Author: prabath
Date: Thu Feb 14 03:28:06 2008
New Revision: 13753
Log:
added logging
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDServerManager.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIDTokenIssuer.java
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
Thu Feb 14 03:28:06 2008
@@ -11,6 +11,8 @@
import javax.servlet.http.HttpSession;
import org.wso2.solutions.identity.UserStore;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.openid4java.message.AuthFailure;
import org.openid4java.message.AuthRequest;
import org.openid4java.message.DirectError;
@@ -30,350 +32,359 @@
public class OpenIDProvider {
- // Instantiate a ServerManager object.
- public static ServerManager manager = new OpenIDServerManager();
- private String authPage;
-
- private static String opAddress = null;
-
- /**
- * Configure the OpenID Provider's end-point URL.
- */
- static {
-
- ServerConfiguration serverConfig = null;
- String openIDServerUrl = null;
-
- serverConfig = ServerConfiguration.getInstance();
- openIDServerUrl = serverConfig.getFirstProperty("OpenIDServerUrl");
-
- // This is the OpenID provider server URL
- opAddress = openIDServerUrl + "/server/";
- manager.setOPEndpointUrl(opAddress);
- }
-
- /**
- * Process the Relying Party request at the OpenID Provider end.
- *
- * @param httpReq
- * HttpServletRequest
- * @param httpResp
- * HttpServletResponse
- * @return The Url to be redirected
- * @throws Exception
- */
- public String processRequest(HttpServletRequest httpReq,
- HttpServletResponse httpResp) throws IdentityProviderException {
-
- ParameterList request = null;
- Message message = null;
- String responseText = null;
- HttpSession session = null;
-
- try {
-
- session = httpReq.getSession();
-
- if (IdentityConstants.OpenId.COMPLETE.equals(httpReq
- .getParameter(IdentityConstants.OpenId.ACTION))
- || IdentityConstants.OpenId.CANCEL.equals(httpReq
- .getParameter(IdentityConstants.OpenId.ACTION))) {
- // Authentication completed.
- request = (ParameterList) session
-
.getAttribute(IdentityProviderConstants.OpenId.PARAM_LIST);
- } else {
- // Extract the parameters from the request.
- // Authentication not completed.
- request = new ParameterList(httpReq.getParameterMap());
- }
-
- String mode = request
- .hasParameter(IdentityConstants.OpenId.ATTR_MODE) ? request
- .getParameterValue(IdentityConstants.OpenId.ATTR_MODE)
- : null;
-
- if (IdentityConstants.OpenId.ASSOCIATE.equals(mode)) {
- // Process an association request made by RP.
- message = manager.associationResponse(request);
- responseText = message.keyValueFormEncoding();
- } else if (IdentityConstants.OpenId.CHECKID_SETUP.equals(mode)
- ||
IdentityConstants.OpenId.CHECKID_IMMEDIATE.equals(mode)) {
-
- boolean authenticatedAndApproved = false;
- String userSelectedClaimedId = null;
- String openId = null;
- String userId = null;
-
- openId = request
- .hasParameter(IdentityConstants.OpenId.ATTR_IDENTITY)
? request
-
.getParameterValue(IdentityConstants.OpenId.ATTR_IDENTITY)
- : null;
-
- if (openId == null)
- throw new IdentityProviderException(
-
IdentityConstants.ErrorCodes.REQUIRED_ATTRIBUTE_MISSING);
-
- userId = getUserName(openId);
-
- if (httpReq.getParameter("authenticatedAndApproved") != null
- && httpReq.getParameter("authenticatedAndApproved")
- .equals("true")) {
- authenticatedAndApproved = true;
- }
-
- if (IdentityConstants.OpenId.CANCEL.equals(httpReq
- .getParameter(IdentityConstants.OpenId.ACTION))) {
-
- authenticatedAndApproved = false;
-
- } else if (!authenticatedAndApproved) {
-
- // Not authenticated, redirect to the authentication
- // page.
- session.setAttribute(
- IdentityProviderConstants.OpenId.PARAM_LIST,
- request);
- return authPage;
-
- }
-
- // Process an authentication request.
- AuthRequest authReq = AuthRequest.createAuthRequest(request,
- manager.getRealmVerifier());
-
- String opLocalId = null;
-
- message = manager.authResponse(request, opLocalId,
- userSelectedClaimedId, authenticatedAndApproved);
-
- if (message instanceof DirectError
- || message instanceof AuthFailure)
- return message.getDestinationUrl(true);
- else {
- if (authReq
-
.hasExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX)) {
-
- MessageExtension extensions = authReq
-
.getExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX);
-
- if (extensions instanceof FetchRequest) {
-
- Map required = null;
- Map userDataExt = null;
- FetchRequest fetchReq = null;
- FetchResponse fetchResp = null;
- OpenIDProviderData openIDData = null;
- Map claimValues = null;
-
- fetchReq = (FetchRequest) extensions;
-
- // Get the required attributes as requested by the
- // RP.
