Z-Archive » Maybank Projects » M2U UPASS Project

/**

 * Copyright (M) 2010 Penril Datability (M) Sdn Bhd All rights reserved.

 *

 * This software is copyrighted. Under the copyright laws, this software

 * may not be copied, in whole or in part, without prior written consent

 * of Penril Datability (M) Sdn Bhd or its assignees. This software is

 * provided under the terms of a license between Penril Datability (M)

 * Sdn Bhd and the recipient, and its use is subject to the terms of that

 * license.

 */

package my.com.upass;

import java.text.ParseException;

import java.text.SimpleDateFormat;

import java.util.ArrayList;

import java.util.Date;

import java.util.HashMap;

import java.util.List;

import java.util.Map;

import java.util.Set;

import my.com.upass.factory.UPassFactory;

import my.com.upass.maybank.entities.IbccUser;

import my.com.upass.maybank.entities.Im2uUser;

import my.com.upass.maybank.entities.M2uUser;

import my.com.upass.maybank.entities.StockUser;

import my.com.upass.maybank.entities.TicketingUser;

import my.com.upass.pojo.ClientApp;

import my.com.upass.pojo.MinimalUserBean;

import my.com.upass.pojo.UserAppAccess;

import my.com.upass.services.ActivateUserService;

import my.com.upass.services.AppAccessMgtService.MultipleAppAccessesFound;

import my.com.upass.services.AssignTokenService;

import my.com.upass.services.CheckPasswordReusedService;

import my.com.upass.services.DeleteTokenService;

import my.com.upass.services.DeleteUserService;

import my.com.upass.services.DisableTacService;

import my.com.upass.services.DisableTokenService;

import my.com.upass.services.GenerateSecurityCodeService;

import my.com.upass.services.GenerateTacService;

import my.com.upass.services.LoadTokenService;

import my.com.upass.services.LockUserService;

import my.com.upass.services.QueryInfoService;

import my.com.upass.services.ResetTacService;

import my.com.upass.services.ResetTokenService;

import my.com.upass.services.SynchronizeTokenService;

import my.com.upass.services.VerifyCredentialComplexityService;

import my.com.upass.services.VerifySecurityCodeService;

import my.com.upass.services.VerifyTacService;

import my.com.upass.services.VerifyTokenService;

import org.hibernate.Session;

/**

 * PROGRAMMER: Danniell

 * CHANGE-NO:

 * TASK-NO:

 * DATE CREATED: Oct 8, 2011

 * TAG AS:

 * REASON(S):

 * MODIFICATION:

 */

/**

 * Data Access Object version of UPASS Controller

 */

/**

 * @author Enson

 * 

 */

public class UPassControllerV2 extends MinimalUPassControllerV2

{

        private CheckPasswordReusedService checkPasswordReusedService = new CheckPasswordReusedService(this);

        private GenerateTacService generateTacService = new GenerateTacService(this);

        private VerifyTacService verifyTacService = new VerifyTacService(this);

        private ResetTacService resetTacService = new ResetTacService(this);

        private GenerateSecurityCodeService generateSecurityCodeService = new GenerateSecurityCodeService(this);

        private VerifySecurityCodeService verifySecurityCodeService = new VerifySecurityCodeService(this);

        private DisableTacService disableTacService = new DisableTacService(this);

        private ActivateUserService activateUserService = new ActivateUserService();

        private QueryInfoService queryInfoService = new QueryInfoService();

        private LockUserService lockUserService = new LockUserService();

        private VerifyTokenService verifyTokenService = new VerifyTokenService();

        private LoadTokenService loadTokenService = new LoadTokenService();

        private ResetTokenService resetTokenService = new ResetTokenService();

        private DeleteTokenService deleteTokenService = new DeleteTokenService();

        private AssignTokenService assignTokenService = new AssignTokenService();

        private DisableTokenService disableTokenService = new DisableTokenService();

        private SynchronizeTokenService synchronizeTokenService = new SynchronizeTokenService();

        private VerifyCredentialComplexityService verifyPasswordComplexityService = new VerifyCredentialComplexityService(this);

        private DeleteUserService deleteUserService = new DeleteUserService();

        // ////////////////////////////////////////////////////////////////////////////////////////

        // Static Password Methods

        // /////////////////////////////////////////////////////////////////////////////////////////

        /**

         * This method verify static password generated using SP_ChangeStaticPassword()

