All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.untzuntz.ustack.aaa.Authentication Maven / Gradle / Ivy

package com.untzuntz.ustack.aaa;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.List;
import java.util.Vector;
import java.util.regex.Pattern;

import org.apache.log4j.Logger;
import org.jasypt.util.password.StrongPasswordEncryptor;

import com.untzuntz.ustack.data.APIClient;
import com.untzuntz.ustack.data.UDataCache;
import com.untzuntz.ustack.data.UserAccount;
import com.untzuntz.ustack.data.accting.CreditAccount;
import com.untzuntz.ustack.exceptions.AuthExceptionUserDisabled;
import com.untzuntz.ustack.exceptions.AuthExceptionUserLocked;
import com.untzuntz.ustack.exceptions.AuthExceptionUserPasswordMismatch;
import com.untzuntz.ustack.exceptions.AuthenticationException;
import com.untzuntz.ustack.main.Msg;
import com.untzuntz.ustack.main.UAppCfg;
import com.untzuntz.ustack.main.UOpts;
import com.untzuntz.ustack.uisupport.UEntryError;

/**
 * Autenticate user
 * 
 * @author jdanner
 *
 */
public class Authentication {

	private static Logger logger = Logger.getLogger(Authentication.class);

	/** Verifies the password length and content */
	public static List verifyPasswordRequirements(String password1, String password2)
	{
		List ret = new Vector();
		
		if (!password1.equals(password2))
			ret.add(UEntryError.getInstance("Password", Msg.getString("EntryError-PasswordMismatch")));

		if (password1.length() < 6)
			ret.add(UEntryError.getInstance("Password", Msg.getString("EntryError-PasswordLength", 6)));
		
		int passedCnt = 0;
		if (Pattern.matches(".*[A-Z].*", password1))
			passedCnt++;
		if (Pattern.matches(".*[a-z].*", password1))
			passedCnt++;
		if (Pattern.matches(".*[0-9].*", password1))
			passedCnt++;
		if (Pattern.matches(".*[^a-zA-Z0-9_].*", password1))
			passedCnt++;
		
		if (passedCnt < 3)
			ret.add(UEntryError.getInstance("Password", Msg.getString("EntryError-PasswordAdvanced")));
		
		return ret;
	}
	
	public static void authenticatePIN(CreditAccount ca, String pin) throws AuthenticationException
	{
		if (pin == null)
			throw new AuthExceptionUserPasswordMismatch();
			
		if (ca == null)
			throw new AuthExceptionUserPasswordMismatch();

		if (ca.isDisabled()) // check for disabled account
			throw new AuthExceptionUserDisabled();
		
		if (ca.isLocked()) // check for locked account
			throw new AuthExceptionUserLocked();

		if (!pin.equalsIgnoreCase(ca.getString("pin")))
		{
			ca.increasePINErrorCount();
			throw new AuthExceptionUserPasswordMismatch();
		}
	}

	public static void checkAccountBasics(UserAccount user) throws AuthenticationException
	{
		if (user == null) // user doesn't exist
			throw new AuthExceptionUserPasswordMismatch();
		
		if (user.isDisabled()) // check for disabled account
			throw new AuthExceptionUserDisabled();
		
		if (user.isLocked()) // check for locked account
			throw new AuthExceptionUserLocked();
		
		// note: we don't check for password expiration - your app should (user.isPasswordExpired())
	}
	
	public static void authenticateAPI(String clientId, String apiKey) throws AuthenticationException
	{
		String cacheKey = "api" + clientId + apiKey.replace("-", "");
		if (UDataCache.getInstance() != null && UDataCache.getInstance().get(cacheKey) != null)
			return;
		
		APIClient acct = APIClient.getAPIClient(clientId);
		
		if (acct == null) // acct doesn't exist
			throw new AuthExceptionUserPasswordMismatch();
		
		if (acct.isDisabled()) // check for disabled account
			throw new AuthExceptionUserDisabled();
		
		if (acct.isLocked()) // check for locked account
			throw new AuthExceptionUserLocked();

		if (!acct.checkAPIKey(apiKey))
			throw new AuthExceptionUserPasswordMismatch();
			
		if (UDataCache.getInstance() != null)
			UDataCache.getInstance().set(cacheKey, 1800, "t");
	}
	