- required = fetchReq.getAttributes(true);
-
- userDataExt = new HashMap();
- openIDData = new OpenIDProviderData();
-
- fetchResp = FetchResponse.createFetchResponse(
- fetchReq, userDataExt);
-
- claimValues = openIDData.populateAttributeValues(
- required, userId);
-
- openIDData.setAttributeExchangeValues(fetchResp,
- claimValues);
- message.addExtension(fetchResp);
-
- } else {
- throw new UnsupportedOperationException("TODO");
- }
- }
- if (authReq
-
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)) {
-
- MessageExtension extension = authReq
-
.getExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG);
-
- if (extension instanceof SRegRequest) {
-
- SRegRequest sregReq = null;
- List required = null;
- Map userDataSReg = null;
- Map claimValues = null;
- SRegResponse response = null;
- OpenIDProviderData openIDData = null;
-
- sregReq = (SRegRequest) extension;
-
- // Get the required attributes as requested by the
- // RP.
- required = sregReq.getAttributes(true);
-
- userDataSReg = new HashMap();
- openIDData = new OpenIDProviderData();
-
- response = SRegResponse.createSRegResponse(sregReq,
- userDataSReg);
-
- claimValues = openIDData.populateAttributeValues(
- required, userId);
-
- openIDData.setSimpleAttributeRegistrationValues(
- response, claimValues);
-
- message.addExtension(response);
-
- } else {
- throw new UnsupportedOperationException("TODO");
- }
- }
-
- return message.getDestinationUrl(true);
- }
- } else if (IdentityConstants.OpenId.CHECK_AUTHENTICATION
- .equals(mode)) {
- // Processing a verification request.
- message = manager.verify(request);
- responseText = message.keyValueFormEncoding();
- } else {
- // Error response.
- message = DirectError.createDirectError("Unknown request");
- responseText = message.keyValueFormEncoding();
- }
- } catch (Exception e) {
- // Error response.
- message = DirectError.createDirectError(e.getMessage());
- responseText = message.keyValueFormEncoding();
- }
-
- try {
- // Return the result to the user.
- return directResponse(httpResp, responseText);
- } catch (IOException e) {
- throw new IdentityProviderException(
- IdentityConstants.ErrorCodes.OPENID_DIRECT_RESP_FAILED);
- }
- }
-
- /**
- * Find the user name corresponding to the given OpenID.
- *
- * @param openId
- * User's OpenID
- * @return User name corresponding the given OpenID.
- * @throws ServerException
- * @throws IdentityProviderException
- */
- private String getUserName(String openId) throws ServerException,
- IdentityProviderException {
-
- UserStore userStore = null;
- List users = null;
-
- userStore = UserStore.getInstance();
- users = userStore.getAllUserNames();
-
- if (users == null)
- throw new IdentityProviderException("No users found");
-
- Map mapValues = null;
- Iterator iterator = null;
-
- iterator = users.iterator();
-
- while (iterator.hasNext()) {
-
- String user = (String) iterator.next();
- mapValues = userStore.getClaimValues(user, null);
-
- if (mapValues != null && !mapValues.isEmpty()) {
-
- // User has defined claims!
- String claimId = (String) mapValues
- .get(IdentityConstants.CLAIM_OPENID);
-
- if (claimId != null) {
- if (openId.indexOf(claimId) >= 0
- && openId.endsWith(claimId.substring(claimId
- .length() - 1))) {
- return user;
- }
- }
- }
- }
-
- return null;
- }
-
- /**
- * Generate OpenID for a given user.
- *
- * @param user
- * User
- * @return
- */
- public static String generateOpenID(String user) {
-
- ServerConfiguration serverConfig = null;
- String openIDServerUrl = null;
-
- serverConfig = ServerConfiguration.getInstance();
- openIDServerUrl = serverConfig.getFirstProperty("OpenIDServerUrl");
-
- return openIDServerUrl + "/user/" + user;
- }
-
- /**
- *
- * @param authPage
- * Authentication page
- */
- public void setAuthPage(String authPage) {
-
- ServerConfiguration serverConfig = null;
- String host = null;
- String httpsPort = null;
-
- serverConfig = ServerConfiguration.getInstance();
- host = serverConfig.getFirstProperty("HostName");
- httpsPort = serverConfig.getFirstProperty("Ports.HTTPS");
-
- this.authPage = "https://"; + host + ":" + httpsPort + "/" + authPage;
- }
-
- /**
- *
- * @return OpenID Provider server URL.
- */
- public static String getOpAddress() {
- return opAddress;
- }
-
- public static ServerManager getManager() {
- return manager;
- }
-
- /**
- * Send a direct response to the RP.
- *
- * @param httpResp
- * HttpServletResponse
- * @param response
- * Response message
- * @return
- * @throws IOException
- */
- private String directResponse(HttpServletResponse httpResp, String
response)
- throws IOException {
- ServletOutputStream stream = null;
- try {
- stream = httpResp.getOutputStream();
- stream.write(response.getBytes());
- } finally {
- if (stream != null)
- stream.close();
- }
- return null;
- }
+ // Instantiate a ServerManager object.
