diff options
4 files changed, 295 insertions, 202 deletions
diff --git a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java index c4b485c45..8783e48ef 100644 --- a/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java +++ b/base/tps/src/org/dogtagpki/server/tps/engine/TPSEngine.java @@ -181,7 +181,7 @@ public class TPSEngine { public static final Object RECOVERY_RECOVER_LAST = "RecoverLast"; public static final String CFG_OVERWRITE = "overwrite"; - public static final String PIN_RESET_OP = "pin_reset"; + public static final String PIN_RESET_OP = "pinReset"; public static final String ENROLL_MODE_ENROLLMENT = ENROLL_OP; public static final String ENROLL_MODE_RECOVERY = RECOVERY_OP; public static final String ERNOLL_MODE_RENEWAL = RENEWAL_OP; diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java index 1cb869079..dde24e496 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSEnrollProcessor.java @@ -19,7 +19,6 @@ import netscape.security.x509.X509CertImpl; import org.dogtagpki.server.tps.TPSSession; import org.dogtagpki.server.tps.TPSSubsystem; import org.dogtagpki.server.tps.TPSTokenPolicy; -import org.dogtagpki.server.tps.authentication.TPSAuthenticator; import org.dogtagpki.server.tps.channel.SecureChannel; import org.dogtagpki.server.tps.channel.SecureChannel.TokenKeyType; import org.dogtagpki.server.tps.cms.CAEnrollCertResponse; @@ -36,7 +35,6 @@ import org.dogtagpki.server.tps.engine.TPSEngine; import org.dogtagpki.server.tps.engine.TPSEngine.ENROLL_MODES; import org.dogtagpki.server.tps.main.ObjectSpec; import org.dogtagpki.server.tps.main.PKCS11Obj; -import org.dogtagpki.tps.apdu.ExternalAuthenticateAPDU.SecurityLevel; import org.dogtagpki.tps.main.TPSBuffer; import org.dogtagpki.tps.main.TPSException; import org.dogtagpki.tps.main.Util; @@ -50,8 +48,6 @@ import org.mozilla.jss.pkcs11.PK11RSAPublicKey; import org.mozilla.jss.pkix.primitive.SubjectPublicKeyInfo; import com.netscape.certsrv.apps.CMS; -import com.netscape.certsrv.authentication.IAuthCredentials; -import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.EPropertyNotFound; import com.netscape.certsrv.base.IConfigStore; @@ -397,198 +393,6 @@ public class TPSEnrollProcessor extends TPSProcessor { } - private void checkAndAuthenticateUser(AppletInfo appletInfo, String tokenType) throws TPSException { - IAuthCredentials userCred; - IAuthToken authToken; - TokenRecord tokenRecord = getTokenRecord(); - if (!isExternalReg) { - // authenticate per profile/tokenType configuration - String configName = TPSEngine.OP_ENROLL_PREFIX + "." + tokenType + ".auth.enable"; - IConfigStore configStore = CMS.getConfigStore(); - - TPSSubsystem tps = - (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); - //TPSSession session = getSession(); - boolean isAuthRequired; - try { - CMS.debug("TPSEnrollProcessor.checkAndAuthenticateUser: getting config: " + configName); - isAuthRequired = configStore.getBoolean(configName, true); - } catch (EBaseException e) { - CMS.debug("TPSEnrollProcessor.checkAndAuthenticateUser: Internal Error obtaining mandatory config values. Error: " - + e); - throw new TPSException("TPS error getting config values from config store.", - TPSStatus.STATUS_ERROR_MISCONFIGURATION); - } - if (isAuthRequired) { - try { - TPSAuthenticator userAuth = - getAuthentication(TPSEngine.OP_ENROLL_PREFIX, tokenType); - userCred = requestUserId(TPSEngine.ENROLL_OP, appletInfo.getCUIDhexString(), userAuth, - beginMsg.getExtensions()); - userid = (String) userCred.get(userAuth.getAuthCredName()); - CMS.debug("TPSEnrollProcessor.checkAndAuthenticateUser: userCred (attempted) userid=" + userid); - // initialize userid first for logging purposes in case authentication fails - tokenRecord.setUserID(userid); - authToken = authenticateUser(TPSEngine.ENROLL_OP, userAuth, userCred); - userid = authToken.getInString("userid"); - tokenRecord.setUserID(userid); - CMS.debug("TPSEnrollProcessor.checkAndAuthenticateUser: auth passed: userid: " - + authToken.get("userid")); - - } catch (Exception e) { - // all exceptions are considered login failure - CMS.debug("TPSEnrollProcessor.checkAndAuthenticateUser:: authentication exception thrown: " + e); - String msg = "TPS error user authentication failed:" + e; - tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), msg, - "failure"); - - throw new TPSException(msg, - TPSStatus.STATUS_ERROR_LOGIN); - } - } else { - throw new TPSException( - "TPSEnrollProcessor.checkAndAuthenticateUser: TPS enrollment must have authentication enabled.", - TPSStatus.STATUS_ERROR_LOGIN); - - } - - } - } - - private void checkAndHandlePinReset(SecureChannel channel) throws TPSException, IOException { - - CMS.debug("TPSEnrollProcessor.checkAndHandlePinReset entering..."); - - if (channel == null) { - throw new TPSException("TPSEnrollProcessor.checkAndHandlePinReset: invalid input data!", - TPSStatus.STATUS_ERROR_TOKEN_RESET_PIN_FAILED); - } - - IConfigStore configStore = CMS.getConfigStore(); - - String pinResetEnableConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." - + TPSEngine.CFG_PIN_RESET_ENABLE; - - CMS.debug("TPSEnrollProcessor.checkAndHandlePinReset config to check: " + pinResetEnableConfig); - - String minLenConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." - + TPSEngine.CFG_PIN_RESET_MIN_LEN; - - CMS.debug("TPSEnrollProcessor.checkAndHandlePinReset config to check: " + minLenConfig); - - String maxLenConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." - + TPSEngine.CFG_PIN_RESET_MAX_LEN; - - CMS.debug("TPSEnrollProcessor.checkAndHandlePinReset config to check: " + maxLenConfig); - - String maxRetriesConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." - + TPSEngine.CFG_PIN_RESET_MAX_RETRIES; - - CMS.debug("TPSEnrollProcessor.checkAndHandlePinReset config to check: " + maxRetriesConfig); - - String pinStringConfig = TPSEngine.CFG_PIN_RESET_STRING; - - CMS.debug("TPSEnrollProcessor.checkAndHandlePinReset config to check: " + pinStringConfig); - - boolean enabled = false; - int minLen; - int maxLen; - int maxRetries; - String stringName; - - try { - - enabled = configStore.getBoolean(pinResetEnableConfig, true); - - if (enabled == false) { - CMS.debug("TPSEnrollProcessor.checkAndHandlePinReset: Pin Reset not allowed by configuration, exiting..."); - return; - - } - - minLen = configStore.getInteger(minLenConfig, 4); - maxLen = configStore.getInteger(maxLenConfig, 10); - maxRetries = configStore.getInteger(maxRetriesConfig, 0x7f); - stringName = configStore.getString(pinStringConfig, "password"); - - CMS.debug("TPSEnrollProcessor.checkAndHandlePinReset: config vals: enabled: " + enabled + " minLen: " - + minLen + " maxLen: " + maxLen); - - } catch (EBaseException e) { - throw new TPSException( - "TPSEnrollProcessor.checkAndHandlePinReset: internal error in getting value from config."); - } - - String new_pin = requestNewPin(minLen, maxLen); - - channel.createPin(0x0, maxRetries, stringName); - - channel.resetPin(0x0, new_pin); - - } - - private void checkAndUpgradeApplet(AppletInfo appletInfo) throws TPSException, IOException { - // TODO Auto-generated method stub - - CMS.debug("checkAndUpgradeApplet: entering.."); - - SecurityLevel securityLevel = SecurityLevel.SECURE_MSG_MAC; - - boolean useEncryption = checkUpdateAppletEncryption(); - - String tksConnId = getTKSConnectorID(); - if (useEncryption) - securityLevel = SecurityLevel.SECURE_MSG_MAC_ENC; - - if (checkForAppletUpdateEnabled()) { - - String targetAppletVersion = checkForAppletUpgrade("op." + currentTokenOperation); - targetAppletVersion = targetAppletVersion.toLowerCase(); - - String currentAppletVersion = formatCurrentAppletVersion(appletInfo); - - CMS.debug("TPSEnrollProcessor.checkAndUpgradeApplet: currentAppletVersion: " + currentAppletVersion - + " targetAppletVersion: " + targetAppletVersion); - - if (targetAppletVersion.compareTo(currentAppletVersion) != 0) { - - CMS.debug("TPSEnrollProessor.checkAndUpgradeApplet: Upgrading applet to : " + targetAppletVersion); - upgradeApplet("op." + currentTokenOperation, targetAppletVersion, securityLevel, getBeginMessage() - .getExtensions(), - tksConnId, 5, 12); - } else { - CMS.debug("TPSEnrollProcessor.checkAndUpgradeApplet: applet already at correct version."); - } - } - - } - - protected boolean checkUpdateAppletEncryption() throws TPSException { - - CMS.debug("TPSEnrollProcessor.checkUpdateAppletEncryption entering..."); - - IConfigStore configStore = CMS.getConfigStore(); - - String appletEncryptionConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." - + TPSEngine.CFG_UPDATE_APPLET_ENCRYPTION; - - CMS.debug("TPSEnrollProcessor.checkUpdateAppletEncryption config to check: " + appletEncryptionConfig); - - boolean appletEncryption = false; - - try { - appletEncryption = configStore.getBoolean(appletEncryptionConfig, false); - } catch (EBaseException e) { - //Default TPSException will return a "contact admin" error code. - throw new TPSException( - "TPSEnrollProcessor.checkUpdateAppletEncryption: internal error in getting value from config."); - } - - CMS.debug("TPSEnrollProcessor.checkUpdateAppletEncryption returning: " + appletEncryption); - return appletEncryption; - - } - private PKCS11Obj getCurrentObjectsOnToken(SecureChannel channel) throws TPSException, IOException, DataFormatException { diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java index b92cd8b91..73085b19c 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSPinResetProcessor.java @@ -20,11 +20,17 @@ package org.dogtagpki.server.tps.processor; import java.io.IOException; import org.dogtagpki.server.tps.TPSSession; +import org.dogtagpki.server.tps.TPSSubsystem; +import org.dogtagpki.server.tps.channel.SecureChannel; +import org.dogtagpki.server.tps.dbs.ActivityDatabase; +import org.dogtagpki.server.tps.dbs.TokenRecord; +import org.dogtagpki.server.tps.engine.TPSEngine; import org.dogtagpki.tps.main.TPSException; import org.dogtagpki.tps.msg.BeginOpMsg; import org.dogtagpki.tps.msg.EndOpMsg.TPSStatus; import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.tps.token.TokenStatus; public class TPSPinResetProcessor extends TPSProcessor { @@ -40,21 +46,88 @@ public class TPSPinResetProcessor extends TPSProcessor { TPSStatus.STATUS_ERROR_CONTACT_ADMIN); } setBeginMessage(beginMsg); - setCurrentTokenOperation("pinReset"); + setCurrentTokenOperation(TPSEngine.PIN_RESET_OP); resetPin(); } - private void resetPin() throws TPSException { + private void resetPin() throws TPSException, IOException { + String method = "TPSPinResetProcessor.resetPin()"; //ToDo: Implement full pin reset processor, the pin reset portion // of an enrollment works fine. We just need to finish this to perform // a completely stand alone pin reset of an