
| 186 |
if (sc.substring(0, 1).equals("1")) { // TAC mismatched |
| 187 |
tacBeanObject.setErrorCount(tacBeanObject.getErrorCount() + 1);
|
| 188 |
return Constants.ERR_INVALID_CREDENTIAL; // don't waste time to chk further, return |
| 189 |
} |
| 190 |
|
| 191 |
if (sc.substring(1, 2).equals("1")) { // TAC expired |
| 192 |
return Constants.ERR_PASSWD_EXPIRED;
|
| 193 |
} |
| 194 |
} |
| 195 |
return rc;
|
| 196 |
}// end verify
|
| 197 |
|
| 198 |
// //////////////////////////////////////////////////////////////////////
|
| 199 |
// Public Disable TAC
|
| 200 |
// Valid State : SET Constants.PASSWD_STATUS_DISABLE
|
| 201 |
// Public Reset TAC
|
| 202 |
// Valid State : SET Constants.PASSWD_STATUS_ENABLE
|
| 203 |
// //////////////////////////////////////////////////////////////////////
|
| 204 |
public int DisableTAC() { |
| 205 |
tacBeanObject.setState(Constants.PASSWD_STATUS_DISABLE); |
| 206 |
return Constants.ERR_SUCCESS;
|
| 207 |
} |
| 208 |
|
| 209 |
public int ResetTAC() { |
| 210 |
tacBeanObject.setState(Constants.PASSWD_STATUS_ENABLE); |
| 211 |
tacBeanObject.setErrorCount(0);
|
| 212 |
return Constants.ERR_SUCCESS;
|
| 213 |
} |
| 214 |
|
| 215 |
public int SetSessionID(String sessionID) { |
| 216 |
tacBeanObject.setSessionId(sessionID); |
| 217 |
return Constants.ERR_SUCCESS;
|
| 218 |
} |
| 219 |
}// end class
|