         * and also check for user dormant status

         * 

         * @param userAlias

         * @param password

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - user not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES - used ModifyUser to reset password.<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_PASSWD_EXPIRED - password is valid but expired, suggest to change new password.<br/>

         */

        public int SP_Login(String userAlias, String password)

        {

                int rc = verifyStaticPasswordService.login(userAlias, password, false, 0);

                logger.info("SP_Login - user alias: [" + userAlias + "] Return: " + rc);

                return rc;

        }

        public int SP_ForceChangeStaticPassword(String userAlias, String newPassword, String oldPassword)

        {

                int rc = changeStaticPasswordService.changeStaticPassword(userAlias, newPassword, oldPassword, false);

                logger.info("SP_ChangeStaticPassword - user alias: [" + userAlias + "] Return: " + rc);

                return rc;

        }

        /**

         * 

         * @param userAlias

         * @param hashedPassword

         *            This password is expected to be in clear text during migration period,

         *            but a hash value of password in SHA-256 afterwards.

         * @return the return code

         */

        public int UA_CheckPasswordReused(String userAlias, String hashedPassword) {

                int rc = checkPasswordReusedService.checkPasswordReused(userAlias, hashedPassword);

                logger.info("UA_CheckPasswordReused - user alias: [" + userAlias + "] Return: " + rc);

                return rc;

        }

        // /////////////////////////////////////////////////////////////////////////////////////////

        // TAC Methods ...

        // /////////////////////////////////////////////////////////////////////////////////////////

        /**

         * This method to Generate 6-digit TAC.

         * 

         * @param userAlias

         * @param appId

         *            TODO

         * @return 6-digit TAC or Error code with prefix *** <br/>

         *         ***98 ERR_SYSTEM_NOT_READY<br/>

         *         ***6 ERR_USERALIAS_NOT_FOUND<br/>

         *         ***12 ERR_TAC_ALREADY_EXIST - Repeated request within allowed period<br/>

         */

        public String generateTAC(String userAlias, int appId) {

                String tac = generateTacService.generateTAC(userAlias, null, null, appId);

                logger.info(userAlias + " Return=" + tac.substring(2));

                return tac;

        }

        /**

         * This method to Generate 6-digit TAC with SessionID verification.

         * 

         * @param userAlias

         * @param sessionID

         *            16-Characters SessionID

         * @param appId

         *            TODO

         * @return 6-digit TAC or Error code with prefix *** <br/>

         *         ***98 ERR_SYSTEM_NOT_READY<br/>

         *         ***6 ERR_USERALIAS_NOT_FOUND<br/>

         *         ***12 ERR_TAC_ALREADY_EXIST - Repeated request within allowed period<br/>

         */

        public String generateTAC(String userAlias, String sessionID, int appId) {

                String tac = generateTacService.generateTAC(userAlias, sessionID, null, appId);

                logger.info(userAlias + " SessionID=" + sessionID + " Return=" + tac.substring(2));

                return tac;

        }

        /**

         * This method to Generate 6-digit TAC with SessionID verification.

         * 

         * @param userAlias

         * @param sessionID

         *            16-Characters SessionID

         * @param nonce

         *            Additional nonce value

         * @param appId

         *            TODO

         * @return 6-digit TAC or Error code with prefix *** <br/>

         *         ***98 ERR_SYSTEM_NOT_READY<br/>

         *         ***6 ERR_USERALIAS_NOT_FOUND<br/>

         *         ***12 ERR_TAC_ALREADY_EXIST - Repeated request within allowed period<br/>

         */

        public String generateTAC(String userAlias, String sessionID, String nonce, int appId) {

                String tac = generateTacService.generateTAC(userAlias, sessionID, nonce, appId);

                logger.info(userAlias + " SessionID=" + sessionID + " Return=" + tac.substring(2));

                return tac;

        }

        /**

         * This method to verify 6-digit TAC generated by GenerateTAC()

         * 

         * @param userAlias

         * @param inTac

         *            User inputs TAC

         * @param appId

         *            TODO

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_INVALID_STATE - Verify method call before generation; TAC disabled.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_PASSWD_EXPIRED - TAC expired.<br/>

         */

        public int verifyTAC(String userAlias, String inTac, int appId) {

                int rc = verifyTacService.verifyTAC(userAlias, inTac, null, appId);

                logger.info("VerifyTAC - user alias: [" + userAlias + "] Return: " + rc);

                return rc;

        }

        /**

         * This method to verify 6-digit TAC generated by GenerateTAC() with SessionID verification

