Package org.forgerock.selfservice.core.util

Class SecurityAnswer

java.lang.Object

org.forgerock.selfservice.core.util.SecurityAnswer

public class SecurityAnswer
extends Object

Utility Class for Security Answers.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	REQUIREMENT_PROPERTY_ANSWER	Represents the answer property.
static final String	REQUIREMENT_PROPERTY_CUSTOM_QUESTION	Represents the customQuestion property.
static final String	REQUIREMENT_PROPERTY_QUESTION_ID	Represents the questionId property.

Constructor Summary

Constructors

Constructor	Description
SecurityAnswer()	Constructs a SecurityAnswer object.

Method Summary

Modifier and Type	Method	Description
void	verifyAndHashInput(CryptoService cryptoService, JsonValue kba, Map<String,Map<String,String>> kbaQuestions)	Verifies and hashes the input provided for security questions and answers.
void	verifyAndHashInput(CryptoService cryptoService, JsonValue cryptoConfig, JsonValue kba, Map<String,Map<String,String>> kbaQuestions)	Verifies and hashes the input provided for security questions and answers.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

REQUIREMENT_PROPERTY_ANSWER

public static final String REQUIREMENT_PROPERTY_ANSWER

Represents the answer property.

See Also:

• Constant Field Values

REQUIREMENT_PROPERTY_CUSTOM_QUESTION

public static final String REQUIREMENT_PROPERTY_CUSTOM_QUESTION

Represents the customQuestion property.

See Also:

• Constant Field Values

REQUIREMENT_PROPERTY_QUESTION_ID

public static final String REQUIREMENT_PROPERTY_QUESTION_ID

Represents the questionId property.

See Also:

• Constant Field Values

Constructor Details

SecurityAnswer

public SecurityAnswer()

Constructs a SecurityAnswer object.

Method Details

verifyAndHashInput

public void verifyAndHashInput(CryptoService cryptoService,
 JsonValue kba,
 Map<String,Map<String,String>> kbaQuestions)
                        throws ResourceException

Verifies and hashes the input provided for security questions and answers. The criteria for valid input is that questions cannot be repeated and cannot match a predefined admin question (regardless of locale). This check is done by removing any non word characters from the question before comparing.

Parameters:

cryptoService - the cryptoservice used to hash answers

kba - the kba input provided. The input will be in the format of: [ { "answer": "foo", "customQuestion": "what was your first car?" }, { "answer": "bar", "questionId": "1" }, { "answer": { "$crypto": { "value": { "algorithm": "SHA-256", "data": "UWAXzofPG7AZFQBQMORbh1uVBHhHxzaO+B0CucfxXf8TJuX7kVxiH/mZleHdHQp4" }, "type": "salted-hash" } }, "questionId": "2" } ]

kbaQuestions - the admin defined kba questions. The format of these questions will be: { "1": { "en": "What's your favorite color?", "en_GB": "What is your favourite colour?", "fr": "Quelle est votre couleur préférée?" }, "2": { "en": "Who was your first employer?" } }

Throws:

ResourceException - thrown if criteria isn't met or answer cannot be hashed

verifyAndHashInput

public void verifyAndHashInput(CryptoService cryptoService,
 JsonValue cryptoConfig,
 JsonValue kba,
 Map<String,Map<String,String>> kbaQuestions)
                        throws ResourceException

Verifies and hashes the input provided for security questions and answers. The criteria for valid input is that questions cannot be repeated and cannot match a predefined admin question (regardless of locale). This check is done by removing any non word characters from the question before comparing.

Parameters:

cryptoService - the cryptoservice used to hash answers

cryptoConfig - configuration for hashing algorithm

kba - the kba input provided.

kbaQuestions - the admin defined kba questions.

Throws:

ResourceException - thrown if criteria isn't met or answer cannot be hashed