+ public static ServerManager manager = new OpenIDServerManager();
+ private String authPage;
+
+ private static Log log = LogFactory.getLog(OpenIDProvider.class);
+
+ private static String opAddress = null;
+
+ /**
+ * Configure the OpenID Provider's end-point URL.
+ */
+ static {
+
+ ServerConfiguration serverConfig = null;
+ String openIDServerUrl = null;
+
+ serverConfig = ServerConfiguration.getInstance();
+ openIDServerUrl =
serverConfig.getFirstProperty("OpenIDServerUrl");
+
+ // This is the OpenID provider server URL
+ opAddress = openIDServerUrl + "/server/";
+ manager.setOPEndpointUrl(opAddress);
+ }
+
+ /**
+ * Process the Relying Party request at the OpenID Provider end.
+ *
+ * @param httpReq
+ * HttpServletRequest
+ * @param httpResp
+ * HttpServletResponse
+ * @return The Url to be redirected
+ * @throws Exception
+ */
+ public String processRequest(HttpServletRequest httpReq,
+ HttpServletResponse httpResp) throws
IdentityProviderException {
+
+ ParameterList request = null;
+ Message message = null;
+ String responseText = null;
+ HttpSession session = null;
+
+ try {
+
+ session = httpReq.getSession();
+
+ if (IdentityConstants.OpenId.COMPLETE.equals(httpReq
+
.getParameter(IdentityConstants.OpenId.ACTION))
+ ||
IdentityConstants.OpenId.CANCEL.equals(httpReq
+
.getParameter(IdentityConstants.OpenId.ACTION))) {
+ // Authentication completed.
+ request = (ParameterList) session
+
.getAttribute(IdentityProviderConstants.OpenId.PARAM_LIST);
+ } else {
+ // Extract the parameters from the request.
+ // Authentication not completed.
+ request = new
ParameterList(httpReq.getParameterMap());
+ }
+
+ String mode = request
+
.hasParameter(IdentityConstants.OpenId.ATTR_MODE) ? request
+
.getParameterValue(IdentityConstants.OpenId.ATTR_MODE)
+ : null;
+
+ if (IdentityConstants.OpenId.ASSOCIATE.equals(mode)) {
+ // Process an association request made by RP.
+ message = manager.associationResponse(request);
+ responseText = message.keyValueFormEncoding();
+ } else if
(IdentityConstants.OpenId.CHECKID_SETUP.equals(mode)
+ ||
IdentityConstants.OpenId.CHECKID_IMMEDIATE.equals(mode)) {
+
+ boolean authenticatedAndApproved = false;
+ String userSelectedClaimedId = null;
+ String openId = null;
+ String userId = null;
+
+ openId = request
+
.hasParameter(IdentityConstants.OpenId.ATTR_IDENTITY) ? request
+
.getParameterValue(IdentityConstants.OpenId.ATTR_IDENTITY)
+ : null;
+
+ if (openId == null)
+ throw new IdentityProviderException(
+
IdentityConstants.ErrorCodes.REQUIRED_ATTRIBUTE_MISSING);
+
+ userId = getUserName(openId);
+
+ if
(httpReq.getParameter("authenticatedAndApproved") != null
+ &&
httpReq.getParameter("authenticatedAndApproved")
+
.equals("true")) {
+ authenticatedAndApproved = true;
+ }
+
+ if
(IdentityConstants.OpenId.CANCEL.equals(httpReq
+
.getParameter(IdentityConstants.OpenId.ACTION))) {
+
+ authenticatedAndApproved = false;
+
+ } else if (!authenticatedAndApproved) {
+
+ // Not authenticated, redirect to the
authentication
+ // page.
+ session.setAttribute(
+
IdentityProviderConstants.OpenId.PARAM_LIST,
+ request);
+ return authPage;
+
+ }
+
+ // Process an authentication request.
+ AuthRequest authReq =
AuthRequest.createAuthRequest(request,
+ manager.getRealmVerifier());
+
+ String opLocalId = null;
+
+ message = manager.authResponse(request,
opLocalId,
+ userSelectedClaimedId,
authenticatedAndApproved);
+
+ if (message instanceof DirectError
+ || message instanceof
AuthFailure)
+ return message.getDestinationUrl(true);
+ else {
+ if (authReq
+
.hasExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX)) {
+
+ MessageExtension extensions =
authReq
+
.getExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX);
+
+ if (extensions instanceof
FetchRequest) {
+
+ Map required = null;
+ Map userDataExt = null;
+ FetchRequest fetchReq =
null;
+ FetchResponse fetchResp
= null;
+ OpenIDProviderData
openIDData = null;
+ Map claimValues = null;
+
+ fetchReq =
(FetchRequest) extensions;
+
+ // Get the required
attributes as requested by the
+ // RP.
