Author: prabath
Date: Mon Dec 17 10:10:10 2007
New Revision: 11280
Log:
Handles OpenID Token issue
Added:
branches/solutions/identity/openid-poc/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIdTokenIssuer.java
Added:
branches/solutions/identity/openid-poc/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIdTokenIssuer.java
==============================================================================
--- (empty file)
+++
branches/solutions/identity/openid-poc/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIdTokenIssuer.java
Mon Dec 17 10:10:10 2007
@@ -0,0 +1,131 @@
+package org.wso2.solutions.identity.sts;
+
+import java.io.ByteArrayInputStream;
+import java.text.DateFormat;
+import java.util.Date;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLException;
+
+import org.w3c.dom.Document;
+
+import org.wso2.solutions.identity.IdentityProviderException;
+
+
+public class OpenIdTokenIssuer extends IdentityTokenIssuer{
+
+
+ protected OMElement createRSTR(RahasData data, Date notBefore, Date
notAfter,
+ SOAPEnvelope env, Document doc, SAMLAssertion assertion,
+ WSSecEncryptedKey encryptedKey) throws TrustException,
+ SAMLException, IdentityProviderException {
+
+ int wstVersion = data.getVersion();
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ OMElement rstrElem = TrustUtil
+
.createRequestSecurityTokenResponseElement(wstVersion, env
+ .getBody());
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ data.getTokenType());
+
+ createDisplayToken(rstrElem, ipData);
+
+ OMElement appliesToEpr = null;
+ if (encryptedKey != null) {
+ int keysize = data.getKeysize();
+ if (keysize == -1) {
+ keysize = encryptedKey.getEphemeralKey().length
* 8;
+ }
+
+ TrustUtil.createKeySizeElement(wstVersion, rstrElem,
keysize);
+
+ OMElement incomingAppliesToEpr = data.getAppliesToEpr();
+ try {
+ Document eprDoc =
DocumentBuilderFactory.newInstance()
+ .newDocumentBuilder().parse(
+ new
ByteArrayInputStream(incomingAppliesToEpr
+
.toString().getBytes()));
+ appliesToEpr = (OMElement) doc.importNode(eprDoc
+ .getDocumentElement(), true);
+ } catch (Exception e) {
+ new
TrustException(TrustException.REQUEST_FAILED, e);
+ }
+
+ OMElement appliesToElem = rstrElem
+ .getOMFactory()
+ .createOMElement(
+ new QName(
+
RahasConstants.WSP_NS,
+
RahasConstants.IssuanceBindingLocalNames.APPLIES_TO,
+
RahasConstants.WSP_PREFIX), rstrElem);
+ appliesToElem.addChild(appliesToEpr);
+ }
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(notBefore), zulu.format(notAfter));
+
+ OMElement reqSecTokenElem = TrustUtil
+
.createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ createOpenIdToken(reqSecTokenElem);
+ createAttachedRef(rstrElem, assertion.getId());
+ createUnattachedRef(rstrElem, assertion.getId());
+
+ // Store the Token
+ Token assertionToken = new Token(assertion.getId(), (OMElement)
doc
+ .importNode(assertion.toDOM(), true),
notBefore, notAfter);
+
+ // At this point we definitely have the secret
+ // Otherwise it should fail with an exception earlier
+ assertionToken.setSecret(data.getEphmeralKey());
+ TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
+
+ return rstrElem;
+ }
+
+
+ private OMElement createOpenIdToken(OMElement rstrElem)
+ {
+ OMElement rdt = IdentityProviderUtil.createOpenIdToken(
+ rstrElem, ipData);
+
+ String text = null;
+
+ // TODO: need to build the OpenID Token
+ text = "openid.ns:http://specs.openid.net/auth/2.0 \n";
+ text += "openid.op_endpoint:https://openidcards.sxip.com/op/ \n";
+ text += "openid.claimed_id:https://openidcards.sxip.com/i/prabath v";
+ text += "openid.response_nonce:2007-12-14T09:25:50Z0 \n";
+ text += "openid.mode:id_res \n";
+ text += "openid.identity:https://openidcards.sxip.com/i/prabath \n";
+ text += "openid.return_to:https://openidcards.sxip.com/demorp/";;
+ text += "openid.assoc_handle:e242741d76b42a6 \n";
+ text +=
"openid.signed:op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle
\n";
+ text += "openid.sig:ug3AMXHi6fnBDNk1ey0TyP+GI5o= \n";
+ text += "openid.ns.ext1:http://openid.net/srv/ax/1.0-draft4 \n";
+ text += "openid.ext1.mode:fetch_response";
+
+ rdt.setText(text);
+
+ return rdt;
+ }
+
+}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
