m2u-upass-core / src / my / com / upass / tac / TacController.java @ 39:e450611bea1f
History | View | Annotate | Download (6.77 KB)
1 | 0:02300db8682b | hadi | /*
|
---|---|---|---|
2 | * Copyright TFOS 2009
|
||
3 | * date description ---
|
||
4 | * 20090420 include max_used feature
|
||
5 | */
|
||
6 | package my.com.upass.tac; |
||
7 | |||
8 | import java.util.Calendar; |
||
9 | import java.util.Date; |
||
10 | import java.util.GregorianCalendar; |
||
11 | |||
12 | import my.com.upass.ConfigBean; |
||
13 | import my.com.upass.Constants; |
||
14 | import my.com.upass.pojo.TacBean; |
||
15 | |||
16 | import org.apache.log4j.Logger; |
||
17 | |||
18 | public class TacController { |
||
19 | |||
20 | private static final Logger logger = Logger.getLogger(TacController.class); |
||
21 | |||
22 | private int timeOut = 60000; |
||
23 | private int maxError = 3; |
||
24 | private int maxUse = 3; |
||
25 | private int lifespanTimeout = 3600; |
||
26 | private int repeatTimeout = 180; |
||
27 | |||
28 | private TacBean tacBeanObject;
|
||
29 | private ConfigBean config;
|
||
30 | |||
31 | public TacController(TacBean tacBeanObject, ConfigBean config) throws Exception { |
||
32 | this.tacBeanObject = tacBeanObject;
|
||
33 | this.config = config;
|
||
34 | init(); |
||
35 | } |
||
36 | |||
37 | private void init() { |
||
38 | try {
|
||
39 | maxError = config.getTACMaxTryError(); |
||
40 | maxUse = config.getTACMaxUse(); |
||
41 | timeOut = config.getTACTTimeOut(); |
||
42 | repeatTimeout = config.getTACRepeatTimeOut(); |
||
43 | lifespanTimeout = config.getTACLifeSpanTimeOut(); |
||
44 | |||
45 | } catch (Exception e) { |
||
46 | logger.error("ERR: TAC_CONTROLLER: Property entry not found..", e);
|
||
47 | } |
||
48 | } |
||
49 | |||
50 | public void setObject(TacBean tacBeanObject) { |
||
51 | this.tacBeanObject = tacBeanObject;
|
||
52 | } |
||
53 | |||
54 | public TacBean getUpdatedObject() {
|
||
55 | return (TacBean) tacBeanObject;
|
||
56 | } |
||
57 | |||
58 | // /////////////////////////////////////////////////////////////////////
|
||
59 | // Public Generate TAC
|
||
60 | // Valid State : SET to Constants.PASSWD_STATUS_ENABLE
|
||
61 | //
|
||
62 | // 20090603:
|
||
63 | // if SessionID = null, then continue
|
||
64 | // if SessionID <> null, if in same session, check REPEAT_TIMEOUT
|
||
65 | //
|
||
66 | // /////////////////////////////////////////////////////////////////////
|
||
67 | public String GenerateTac(String sessionID, String nonce) { |
||
68 | |||
69 | String s = null; |
||
70 | boolean isSession = false; |
||
71 | boolean isSameSession = true; |
||
72 | boolean isFirstTimeRequest = true; |
||
73 | |||
74 | // determine if from same_session and null_session
|
||
75 | if (sessionID != null) { |
||
76 | isSession = true;
|
||
77 | s = tacBeanObject.getSessionId(); |
||
78 | if (!sessionID.equals(s)) { // new session |
||
79 | isSameSession = false;
|
||
80 | tacBeanObject.setSessionId(sessionID); |
||
81 | } |
||
82 | } |
||
83 | tacBeanObject.setNonce(nonce); |
||
84 | |||
85 | // determine if first time TAC request
|
||
86 | isFirstTimeRequest = (tacBeanObject.getDateCreated() == null) ? true : false; |
||
87 | |||
88 | // logger.info(
|
||
89 | // "+isFirstTimeRequest:" + isFirstTimeRequest +
|
||
90 | // "| +isSession:" + isSession +
|
||
91 | // "| +isSameSession:" + isSameSession + "[" + s + "][" + sessionID + "]");
|
||
92 | |||
93 | if ((!isSession || isSameSession) && !isFirstTimeRequest) {
|
||
94 | Calendar expiryDate = new GregorianCalendar(); |
||
95 | expiryDate.setTime(tacBeanObject.getDateCreated()); |
||
96 | expiryDate.add(Calendar.SECOND, +repeatTimeout);
|
||
97 | Date ed = expiryDate.getTime();
|
||
98 | if (ed.after(new Date())) { |
||
99 | return "***" + Constants.ERR_TAC_ALREADY_EXIST; |
||
100 | } |
||
101 | } |
||
102 | TacCrypto tac = new TacCrypto(tacBeanObject);
|
||
103 | String sTac = tac.getTac();
|
||
104 | String offset = tac.getOffset();
|
||
105 | Date timestamp = tac.getTimeStamp();
|
||
106 | |||
107 | // logger.info( "+" + sTac + " | " + offset + " | " + timestamp);
|
||
108 | |||
109 | tacBeanObject.setCipherText(offset); |
||
110 | tacBeanObject.setDateCreated(timestamp); |
||
111 | tacBeanObject.setDateFirstUsed(null);
|
||
112 | tacBeanObject.setState(Constants.PASSWD_STATUS_ENABLE); |
||
113 | tacBeanObject.setUseCount(0); // 20090420 :: cater for max use |