         * 

         * @param userAlias

         * @param inTac

         *            User inputs TAC

         * @param sessionID

         *            16-Characters SessionID

         * @param appId

         *            TODO

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_INVALID_STATE - Verify method call before generation; TAC disabled.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_PASSWD_EXPIRED - TAC expired.<br/>

         *         ERR_INVALID_SESSION<br/>

         */

        public int verifyTAC(String userAlias, String inTac, String sessionID, int appId) {

                return verifyTAC(userAlias, inTac, sessionID, null, appId);

        }

        /**

         * This method to verify 6-digit TAC generated by GenerateTAC() with SessionID verification

         * 

         * @param userAlias

         * @param inTac

         *            User inputs TAC

         * @param sessionID

         *            16-Characters SessionID

         * @param nonce

         *            Additional nonce value

         * @param appId

         *            TODO

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_INVALID_STATE - Verify method call before generation; TAC disabled.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_PASSWD_EXPIRED - TAC expired.<br/>

         *         ERR_INVALID_SESSION<br/>

         */

        public int verifyTAC(String userAlias, String inTac, String sessionID, String nonce, int appId) {

                int rc = verifyTacService.verifyTAC(userAlias, inTac, sessionID, nonce, appId);

                logger.info("VerifyTAC - user alias: [" + userAlias + "] SessID: [" + sessionID + "] Return: " + rc);

                return rc;

        }

        /**

         * This method is to reset Error Count to Zero and set state to PASSWD_STATUS_ENABLE

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param userAlias

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - admin not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_UNKNOWN<br/>

         */

        public int resetTAC(String adminUserAlias, String adminUserPassword, String userAlias) {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true, Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS) {

                        return rc;

                }

                rc = resetTacService.resetTAC(userAlias);

                logger.info("ResetTAC - user alias: [" + userAlias + "] Return: " + rc);

                return rc;

        }

        /**

         * This method is to set state to PASSWD_STATUS_DISABLE

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param userAlias

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - admin not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_UNKNOWN<br/>

         */

        public int disableTAC(String adminUserAlias, String adminUserPassword, String userAlias) {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true, Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS) {

                        return rc;

                }

                rc = disableTacService.disableTAC(userAlias);

                logger.info("DisableTAC - user alias: [" + userAlias + "] Return: " + rc);

                return rc;

        }

        // /////////////////////////////////////////////////////////////////////////////////////////

        // User Administration methods.

        // /////////////////////////////////////////////////////////////////////////////////////////

        /**

         * This method to modify admin users to the system

         * 

         * @param rootAlias

         * @param rootHashedPassword

         * @param adminUserAlias

         * @param adminDesc

         *            - can be null - Null denotes no description will be modified.

         * @param adminHashedPassword

         *            - can be null - Null denotes no password will be modified.

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - root not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_INVALID_INPUT - internal error.<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_REUSED_PASSWD - the password entered was used previously.<br/>

         *         ERR_PASSWD_WEAK - the password entered is too weak.<br/>

         *         ERR_INVALID_USERALIAS - User alias does not match with defined pattern <br/>

         *         ERR_PASSWORD_SAMEAS_USERALIAS - password is same is user name error <br/>

         */

        public int AD_ModifyUser(String rootAlias, String rootHashedPassword,

                        String adminUserAlias, String adminDesc, String adminHashedPassword)

        {

                // check if password is similar to user alias

                if (rootAlias.equalsIgnoreCase(rootHashedPassword)) {

                        return Constants.ERR_PASSWORD_SAMEAS_USERALIAS;

                }

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                rootAlias, rootHashedPassword, true, Constants.UTYPE_STATE_ROOT);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = modifyUserService.modifyUser(adminUserAlias,

                                Constants.UTYPE_STATE_ADMIN, adminDesc, adminHashedPassword,

                                Constants.UID_STATE_ACTIVE);

                logger.info("AD_ModifyUser - admin user alias: [" + adminUserAlias + "] Return: " + rc);

                return rc;

        }

        /**

         * This method to change online users state to ACTIVE status.

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param userAlias

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - admin not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_UNKNOWN <br/>

         */

        public int UA_ActivateUser(String adminUserAlias, String adminUserPassword, String userAlias)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = activateUserService.activateUser(userAlias);

                logger.info("UA_ActivateUser - user alias: [" + userAlias

                                + "] Return: " + rc);

                return rc;

        }

        /**

         * This method to change admin users state to ACTIVE status.

