Example 1 with PinData
use of com.rsa.authagent.authapi.PinData in project OpenAM by OpenRock.
the class SecurID method process.
public int process(Callback[] callbacks, int state) throws AuthLoginException {
String nextToken;
int rtnval = -1;
String tmp_passcode = null;
/*
* state starts at 1, numbering corresponds to order of screens.
* return -1 if done, next screen# if another screen
*/
wtOrgName = getRequestOrg();
if (debug.messageEnabled()) {
debug.message("SecurID:process: Org = " + wtOrgName + "\n\tstate = " + state);
}
/*
* see if this org not initialized.
* the path to sdconf.rec was gotten in init();
* verify that it exists once. after that, can
* get the AuthSessionFactory.getInstance every time,
* as it will return the same one, given the same path.
*/
if (!configDone.containsKey(STR_SECURID_CONFIG_PATH)) {
// verify path to sdconf.rec
verifyConfigPath();
configDone.put(STR_SECURID_CONFIG_PATH, "true");
}
/*
* not particularly pretty getting the
* AuthSessionFactory instance every time, but the
* SecurID api states that it returns the same instance
* for the given path. plus this way saves having to
* keep track of stuff...
*/
if (api == null) {
debug.message("SecurID.process:getting Session instance");
try {
api = AuthSessionFactory.getInstance(STR_SECURID_CONFIG_PATH);
} catch (AuthAgentException e) {
debug.error("SecurID.process:" + "Unable to get SecurID API.");
throw new AuthLoginException(bundleName, "SecurIDInitLex", null, e);
}
}
if (debug.messageEnabled()) {
debug.message("SecurID:process:after configDone: Org = " + wtOrgName + "\n\tstate = " + state + "\n\tconfig_path = " + STR_SECURID_CONFIG_PATH + "\n\tuserTokenId = " + userTokenId + "\n\tusername = " + username);
}
String newPin = "";
int authStatus = AuthSession.ACCESS_DENIED;
PinData pinData = null;
switch(state) {
case // initial state (1)
ISAuthConstants.LOGIN_START:
{
if (callbacks != null && callbacks.length == 0) {
username = (String) sharedState.get(getUserKey());
tmp_passcode = (String) sharedState.get(getPwdKey());
if (username == null || tmp_passcode == null) {
return 1;
}
getCredentialsFromSharedState = true;
} else {
username = ((NameCallback) callbacks[0]).getName();
// null userid is a no-no
if (username == null || username.length() == 0) {
throw new AuthLoginException(bundleName, "SecurIDUserIdNull", null);
}
tmp_passcode = charToString(((PasswordCallback) callbacks[1]).getPassword(), callbacks[1]);
// null passcode is also a no-no
if (tmp_passcode == null || tmp_passcode.length() == 0) {
throw new AuthLoginException(bundleName, "SecurIDPasscodeNull", null);
}
}
if (debug.messageEnabled()) {
debug.message("SecurID.process(): username: " + username);
}
storeUsernamePasswd(username, tmp_passcode);
// got the userid and passcode
try {
session = api.createUserSession();
} catch (AuthAgentException aaex) {
debug.error("SecurID.process:createUserSession() error:" + aaex.getMessage());
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInitializeLex", new Object[] { aaex.getMessage() });
}
try {
authStatus = session.lock(username);
if (debug.messageEnabled()) {
debug.message("SecurID.process:session.lock returns = " + authStatus);
}
authStatus = session.check(username, tmp_passcode);
if (debug.messageEnabled()) {
debug.message("SecurID.process:session.check returns = " + authStatus);
}
switch(authStatus) {
case AuthSession.ACCESS_OK:
debug.message("SecurID.process:ACCESS_OK");
userTokenId = username;
rtnval = ISAuthConstants.LOGIN_SUCCEED;
break;
case // new PIN mode
AuthSession.NEW_PIN_REQUIRED:
{
debug.message("SecurID.process:NEW_PIN_REQUIRED");
pinData = session.getPinData();
int pinState = pinData.getUserSelectable();
String msg = getNewPinMsg(pinData);
// if user can't choose their own pin
if (pinState == PinData.CANNOT_CHOOSE_PIN) {
debug.message("SecurID.process:CANNOT_CHOOSE_PIN");
newPin = pinData.getSystemPin().trim();
// submit new PIN
if (newPin.length() != 0) {
authStatus = session.pin(newPin);
if (debug.messageEnabled()) {
debug.message("SecurID.process:CCP:pin rtns = " + authStatus);
}
if (authStatus != AuthSession.PIN_ACCEPTED) {
/*
* weird that we'd get an error
* submitting the PIN provided by
* the system...