+ required =
fetchReq.getAttributes(true);
+
+ userDataExt = new
HashMap();
+ openIDData = new
OpenIDProviderData();
+
+ fetchResp =
FetchResponse.createFetchResponse(
+
fetchReq, userDataExt);
+
+ claimValues =
openIDData.populateAttributeValues(
+
required, userId);
+
+
openIDData.setAttributeExchangeValues(fetchResp,
+
claimValues);
+
message.addExtension(fetchResp);
+
+ } else {
+ log.error("Unsupported
request type");
+ throw new
UnsupportedOperationException("TODO");
+ }
+ }
+ if (authReq
+
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)) {
+
+ MessageExtension extension =
authReq
+
.getExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG);
+
+ if (extension instanceof
SRegRequest) {
+
+ SRegRequest sregReq =
null;
+ List required = null;
+ Map userDataSReg = null;
+ Map claimValues = null;
+ SRegResponse response =
null;
+ OpenIDProviderData
openIDData = null;
+
+ sregReq = (SRegRequest)
extension;
+
+ // Get the required
attributes as requested by the
+ // RP.
+ required =
sregReq.getAttributes(true);
+
+ userDataSReg = new
HashMap();
+ openIDData = new
OpenIDProviderData();
+
+ response =
SRegResponse.createSRegResponse(sregReq,
+
userDataSReg);
+
+ claimValues =
openIDData.populateAttributeValues(
+
required, userId);
+
+
openIDData.setSimpleAttributeRegistrationValues(
+
response, claimValues);
+
+
message.addExtension(response);
+
+ } else {
+ log.error("Unsupported
request type");
+ throw new
UnsupportedOperationException("TODO");
+ }
+ }
+
+ return message.getDestinationUrl(true);
+ }
+ } else if (IdentityConstants.OpenId.CHECK_AUTHENTICATION
+ .equals(mode)) {
+ // Processing a verification request.
+ message = manager.verify(request);
+ responseText = message.keyValueFormEncoding();
+ } else {
+ // Error response.
+ message =
DirectError.createDirectError("Unknown request");
+ responseText = message.keyValueFormEncoding();
+ }
+ } catch (Exception e) {
+ // Error response.
+ message = DirectError.createDirectError(e.getMessage());
+ responseText = message.keyValueFormEncoding();
+ }
+
+ try {
+ // Return the result to the user.
+ return directResponse(httpResp, responseText);
+ } catch (IOException e) {
+ throw new IdentityProviderException(
+
IdentityConstants.ErrorCodes.OPENID_DIRECT_RESP_FAILED);
+ }
+ }
+
+ /**
+ * Find the user name corresponding to the given OpenID.
+ *
+ * @param openId
+ * User's OpenID
+ * @return User name corresponding the given OpenID.
+ * @throws ServerException
+ * @throws IdentityProviderException
+ */
+ private String getUserName(String openId) throws ServerException,
+ IdentityProviderException {
+
+ UserStore userStore = null;
+ List users = null;
+
+ userStore = UserStore.getInstance();
+ users = userStore.getAllUserNames();
+
+ if (users == null)
+ throw new IdentityProviderException("No users found");
+
+ Map mapValues = null;
+ Iterator iterator = null;
+
+ iterator = users.iterator();
+
+ while (iterator.hasNext()) {
+
+ String user = (String) iterator.next();
+ mapValues = userStore.getClaimValues(user, null);
+
+ if (mapValues != null && !mapValues.isEmpty()) {
+
+ // User has defined claims!
+ String claimId = (String) mapValues
+
.get(IdentityConstants.CLAIM_OPENID);
+
+ if (claimId != null) {
+ if (openId.indexOf(claimId) >= 0
+ &&
openId.endsWith(claimId.substring(claimId
+
.length() - 1))) {
+ return user;
+ }
+ }
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Generate OpenID for a given user.
+ *
+ * @param user
+ * User
+ * @return
+ */
+ public static String generateOpenID(String user) {
+
+ ServerConfiguration serverConfig = null;
+ String openIDServerUrl = null;
+ String openID = null;
+
+ serverConfig = ServerConfiguration.getInstance();
+ openIDServerUrl =
serverConfig.getFirstProperty("OpenIDServerUrl");
+
+ openID = openIDServerUrl + "/user/" + user;
+
+ log.info("OpenID generated : " + openID);
+
+ return openID;
+ }
+
+ /**
+ *
+ * @param authPage
+ * Authentication page
+ */
+ public void setAuthPage(String authPage) {
+
+ ServerConfiguration serverConfig = null;
+ String host = null;
+ String httpsPort = null;
+
+ serverConfig = ServerConfiguration.getInstance();
+ host = serverConfig.getFirstProperty("HostName");
+ httpsPort = serverConfig.getFirstProperty("Ports.HTTPS");
+
+ this.authPage = "https://"; + host + ":" + httpsPort + "/" +
authPage;
+ }
+
+ /**
+ *
+ * @return OpenID Provider server URL.
+ */
+ public static String getOpAddress() {
+ return opAddress;
+ }
+
+ public static ServerManager getManager() {
+ return manager;
+ }
+
+ /**
+ * Send a direct response to the RP.