already enrolled token. - CMS.debug("TPSPinResetProcessor.resetPin: entering..."); + CMS.debug(method + ": entering..."); + + String auditMsg = null; + TPSSubsystem tps = (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); + + AppletInfo appletInfo = null; + TokenRecord tokenRecord = null; + + statusUpdate(10, "PROGRESS_START_PIN_RESET"); + + try { + appletInfo = getAppletInfo(); + } catch (TPSException e) { + auditMsg = e.toString(); + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), auditMsg, + "failure"); + + throw e; + } + appletInfo.setAid(getCardManagerAID()); + + tokenRecord = isTokenRecordPresent(appletInfo); + + if(tokenRecord == null) { + //We can't reset the pin of a token that does not exist. + + CMS.debug(method + ": Token does not exist!"); + throw new TPSException(method + " Can't reset pin of token that does not exist ",TPSStatus.STATUS_ERROR_MAC_RESET_PIN_PDU); + } + + TokenStatus status = tokenRecord.getTokenStatus(); + + CMS.debug(method + ": Token status: " + status); + + if(!status.equals(TokenStatus.ACTIVE)) { + throw new TPSException(method + " Attempt to reset pin of token not currently active!",TPSStatus.STATUS_ERROR_MAC_RESET_PIN_PDU); + + } + + session.setTokenRecord(tokenRecord); + + String resolverInstName = getResolverInstanceName(); + + String tokenType = null; + + tokenType = resolveTokenProfile(resolverInstName, appletInfo.getCUIDhexString(), appletInfo.getMSNString(), + appletInfo.getMajorVersion(), appletInfo.getMinorVersion()); + CMS.debug(method + ": resolved tokenType: " + tokenType); + + statusUpdate(15, "PROGRESS_PIN_RESET_RESOLVE_PROFILE"); + + checkProfileStateOK(); + + checkAndAuthenticateUser(appletInfo, tokenType); + + checkAndUpgradeApplet(appletInfo); + appletInfo = getAppletInfo(); + + + //Check and upgrade keys if called for + + SecureChannel channel = checkAndUpgradeSymKeys(); + channel.externalAuthenticate(); + + checkAndHandlePinReset(channel); + + statusUpdate(100, "PROGRESS_PIN_RESET_COMPLETE"); + + CMS.debug(method + ": Token Pin successfully reset!"); - throw new TPSException("TPSPinResetProcessor.resetPin: Pin Reset standalone operation not yet supported!", - TPSStatus.STATUS_ERROR_MAC_RESET_PIN_PDU); } diff --git a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java index e23cea0ad..c37a17c11 100644 --- a/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java +++ b/base/tps/src/org/dogtagpki/server/tps/processor/TPSProcessor.java @@ -154,6 +154,10 @@ public class TPSProcessor { selectedTokenType = theTokenType; TokenRecord tokenRecord = getTokenRecord(); + + if(tokenRecord == null) { + throw new NullPointerException("TPSProcessor.setSelectedTokenType: Can't find token record for token!"); + } tokenRecord.setType(selectedTokenType); } @@ -545,6 +549,68 @@ public class TPSProcessor { return channel; } + protected boolean checkUpdateAppletEncryption() throws TPSException { + + CMS.debug("TPSProcessor.checkUpdateAppletEncryption entering..."); + + IConfigStore configStore = CMS.getConfigStore(); + + String appletEncryptionConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." + + TPSEngine.CFG_UPDATE_APPLET_ENCRYPTION; + + CMS.debug("TPSProcessor.checkUpdateAppletEncryption config to check: " + appletEncryptionConfig); + + boolean appletEncryption = false; + + try { + appletEncryption = configStore.getBoolean(appletEncryptionConfig, false); + } catch (EBaseException e) { + //Default TPSException will return a "contact admin" error code. + throw new TPSException( + "TPSProcessor.checkUpdateAppletEncryption: internal error in getting value