* could do error handling here,
* or having the user submit a
* null pin will make things terminate
* subsequently...
*/
debug.error("SecurID.process:CCP:sys pin " + "not accepted!");
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPRCCP:" + "close err = " + aax.getMessage());
}
session = null;
}
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
} else {
/*
* weird that we'd get a null PIN
* from the system...
*/
debug.message("SecurID.process:CCP:newPin 0-length");
newPin = "";
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LSNP:" + "close err = " + aax.getMessage());
}
session = null;
}
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
/*
* then tell user the new PIN, and to do
* next token
*/
setDynamicText(true, ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN, bundle.getString("SecurIDWaitPin") + bundle.getString("SecurIDNewSysPin") + newPin);
rtnval = ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN;
} else if (pinState == PinData.USER_SELECTABLE) {
// see if user wants user-gen or sys-gen
debug.message("SecurID.process:USER_SELECTABLE");
setDynamicText(false, ISAuthConstants.LOGIN_SYS_GEN_PIN, bundle.getString("SecurIDSysGenPin"));
rtnval = ISAuthConstants.LOGIN_SYS_GEN_PIN;
} else if (pinState == PinData.MUST_CHOOSE_PIN) {
debug.message("SecurID.process:MUST_CHOOSE_PIN");
// user must provide new PIN
setDynamicText(true, ISAuthConstants.LOGIN_CHALLENGE, msg);
rtnval = ISAuthConstants.LOGIN_CHALLENGE;
if (debug.messageEnabled()) {
debug.message("SecurID.process:prompt = " + msg);
}
} else {
// huh?
debug.error("SecurID.process:NEW_PIN_REQUIRED:" + "unknown pinState = " + pinState);
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPRQ:" + "close err = " + aax.getMessage());
}
session = null;
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
}
}
break;
case // next token mode
AuthSession.NEXT_CODE_REQUIRED:
debug.message("SecurID.process:NEXT_CODE_REQUIRED");
rtnval = ISAuthConstants.LOGIN_NEXT_TOKEN;
break;
case AuthSession.ACCESS_DENIED:
debug.message("SecurID.process:ACCESS_DENIED");
default:
debug.message("SecurID.process:state == default");
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
rtnval = ISAuthConstants.LOGIN_START;
break;
}
setFailureID(username);
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LSAD:" + "close err = " + aax.getMessage());
}
session = null;
}
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
} catch (AuthAgentException aaex) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LS:close err = " + aax.getMessage());
}
session = null;
}
debug.error("SecurID.process:session lock/check:" + aaex.getMessage());
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInitializeLex", new Object[] { aaex.getMessage() });
}
}
break;
case // new PIN mode (2)
ISAuthConstants.LOGIN_CHALLENGE:
{
debug.message("SecurID.process:LOGIN_CHALLENGE");
// submit new PIN
String newPIN = charToString(((PasswordCallback) callbacks[0]).getPassword(), callbacks[0]);
/*
* if no PIN provided, submit "" as the new PIN, and
* let the ACE/Server handle it (by returning an error)
*/
if (newPIN == null) {
// might not pass the ASCII test below
newPIN = "";
}
if (debug.messageEnabled()) {
debug.message("SecurID.process:state2: token length = " + newPIN.length());
}
try {
if (!newPIN.equals(new String(newPIN.getBytes("ASCII"), "ASCII"))) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDNewPINNotASCII", null);
}
} catch (UnsupportedEncodingException ueex) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC2:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInputEncodingException", null);
}
try {
authStatus = session.pin(newPIN);
if (debug.messageEnabled()) {
debug.message("SecurID.process:session.pin returns " + authStatus);
}
if (authStatus == AuthSession.PIN_ACCEPTED) {
debug.message("SecurID.process:new pin ACCEPTED");
rtnval = ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN;
setDynamicText(true, ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN, bundle.getString("SecurIDWaitPin"));
userTokenId = username;
} else if (authStatus == AuthSession.PIN_REJECTED) {
debug.message("SecurID:process:New PIN specified is invalid.");
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC3:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDAuthInvNewPin", null);
} else {
// hmmm...
debug.error("SecurID.process:unsure this pin response value.");
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC4:close err = " + aax.getMessage());
}
session = null;
}
}
} catch (AuthAgentException aaex) {
// probably have to terminate the session
debug.error("SecurID.process:session.pin exception: " + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC5:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDAuthInvNewPin", null);
}
}
break;
case // next token mode (3)
ISAuthConstants.LOGIN_NEXT_TOKEN:
{
// can do PIN+passcode or just passcode
debug.message("SecurID.process:LOGIN_NEXT_TOKEN");
// got the next token; submit it
nextToken = charToString(((PasswordCallback) callbacks[0]).getPassword(), callbacks[0]);
// must have something
if (nextToken == null) {
// might not pass the ASCII test below
nextToken = "";
}
if (debug.messageEnabled()) {
debug.message("SecurID.process:LOGIN_NEXT_TOKEN:token length = " + nextToken.length());
}
try {
if (!nextToken.equals(new String(nextToken.getBytes("ASCII"), "ASCII"))) {
setFailureID(username);
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NT:close err = " + aax.getMessage());
}
session = null;
}
debug.error("SecurID.process:LOGIN_NEXT_TOKEN:" + "nextToken not ascii");
throw new AuthLoginException(bundleName, "SecurIDNextTokenNotASCII", null);
}
} catch (UnsupportedEncodingException ueex) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NT2:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
debug.error("SecurID.process:LOGIN_NEXT_TOKEN:" + "nextToken input encoding");
throw new AuthLoginException(bundleName, "SecurIDInputEncodingException", null);
}
try {
authStatus = session.next(nextToken);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LOGIN_NEXT_TOKEN:" + "next returns " + authStatus);
}
} catch (AuthAgentException aaex) {
debug.error("SecurID.process:LOGIN_NEXT_TOKEN:next() exception:" + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NT3:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInvNextToken", null);
}
if (authStatus == AuthSession.ACCESS_OK) {
// succeed
userTokenId = username;
rtnval = ISAuthConstants.LOGIN_SUCCEED;
} else {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NT4:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LOGIN_NEXT_TOKEN:" + "nextToken failure");
}
throw new AuthLoginException(bundleName, "SecurIDInvNextToken", null);
}
}
break;
case // sys genned PIN answer(4)
ISAuthConstants.LOGIN_SYS_GEN_PIN:
{
debug.message("SecurID.process:LOGIN_SYS_GEN_PIN");
// server asked if sys-genned PIN wanted, user said...