+ *
+ * @param httpResp
+ * HttpServletResponse
+ * @param response
+ * Response message
+ * @return
+ * @throws IOException
+ */
+ private String directResponse(HttpServletResponse httpResp, String
response)
+ throws IOException {
+ ServletOutputStream stream = null;
+ try {
+ stream = httpResp.getOutputStream();
+ stream.write(response.getBytes());
+ } finally {
+ if (stream != null)
+ stream.close();
+ }
+ return null;
+ }
}
\ No newline at end of file
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDServerManager.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDServerManager.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDServerManager.java
Thu Feb 14 03:28:06 2008
@@ -16,78 +16,78 @@
public class OpenIDServerManager extends ServerManager {
- private static Log _log = LogFactory.getLog(OpenIDServerManager.class);
+ private static Log log = LogFactory.getLog(OpenIDServerManager.class);
- /**
- *
- */
- public Message associationResponse(ParameterList requestParams) {
- boolean isVersion2 = requestParams.hasParameter("openid.ns");
-
- _log.info("Processing association request...");
-
- try {
- // build request message from response params (+ integrity check)
- AssociationRequest assocReq = AssociationRequest
- .createAssociationRequest(requestParams);
-
- isVersion2 = assocReq.isVersion2();
-
- AssociationSessionType type = assocReq.getType();
-
- // is supported / allowed ?
- if (!Association.isHmacSupported(type.getAssociationType())
- || !DiffieHellmanSession.isDhSupported(type)
- || getMinAssocSessEnc().isBetter(type)) {
- throw new AssociationException(
- "Unable create association for: "
- + type.getSessionType() + " / "
- + type.getAssociationType());
- } else // all ok, go ahead
- {
- Association assoc = getPrivateAssociations().generate(
- type.getAssociationType(), getExpireIn());
-
- _log.info("Returning private association; handle: "
- + assoc.getHandle());
-
- return AssociationResponse.createAssociationResponse(assocReq,
- assoc);
- }
- } catch (OpenIDException e) {
- // association failed, respond accordingly
- if (isVersion2) {
- _log.warn("Cannot establish association, "
- + "responding with an OpenID2 association error.", e);
-
- return AssociationError.createAssociationError(e.getMessage(),
- getPrefAssocSessEnc());
- } else {
- _log.warn("Error processing an OpenID1 association request: "
- + e.getMessage()
- + " Responding with a dummy association.", e);
- try {
- // generate dummy association & no-encryption response
- // for compatibility mode
- Association dummyAssoc = getPrivateAssociations().generate(
- Association.TYPE_HMAC_SHA1, 0);
-
- AssociationRequest dummyRequest = AssociationRequest
-
.createAssociationRequest(AssociationSessionType.NO_ENCRYPTION_COMPAT_SHA1MAC);
-
- return AssociationResponse.createAssociationResponse(
- dummyRequest, dummyAssoc);
- } catch (OpenIDException ee) {
- _log
- .error(
- "Error creating negative OpenID1
association response.",
- e);
- return null;
- }
+ /**
+ *
+ */
+ public Message associationResponse(ParameterList requestParams) {
+ boolean isVersion2 = requestParams.hasParameter("openid.ns");
+
+ log.info("Processing association request...");
+
+ try {
+ // build request message from response params (+
integrity check)
+ AssociationRequest assocReq = AssociationRequest
+
.createAssociationRequest(requestParams);
+
+ isVersion2 = assocReq.isVersion2();
+
+ AssociationSessionType type = assocReq.getType();
+
+ // is supported / allowed ?
+ if
(!Association.isHmacSupported(type.getAssociationType())
+ ||
!DiffieHellmanSession.isDhSupported(type)
+ || getMinAssocSessEnc().isBetter(type))
{
+ throw new AssociationException(
+ "Unable create association for:
"
+ +
type.getSessionType() + " / "
+ +
type.getAssociationType());
+ } else // all ok, go ahead
+ {
+ Association assoc =
getPrivateAssociations().generate(
+ type.getAssociationType(),
getExpireIn());
+
+ log.info("Returning private association;
handle: "
+ + assoc.getHandle());
+
+ return
AssociationResponse.createAssociationResponse(assocReq,
+ assoc);
+ }
+ } catch (OpenIDException e) {
+ // association failed, respond accordingly
+ if (isVersion2) {
+ log.warn("Cannot establish association, "
+ + "responding with an OpenID2
association error.", e);
+
+ return
AssociationError.createAssociationError(e.getMessage(),
+ getPrefAssocSessEnc());
+ } else {
+ log.warn("Error processing an OpenID1
association request: "
+ + e.getMessage()
+ + " Responding with a dummy
association.", e);
+ try {
+ // generate dummy association &
no-encryption response
+ // for compatibility mode
+ Association dummyAssoc =
getPrivateAssociations().generate(
+
Association.TYPE_HMAC_SHA1, 0);
+
+ AssociationRequest dummyRequest =
AssociationRequest
+
.createAssociationRequest(AssociationSessionType.NO_ENCRYPTION_COMPAT_SHA1MAC);
+
+ return
AssociationResponse.createAssociationResponse(
+ dummyRequest,
dummyAssoc);
+ } catch (OpenIDException ee) {
+ log
+ .error(
+ "Error
creating negative OpenID1 association response.",
+ e);
+ return null;
+ }
- }
+ }
- }
- }
+ }
+ }
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIDTokenIssuer.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIDTokenIssuer.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIDTokenIssuer.java
Thu Feb 14 03:28:06 2008
@@ -11,6 +11,8 @@
import org.apache.axiom.om.OMElement;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.RahasData;
import org.apache.rahas.TrustException;
@@ -39,215 +41,233 @@
public class OpenIDTokenIssuer extends IdentityTokenIssuer {
- private String appliesTo;
+ private String appliesTo;
- /**
- * Overrides the base functionality to cater OpenID related functionality.