         * 

         * @param rootAlias

         * @param rootPassword

         * @param adminUserAlias

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - root not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_UNKNOWN<br/>

         */

        public int AD_ActivateUser(String rootAlias, String rootPassword,

                        String adminUserAlias)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                rootAlias, rootPassword, true, Constants.UTYPE_STATE_ROOT);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = activateUserService.activateUser(adminUserAlias);

                logger.info("AD_ActivateUser - admin user alias: [" + adminUserAlias

                                + "] Return: " + rc);

                return rc;

        }

        /**

         * This method is to check whether the user alias exist in the system.

         * 

         * @param userAlias

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS 0 - found<br/>

         *         ERR_USERALIAS_NOT_FOUND 6<br/>

         *         ERR_SYSTEM_NOT_READY 98<br/>

         */

        public int UA_IsUserExist(String userAlias)

        {

                return queryInfoService.checkUserExistence(userAlias);

        }

        /**

         * This method is to get user type. Valid return is [0-root user | 1-admin user | 2-Ordinary User]

         * 

         * @param userAlias

         * @return <br/>

         *         UTYPE_STATE_ROOT = 0<br/>

         *         UTYPE_STATE_ADMIN = 1<br/>

         *         UTYPE_STATE_USER = 2<br/>

         *         ERR_USERALIAS_NOT_FOUND = 6<br/>

         *         ERR_SYSTEM_NOT_READY = 98<br/>

         */

        public int UA_GetUserType(String userAlias)

        {

                return queryInfoService.getUserType(userAlias);

        }

        /**

         * This method is to get attributes associated to user. Return type is HashMap<String,String>

         * The object keys is as below:<br/>

         * RC - Return Code [always present]<br/>

         * RT - Return Code in Text [always present]<br/>

         * <br/>

         * The following data present only with the return is ERR_SUCCESS<br/>

         * Type - User Type [0-Root User] [1-Admin User] [2-Ordinary User][9-SysControl]<br/>

         * State - User State [0-Active] [1-Temporary Locked] [2-Locked] [3-Inactive] [4-Deleted]<br/>

         * Description - User Description<br/>

         * UseCount - Number of time the record being access<br/>

         * DateCreated - Created date<br/>

         * DateLastUsed - Last access of the record<br/>

         * DateLastActivated - Last activation of the record<br/>

         * DateLastLocked - Last date the user being locked<br/>

         * DateLockedFrom - last date the user being locked from<br/>

         * DateLockedTo - last date the user being locked to<br/>

         * 

         * @param userAlias

         * @return HashMap

         */

        public HashMap<String, String> UA_GetUserData(String userAlias)

        {

                return queryInfoService.getUserData(userAlias);

        }

        /**

         * This method is to get attributes associated to password. Return type is HashMap<String,String>

         * The object keys is as below:<br/>

         * RC - Return Code [always present]<br/>

         * RT - Return Code in Text [always present]<br/>

         * <br/>

         * The following data present only with the return is ERR_SUCCESS<br/>

         * State - Password State [0-Enable] [1-Disable] [2-OneTime Use]<br/>

         * ExpiryStatus - Expiry Status [0-Will Expired][1-Never Expired]

         * UseCount - Number of time the record being access<br/>

         * ErrorCount - Number of time the password verified error<br/>

         * DateCreated - Created date<br/>

         * DateFirstUsed - First access of the password<br/>

         * DateLastUsed - Last access of the password<br/>

         * DatePasswdExpired - Expiry date of the password<br/>

         * 

         * @param userAlias

         * @return HashMap

         */

        public HashMap<String, String> queryPassword(String userAlias)

        {

                return queryInfoService.queryPassword(userAlias);

        }

        /**

         * This method is to get attributes associated to TAC. Return type is HashMap<String,String>

         * The object keys is as below:<br/>

         * RC - Return Code [always present]<br/>

         * RT - Return Code in Text [always present]<br/>

         * <br/>

         * The following data present only with the return is ERR_SUCCESS<br/>

         * State - User State [0-Enable] [1-Disable]<br/>

         * UseCount - Number of time the record being access<br/>

         * ErrorCount - Number of time the TAC verified error<br/>

         * DateCreated - TAC Created date<br/>

         * DateFirstUsed - First access of the TAC<br/>

         * DateLastUsed - Last access of the TAC<br/>

         * 

         * @param userAlias

         * @param appId

         *            TODO

         * @return HashMap

         */

        public HashMap<String, String> queryTAC(String userAlias, int appId)

        {

                return queryInfoService.queryTAC(userAlias, appId);

        }

        /**

         * This method is to change online user state to LOCKED status.