String answer = ((NameCallback) callbacks[0]).getName();
if (debug.messageEnabled()) {
debug.message("SecurID.process:received answer(state 4) = " + answer);
}
// must have something
boolean sysgenpin = false;
if (answer == null || answer.length() == 0) {
// make it system generated
sysgenpin = true;
if (debug.messageEnabled()) {
debug.message("SecurID.process:made answer(state 4) = " + sysgenpin);
}
} else if (answer.startsWith("y") || answer.startsWith("Y")) {
sysgenpin = true;
}
if (sysgenpin) {
debug.message("SecurID.process:LOGIN_SYS_GEN_PIN:" + "about to getSystemPin");
try {
pinData = session.getPinData();
newPin = pinData.getSystemPin();
authStatus = session.pin(newPin);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LSGP:" + "newPin:pin() response = " + authStatus);
}
setDynamicText(true, ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN, bundle.getString("SecurIDWaitPin") + bundle.getString("SecurIDNewSysPin") + newPin);
userTokenId = username;
rtnval = ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN;
} catch (AuthAgentException aaex) {
// probably have to terminate the session
debug.error("SecurID.process:LSGP:getSystemPin/pin error = " + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:SGP:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
rtnval = ISAuthConstants.LOGIN_START;
}
throw new AuthLoginException(bundleName, "SecurIDAuthInvNewPin", null);
}
} else {
// user-generated PIN
try {
String msg = getNewPinMsg(session.getPinData());
if (debug.messageEnabled()) {
debug.message("SecurID.process:LOGIN_SYS_GEN_PIN:" + "about to get user-genned PIN, prompt = \n\t" + msg);
}
setDynamicText(true, ISAuthConstants.LOGIN_CHALLENGE, msg);
rtnval = ISAuthConstants.LOGIN_CHALLENGE;
} catch (AuthAgentException aaex) {
// probably have to terminate the session
debug.error("SecurID.process:" + "session.getPinData exception: " + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:UGP:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDAuthInvNewPin", null);
}
}
}
break;
case // 5
ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN:
{
if (debug.messageEnabled()) {
debug.message("LOGIN_NEW_PIN_NEXT_TOKEN:username = " + username);
}
if (username == null || username.length() == 0) {
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDPrevUserid", null);
}
// only one callback... the new pin + token
nextToken = charToString(((PasswordCallback) callbacks[0]).getPassword(), callbacks[0]);
/*
* if nothing provided,
* send a null string, and let the ACE/Server handle it.
*/
if (nextToken == null) {
// might not pass ASCII test below
nextToken = "";
}
try {
if (!nextToken.equals(new String(nextToken.getBytes("ASCII"), "ASCII"))) {
setFailureID(username);
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPT:close err = " + aax.getMessage());
}
session = null;
}
throw new AuthLoginException(bundleName, "SecurIDNextTokenNotASCII", null);
}
} catch (UnsupportedEncodingException ueex) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPT2:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInputEncodingException", null);
}
debug.message("SecurID.process:LNPNT:doing session.check");
authStatus = AuthSession.ACCESS_DENIED;
try {
authStatus = session.lock(username);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:lock returns " + authStatus);
}
authStatus = session.check(username, nextToken);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:next returns " + authStatus);
}
} catch (AuthAgentException aaex) {
debug.error("SecurID.process:LNPNT:next() gets exception:" + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPT3:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:ACCESS_OK = " + AuthSession.ACCESS_OK + ", authStatus = " + authStatus);
}
if (authStatus == AuthSession.ACCESS_OK) {
// succeed
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:next() =" + " LOGIN_SUCCEED, username = " + username);
}
userTokenId = username;
rtnval = ISAuthConstants.LOGIN_SUCCEED;
} else {
// login failed
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:next() " + "gets NOT Succeed = " + authStatus);
}
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPT4:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
}
break;
default:
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:DEF:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDAuth", null);
}
if (debug.messageEnabled()) {
debug.message("process; after process:" + "\n\tstate = " + state + "\n\tuserTokenId = " + userTokenId + "\n\tusername = " + username + "\n\trtnval = " + rtnval);
}
if (rtnval == ISAuthConstants.LOGIN_SUCCEED) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LOGIN_SUCCEED:close err = " + aax.getMessage());
}
session = null;
}
}
return (rtnval);
}
Also used :
PinData(com.rsa.authagent.authapi.PinData)
AuthAgentException(com.rsa.authagent.authapi.AuthAgentException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Aggregations
AuthAgentException (com.rsa.authagent.authapi.AuthAgentException)1
PinData (com.rsa.authagent.authapi.PinData)1
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)1