- */
- public SOAPEnvelope issue(RahasData data) throws TrustException {
-
- appliesTo = data.getAppliesToAddress();
-
- return super.issue(data);
- }
-
- /**
- * Override this method from the base class : we don't need SAML :)
- */
- protected Element createSAMLAssertionAsDOM(IdentityProviderData ipData,
- RahasData rahasData, DateTime notBefore, DateTime notAfter,
- String assertionId) throws IdentityProviderException {
- return null;
- }
-
- /**
- * Overrides the base functionality to cater OpenID related functionality.
- */
- protected OMElement createRSTR(RahasData data, Date notBefore,
- Date notAfter, SOAPEnvelope env, Document doc, Node assertionElem,
- String assertionId, WSSecEncryptedKey encryptedKey)
- throws TrustException, SAMLException, IdentityProviderException {
-
- int wstVersion = data.getVersion();
- MessageContext inMsgCtx = data.getInMessageContext();
-
- OMElement rstrElem = TrustUtil
- .createRequestSecurityTokenResponseElement(wstVersion, env
- .getBody());
- TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
- data.getTokenType());
-
- createDisplayToken(rstrElem, ipData);
-
- OMElement appliesToEpr = null;
- if (encryptedKey != null) {
- int keysize = data.getKeysize();
- if (keysize == -1) {
- keysize = encryptedKey.getEphemeralKey().length * 8;
- }
-
- TrustUtil.createKeySizeElement(wstVersion, rstrElem, keysize);
-
- OMElement incomingAppliesToEpr = data.getAppliesToEpr();
- try {
- Document eprDoc = DocumentBuilderFactory.newInstance()
- .newDocumentBuilder().parse(
- new ByteArrayInputStream(incomingAppliesToEpr
- .toString().getBytes()));
- appliesToEpr = (OMElement) doc.importNode(eprDoc
- .getDocumentElement(), true);
- } catch (Exception e) {
- new TrustException(TrustException.REQUEST_FAILED, e);
- }
-
- OMElement appliesToElem = rstrElem
- .getOMFactory()
- .createOMElement(
- new QName(
- RahasConstants.WSP_NS,
-
RahasConstants.IssuanceBindingLocalNames.APPLIES_TO,
- RahasConstants.WSP_PREFIX), rstrElem);
- appliesToElem.addChild(appliesToEpr);
- }
-
- // Use GMT time in milliseconds
- DateFormat zulu = new XmlSchemaDateFormat();
-
- // Add the Lifetime element
- TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
- .format(notBefore), zulu.format(notAfter));
-
- OMElement reqSecTokenElem = TrustUtil
- .createRequestedSecurityTokenElement(wstVersion, rstrElem);
-
- createOpenIdToken(reqSecTokenElem);
-
- createAttachedRef(rstrElem, assertionId);
- createUnattachedRef(rstrElem, assertionId);
-
- return rstrElem;
- }
-
- /**
- * Creates an OpenID token.
- *
- * @param rstrElem
- * RSTR token
- * @return OpenID token
- * @throws MessageException
- */
- protected OMElement createOpenIdToken(OMElement rstrElem)
- throws IdentityProviderException {
- OMElement rdt = IdentityProviderUtil
- .createOpenIdToken(rstrElem, ipData);
-
- OpenIDInfoCardToken token = null;
- Message message = null;
- ParameterList params = null;
- String claimID = null;
- OpenIDInfoCardHeader header = null;
-
- header = new OpenIDInfoCardHeader(OpenIDProvider.getManager());
-
- claimID = ((RequestedClaimData) ipData.requestedClaims
- .get(IdentityConstants.CLAIM_OPENID)).value;
-
- params = header.buildHeader(claimID, OpenIDProvider.getOpAddress(),
- appliesTo);
-
- setSimpleAttributeParams(params);
-
- try {
- message = Message.createMessage(params);
- } catch (MessageException e) {
- throw new IdentityProviderException(
- IdentityConstants.ErrorCodes.OPENID_TOKEN_CREATION_FAILED);
-
- }
-
- token = new OpenIDInfoCardToken(message);
-
- rdt.setText(token.getToken());
-
- return rdt;
- }
-
- /**
- * Set the attributes in the structure required by the Attribute Exchange.