||
114 | |||
115 | return sTac;
|
||
116 | } // end generate
|
||
117 | |||
118 | // /////////////////////////////////////////////////////////////////////
|
||
119 | // Public Verify TAC
|
||
120 | // Valid State : Constants.PASSWD_STATUS_ENABLE
|
||
121 | // SET to PASSWD_STATUS_ONETIMEUSED
|
||
122 | // /////////////////////////////////////////////////////////////////////
|
||
123 | public int VerifyTac(String inTac) { |
||
124 | return VerifyTac(inTac, null, null); |
||
125 | } |
||
126 | |||
127 | public int VerifyTac(String inTac, String sessionID) { |
||
128 | return VerifyTac(inTac, null, null); |
||
129 | } |
||
130 | |||
131 | public int VerifyTac(String inTac, String sessionID, String nonce) { |
||
132 | int rc = Constants.ERR_UNKNOWN;
|
||
133 | |||
134 | // if session ID present, it must matched
|
||
135 | if (sessionID != null) { |
||
136 | String s = tacBeanObject.getSessionId();
|
||
137 | // s.trim();
|
||
138 | if (!sessionID.equals(s)) {
|
||
139 | return Constants.ERR_INVALID_SESSION;
|
||
140 | } |
||
141 | } |
||
142 | tacBeanObject.setNonce(nonce); // nonce is not store in db, so must set here
|
||
143 | |||
144 | if (tacBeanObject.getCipherText() == null || |
||
145 | tacBeanObject.getDateCreated() == null) {
|
||
146 | return Constants.ERR_INVALID_STATE; // error |
||
147 | } |
||
148 | Date ts = new Date(); |
||
149 | tacBeanObject.setDateLastUsed(ts); |
||
150 | |||
151 | if (tacBeanObject.getState() != Constants.PASSWD_STATUS_ENABLE) {
|
||
152 | tacBeanObject.setErrorCount(tacBeanObject.getErrorCount() + 1);
|
||
153 | return Constants.ERR_INVALID_STATE; // error |
||
154 | } |
||
155 | if (tacBeanObject.getErrorCount() > maxError - 1) { |
||
156 | tacBeanObject.setErrorCount(tacBeanObject.getErrorCount() + 1);
|
||
157 | return Constants.ERR_EXCEED_MAX_TRIES; // error |
||
158 | } |
||
159 | // tacBeanObject.setTUseCount( tacBeanObject.getTUseCount() + 1 );
|
||
160 | if (maxUse > 0 & tacBeanObject.getUseCount() >= maxUse) { |
||
161 | return Constants.ERR_EXCEED_MAX_USE;
|
||
162 | } |
||
163 | |||
164 | TacCrypto tac = new TacCrypto(tacBeanObject, inTac, timeOut);
|
||
165 | |||
166 | if (tacBeanObject.getDateFirstUsed() == null) { |
||
167 | tacBeanObject.setDateFirstUsed(ts); |
||
168 | |||
169 | } else {
|
||
170 | // check life span upon first usage
|
||
171 | Calendar expiryDate = Calendar.getInstance(); |
||
172 | expiryDate.add(Calendar.SECOND, +lifespanTimeout);
|
||
173 | Date ed = expiryDate.getTime();
|
||
174 | if (tacBeanObject.getDateCreated().after(ed)) {
|
||
175 | // logger.info("lifespanTimeout after " + ed);
|
||
176 | return Constants.ERR_PASSWD_EXPIRED;
|
||
177 | } |
||
178 | } |
||
179 | if (tac.getIsValid()) {
|
||
180 | tacBeanObject.setErrorCount(0); // reset error count |
||
181 | tacBeanObject.setUseCount(tacBeanObject.getUseCount() + 1); // add 1 to use_count |
||
182 | return Constants.ERR_SUCCESS;
|
||
183 | |||
184 | } else {
|
||
185 | String sc = tac.getStatusCode();
|
||
186 | if (sc.substring(0, 1).equals("1")) { // TAC mismatched |
||
187 | tacBeanObject.setErrorCount(tacBeanObject.getErrorCount() + 1);
|
||
188 | return Constants.ERR_INVALID_CREDENTIAL; // don't waste time to chk further, return |
||
189 | } |
||
190 | |||
191 | if (sc.substring(1, 2).equals("1")) { // TAC expired |
||
192 | return Constants.ERR_PASSWD_EXPIRED;
|
||
193 | } |
||
194 | } |
||
195 | return rc;
|
||
196 | }// end verify
|
||
197 | |||
198 | // //////////////////////////////////////////////////////////////////////
|
||
199 | // Public Disable TAC
|
||
200 | // Valid State : SET Constants.PASSWD_STATUS_DISABLE
|
||
201 | // Public Reset TAC
|
||
202 | // Valid State : SET Constants.PASSWD_STATUS_ENABLE
|
||
203 | // //////////////////////////////////////////////////////////////////////
|
||
204 | public int DisableTAC() { |
||
205 | tacBeanObject.setState(Constants.PASSWD_STATUS_DISABLE); |
||
206 | return Constants.ERR_SUCCESS;
|
||
207 | } |
||
208 | |||
209 | public int ResetTAC() { |
||
210 | tacBeanObject.setState(Constants.PASSWD_STATUS_ENABLE); |
||
211 | tacBeanObject.setErrorCount(0);
|
||
212 | return Constants.ERR_SUCCESS;
|
||
213 | } |
||
214 | |||
215 | public int SetSessionID(String sessionID) { |
||
216 | tacBeanObject.setSessionId(sessionID); |
||
217 | return Constants.ERR_SUCCESS;
|
||
218 | } |
||
219 | }// end class |