package org.signserver.validationservice.server; import org.signserver.common.*; import org.signserver.ejb.interfaces.IWorkerSession; import org.signserver.server.WorkerContext; import org.signserver.server.signers.BaseSigner; import javax.persistence.EntityManager; import org.signserver.server.archive.Archivable; import org.signserver.server.archive.DefaultArchivable; import java.io.*; import java.util.*; import java.security.NoSuchAlgorithmException; import java.security.InvalidKeyException; import javax.xml.bind.DatatypeConverter; import java.util.LinkedList; import java.util.List; import org.apache.log4j.Logger; import org.signserver.server.BaseProcessable; import org.signserver.validationservice.common.ValidateRequest; import org.signserver.validationservice.common.ValidationServiceConstants; import java.text.SimpleDateFormat; import org.signserver.common.util.*; //import org.signserver.validationservice.server.DecodingException; public class OATHResponse extends BaseProcessable { private IValidationService validationService; private List fatalErrors; private static final Logger LOG = Logger.getLogger(OATHResponse.class); private static final String CONTENT_TYPE = "text/xml"; private static String WORKERNAME = "OATHResponse"; private int ResponseCode = Defines.CODE_OTP_STATUS_FAIL; private String ResponseMessage = Defines.OTP_STATUS_FAIL; @Override public void init(int workerId, WorkerConfig config, WorkerContext workerContext, EntityManager workerEM) { // TODO Auto-generated method stub super.init(workerId, config, workerContext, workerEM); fatalErrors = new LinkedList(); try { validationService = createValidationService(config); } catch (SignServerException e) { final String error = "Could not get crypto token: " + e.getMessage(); LOG.error(error); fatalErrors.add(error); } } /** * Creating a Validation Service depending on the TYPE setting * @param config configuration containing the validation service to create * @return a non initialized group key service. */ private IValidationService createValidationService(WorkerConfig config) throws SignServerException { String classPath = config.getProperties().getProperty(ValidationServiceConstants.VALIDATIONSERVICE_TYPE, ValidationServiceConstants.DEFAULT_TYPE); IValidationService retval = null; String error = null; try { if (classPath != null) { Class implClass = Class.forName(classPath); retval = (IValidationService) implClass.newInstance(); retval.init(workerId, config, em, getCryptoToken()); } } catch (ClassNotFoundException e) { error = "Error instatiating Validation Service, check that the TYPE setting of workerid : " + workerId + " have the correct class path."; LOG.error(error, e); } catch (IllegalAccessException e) { error = "Error instatiating Validation Service, check that the TYPE setting of workerid : " + workerId + " have the correct class path."; LOG.error(error, e); } catch (InstantiationException e) { error = "Error instatiating Validation Service, check that the TYPE setting of workerid : " + workerId + " have the correct class path."; LOG.error(error, e); } if (error != null) { fatalErrors.add(error); } return retval; } @Override public ProcessResponse processData(ProcessRequest signRequest, RequestContext requestContext) throws IllegalRequestException, CryptoTokenOfflineException, SignServerException { // TODO Auto-generated method stub ProcessResponse signResponse; final String channelName = RequestMetadata.getInstance(requestContext).get(Defines._CHANNEL); final String user = RequestMetadata.getInstance(requestContext).get(Defines._USER); final String billCode = RequestMetadata.getInstance(requestContext).get(Defines._BILLCODE); final String otp = RequestMetadata.getInstance(requestContext).get(Defines._OTP); final ISignRequest sReq = (ISignRequest) signRequest; String s = "OK"; final String archiveId = createArchiveId(s.getBytes(), (String) requestContext.get(RequestContext.TRANSACTION_ID)); // check license for OATHResponse LOG.info("Checking license for OATHResponse."); License licInfo = License.getInstance(); if(licInfo.getStatusCode() != 0) { return new GenericSignResponse(sReq.getRequestID(), archiveId, Defines.CODE_INFO_LICENSE, licInfo.getStatusDescription()); } else { if(!licInfo.checkWorker("OATHValidator")) { return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_INFO_LICENSE_NOTSUPPORT, Defines.ERROR_INFO_LICENSE_NOTSUPPORT); } } if(!ExtFunc.isNumeric(otp)) { LOG.info("Non Numeric OTP"); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_OTP_STATUS_FAIL, Defines.OTP_STATUS_FAIL); } int transId = ExtFunc.getTransId(billCode); String [] otpTransaction = DBConnector.getInstances().authGetAsyncTransaction(transId); if(otpTransaction == null) { LOG.info("No billcode found for otp authentication "+billCode); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_INVALIDTRANSACSTATUS, Defines.ERROR_INVALIDTRANSACSTATUS); } if(billCode.compareTo(otpTransaction[5]) != 0) { LOG.info("Invalid OTP BillCode"); DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_INVALIDTRANSACSTATUS, Defines.ERROR_INVALIDTRANSACSTATUS); } if(user.compareTo(otpTransaction[15]) != 0) { DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_INVALIDTRANSACSTATUS, Defines.ERROR_INVALIDTRANSACSTATUS); } try { if(otpTransaction[4].compareTo(Defines.OTP_STATUS_SUCC) == 0) { DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_OTP_STATUS_EXPI, Defines.OTP_STATUS_EXPI); } else if(otpTransaction[4].compareTo(Defines.OTP_STATUS_WAIT) == 0) { try { Date dateVerify = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.S").parse(otpTransaction[1]); Date dateNow = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss.S").parse(otpTransaction[3]); if(dateVerify.compareTo(dateNow) < 0) { DBConnector.getInstances().authSetOTPTransactionStatus(transId, Defines.OTP_STATUS_TIME); DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_OTP_STATUS_TIME, Defines.OTP_STATUS_TIME); } if(otp.compareTo(otpTransaction[2]) == 0) { if(otp.equals(otpTransaction[2])) { DBConnector.getInstances().authSetOTPTransactionStatus(transId, Defines.OTP_STATUS_SUCC); DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_SUCCESS, Defines.SUCCESS); } else { DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_OTP_STATUS_FAIL, Defines.OTP_STATUS_FAIL); } } else { DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_OTP_STATUS_FAIL, Defines.OTP_STATUS_FAIL); } } catch(Exception e) { LOG.error("ServerException. Details: "+e.getMessage()); e.printStackTrace(); DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_OTP_STATUS_FAIL, Defines.OTP_STATUS_FAIL); } } else { DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_OTP_STATUS_TIME, Defines.OTP_STATUS_TIME); } //LOG.info("TOMICA: SERVER DATA ---"+otpTransaction[4]+" OTP: "+otpTransaction[2]+" USER: "+user+" OTP: "+otp // +" RESPCODE: "+ResponseCode+" RESPMESS: "+ResponseMessage); } catch(Exception e) { LOG.error("ServerException. Details: "+e.getMessage()); e.printStackTrace(); DBConnector.getInstances().authResetOTPTransaction(transId); return new GenericSignResponse(sReq.getRequestID(), archiveId , Defines.CODE_INTERNALSYSTEM, Defines.ERROR_INTERNALSYSTEM); } } /** * @see org.signserver.server.BaseProcessable#getStatus() */ @Override public WorkerStatus getStatus(final List additionalFatalErrors) { return validationService.getStatus(); } @Override protected List getFatalErrors() { final List errors = new LinkedList(); errors.addAll(super.getFatalErrors()); errors.addAll(fatalErrors); return errors; } }