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param userAlias

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - admin not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_UNKNOWN<br/>

         */

        public int UA_LockUser(String adminUserAlias, String adminUserPassword,

                        String userAlias)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = lockUserService.lockUser(userAlias);

                logger.info("UA_LockUser - user alias: [" + userAlias + "] Return:"

                                + rc);

                return rc;

        }

        /**

         * This method is to change admin user state to LOCKED status.

         * 

         * @param rootAlias

         * @param rootPassword

         * @param adminUserAlias

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - root not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_UNKNOWN<br/>

         */

        public int AD_LockUser(String rootAlias, String rootPassword,

                        String adminUserAlias)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                rootAlias, rootPassword, true, Constants.UTYPE_STATE_ROOT);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = lockUserService.lockUser(adminUserAlias);

                logger.info("AD_LockUser - admin user alias: [" + adminUserAlias

                                + "] Return: " + rc);

                return rc;

        }

        /**

         * This method is to suspend online user from when for how many Minutes

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param userAlias

         * @param fromDate

         *            - from when

         * @param nMinutes

         *            - Suspend for how many minutes

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - admin not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_UNKNOWN<br/>

         */

        public int UA_SuspendUser(String adminUserAlias, String adminUserPassword,

                        String userAlias, String strFromDate, int nMinutes)

        {

                Date fromDate = stringToDate(strFromDate);

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = lockUserService.lockUser(userAlias,

                                Constants.UID_STATE_TMP_LOCKED, fromDate, nMinutes);

                logger.info("UA_SuspendUser - admin user alias: [" + adminUserAlias

                                + "] user alias: [" + userAlias + "] From: [" + fromDate

                                + " for " + nMinutes + "min] Return: " + rc);

                return rc;

        }

        /**

         * This method is to suspend admin user from when for how many Minutes

         * 

         * @param rootAlias

         * @param rootPassword

         * @param adminUserAlias

         * @param fromDate

         *            - from when

         * @param nMinutes

         *            - Suspend for how many Minutes

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - root not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_UNKNOWN<br/>

         */

        public int AD_SuspendUser(String rootAlias, String rootPassword,

                        String adminUserAlias, String strFromDate, int nMinutes)

        {

                Date fromDate = stringToDate(strFromDate);

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                rootAlias, rootPassword, true, Constants.UTYPE_STATE_ROOT);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = lockUserService.lockUser(adminUserAlias,

                                Constants.UID_STATE_TMP_LOCKED, fromDate, nMinutes);

                logger.info("AD_SuspendUser - admin user alias: [" + adminUserAlias

                                + "] Return: " + rc);

                return rc;

        }

        /**

         * This method is to concate existing user alias to allow re use user after deleted.

         * 

         * @param rootAlias

         * @param rootPassword

         * @param adminUserAlias

         * @param fromDate

         *            - from when

         * @param nMinutes

         *            - Suspend for how many Minutes

         * @return ERR_code defined in the Constants.<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - root not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_UNKNOWN<br/>

         */

        public int UA_DeleteUser(String adminUserAlias, String adminUserPassword, String userAlias) {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS) {

                        return rc;

                }

                rc = deleteUserService.deleteUser(userAlias, null);

                logger.info("UA_DeleteUser - admin user alias: [" + userAlias + "] Return: " + rc);

                return rc;

        }

        /**

         * Because of the ability to choose the target app,

         * this method is meant for USS only.

         * 

         * @see #deleteUserWithTheProfile(String, String, String, Session)

         */

        public int deleteUserWithTheProfile(

                        String adminUsername, String adminPassword,

                        String username, int targetAppId, Session txSession)

                        throws UPassException {

                int rc;

                try {

                        AccessCheckResult checkResult = checkAppAccess(adminUsername, adminPassword, txSession);

                        if (!checkResult.hasUPassAdminAccess())

                                rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;

                        else {

                                boolean revoked = appAccessMgtService.revokeAppAccessForUser(username, targetAppId, txSession);

                                rc = revoked ?

