private List<OTPCredentialStorage> getCredentialStorages(final IdentityContext context, final TOTPCredentials credentials, final CredentialStore<?> store) { List<OTPCredentialStorage> storages = store.retrieveCredentials(context, getAccount(context, credentials.getUsername()), OTPCredentialStorage.class); for (OTPCredentialStorage storage : new ArrayList<OTPCredentialStorage>(storages)) { if (!CredentialUtils.isCurrentCredential(storage) || !isDeviceStorage(credentials.getDevice(), storage)) { storages.remove(storage); } } return storages; }
@Override public void setup(CredentialStore<?> store) { super.setup(store); String algorithm = getConfigurationProperty(store, ALGORITHM, DEFAULT_ALGORITHM); String intervalSeconds = getConfigurationProperty(store, INTERVAL_SECONDS, "" + DEFAULT_INTERVAL_SECONDS); String numberDigits = getConfigurationProperty(store, NUMBER_DIGITS, "" + DEFAULT_NUMBER_DIGITS); String delayWindow = getConfigurationProperty(store, DELAY_WINDOW, "" + DEFAULT_DELAY_WINDOW); this.totp = new TimeBasedOTP(algorithm, Integer.parseInt(numberDigits), Integer.valueOf(intervalSeconds), Integer.valueOf(delayWindow)); }
private boolean isValid(final IdentityContext context, final TOTPCredentials credentials, final CredentialStore<?> store) { for (OTPCredentialStorage storage : getCredentialStorages(context, credentials, store)) { String secretKey = storage.getSecretKey(); String token = credentials.getToken(); if (this.totp.validate(token, secretKey.getBytes())) { return true; } } return false; }
@Override public void validate(final IdentityContext context, final TOTPCredentials credentials, final CredentialStore<?> store) { super.validate(context, credentials, store); if (Status.VALID.equals(credentials.getStatus()) || Status.EXPIRED.equals(credentials.getStatus())) { if (!isValid(context, credentials, store)) { credentials.setStatus(Status.INVALID); credentials.setValidatedAccount(null); } } }
@Override public void update(IdentityContext context, Account account, TOTPCredential credential, CredentialStore<?> store, Date effectiveDate, Date expiryDate) { // if a credential was not provided, updates only the secret. if (credential.getValue() != null && credential.getValue().length > 0) { super.update(context, account, credential, store, effectiveDate, expiryDate); } OTPCredentialStorage storage = new OTPCredentialStorage(); if (effectiveDate != null) { storage.setEffectiveDate(effectiveDate); } storage.setExpiryDate(expiryDate); storage.setSecretKey(credential.getSecret()); storage.setDevice(getDevice(credential.getDevice())); store.storeCredential(context, account, storage); }
@Override public void validate(final IdentityContext context, final TOTPCredentials credentials, final CredentialStore<?> store) { super.validate(context, credentials, store); if (Status.VALID.equals(credentials.getStatus()) || Status.EXPIRED.equals(credentials.getStatus())) { if (!isValid(context, credentials, store)) { credentials.setStatus(Status.INVALID); credentials.setValidatedAccount(null); } } }
@Override public void update(IdentityContext context, Account account, TOTPCredential credential, CredentialStore<?> store, Date effectiveDate, Date expiryDate) { // if a credential was not provided, updates only the secret. if (credential.getValue() != null && credential.getValue().length > 0) { super.update(context, account, credential, store, effectiveDate, expiryDate); } OTPCredentialStorage storage = new OTPCredentialStorage(); if (effectiveDate != null) { storage.setEffectiveDate(effectiveDate); } storage.setExpiryDate(expiryDate); storage.setSecretKey(credential.getSecret()); storage.setDevice(getDevice(credential.getDevice())); store.storeCredential(context, account, storage); }
private List<OTPCredentialStorage> getCredentialStorages(final IdentityContext context, final TOTPCredentials credentials, final CredentialStore<?> store) { List<OTPCredentialStorage> storages = store.retrieveCredentials(context, getAccount(context, credentials.getUsername()), OTPCredentialStorage.class); for (OTPCredentialStorage storage : new ArrayList<OTPCredentialStorage>(storages)) { if (!CredentialUtils.isCurrentCredential(storage) || !isDeviceStorage(credentials.getDevice(), storage)) { storages.remove(storage); } } return storages; }
private boolean isValid(final IdentityContext context, final TOTPCredentials credentials, final CredentialStore<?> store) { for (OTPCredentialStorage storage : getCredentialStorages(context, credentials, store)) { String secretKey = storage.getSecretKey(); String token = credentials.getToken(); if (this.totp.validate(token, secretKey.getBytes())) { return true; } } return false; }
@Override public void setup(CredentialStore<?> store) { super.setup(store); String algorithm = getConfigurationProperty(store, ALGORITHM, DEFAULT_ALGORITHM); String intervalSeconds = getConfigurationProperty(store, INTERVAL_SECONDS, "" + DEFAULT_INTERVAL_SECONDS); String numberDigits = getConfigurationProperty(store, NUMBER_DIGITS, "" + DEFAULT_NUMBER_DIGITS); String delayWindow = getConfigurationProperty(store, DELAY_WINDOW, "" + DEFAULT_DELAY_WINDOW); this.totp = new TimeBasedOTP(algorithm, Integer.parseInt(numberDigits), Integer.valueOf(intervalSeconds), Integer.valueOf(delayWindow)); }