From fd10c4d12bb3898c1e650737edade4e9a1c8dc82 Mon Sep 17 00:00:00 2001
From: Dmitriy Kopylenko <dima767@gmail.com>
Date: Tue, 19 Aug 2014 13:35:15 -0400
Subject: [PATCH] Further instrumented DuoWeb class with debug logging

---
 cas-mfa-duo/src/main/java/com/duosecurity/DuoWeb.java | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/cas-mfa-duo/src/main/java/com/duosecurity/DuoWeb.java b/cas-mfa-duo/src/main/java/com/duosecurity/DuoWeb.java
index aad3c05..27bf5ed 100644
--- a/cas-mfa-duo/src/main/java/com/duosecurity/DuoWeb.java
+++ b/cas-mfa-duo/src/main/java/com/duosecurity/DuoWeb.java
@@ -105,6 +105,7 @@ private static String signVals(String key, String username, String ikey, String
   }
 
   private static String parseVals(String key, String val, String prefix) throws InvalidKeyException, NoSuchAlgorithmException, IOException {
+
     long ts = System.currentTimeMillis() / 1000;
 
     String[] parts = val.split("\\|");
@@ -114,11 +115,13 @@ private static String parseVals(String key, String val, String prefix) throws In
 
     String sig = Util.hmacSign(key, u_prefix + "|" + u_b64);
     if (!Util.hmacSign(key, sig).equals(Util.hmacSign(key, u_sig))) {
-      return null;
+       logger.debug("Hmac of sig '{}' does not match hmac of u_sig '{}' for key '{}'. Returning null for prefix '{}'", sig, u_sig, key, prefix);
+       return null;
     }
 
     if (!u_prefix.equals(prefix)) {
-      return null;
+       logger.debug("u_prefix '{}' does not match prefix '{}'. Returning null...", u_prefix, prefix);
+       return null;
     }
 
     byte[] decoded = Base64.decode(u_b64);
@@ -130,7 +133,8 @@ private static String parseVals(String key, String val, String prefix) throws In
 
     long expire_ts = Long.parseLong(expire);
     if (ts >= expire_ts) {
-      return null;
+       logger.debug("Current timestamp '{}' is >= expire timestamp (from Duo server) '{}'. Returning null...", ts, expire_ts);
+       return null;
     }
 
     return username;