Author: prabath
Date: Sat Jan 5 22:07:05 2008
New Revision: 11869
Log:
OpenID integration
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIdTokenIssuer.java
Added:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIdTokenIssuer.java
==============================================================================
--- (empty file)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIdTokenIssuer.java
Sat Jan 5 22:07:05 2008
@@ -0,0 +1,152 @@
+package org.wso2.solutions.identity.sts;
+
+import java.io.ByteArrayInputStream;
+import java.text.DateFormat;
+import java.util.Date;
+
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.soap.SOAPEnvelope;
+import org.apache.axis2.context.MessageContext;
+import org.apache.rahas.RahasConstants;
+import org.apache.rahas.RahasData;
+import org.apache.rahas.Token;
+import org.apache.rahas.TrustException;
+import org.apache.rahas.TrustUtil;
+import org.apache.ws.security.message.WSSecEncryptedKey;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+import org.opensaml.SAMLAssertion;
+import org.opensaml.SAMLException;
+
+import org.w3c.dom.Document;
+
+import org.wso2.solutions.identity.IdentityProviderConstants;
+import org.wso2.solutions.identity.IdentityProviderException;
+import org.wso2.solutions.identity.sts.IdentityProviderData.RequestedClaimData;
+
+public class OpenIdTokenIssuer extends IdentityTokenIssuer {
+
+ /**
+ *
+ */
+ protected OMElement createRSTR(RahasData data, Date notBefore,
+ Date notAfter, SOAPEnvelope env, Document doc,
+ SAMLAssertion assertion, WSSecEncryptedKey encryptedKey)
+ throws TrustException, SAMLException, IdentityProviderException {
+
+ int wstVersion = data.getVersion();
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ OMElement rstrElem = TrustUtil
+ .createRequestSecurityTokenResponseElement(wstVersion, env
+ .getBody());
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ data.getTokenType());
+
+ createDisplayToken(rstrElem, ipData);
+
+ OMElement appliesToEpr = null;
+ if (encryptedKey != null) {
+ int keysize = data.getKeysize();
+ if (keysize == -1) {
+ keysize = encryptedKey.getEphemeralKey().length * 8;
+ }
+
+ TrustUtil.createKeySizeElement(wstVersion, rstrElem, keysize);
+
+ OMElement incomingAppliesToEpr = data.getAppliesToEpr();
+ try {
+ Document eprDoc = DocumentBuilderFactory.newInstance()
+ .newDocumentBuilder().parse(
+ new ByteArrayInputStream(incomingAppliesToEpr
+ .toString().getBytes()));
+ appliesToEpr = (OMElement) doc.importNode(eprDoc
+ .getDocumentElement(), true);
+ } catch (Exception e) {
+ new TrustException(TrustException.REQUEST_FAILED, e);
+ }
+
+ OMElement appliesToElem = rstrElem
+ .getOMFactory()
+ .createOMElement(
+ new QName(
+ RahasConstants.WSP_NS,
+
RahasConstants.IssuanceBindingLocalNames.APPLIES_TO,
+ RahasConstants.WSP_PREFIX), rstrElem);
+ appliesToElem.addChild(appliesToEpr);
+ }
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(notBefore), zulu.format(notAfter));
+
+ OMElement reqSecTokenElem = TrustUtil
+ .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ createOpenIdToken(reqSecTokenElem);
+ createAttachedRef(rstrElem, assertion.getId());
+ createUnattachedRef(rstrElem, assertion.getId());
+
+ // Store the Token
+ Token assertionToken = new Token(assertion.getId(), (OMElement) doc
+ .importNode(assertion.toDOM(), true), notBefore, notAfter);
+
+ // At this point we definitely have the secret
+ // Otherwise it should fail with an exception earlier
+ assertionToken.setSecret(data.getEphmeralKey());
+ TrustUtil.getTokenStore(inMsgCtx).add(assertionToken);
+
+ return rstrElem;
+ }
+
+ /**
+ *
+ * @param rstrElem
+ * @return
+ */
+ private OMElement createOpenIdToken(OMElement rstrElem) {
+ OMElement rdt = IdentityProviderUtil
+ .createOpenIdToken(rstrElem, ipData);
+
+ String text = null;
+
+ // TODO: need to build the OpenID Token
+ text = "openid.ns:http://specs.openid.net/auth/2.0\n";;
+ text += "openid.op_endpoint:https://openidcards.sxip.com/op/\n";;
+ text += "openid.claimed_id:http://localhost:12080/user/prabath\n";;
+ text += "openid.response_nonce:2007-12-14T09:25:50Z0\n";
+ text += "openid.mode:id_res\n";
+ text += "openid.identity:http://localhost:12080/user/prabath\n";;
+ text += "openid.return_to:https://openidcards.sxip.com/demorp/\n";;
+ text += "openid.assoc_handle:e242741d76b42a6\n";
+ text +=
"openid.signed:op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle\n";
+ text += "openid.sig:ug3AMXHi6fnBDNk1ey0TyP+GI5o=\n";
+ text += "openid.ns.ext1:http://openid.net/srv/ax/1.0\n";;
+ text += "openid.ext1.mode:fetch_response\n";
+ text +=
"openid.ext1.type.FullName:http://axschema.org/namePerson/fullname\n";;
+ text += "openid.ext1.value.FullName:"
+ + ((RequestedClaimData) ipData.requestedClaims
+ .get(IdentityProviderConstants.ATTR_NS_SURNAME)).value
+ + "\n";
+ text +=
"openid.ext1.type.NickName:http://axschema.org/namePerson/nickname\n";;
+ text += "openid.ext1.value.NickName:"
+ + ((RequestedClaimData) ipData.requestedClaims
+
.get(IdentityProviderConstants.ATTR_NS_GIVEN_NAME)).value
+ + "\n";
+ text += "openid.ext1.type.Email:http://axschema.org/contact/email\n";;
+ text += "openid.ext1.value.Email:"
+ + ((RequestedClaimData) ipData.requestedClaims
+
.get(IdentityProviderConstants.ATTR_NS_EMAIL_ADDRESS)).value
+ + "\n";
+
+ rdt.setText(text);
+
+ return rdt;
+ }
+
+}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