                                                deleteUserService.deleteUser(username, targetAppId, txSession)

                                                : MinimalConstants.ERR_SYSTEM_NOT_READY;

                        }

                } catch (MultipleAppAccessesFound e) {

                        rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;

                        e.printStackTrace();

                }

                logger.info("deleteUser - user alias: [" + username + "] Return: " + rc);

                return rc;

        }

        /**

         * This methods identifies the target app using <code>appAccessId</code>,

         * hence meant for {@link ClientApp}s

         * 

         * @see #deleteUserWithTheProfile(String, String, String, int, Session)

         */

        public int deleteUserWithTheProfile(

                        String appAccessId, String hashedSecretKey,

                        String username, Session txSession)

                        throws UPassException {

                int rc;

                try {

                        AccessCheckResult checkResult = checkAppAccess(appAccessId, hashedSecretKey, txSession);

                        final Integer targetAppId = checkResult.invokerAppId;

                        if (targetAppId == null) {

                                rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;

                        } else {

                                boolean revoked = appAccessMgtService.revokeAppAccessForUser(username, targetAppId, txSession);

                                rc = revoked ?

                                                deleteUserService.deleteUser(username, targetAppId, txSession)

                                                : MinimalConstants.ERR_SYSTEM_NOT_READY;

                        }

                } catch (MultipleAppAccessesFound e) {

                        rc = MinimalConstants.ERR_APP_SERV_NOT_PERMITTED;

                        e.printStackTrace();

                }

                logger.info("deleteUser - user alias: [" + username + "] Return: " + rc);

                return rc;

        }

        public Map<MinimalUserBean, UserAppAccess> listApplicationAdmins(

                        String upassAdminUsername, String upassAdminPassword, Session txSession)

                        throws UPassException {

                AccessCheckResult checkResult = checkAppAccess(upassAdminUsername, upassAdminPassword, txSession);

                if (!checkResult.hasUPassAdminAccess())

                        throw new UPassException(MinimalConstants.ERR_APP_SERV_NOT_PERMITTED);

                final Map map = appAccessMgtService.listApplicationAdmins(txSession);

                return (Map<MinimalUserBean, UserAppAccess>) map;

        }

        // ///////////////////////////////////////////////////////////////////////////////

        // token area

        // ///////////////////////////////////////////////////////////////////////////////

        /**

         * This method is to verify token password

         * 

         * @param userAlias

         * @param inPassword

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_INVALID_STATE<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_PASSWD_EXPIRED<br/>

         *         ERR_REUSED_PASSWD<br/>

         */

        public int verifyToken(String userAlias, String inPassword)

        {

                int rc = verifyTokenService.verifyToken(userAlias, inPassword);

                logger.info("VerifyToken - user alias: [" + userAlias + "] Return: "

                                + rc);

                return rc;

        }

        /**

         * This method is to reset user token <br/>

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param userAlias

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_INVALID_STATE<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         */

        public int resetToken(String adminUserAlias, String adminUserPassword,

                        String userAlias)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = resetTokenService.resetToken(userAlias);

                logger.info("ResetToken - user alias: [" + userAlias + "] Return: "

                                + rc);

                return rc;

        }

        /**

         * This method is to query token information, Return type is HashMap<String,String>

         * RC - Return Code [always present]<br/>

         * RT - Return Code in Text [always present]<br/>

         * <br/>

         * The following data present only with the return is ERR_SUCCESS<br/>

         * SerailNo - The serial number of token<br/>

         * State - Token State, [0-UNASSIGNED], [1-ASSIGNED], [2-DISABLE], [3-LOCKED], [4-DELETED]<br/>

         * UseCount - number of time of password authentication <br/>

         * ErrorCount - number of time error encountered of password authentication<br/>

         * DateAssigned - date of assignment to user<br/>

         * DateFirstUsed - date of 1st time use<br/>

         * DateLastUsed - date of last time used<br/>

         * BatchID - the ID used for loading the token into data store<br/>

         * <br/>

         * 

         * Data retrieved from token BLOB<br/>

         * TOKEN_MODEL<br/>

         * USE_COUNT<br/>

         * ERROR_COUNT<br/>

         * LAST_TIME_USED<br/>

         * CODE_WORD<br/>

         * TRIPLE_DES<br/>

         * MAX_INPUT_FIELDS<br/>

         * RESPONSE_LENGTH<br/>

         * RESPONSE_TYPE<br/>

         * RESPONSE_CHECKSUM<br/>

         * TIME_STEP_USED<br/>

         * 

         * @param userAlias

         * @return HashMap

         */

        public HashMap<String, String> queryToken(String userAlias)

        {

                return queryInfoService.queryToken(userAlias);