- *
- * @param params
- * Parameter list
- */
- protected void setAttributeExchangeParams(ParameterList params) {
-
- Iterator iterator = null;
- String key = null;
- OpenIDRequestedClaimData claim = null;
-
- params.set(new Parameter(
- IdentityConstants.OpenId.ExchangeAttributes.EXT,
- IdentityConstants.OpenId.ExchangeAttributes.NS_AX));
-
- params.set(new Parameter(
- IdentityConstants.OpenId.ExchangeAttributes.MODE,
- IdentityConstants.OpenId.ExchangeAttributes.FETCH_RESPONSE));
-
- params.set(new Parameter(
- IdentityConstants.OpenId.SimpleRegAttributes.OP_SREG,
- IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG));
-
- iterator = ipData.requestedClaims.keySet().iterator();
-
- while (iterator.hasNext()) {
- key = (String) iterator.next();
- claim = (OpenIDRequestedClaimData) ipData.requestedClaims.get(key);
-
- if (claim.openIDTag != null) {
- params.set(new Parameter(
- IdentityConstants.OpenId.ExchangeAttributes.TYPE
- + claim.openIDTag, claim.uri));
- params.set(new Parameter(
- IdentityConstants.OpenId.ExchangeAttributes.VALUE
- + claim.openIDTag, claim.value));
- }
- }
- }
-
- /**
- * Set the attributes in the structure required by the Simple Registration.
- *
- * @param params
- * Parameter list
- */
- protected void setSimpleAttributeParams(ParameterList params) {
-
- Iterator iterator = null;
- String key = null;
- OpenIDRequestedClaimData claim = null;
-
- params.set(new Parameter(
- IdentityConstants.OpenId.SimpleRegAttributes.OP_SREG,
- IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG));
-
- iterator = ipData.requestedClaims.keySet().iterator();
-
- while (iterator.hasNext()) {
- key = (String) iterator.next();
- claim = (OpenIDRequestedClaimData) ipData.requestedClaims.get(key);
-
- if (claim.openIDTag != null)
- params.set(new Parameter(
- IdentityConstants.OpenId.SimpleRegAttributes.SREG
- + claim.openIDTag, claim.value));
- }
- }
-
- /**
- * Overrides the base functionality to cater OpenID related functionality.
- */
- protected IdentityProviderData getIdentityProviderData(RahasData rahasData)
- throws Exception {
- return new OpenIDInfoCardProviderData(rahasData);
- }
+ private static Log log = LogFactory.getLog(OpenIDTokenIssuer.class);
+
+ /**
+ * Overrides the base functionality to cater OpenID related
functionality.
+ */
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+
+ appliesTo = data.getAppliesToAddress();
+
+ return super.issue(data);
+ }
+
+ /**
+ * Override this method from the base class : we don't need SAML :)
+ */
+ protected Element createSAMLAssertionAsDOM(IdentityProviderData ipData,
+ RahasData rahasData, DateTime notBefore, DateTime
notAfter,
+ String assertionId) throws IdentityProviderException {
+ return null;
+ }
+
+ /**
+ * Overrides the base functionality to cater OpenID related
functionality.
+ */
+ protected OMElement createRSTR(RahasData data, Date notBefore,
+ Date notAfter, SOAPEnvelope env, Document doc, Node
assertionElem,
+ String assertionId, WSSecEncryptedKey encryptedKey)
+ throws TrustException, SAMLException,
IdentityProviderException {
+
+ int wstVersion = data.getVersion();
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ OMElement rstrElem = TrustUtil
+
.createRequestSecurityTokenResponseElement(wstVersion, env
+ .getBody());
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ data.getTokenType());
+
+ createDisplayToken(rstrElem, ipData);
+
+ if (log.isDebugEnabled())
+ log.debug("Display token for OpenID Information card,
created successfully");
+
+ OMElement appliesToEpr = null;
+ if (encryptedKey != null) {
+ int keysize = data.getKeysize();
+ if (keysize == -1) {
+ keysize = encryptedKey.getEphemeralKey().length
* 8;
+ }
+
+ TrustUtil.createKeySizeElement(wstVersion, rstrElem,
keysize);
+
+ OMElement incomingAppliesToEpr = data.getAppliesToEpr();
+ try {
+ Document eprDoc =
DocumentBuilderFactory.newInstance()
+ .newDocumentBuilder().parse(
+ new
ByteArrayInputStream(incomingAppliesToEpr
+
.toString().getBytes()));
+ appliesToEpr = (OMElement) doc.importNode(eprDoc
+ .getDocumentElement(), true);
+ } catch (Exception e) {
+ new
TrustException(TrustException.REQUEST_FAILED, e);
+ }
+
+ OMElement appliesToElem = rstrElem
+ .getOMFactory()
+ .createOMElement(
+ new QName(
+
RahasConstants.WSP_NS,
+
RahasConstants.IssuanceBindingLocalNames.APPLIES_TO,
+
RahasConstants.WSP_PREFIX), rstrElem);
+ appliesToElem.addChild(appliesToEpr);
+ }
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(notBefore), zulu.format(notAfter));
+
+ OMElement reqSecTokenElem = TrustUtil
+
.createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ createOpenIdToken(reqSecTokenElem);
+
+ createAttachedRef(rstrElem, assertionId);
+ createUnattachedRef(rstrElem, assertionId);
+
+ if (log.isDebugEnabled())
+ log.debug("RSTR for OpenID Information card, created
successfully");
+
+ return rstrElem;
+ }
+
+ /**
+ * Creates an OpenID token.
