Merge branch 'master' of github.com:Unicon/cas-mfa

Unicon · Sep 8, 2014 · dffcbcf · dffcbcf
2 parents c39a33b + fd10c4d
commit dffcbcf
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/cas-mfa-duo/src/main/java/com/duosecurity/DuoWeb.java b/cas-mfa-duo/src/main/java/com/duosecurity/DuoWeb.java
@@ -105,6 +105,7 @@ private static String signVals(String key, String username, String ikey, String
   }
 
   private static String parseVals(String key, String val, String prefix) throws InvalidKeyException, NoSuchAlgorithmException, IOException {
+
     long ts = System.currentTimeMillis() / 1000;
 
     String[] parts = val.split("\\|");
@@ -114,11 +115,13 @@ private static String parseVals(String key, String val, String prefix) throws In
 
     String sig = Util.hmacSign(key, u_prefix + "|" + u_b64);
     if (!Util.hmacSign(key, sig).equals(Util.hmacSign(key, u_sig))) {
-      return null;
+       logger.debug("Hmac of sig '{}' does not match hmac of u_sig '{}' for key '{}'. Returning null for prefix '{}'", sig, u_sig, key, prefix);
+       return null;
     }
 
     if (!u_prefix.equals(prefix)) {
-      return null;
+       logger.debug("u_prefix '{}' does not match prefix '{}'. Returning null...", u_prefix, prefix);
+       return null;
     }
 
     byte[] decoded = Base64.decode(u_b64);
@@ -130,7 +133,8 @@ private static String parseVals(String key, String val, String prefix) throws In
 
     long expire_ts = Long.parseLong(expire);
     if (ts >= expire_ts) {
-      return null;
+       logger.debug("Current timestamp '{}' is >= expire timestamp (from Duo server) '{}'. Returning null...", ts, expire_ts);
+       return null;
     }
 
     return username;