        }

        public int deleteTokenFromStore(String adminUserAlias,

                        String adminUserPassword, String serialNumber)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = deleteTokenService.deleteTokenFromStore(serialNumber);

                logger.info("DeleteTokenFromStore - serial number: [" + serialNumber

                                + "] Return: " + rc);

                return rc;

        }

        /**

         * This method is to assign token to user<br/>

         * 

         * @param serialNumber

         * @param userAlias

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_INVALID_STATE<br/>

         */

        public int assignTokenToUser(String adminUserAlias,

                        String adminUserPassword, String serialNumber, String userAlias)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = assignTokenService.assignToken(serialNumber, userAlias,

                                Constants.TKN_STATE_ASSIGNED);

                logger.info("AssignTokenToUser - serial number: [" + serialNumber

                                + "] user alias: [" + userAlias + "] Return: " + rc);

                return rc;

        }

        /**

         * This method is to return Token to store; Reset the Token.<br/>

         * The token is ready to re-assign to other user.<br/>

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param userAlias

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_INVALID_STATE<br/>

         */

        public int unassignTokenFromUser(String adminUserAlias,

                        String adminUserPassword, String userAlias)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = assignTokenService.assignToken(null, userAlias,

                                Constants.TKN_STATE_UNASSIGNED);

                logger.info("UnassignTokenFromUser - user alias: [" + userAlias

                                + "] Return: " + rc);

                return rc;

        }

        /**

         * This method is to disable the token<br/>

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param userAlias

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_INVALID_STATE<br/>

         */

        public int disableToken(String adminUserAlias, String adminUserPassword,

                        String userAlias)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = disableTokenService.disableToken(userAlias, true);

                logger.info("DisableToken - user alias: [" + userAlias + "] Return: "

                                + rc);

                return rc;

        }

        /**

         * This method is to enable to token<br/>

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param userAlias

         * @return ERR_code defined in the Constants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND<br/>

         *         ERR_INVALID_STATE<br/>

         */

        public int enableToken(String adminUserAlias, String adminUserPassword,

                        String userAlias)

        {

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = disableTokenService.disableToken(userAlias, false);

                logger.info("EnableToken - user alias: [" + userAlias + "] Return: "

                                + rc);

                return rc;

        }

        /**

         * This method is to load token from DPX or PSKC file to UPass data store

         * Refer to System Console for additional information.

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param requiredField1

         *            = fileName

         * @param requiredField2

         *            = importKey/ passsphrase / fileName

         * @param requiredField3

         *            = batchId/ null

         * @return rc (response code)

         * @throws Exception

         */

        public int loadToken(String adminUserAlias, String adminUserPassword,

                        String requiredField1, String requiredField2, String requiredField3) throws Exception

        {

                int rc = Constants.ERR_SYSTEM_NOT_READY;

                rc = loadTokenWithStats(adminUserAlias, adminUserPassword,

                                requiredField1, requiredField2, requiredField3).getResponseCode();

                return rc;

        }

        /**

         * This method override the existing LoadToken to generate load token statistic

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param requiredField1

         *            = fileName

         * @param requiredField2

         *            = importKey/ passsphrase / fileName

         * @param requiredField3

         *            = batchId/ null

         * @return LoadTokenBean

         * @throws Exception

         */

        public LoadTokenBean loadTokenWithStats(String adminUserAlias, String adminUserPassword,

                        String requiredField1, String requiredField2, String requiredField3) throws Exception {

                LoadTokenBean loadTokenBean = new LoadTokenBean();

                // verify supervisor password

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                rc = 0;

                if (rc != Constants.ERR_SUCCESS) {

                        loadTokenBean.setResponseCode(rc);

                } else {

                        loadTokenBean = loadTokenService.loadToken(requiredField1, requiredField2, requiredField3,

                                        UPassFactory.getTokenMode());

                }

                return loadTokenBean;

        }

        /**

         * This method override the existing LoadToken to generate load token statistic

         * 

         * @param adminUserAlias

         * @param adminUserPassword

         * @param requiredField1

         *            = userAlias

         * @param requiredField2

         *            = Otp 1

         * @param requiredField3

         *            = Otp 2

         * @return LoadTokenBean

         * @throws Exception

         */

        public int synchronizeToken(String adminUserAlias, String adminUserPassword,

                        String userAlias, String otp1, String otp2) {

                // verify supervisor password

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                adminUserAlias, adminUserPassword, true,

                                Constants.UTYPE_STATE_ADMIN);

                if (rc != Constants.ERR_SUCCESS)

                {

                        return rc;

                }

                rc = synchronizeTokenService.syncToken(userAlias, otp1, otp2);

                logger.info("SyncToken - useralias: [" + userAlias

                                + "] first OTP: [" + otp1 + "] Second OTP: [" + otp2 + "] Return: " + rc);

                return rc;

        }

        /**

         * This method is to get Specified token vendor name in Token Controller

         * 

         * @return token Vendor name

         */

        public String getTokenVendor() {

                return queryInfoService.getTokenVendor();

        }

        // ///////////////////////////////////////////////////////////////////////////////

        // token area end

        // ///////////////////////////////////////////////////////////////////////////////

        private Date stringToDate(String dateString)

        {

                String DATE_FORMAT = "yyyyMMddHHmmss";

                SimpleDateFormat format = new SimpleDateFormat(DATE_FORMAT);

                Date parsedDate = new Date();

                try

                {

                        parsedDate = format.parse(dateString);

                } catch (ParseException pe)

                {

                        logger.info("ERROR: Cannot parse date in String " + dateString);

                }

                return parsedDate;

        }

        // ///////////////////////////////////////////////////////////////////////////////

        // Security code area

        // ///////////////////////////////////////////////////////////////////////////////

        public String generateSecurityCode(String identifier)

        {

                String sRc = generateSecurityCodeService

                                .generateSecurityCode(identifier);

                logger.info(identifier + " Return=" + sRc.substring(2));

                return sRc;

        }

        public int verifySecurityCode(String identifier, String securityCode)

        {

                int rc = verifySecurityCodeService.verifySecurityCode(

                                identifier, securityCode);

                logger.info("VerifySecurityCode - identifier: [" + identifier

                                + "] Return: " + rc);

                return rc;

        }

        public int verifyUserAliasComplexity(String userAlias, int applicationId) {

                int rc = verifyPasswordComplexityService.verifyUserAliasComplexity(userAlias, applicationId);

                logger.info("VerifyUserAliasComplexity: - user[" + userAlias + "] Return: " + rc);

                return rc;

        }

        public int verifyPasswordComplexity(String password, int applicationId) {

                int rc = verifyPasswordComplexityService.verifyPasswordComplexity(password, applicationId);

                logger.info("VerifyPasswordComplexity: - password[" + password + "] Return: " + rc);

                return rc;

        }

        /**

         * This method to add admin users to the system

         * 

         * @param rootAlias

         * @param rootHashedPassword

         * @param adminUserAlias

         * @param adminDesc

         * @param adminHashedPassword

         * @return ERR_code defined in the MinimalConstants<br/>

         *         ERR_SUCCESS<br/>

         *         ERR_SYSTEM_NOT_READY<br/>

         *         ERR_USERALIAS_NOT_FOUND <br/>

         *         ERR_INVALID_STATE - root not active or temporary suspended.<br/>

         *         ERR_APP_SERV_NOT_PERMITTED - for operation not allowed for the user type.<br/>

         *         ERR_EXCEED_MAX_TRIES<br/>

         *         ERR_INVALID_CREDENTIAL<br/>

         *         ERR_INVALID_INPUT - internal error.<br/>

         *         ERR_ALREADY_EXIST<br/>

         *         ERR_INVALID_USERALIAS - User alias does not match with defined pattern <br/>

         *         ERR_PASSWORD_SAMEAS_USERALIAS - password is same is user name error <br/>

         */

        public int AD_AddUser(

                        String rootAlias, String rootHashedPassword,

                        String adminUserAlias, String adminDesc, String adminHashedPassword) {

                // check if password is similar to user alias

                if (rootAlias.equalsIgnoreCase(rootHashedPassword)) {

                        return MinimalConstants.ERR_PASSWORD_SAMEAS_USERALIAS;

                }

                int rc = verifyStaticPasswordService.verifyStaticPassword(

                                rootAlias, rootHashedPassword, true, MinimalConstants.UTYPE_STATE_ROOT);

                if (rc != MinimalConstants.ERR_SUCCESS) {

                        return rc;

                }

                rc = createUserService.addUser(adminUserAlias,

                                MinimalConstants.UTYPE_STATE_ADMIN, adminDesc, adminHashedPassword,

                                MinimalConstants.UID_STATE_ACTIVE, MinimalConstants.SYSTEM_ID);

                logger.info("AD_AddUser - admin user alias: [" + adminUserAlias + "] Return: " + rc);

                return rc;