+ *
+ * @param rstrElem
+ * RSTR token
+ * @return OpenID token
+ * @throws MessageException
+ */
+ protected OMElement createOpenIdToken(OMElement rstrElem)
+ throws IdentityProviderException {
+ OMElement rdt = IdentityProviderUtil
+ .createOpenIdToken(rstrElem, ipData);
+
+ OpenIDInfoCardToken token = null;
+ Message message = null;
+ ParameterList params = null;
+ String claimID = null;
+ OpenIDInfoCardHeader header = null;
+
+ header = new OpenIDInfoCardHeader(OpenIDProvider.getManager());
+
+ claimID = ((RequestedClaimData) ipData.requestedClaims
+ .get(IdentityConstants.CLAIM_OPENID)).value;
+
+ params = header.buildHeader(claimID,
OpenIDProvider.getOpAddress(),
+ appliesTo);
+
+ setSimpleAttributeParams(params);
+
+ try {
+ message = Message.createMessage(params);
+ } catch (MessageException e) {
+ log.error(e.getMessage());
+ throw new IdentityProviderException(
+
IdentityConstants.ErrorCodes.OPENID_TOKEN_CREATION_FAILED);
+
+ }
+
+ token = new OpenIDInfoCardToken(message);
+
+ rdt.setText(token.getToken());
+
+ if (log.isDebugEnabled())
+ log.debug("OpenID token created successfully");
+
+ return rdt;
+ }
+
+ /**
+ * Set the attributes in the structure required by the Attribute
Exchange.
+ *
+ * @param params
+ * Parameter list
+ */
+ protected void setAttributeExchangeParams(ParameterList params) {
+
+ Iterator iterator = null;
+ String key = null;
+ OpenIDRequestedClaimData claim = null;
+
+ params.set(new Parameter(
+ IdentityConstants.OpenId.ExchangeAttributes.EXT,
+
IdentityConstants.OpenId.ExchangeAttributes.NS_AX));
+
+ params.set(new Parameter(
+
IdentityConstants.OpenId.ExchangeAttributes.MODE,
+
IdentityConstants.OpenId.ExchangeAttributes.FETCH_RESPONSE));
+
+ params.set(new Parameter(
+
IdentityConstants.OpenId.SimpleRegAttributes.OP_SREG,
+
IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG));
+
+ iterator = ipData.requestedClaims.keySet().iterator();
+
+ while (iterator.hasNext()) {
+ key = (String) iterator.next();
+ claim = (OpenIDRequestedClaimData)
ipData.requestedClaims.get(key);
+
+ if (claim.openIDTag != null) {
+ params.set(new Parameter(
+
IdentityConstants.OpenId.ExchangeAttributes.TYPE
+ +
claim.openIDTag, claim.uri));
+ params.set(new Parameter(
+
IdentityConstants.OpenId.ExchangeAttributes.VALUE
+ +
claim.openIDTag, claim.value));
+ }
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("OpenID Ax parameters set successfully");
+ }
+
+ /**
+ * Set the attributes in the structure required by the Simple
Registration.
+ *
+ * @param params
+ * Parameter list
+ */
+ protected void setSimpleAttributeParams(ParameterList params) {
+
+ Iterator iterator = null;
+ String key = null;
+ OpenIDRequestedClaimData claim = null;
+
+ params.set(new Parameter(
+
IdentityConstants.OpenId.SimpleRegAttributes.OP_SREG,
+
IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG));
+
+ iterator = ipData.requestedClaims.keySet().iterator();
+
+ while (iterator.hasNext()) {
+ key = (String) iterator.next();
+ claim = (OpenIDRequestedClaimData)
ipData.requestedClaims.get(key);
+
+ if (claim.openIDTag != null)
+ params.set(new Parameter(
+
IdentityConstants.OpenId.SimpleRegAttributes.SREG
+ +
claim.openIDTag, claim.value));
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("OpenID simple attribute parameters set
successfully");
+ }
+
+ /**
+ * Overrides the base functionality to cater OpenID related
functionality.
+ */
+ protected IdentityProviderData getIdentityProviderData(RahasData
rahasData)
+ throws Exception {
+ return new OpenIDInfoCardProviderData(rahasData);
+ }
}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
