📄 otpauthenticator.java
字号:
/* $Id: OTPAuthenticator.java,v 1.1 2001/01/02 16:19:27 wastl Exp $ */
import net.wastl.webmail.server.*;
import net.wastl.webmail.exceptions.*;
import net.wastl.webmail.config.ConfigScheme;
import org.webengruven.javaOTP.*;
import org.webengruven.webmail.auth.*;
import java.util.*;
import java.security.NoSuchAlgorithmException;
/**
* OTPAuthenticator.java -- this class is an Authenticator for
* Webmail/Java that uses One Time Passwords for authentication. Using the
* new challenge/response authentication framework, this class will provide
* authentication based on RFC1938 one time passes.
*
* @author Devin Kowatch
* @version $Revision: 1.1 $
*
* Copyright (C) 2000 Devin Kowatch
*/
/* This program is free software; you can redistribute it and/or
* modify it under the terms of the Lesser GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* Lesser GNU General Public License for more details.
*
* You should have received a copy of the Lesser GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
* USA.
*/
public class OTPAuthenticator extends OTPAuthenticatorIface {
/** The version of OTPAuthenticator */
public final String VERSION = "1.2";
/** The default starting sequence for an OTP */
public final int START_SEQ = 499;
/** The default hash algorithm for an OTP */
public final String DFLT_HASH = "MD5";
private final int CACHE_ACTIVE_ST = 0x01;
private final int CACHE_NEW_ST = 0x02;
/** Default Constructor */
public OTPAuthenticator() {
super();
key = "OTP";
cache = new Hashtable();
}
/** Get the AuthDisplayMngr for this class */
public AuthDisplayMngr getAuthDisplayMngr() {
if (disp_mngr == null) {
disp_mngr = new OTPAuthDisplayMngr(this);
}
return disp_mngr;
}
/** Get this class' version
* @return A version string for this class
*/
public String getVersion() {
return VERSION;
}
/**
* (Re-)Initilize this authenticator.
*/
public void init(Storage store) {
}
/** Register this authenticator with the system.
*/
public void register(ConfigScheme store) {
store.configAddChoice("AUTH", key, "Simple OTP Authentication. The"
+ " server admin must create the account,"
+ " users can change passwords");
}
/**
* Get a new challenge for changing the password. This will be
* displayed on the screen when the user tries to change their
* password.
* @param udata The users data, this may be needed when re-keying the
* password.
*/
public String getNewChallenge(UserData udata) throws WebMailException {
OTPState [] states = new OTPState[2];
OTPState st, new_st;
String chal = null;
Random rand = new Random();
OTPServer server = null;
String pData = null;
boolean newAccount = false;
getFromCache(udata.getLogin(), CACHE_ACTIVE_ST | CACHE_NEW_ST, states);
// for convience
st = states[0];
new_st = states[1];
if (st == null) {
// Not in the cache, lets see if they have logged in before
pData = udata.getPasswordData();
if (pData != null && pData.length() > 0) {
st = new OTPState(pData);
}
else {
// later code expects st to be set
st = new OTPState("","","",DFLT_HASH);
newAccount = true;
}
}
try {
// setup the new seed and seq.
if (new_st == null) {
// Get a random value between (0, 10000], and pad to 4 chars.
int randVal = rand.nextInt() % 9999;
StringBuffer newSeed = new StringBuffer(10);
newSeed.append(udata.getDomain().substring(0, 2));
if (randVal < 0) randVal = -randVal;
if (randVal > 999) { // 4 digits already, no pad
}
else if (randVal > 99) { // 3 digits only, pad 1
newSeed.append("0");
}
else if (randVal > 9) { // 2 digits only, pad 2
newSeed.append("00");
}
else { // 1 digit only, pad 3
newSeed.append("000");
}
newSeed.append(String.valueOf(randVal));
new_st = new OTPState(st);
new_st.seed = newSeed.toString();
new_st.sequence = String.valueOf(START_SEQ);
}
// if this is a new account don't use an instance of OTPServer
if (newAccount) {
chal=OTPServer.getNewChallenge(new_st.seed,START_SEQ,DFLT_HASH);
}
else {
server = new OTPServer(st);
chal = server.getNewChallenge(new_st.seed, START_SEQ);
}
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
throw new WebMailException("bad hash algorithm for new OTP.");
}
// for new accounts, st is a dummy. As such it should not be
// stored in the cache where it will cause problems by being used
if (newAccount) {
st = null;
}
// keep track of the new OTPState for changePassword()
putIntoCache(udata.getLogin(), st, new_st);
return chal;
}
/** Authenticate the user. */
public void authenticatePostUserData(UserData ud,String dom,String pass)
throws InvalidPasswordException
{
String login = ud.getLogin();
OTPCacheNode n = (OTPCacheNode)cache.get(login);
OTPState st;
OTPServer server;
String pData;
try {
st = getFromCache(login, CACHE_ACTIVE_ST);
if (st == null) {
pData = ud.getPasswordData();
if (pData == null || pData.length() == 0) {
throw new InvalidPasswordException("no password data");
}
st = new OTPState(pData);
}
server = new OTPServer(st);
if (! server.checkOTP(pass))
throw new InvalidPasswordException("bad password");
/* Update the password data so next time we need a new pass */
st = server.getState();
ud.setPasswordData(st.getInfoString());
}
catch (OTPFormatException e) {
throw new InvalidPasswordException("bad OTP format");
}
catch (NoSuchAlgorithmException e) {
throw new InvalidPasswordException("bad hash");
}
/*
catch (Exception e) {
throw new InvalidPasswordException("WTF?!?!?");
}
*/
// Done with n.active_st
removeFromCache(login, CACHE_ACTIVE_ST);
}
/** Change the OTP Stream */
public void changePassword(UserData ud, String newpass, String vrfy)
throws InvalidPasswordException
{
String login = ud.getLogin();
OTPState st = null;
OTPServer server = null;
String pData = null;;
st = getFromCache(login, CACHE_NEW_ST);
if (st == null)
throw new InvalidPasswordException(
"Don't know what challenge the new password is for.");
if (! newpass.equalsIgnoreCase(vrfy))
throw new InvalidPasswordException(
"the password and verify don't match");
st.otp = newpass;
try {
pData = ud.getPasswordData();
if (pData != null && pData.length() > 0) {
// Get the old OTP first, so that we can compare.
server = new OTPServer(new OTPState(pData) );
if (! server.reinitOTP(st, true))
throw new InvalidPasswordException(
"The new OTP stream is the same as the old one.");
}
else {
// We need to verify the format of the OTP
server = new OTPServer(st);
}
}
catch (OTPFormatException e) {
throw new InvalidPasswordException("bad format in OTP");
}
catch (NoSuchAlgorithmException e) {
throw new InvalidPasswordException("Bad hash name");
}
// We do this, so that the Hex rep. is stored.
ud.setPasswordData(server.getState().getInfoString());
// remove this from the cache. (kill both so that the active state
// is not stale
removeFromCache(login, CACHE_NEW_ST | CACHE_ACTIVE_ST);
}
/** Get the challenge for this authentication. This will get passed some
* user data and should return the approriate challenge string for that
* user.
*/
public String getChallenge(UserData ud) throws WebMailException {
OTPServer server;
OTPState st = null;
String login = ud.getLogin();
String chal = null;
String pData = null;
st = getFromCache(login, CACHE_ACTIVE_ST);
if (st == null) {
pData = ud.getPasswordData();
if (pData == null || pData.length() == 0) {
// No password data has been set.
throw new WebMailException("No password data available");
}
st = new OTPState(pData);
}
try {
server = new OTPServer(st);
chal = server.getChallenge();
}
catch (OTPFormatException e) {
e.printStackTrace();
// this should never happen.
}
catch (NoSuchAlgorithmException e) {
e.printStackTrace();
// this either
}
// final sanity check
if (chal == null) {
throw new WebMailException("failed to get the next challenge");
}
// I'm expecting that we will be using this again soon.
putIntoCache(login, st, null);
return chal;
}
/*----------------------- Private Functions -------------------------*/
private void removeFromCache(String key, int type) {
OTPCacheNode node;
node = (OTPCacheNode)cache.get(key);
if (node == null) {
node = new OTPCacheNode();
}
if ( (type & CACHE_ACTIVE_ST) != 0) {
node.active_st = null;
}
if ( (type & CACHE_NEW_ST) != 0) {
node.new_st = null;
}
if (node.new_st == null && node.active_st == null) {
cache.remove(key);
}
else {
cache.put(key, node);
}
}
private void putIntoCache(String key, OTPState ast, OTPState nst) {
OTPCacheNode node;
node = (OTPCacheNode)cache.get(key);
if (node == null) {
node = new OTPCacheNode(ast, nst);
}
else {
if (ast != null) {
node.active_st = ast;
}
if (nst != null) {
node.new_st = nst;
}
}
cache.put(key, node);
}
private void getFromCache(String key, int type, OTPState []sts) {
OTPCacheNode node;
int i = 0;
node = (OTPCacheNode)cache.get(key);
if (node != null) {
if ( (type & CACHE_ACTIVE_ST) != 0) {
sts[i++] = node.active_st;
}
if ( (type & CACHE_NEW_ST) != 0) {
sts[i] = node.new_st;
}
}
}
private OTPState getFromCache(String key, int type) {
OTPCacheNode node;
OTPState rtn;
node = (OTPCacheNode)cache.get(key);
rtn = null;
if (node != null) {
if ( (type & CACHE_ACTIVE_ST) != 0) {
rtn = node.active_st;
}
else if ( (type & CACHE_NEW_ST) != 0) {
rtn = node.new_st;
}
}
return rtn;
}
private Hashtable cache;
private OTPAuthDisplayMngr disp_mngr;
} // OTPAuthenticator
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -