@Override public Object getEnteredCredential() { return getQuestionAnswerMap(); }
@Override protected CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicy, SecurityQuestionsAuthenticationContext authnCtx) throws SchemaException { SecurityQuestionsCredentialsPolicyType policy = authnCtx.getPolicy(); if (policy == null){ policy = SecurityUtil.getEffectiveSecurityQuestionsCredentialsPolicy(securityPolicy); } authnCtx.setPolicy(policy); return policy; }
@Override protected void checkEnteredCredentials(ConnectionEnvironment connEnv, SecurityQuestionsAuthenticationContext authCtx) { if (MapUtils.isEmpty(authCtx.getQuestionAnswerMap())) { recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided"); throw new BadCredentialsException("web.security.provider.password.encoding"); } Map<String, String> enteredQuestionAnswer = authCtx.getQuestionAnswerMap(); boolean allBlank = false; for (String enteredAnswers : enteredQuestionAnswer.values()) { if (StringUtils.isBlank(enteredAnswers)){ allBlank = true; } } if (allBlank) { recordAuthenticationFailure(authCtx.getUsername(), connEnv, "empty password provided"); throw new BadCredentialsException("web.security.provider.password.encoding"); } }
@Override protected boolean passwordMatches(ConnectionEnvironment connEnv, MidPointPrincipal principal, SecurityQuestionsCredentialsType passwordType, SecurityQuestionsAuthenticationContext authCtx) { SecurityQuestionsCredentialsPolicyType policy = authCtx.getPolicy(); Integer iNumberOfQuestions = policy.getQuestionNumber(); int numberOfQuestions = 0; if (iNumberOfQuestions != null){ numberOfQuestions = iNumberOfQuestions.intValue(); } Map<String, String> enteredQuestionsAnswers = authCtx.getQuestionAnswerMap(); if (numberOfQuestions > enteredQuestionsAnswers.size()){ return false; } List<SecurityQuestionAnswerType> quetionsAnswers = passwordType.getQuestionAnswer(); int matched = 0; for (SecurityQuestionAnswerType questionAnswer : quetionsAnswers){ String enteredAnswer = enteredQuestionsAnswers.get(questionAnswer.getQuestionIdentifier()); if (StringUtils.isNotBlank(enteredAnswer)) { if (decryptAndMatch(connEnv, principal, questionAnswer.getQuestionAnswer(), enteredAnswer)) { matched++; } } } return matched > 0 && matched >= numberOfQuestions; }
@Override public SecurityQuestionsAuthenticationContext getAuthenticationContext(String username, Map<String, String> value) { return new SecurityQuestionsAuthenticationContext(username, value); }
questionAnswers.put(questionId, questionAnswer); return new SecurityQuestionsAuthenticationContext(userName, questionAnswers);