from config."); + } + + CMS.debug("TPSProcessor.checkUpdateAppletEncryption returning: " + appletEncryption); + return appletEncryption; + + } + + protected void checkAndUpgradeApplet(AppletInfo appletInfo) throws TPSException, IOException { + // TODO Auto-generated method stub + + CMS.debug("checkAndUpgradeApplet: entering.."); + + SecurityLevel securityLevel = SecurityLevel.SECURE_MSG_MAC; + + boolean useEncryption = checkUpdateAppletEncryption(); + + String tksConnId = getTKSConnectorID(); + if (useEncryption) + securityLevel = SecurityLevel.SECURE_MSG_MAC_ENC; + + if (checkForAppletUpdateEnabled()) { + + String targetAppletVersion = checkForAppletUpgrade("op." + currentTokenOperation); + targetAppletVersion = targetAppletVersion.toLowerCase(); + + String currentAppletVersion = formatCurrentAppletVersion(appletInfo); + + CMS.debug("TPSProcessor.checkAndUpgradeApplet: currentAppletVersion: " + currentAppletVersion + + " targetAppletVersion: " + targetAppletVersion); + + if (targetAppletVersion.compareTo(currentAppletVersion) != 0) { + + CMS.debug("TPSProcessor.checkAndUpgradeApplet: Upgrading applet to : " + targetAppletVersion); + upgradeApplet("op." + currentTokenOperation, targetAppletVersion, securityLevel, getBeginMessage() + .getExtensions(), + tksConnId, 5, 12); + } else { + CMS.debug("TPSProcessor.checkAndUpgradeApplet: applet already at correct version."); + } + } + + } + protected void upgradeApplet(String operation, String new_version, SecurityLevel securityLevel, Map<String, String> extensions, String connId, int startProgress, int endProgress) throws IOException, TPSException { @@ -1472,6 +1538,8 @@ public class TPSProcessor { opDefault = TPSEngine.CFG_DEF_PIN_RESET_PROFILE_RESOLVER; opPrefix = TPSEngine.OP_PIN_RESET_PREFIX; + } else{ + throw new TPSException("TPSProcessor.getResolverInstanceName: Invalid operation type, can not calculate resolver instance!",TPSStatus.STATUS_ERROR_MISCONFIGURATION); } String config = opPrefix + @@ -2398,6 +2466,154 @@ public class TPSProcessor { } + protected void checkAndHandlePinReset(SecureChannel channel) throws TPSException, IOException { + + CMS.debug("TPSProcessor.checkAndHandlePinReset entering..."); + + if (channel == null) { + throw new TPSException("TPSProcessor.checkAndHandlePinReset: invalid input data!", + TPSStatus.STATUS_ERROR_TOKEN_RESET_PIN_FAILED); + } + + IConfigStore configStore = CMS.getConfigStore(); + + String pinResetEnableConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." + + TPSEngine.CFG_PIN_RESET_ENABLE; + + CMS.debug("TPSProcessor.checkAndHandlePinReset config to check: " + pinResetEnableConfig); + + String minLenConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." + + TPSEngine.CFG_PIN_RESET_MIN_LEN; + + CMS.debug("TPSProcessor.checkAndHandlePinReset config to check: " + minLenConfig); + + String maxLenConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." + + TPSEngine.CFG_PIN_RESET_MAX_LEN; + + CMS.debug("TPSProcessor.checkAndHandlePinReset config to check: " + maxLenConfig); + + String maxRetriesConfig = "op." + currentTokenOperation + "." + selectedTokenType + "." + + TPSEngine.CFG_PIN_RESET_MAX_RETRIES; + + CMS.debug("TPSProcessor.checkAndHandlePinReset config to check: " + maxRetriesConfig); + + String pinStringConfig = TPSEngine.CFG_PIN_RESET_STRING; + + CMS.debug("TPSProcessor.checkAndHandlePinReset config to check: " + pinStringConfig); + + boolean enabled = false; + int minLen; + int maxLen; + int maxRetries; + String stringName; + + try { + + enabled = configStore.getBoolean(pinResetEnableConfig, true); + + if (enabled == false) { + CMS.debug("TPSProcessor.checkAndHandlePinReset: Pin Reset not allowed by configuration, exiting..."); + return; + + } + + minLen = configStore.getInteger(minLenConfig, 4); + maxLen = configStore.getInteger(maxLenConfig, 10); + maxRetries = configStore.getInteger(maxRetriesConfig, 0x7f); + stringName = configStore.getString(pinStringConfig, "password"); + + CMS.debug("TPSProcessor.checkAndHandlePinReset: config vals: enabled: " + enabled + " minLen: " + + minLen + " maxLen: " + maxLen); + + } catch (EBaseException e) { + throw new TPSException( + "TPSProcessor.checkAndHandlePinReset: internal error in getting value from config."); + } + + String new_pin = requestNewPin(minLen, maxLen); + + channel.createPin(0x0, maxRetries, stringName); + + channel.resetPin(0x0, new_pin); + + } + + protected void checkAndAuthenticateUser(AppletInfo appletInfo, String tokenType) throws TPSException { + IAuthCredentials userCred; + IAuthToken authToken; + TokenRecord tokenRecord = getTokenRecord(); + String method = "checkAndAuthenticateUser"; + + String opPrefix = null; + + if(TPSEngine.ENROLL_OP.equals( currentTokenOperation)) { + opPrefix = TPSEngine.OP_ENROLL_PREFIX; + } else if (TPSEngine.FORMAT_OP.equals(currentTokenOperation)) { + opPrefix = TPSEngine.OP_FORMAT_PREFIX; + } else { + opPrefix = TPSEngine.OP_PIN_RESET_PREFIX; + } + + + if (!isExternalReg) { + // authenticate per profile/tokenType configuration + String configName = opPrefix + "." + tokenType + ".auth.enable"; + IConfigStore configStore = CMS.getConfigStore(); + + TPSSubsystem tps = + (TPSSubsystem) CMS.getSubsystem(TPSSubsystem.ID); + //TPSSession session = getSession(); + boolean isAuthRequired; + try { + CMS.debug("TPSProcessor.checkAndAuthenticateUser: getting config: " + configName); + isAuthRequired = configStore.getBoolean(configName, true); + } catch (EBaseException e) { + CMS.debug("TPSProcessor.checkAndAuthenticateUser: Internal Error obtaining mandatory config values. Error: " + + e); + throw new TPSException("TPS error getting config values from config store.", + TPSStatus.STATUS_ERROR_MISCONFIGURATION); + } + + + + CMS.debug(method + ": opPrefox: " + opPrefix); + + if (isAuthRequired) { + try { + TPSAuthenticator userAuth = + getAuthentication(opPrefix, tokenType); + userCred = requestUserId(TPSEngine.ENROLL_OP, appletInfo.getCUIDhexString(), userAuth, + beginMsg.getExtensions()); + userid = (String) userCred.get(userAuth.getAuthCredName()); + CMS.debug("TPSEnrollProcessor.checkAndAuthenticateUser: userCred (attempted) userid=" + userid); + // initialize userid first for logging purposes in case authentication fails + tokenRecord.setUserID(userid); + authToken = authenticateUser(TPSEngine.ENROLL_OP, userAuth, userCred); + userid = authToken.getInString("userid"); + tokenRecord.setUserID(userid); + CMS.debug("TPSProcessor.checkAndAuthenticateUser: auth passed: userid: " + + authToken.get("userid")); + + } catch (Exception e) { + // all exceptions are considered login failure + CMS.debug("TPSProcessor.checkAndAuthenticateUser:: authentication exception thrown: " + e); + String msg = "TPS error user authentication failed:" + e; + tps.tdb.tdbActivity(ActivityDatabase.OP_ENROLLMENT, tokenRecord, session.getIpAddress(), msg, + "failure"); + + throw new TPSException(msg, + TPSStatus.STATUS_ERROR_LOGIN); + } + } else { + throw new TPSException( + "TPSProcessor.checkAndAuthenticateUser: TPS enrollment must have authentication enabled.", + TPSStatus.STATUS_ERROR_LOGIN); + + } + + } + } + public static void main(String[] args) { } |