m2u-upass-core / src / my / com / upass / tac / TacController.java @ 44:7a7fb8fcfd6e
History | View | Annotate | Download (6.77 KB)
1 |
/*
|
---|---|
2 |
* Copyright TFOS 2009
|
3 |
* date description ---
|
4 |
* 20090420 include max_used feature
|
5 |
*/
|
6 |
package my.com.upass.tac; |
7 |
|
8 |
import java.util.Calendar; |
9 |
import java.util.Date; |
10 |
import java.util.GregorianCalendar; |
11 |
|
12 |
import my.com.upass.ConfigBean; |
13 |
import my.com.upass.Constants; |
14 |
import my.com.upass.pojo.TacBean; |
15 |
|
16 |
import org.apache.log4j.Logger; |
17 |
|
18 |
public class TacController { |
19 |
|
20 |
private static final Logger logger = Logger.getLogger(TacController.class); |
21 |
|
22 |
private int timeOut = 60000; |
23 |
private int maxError = 3; |
24 |
private int maxUse = 3; |
25 |
private int lifespanTimeout = 3600; |
26 |
private int repeatTimeout = 180; |
27 |
|
28 |
private TacBean tacBeanObject;
|
29 |
private ConfigBean config;
|
30 |
|
31 |
public TacController(TacBean tacBeanObject, ConfigBean config) throws Exception { |
32 |
this.tacBeanObject = tacBeanObject;
|
33 |
this.config = config;
|
34 |
init(); |
35 |
} |
36 |
|
37 |
private void init() { |
38 |
try {
|
39 |
maxError = config.getTACMaxTryError(); |
40 |
maxUse = config.getTACMaxUse(); |
41 |
timeOut = config.getTACTTimeOut(); |
42 |
repeatTimeout = config.getTACRepeatTimeOut(); |
43 |
lifespanTimeout = config.getTACLifeSpanTimeOut(); |
44 |
|
45 |
} catch (Exception e) { |
46 |
logger.error("ERR: TAC_CONTROLLER: Property entry not found..", e);
|
47 |
} |
48 |
} |
49 |
|
50 |
public void setObject(TacBean tacBeanObject) { |
51 |
this.tacBeanObject = tacBeanObject;
|
52 |
} |
53 |
|
54 |
public TacBean getUpdatedObject() {
|
55 |
return (TacBean) tacBeanObject;
|
56 |
} |
57 |
|
58 |
// /////////////////////////////////////////////////////////////////////
|
59 |
// Public Generate TAC
|
60 |
// Valid State : SET to Constants.PASSWD_STATUS_ENABLE
|
61 |
//
|
62 |
// 20090603:
|
63 |
// if SessionID = null, then continue
|
64 |
// if SessionID <> null, if in same session, check REPEAT_TIMEOUT
|
65 |
//
|
66 |
// /////////////////////////////////////////////////////////////////////
|
67 |
public String GenerateTac(String sessionID, String nonce) { |
68 |
|
69 |
String s = null; |
70 |
boolean isSession = false; |
71 |
boolean isSameSession = true; |
72 |
boolean isFirstTimeRequest = true; |
73 |
|
74 |
// determine if from same_session and null_session
|
75 |
if (sessionID != null) { |
76 |
isSession = true;
|
77 |
s = tacBeanObject.getSessionId(); |
78 |
if (!sessionID.equals(s)) { // new session |
79 |
isSameSession = false;
|
80 |
tacBeanObject.setSessionId(sessionID); |
81 |
} |
82 |
} |
83 |
tacBeanObject.setNonce(nonce); |
84 |
|
85 |
// determine if first time TAC request
|
86 |
isFirstTimeRequest = (tacBeanObject.getDateCreated() == null) ? true : false; |
87 |
|
88 |
// logger.info(
|
89 |
// "+isFirstTimeRequest:" + isFirstTimeRequest +
|
90 |
// "| +isSession:" + isSession +
|
91 |
// "| +isSameSession:" + isSameSession + "[" + s + "][" + sessionID + "]");
|
92 |
|
93 |
if ((!isSession || isSameSession) && !isFirstTimeRequest) {
|
94 |
Calendar expiryDate = new GregorianCalendar(); |
95 |
expiryDate.setTime(tacBeanObject.getDateCreated()); |
96 |
expiryDate.add(Calendar.SECOND, +repeatTimeout);
|
97 |
Date ed = expiryDate.getTime();
|
98 |
if (ed.after(new Date())) { |
99 |
return "***" + Constants.ERR_TAC_ALREADY_EXIST; |
100 |
} |
101 |
} |
102 |
TacCrypto tac = new TacCrypto(tacBeanObject);
|
103 |
String sTac = tac.getTac();
|
104 |
String offset = tac.getOffset();
|
105 |
Date timestamp = tac.getTimeStamp();
|
106 |
|
107 |
// logger.info( "+" + sTac + " | " + offset + " | " + timestamp);
|
108 |
|
109 |
tacBeanObject.setCipherText(offset); |
110 |
tacBeanObject.setDateCreated(timestamp); |
111 |
tacBeanObject.setDateFirstUsed(null);
|
112 |
tacBeanObject.setState(Constants.PASSWD_STATUS_ENABLE); |
113 |
tacBeanObject.setUseCount(0); // 20090420 :: cater for max use |
114 |
|
115 |
return sTac;
|
116 |
} // end generate
|
117 |
|
118 |
// /////////////////////////////////////////////////////////////////////
|
119 |
// Public Verify TAC
|
120 |
// Valid State : Constants.PASSWD_STATUS_ENABLE
|
121 |
// SET to PASSWD_STATUS_ONETIMEUSED
|
122 |
// /////////////////////////////////////////////////////////////////////
|
123 |
public int VerifyTac(String inTac) { |
124 |
return VerifyTac(inTac, null, null); |
125 |
} |
126 |
|
127 |
public int VerifyTac(String inTac, String sessionID) { |
128 |
return VerifyTac(inTac, null, null); |
129 |
} |
130 |
|
131 |
public int VerifyTac(String inTac, String sessionID, String nonce) { |
132 |
int rc = Constants.ERR_UNKNOWN;
|
133 |
|
134 |
// if session ID present, it must matched
|
135 |
if (sessionID != null) { |
136 |
String s = tacBeanObject.getSessionId();
|
137 |
// s.trim();
|
138 |
if (!sessionID.equals(s)) {
|
139 |
return Constants.ERR_INVALID_SESSION;
|
140 |
} |
141 |
} |
142 |
tacBeanObject.setNonce(nonce); // nonce is not store in db, so must set here
|
143 |
|
144 |
if (tacBeanObject.getCipherText() == null || |
145 |
tacBeanObject.getDateCreated() == null) {
|
146 |
return Constants.ERR_INVALID_STATE; // error |
147 |
} |
148 |
Date ts = new Date(); |
149 |
tacBeanObject.setDateLastUsed(ts); |
150 |
|
151 |
if (tacBeanObject.getState() != Constants.PASSWD_STATUS_ENABLE) {
|
152 |
tacBeanObject.setErrorCount(tacBeanObject.getErrorCount() + 1);
|
153 |
return Constants.ERR_INVALID_STATE; // error |
154 |
} |
155 |
if (tacBeanObject.getErrorCount() > maxError - 1) { |
156 |
tacBeanObject.setErrorCount(tacBeanObject.getErrorCount() + 1);
|
157 |
return Constants.ERR_EXCEED_MAX_TRIES; // error |
158 |
} |
159 |
// tacBeanObject.setTUseCount( tacBeanObject.getTUseCount() + 1 );
|
160 |
if (maxUse > 0 & tacBeanObject.getUseCount() >= maxUse) { |
161 |
return Constants.ERR_EXCEED_MAX_USE;
|
162 |
} |
163 |
|
164 |
TacCrypto tac = new TacCrypto(tacBeanObject, inTac, timeOut);
|
165 |
|
166 |
if (tacBeanObject.getDateFirstUsed() == null) { |
167 |
tacBeanObject.setDateFirstUsed(ts); |
168 |
|
169 |
} else {
|
170 |
// check life span upon first usage
|
171 |
Calendar expiryDate = Calendar.getInstance(); |
172 |
expiryDate.add(Calendar.SECOND, +lifespanTimeout);
|
173 |
Date ed = expiryDate.getTime();
|
174 |
if (tacBeanObject.getDateCreated().after(ed)) {
|
175 |
// logger.info("lifespanTimeout after " + ed);
|
176 |
return Constants.ERR_PASSWD_EXPIRED;
|
177 |
} |
178 |
} |
179 |
if (tac.getIsValid()) {
|
180 |
tacBeanObject.setErrorCount(0); // reset error count |
181 |
tacBeanObject.setUseCount(tacBeanObject.getUseCount() + 1); // add 1 to use_count |
182 |
return Constants.ERR_SUCCESS;
|
183 |
|
184 |
} else {
|
185 |
String sc = tac.getStatusCode();
|
186 |
if (sc.substring(0, 1).equals("1")) { // TAC mismatched |
187 |
tacBeanObject.setErrorCount(tacBeanObject.getErrorCount() + 1);
|
188 |
return Constants.ERR_INVALID_CREDENTIAL; // don't waste time to chk further, return |
189 |
} |
190 |
|
191 |
if (sc.substring(1, 2).equals("1")) { // TAC expired |
192 |
return Constants.ERR_PASSWD_EXPIRED;
|
193 |
} |
194 |
} |
195 |
return rc;
|
196 |
}// end verify
|
197 |
|
198 |
// //////////////////////////////////////////////////////////////////////
|
199 |
// Public Disable TAC
|
200 |
// Valid State : SET Constants.PASSWD_STATUS_DISABLE
|
201 |
// Public Reset TAC
|
202 |
// Valid State : SET Constants.PASSWD_STATUS_ENABLE
|
203 |
// //////////////////////////////////////////////////////////////////////
|
204 |
public int DisableTAC() { |
205 |
tacBeanObject.setState(Constants.PASSWD_STATUS_DISABLE); |
206 |
return Constants.ERR_SUCCESS;
|
207 |
} |
208 |
|
209 |
public int ResetTAC() { |
210 |
tacBeanObject.setState(Constants.PASSWD_STATUS_ENABLE); |
211 |
tacBeanObject.setErrorCount(0);
|
212 |
return Constants.ERR_SUCCESS;
|
213 |
} |
214 |
|
215 |
public int SetSessionID(String sessionID) { |
216 |
tacBeanObject.setSessionId(sessionID); |
217 |
return Constants.ERR_SUCCESS;
|
218 |
} |
219 |
}// end class
|