	public static UserAccount authenticateUserHash(String userName, String password) throws AuthenticationException
	{
		UserAccount user = null;
		try {
			if (password == null || password.length() < UOpts.getInt(UAppCfg.PASSWORD_MIN_LENGTH)) // verify a reasonably valid password is provided, otherwise skip it
				throw new AuthExceptionUserPasswordMismatch();
			
			user = UserAccount.getUser(userName);
			checkAccountBasics(user);
			
			if (!password.equals(user.getString("password")))
			{
				logger.info("USER ACCT PASS: [ " + user.getString("password") + "]");
				logger.info(" PROVIDED PASS: [ " + password + "]");
				
				user.increasePasswordErrorCount();
				throw new AuthExceptionUserPasswordMismatch();
			}
			
			// mark user as logged in (this also saves the user object)
			user.loggedIn();
			
		} catch (AuthenticationException ae) {
			logger.warn("Hashed Authentication FAILED: [" + userName + "/**********(Len:" + (password == null ? "null" : password.length()) + ")]");
			throw ae;
		}
		
		logger.info("Hashed Authentication Success: [" + userName + "/**********(Len:" + (password == null ? "null" : password.length()) + ")]");
		
		return user;
	}
	
	/**
	 * Authenticate the user and password
	 * 
	 * @param userName
	 * @param password
	 * @return
	 * @throws AuthenticationException
	 */
	public static UserAccount authenticateUser(String userName, String password) throws AuthenticationException
	{
		// TODO: Do some additional testing and implement this
//		String userCacheKey = "userAcct" + userName + password;
//		if (UDataCache.getInstance() != null)
//		{
//			UserAccount user = (UserAccount)UDataCache.getInstance().get(userCacheKey);
//			if (user != null)
//				return user;
//		}
		
		UserAccount user = null;
		try {
			if (password == null || password.length() < UOpts.getInt(UAppCfg.PASSWORD_MIN_LENGTH)) // verify a reasonably valid password is provided, otherwise skip it
				throw new AuthExceptionUserPasswordMismatch();

			user = UserAccount.getUser(userName);
			checkAccountBasics(user);
			
			String cacheKey = "userAuth" + userName + password;
			if (UDataCache.getInstance() == null || !"t".equals((String)UDataCache.getInstance().get(cacheKey)))
			{
				// verify password
				StrongPasswordEncryptor encryptor = new StrongPasswordEncryptor();
				if (!encryptor.checkPassword(user.getString("salt") + password, user.getString("password")))
				{
					user.increasePasswordErrorCount();
					throw new AuthExceptionUserPasswordMismatch();
				}
				
				if (UDataCache.getInstance() != null)
					UDataCache.getInstance().set(cacheKey, 600, "t");
			}

			// mark user as logged in (this also saves the user object)
			user.loggedIn();
			
		} catch (AuthenticationException ae) {
			logger.warn("Authentication FAILED: [" + userName + "/**********(Len:" + (password == null ? "null" : password.length()) + ")]");
			throw ae;
		}
		
		logger.info("Authentication Success: [" + userName + "/**********(Len:" + (password == null ? "null" : password.length()) + ")]");

		// TODO: Do some additional testing and implement this
		//if (UDataCache.getInstance() != null)
		//	UDataCache.getInstance().set(userCacheKey, 600, user);

		return user;
	}

	/** Note: a few hard to distinguish characters are removed - e.g. 0 and O */
	final static char[] printableAscii = new char[]{'!', '$', '*', '?',
            '1', '2', '3', '4', '5', '6', '7', '8', '9',
            'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
            'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z'};

	/**
	 * Generates a random password of 6 characters
	 * 
	 * @return
	 * @throws NoSuchAlgorithmException
	 */
	public static String generatePassword() throws NoSuchAlgorithmException
	{
		return generatePassword(6);
	}
	
	/**
	 * Generates a random password
	 * 
	 * @return
	 * @throws NoSuchAlgorithmException 
	 */
	public static String generatePassword(int len) throws NoSuchAlgorithmException
	{
		SecureRandom wheel = SecureRandom.getInstance("SHA1PRNG");

		StringBuffer buf = new StringBuffer();
		
		while (buf.length() < len)
		{
			int nextInt = wheel.nextInt(printableAscii.length);
			buf.append(printableAscii[nextInt]);
		}
		
		return buf.toString();
	}
	
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy