Author: prabath
Date: Thu Feb 14 04:03:54 2008
New Revision: 13762
Log:
formatting
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProviderData.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDServerManager.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/UserInfoServlet.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIDTokenIssuer.java
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
Thu Feb 14 04:03:54 2008
@@ -32,359 +32,359 @@
public class OpenIDProvider {
- // Instantiate a ServerManager object.
- public static ServerManager manager = new OpenIDServerManager();
- private String authPage;
-
- private static Log log = LogFactory.getLog(OpenIDProvider.class);
-
- private static String opAddress = null;
-
- /**
- * Configure the OpenID Provider's end-point URL.
- */
- static {
-
- ServerConfiguration serverConfig = null;
- String openIDServerUrl = null;
-
- serverConfig = ServerConfiguration.getInstance();
- openIDServerUrl =
serverConfig.getFirstProperty("OpenIDServerUrl");
-
- // This is the OpenID provider server URL
- opAddress = openIDServerUrl + "/server/";
- manager.setOPEndpointUrl(opAddress);
- }
-
- /**
- * Process the Relying Party request at the OpenID Provider end.
- *
- * @param httpReq
- * HttpServletRequest
- * @param httpResp
- * HttpServletResponse
- * @return The Url to be redirected
- * @throws Exception
- */
- public String processRequest(HttpServletRequest httpReq,
- HttpServletResponse httpResp) throws
IdentityProviderException {
-
- ParameterList request = null;
- Message message = null;
- String responseText = null;
- HttpSession session = null;
-
- try {
-
- session = httpReq.getSession();
-
- if (IdentityConstants.OpenId.COMPLETE.equals(httpReq
-
.getParameter(IdentityConstants.OpenId.ACTION))
- ||
IdentityConstants.OpenId.CANCEL.equals(httpReq
-
.getParameter(IdentityConstants.OpenId.ACTION))) {
- // Authentication completed.
- request = (ParameterList) session
-
.getAttribute(IdentityProviderConstants.OpenId.PARAM_LIST);
- } else {
- // Extract the parameters from the request.
- // Authentication not completed.
- request = new
ParameterList(httpReq.getParameterMap());
- }
-
- String mode = request
-
.hasParameter(IdentityConstants.OpenId.ATTR_MODE) ? request
-
.getParameterValue(IdentityConstants.OpenId.ATTR_MODE)
- : null;
-
- if (IdentityConstants.OpenId.ASSOCIATE.equals(mode)) {
- // Process an association request made by RP.
- message = manager.associationResponse(request);
- responseText = message.keyValueFormEncoding();
- } else if
(IdentityConstants.OpenId.CHECKID_SETUP.equals(mode)
- ||
IdentityConstants.OpenId.CHECKID_IMMEDIATE.equals(mode)) {
-
- boolean authenticatedAndApproved = false;
- String userSelectedClaimedId = null;
- String openId = null;
- String userId = null;
-
- openId = request
-
.hasParameter(IdentityConstants.OpenId.ATTR_IDENTITY) ? request
-
.getParameterValue(IdentityConstants.OpenId.ATTR_IDENTITY)
- : null;
-
- if (openId == null)
- throw new IdentityProviderException(
-
IdentityConstants.ErrorCodes.REQUIRED_ATTRIBUTE_MISSING);
-
- userId = getUserName(openId);
-
- if
(httpReq.getParameter("authenticatedAndApproved") != null
- &&
httpReq.getParameter("authenticatedAndApproved")
-
.equals("true")) {
- authenticatedAndApproved = true;
- }
-
- if
(IdentityConstants.OpenId.CANCEL.equals(httpReq
-
.getParameter(IdentityConstants.OpenId.ACTION))) {
-
- authenticatedAndApproved = false;
-
- } else if (!authenticatedAndApproved) {
-
- // Not authenticated, redirect to the
authentication
- // page.
- session.setAttribute(
-
IdentityProviderConstants.OpenId.PARAM_LIST,
- request);
- return authPage;
-
- }
-
- // Process an authentication request.
- AuthRequest authReq =
AuthRequest.createAuthRequest(request,
- manager.getRealmVerifier());
-
- String opLocalId = null;
-
- message = manager.authResponse(request,
opLocalId,
- userSelectedClaimedId,
authenticatedAndApproved);
-
- if (message instanceof DirectError
- || message instanceof
AuthFailure)
- return message.getDestinationUrl(true);
- else {
- if (authReq
-
.hasExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX)) {
-
- MessageExtension extensions =
authReq
-
.getExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX);
-
- if (extensions instanceof
FetchRequest) {
-
- Map required = null;
- Map userDataExt = null;
- FetchRequest fetchReq =
null;
- FetchResponse fetchResp
= null;
- OpenIDProviderData
openIDData = null;
- Map claimValues = null;
-
- fetchReq =
(FetchRequest) extensions;
-
- // Get the required
attributes as requested by the
- // RP.
- required =
fetchReq.getAttributes(true);
-
- userDataExt = new
HashMap();
- openIDData = new
OpenIDProviderData();
-
- fetchResp =
FetchResponse.createFetchResponse(
-
fetchReq, userDataExt);
-
- claimValues =
openIDData.populateAttributeValues(
-
required, userId);
-
-
openIDData.setAttributeExchangeValues(fetchResp,
-
claimValues);
-
message.addExtension(fetchResp);
-
- } else {
- log.error("Unsupported
request type");
- throw new
UnsupportedOperationException("TODO");
- }
- }
- if (authReq
-
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)) {
-
- MessageExtension extension =
authReq
-
.getExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG);
-
- if (extension instanceof
SRegRequest) {
-
- SRegRequest sregReq =
null;
- List required = null;
- Map userDataSReg = null;
- Map claimValues = null;
- SRegResponse response =
null;
- OpenIDProviderData
openIDData = null;
-
- sregReq = (SRegRequest)
extension;
-
- // Get the required
attributes as requested by the
- // RP.
- required =
sregReq.getAttributes(true);
-
- userDataSReg = new
HashMap();
- openIDData = new
OpenIDProviderData();
-
- response =
SRegResponse.createSRegResponse(sregReq,
-
userDataSReg);
-
- claimValues =
openIDData.populateAttributeValues(
-
required, userId);
-
-
openIDData.setSimpleAttributeRegistrationValues(
-
response, claimValues);
-
-
message.addExtension(response);
-
- } else {
- log.error("Unsupported
request type");
- throw new
UnsupportedOperationException("TODO");
- }
- }
-
- return message.getDestinationUrl(true);
- }
- } else if (IdentityConstants.OpenId.CHECK_AUTHENTICATION
- .equals(mode)) {
- // Processing a verification request.
- message = manager.verify(request);
- responseText = message.keyValueFormEncoding();
- } else {
- // Error response.
- message =
DirectError.createDirectError("Unknown request");
- responseText = message.keyValueFormEncoding();
- }
- } catch (Exception e) {
- // Error response.
- message = DirectError.createDirectError(e.getMessage());
- responseText = message.keyValueFormEncoding();
- }
-
- try {
- // Return the result to the user.
- return directResponse(httpResp, responseText);
- } catch (IOException e) {
- throw new IdentityProviderException(
-
IdentityConstants.ErrorCodes.OPENID_DIRECT_RESP_FAILED);
- }
- }
-
- /**
- * Find the user name corresponding to the given OpenID.
- *
- * @param openId
- * User's OpenID
- * @return User name corresponding the given OpenID.
- * @throws ServerException
- * @throws IdentityProviderException
- */
- private String getUserName(String openId) throws ServerException,
- IdentityProviderException {
-
- UserStore userStore = null;
- List users = null;
-
- userStore = UserStore.getInstance();
- users = userStore.getAllUserNames();
-
- if (users == null)
- throw new IdentityProviderException("No users found");
-
- Map mapValues = null;
- Iterator iterator = null;
-
- iterator = users.iterator();
-
- while (iterator.hasNext()) {
-
- String user = (String) iterator.next();
- mapValues = userStore.getClaimValues(user, null);
-
- if (mapValues != null && !mapValues.isEmpty()) {
-
- // User has defined claims!
- String claimId = (String) mapValues
-
.get(IdentityConstants.CLAIM_OPENID);
-
- if (claimId != null) {
- if (openId.indexOf(claimId) >= 0
- &&
openId.endsWith(claimId.substring(claimId
-
.length() - 1))) {
- return user;
- }
- }
- }
- }
-
- return null;
- }
-
- /**
- * Generate OpenID for a given user.
- *
- * @param user
- * User
- * @return
- */
- public static String generateOpenID(String user) {
-
- ServerConfiguration serverConfig = null;
- String openIDServerUrl = null;
- String openID = null;
-
- serverConfig = ServerConfiguration.getInstance();
- openIDServerUrl =
serverConfig.getFirstProperty("OpenIDServerUrl");
-
- openID = openIDServerUrl + "/user/" + user;
-
- log.info("OpenID generated : " + openID);
-
- return openID;
- }
-
- /**
- *
- * @param authPage
- * Authentication page
- */
- public void setAuthPage(String authPage) {
-
- ServerConfiguration serverConfig = null;
- String host = null;
- String httpsPort = null;
-
- serverConfig = ServerConfiguration.getInstance();
- host = serverConfig.getFirstProperty("HostName");
- httpsPort = serverConfig.getFirstProperty("Ports.HTTPS");
-
- this.authPage = "https://"; + host + ":" + httpsPort + "/" +
authPage;
- }
-
- /**
- *
- * @return OpenID Provider server URL.
- */
- public static String getOpAddress() {
- return opAddress;
- }
-
- public static ServerManager getManager() {
- return manager;
- }
-
- /**
- * Send a direct response to the RP.
- *
- * @param httpResp
- * HttpServletResponse
- * @param response
- * Response message
- * @return
- * @throws IOException
- */
- private String directResponse(HttpServletResponse httpResp, String
response)
- throws IOException {
- ServletOutputStream stream = null;
- try {
- stream = httpResp.getOutputStream();
- stream.write(response.getBytes());
- } finally {
- if (stream != null)
- stream.close();
- }
- return null;
- }
+ // Instantiate a ServerManager object.
+ public static ServerManager manager = new OpenIDServerManager();
+ private String authPage;
+
+ private static Log log = LogFactory.getLog(OpenIDProvider.class);
+
+ private static String opAddress = null;
+
+ /**
+ * Configure the OpenID Provider's end-point URL.
+ */
+ static {
+
+ ServerConfiguration serverConfig = null;
+ String openIDServerUrl = null;
+
+ serverConfig = ServerConfiguration.getInstance();
+ openIDServerUrl = serverConfig.getFirstProperty("OpenIDServerUrl");
+
+ // This is the OpenID provider server URL
+ opAddress = openIDServerUrl + "/server/";
+ manager.setOPEndpointUrl(opAddress);
+ }
+
+ /**
+ * Process the Relying Party request at the OpenID Provider end.
+ *
+ * @param httpReq
+ * HttpServletRequest
+ * @param httpResp
+ * HttpServletResponse
+ * @return The Url to be redirected
+ * @throws Exception
+ */
+ public String processRequest(HttpServletRequest httpReq,
+ HttpServletResponse httpResp) throws IdentityProviderException {
+
+ ParameterList request = null;
+ Message message = null;
+ String responseText = null;
+ HttpSession session = null;
+
+ try {
+
+ session = httpReq.getSession();
+
+ if (IdentityConstants.OpenId.COMPLETE.equals(httpReq
+ .getParameter(IdentityConstants.OpenId.ACTION))
+ || IdentityConstants.OpenId.CANCEL.equals(httpReq
+ .getParameter(IdentityConstants.OpenId.ACTION))) {
+ // Authentication completed.
+ request = (ParameterList) session
+
.getAttribute(IdentityProviderConstants.OpenId.PARAM_LIST);
+ } else {
+ // Extract the parameters from the request.
+ // Authentication not completed.
+ request = new ParameterList(httpReq.getParameterMap());
+ }
+
+ String mode = request
+ .hasParameter(IdentityConstants.OpenId.ATTR_MODE) ? request
+ .getParameterValue(IdentityConstants.OpenId.ATTR_MODE)
+ : null;
+
+ if (IdentityConstants.OpenId.ASSOCIATE.equals(mode)) {
+ // Process an association request made by RP.
+ message = manager.associationResponse(request);
+ responseText = message.keyValueFormEncoding();
+ } else if (IdentityConstants.OpenId.CHECKID_SETUP.equals(mode)
+ ||
IdentityConstants.OpenId.CHECKID_IMMEDIATE.equals(mode)) {
+
+ boolean authenticatedAndApproved = false;
+ String userSelectedClaimedId = null;
+ String openId = null;
+ String userId = null;
+
+ openId = request
+ .hasParameter(IdentityConstants.OpenId.ATTR_IDENTITY)
? request
+
.getParameterValue(IdentityConstants.OpenId.ATTR_IDENTITY)
+ : null;
+
+ if (openId == null)
+ throw new IdentityProviderException(
+
IdentityConstants.ErrorCodes.REQUIRED_ATTRIBUTE_MISSING);
+
+ userId = getUserName(openId);
+
+ if (httpReq.getParameter("authenticatedAndApproved") != null
+ && httpReq.getParameter("authenticatedAndApproved")
+ .equals("true")) {
+ authenticatedAndApproved = true;
+ }
+
+ if (IdentityConstants.OpenId.CANCEL.equals(httpReq
+ .getParameter(IdentityConstants.OpenId.ACTION))) {
+
+ authenticatedAndApproved = false;
+
+ } else if (!authenticatedAndApproved) {
+
+ // Not authenticated, redirect to the authentication
+ // page.
+ session.setAttribute(
+ IdentityProviderConstants.OpenId.PARAM_LIST,
+ request);
+ return authPage;
+
+ }
+
+ // Process an authentication request.
+ AuthRequest authReq = AuthRequest.createAuthRequest(request,
+ manager.getRealmVerifier());
+
+ String opLocalId = null;
+
+ message = manager.authResponse(request, opLocalId,
+ userSelectedClaimedId, authenticatedAndApproved);
+
+ if (message instanceof DirectError
+ || message instanceof AuthFailure)
+ return message.getDestinationUrl(true);
+ else {
+ if (authReq
+
.hasExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX)) {
+
+ MessageExtension extensions = authReq
+
.getExtension(IdentityConstants.OpenId.ExchangeAttributes.NS_AX);
+
+ if (extensions instanceof FetchRequest) {
+
+ Map required = null;
+ Map userDataExt = null;
+ FetchRequest fetchReq = null;
+ FetchResponse fetchResp = null;
+ OpenIDProviderData openIDData = null;
+ Map claimValues = null;
+
+ fetchReq = (FetchRequest) extensions;
+
+ // Get the required attributes as requested by the
+ // RP.
+ required = fetchReq.getAttributes(true);
+
+ userDataExt = new HashMap();
+ openIDData = new OpenIDProviderData();
+
+ fetchResp = FetchResponse.createFetchResponse(
+ fetchReq, userDataExt);
+
+ claimValues = openIDData.populateAttributeValues(
+ required, userId);
+
+ openIDData.setAttributeExchangeValues(fetchResp,
+ claimValues);
+ message.addExtension(fetchResp);
+
+ } else {
+ log.error("Unsupported request type");
+ throw new UnsupportedOperationException("TODO");
+ }
+ }
+ if (authReq
+
.hasExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG)) {
+
+ MessageExtension extension = authReq
+
.getExtension(IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG);
+
+ if (extension instanceof SRegRequest) {
+
+ SRegRequest sregReq = null;
+ List required = null;
+ Map userDataSReg = null;
+ Map claimValues = null;
+ SRegResponse response = null;
+ OpenIDProviderData openIDData = null;
+
+ sregReq = (SRegRequest) extension;
+
+ // Get the required attributes as requested by the
+ // RP.
+ required = sregReq.getAttributes(true);
+
+ userDataSReg = new HashMap();
+ openIDData = new OpenIDProviderData();
+
+ response = SRegResponse.createSRegResponse(sregReq,
+ userDataSReg);
+
+ claimValues = openIDData.populateAttributeValues(
+ required, userId);
+
+ openIDData.setSimpleAttributeRegistrationValues(
+ response, claimValues);
+
+ message.addExtension(response);
+
+ } else {
+ log.error("Unsupported request type");
+ throw new UnsupportedOperationException("TODO");
+ }
+ }
+
+ return message.getDestinationUrl(true);
+ }
+ } else if (IdentityConstants.OpenId.CHECK_AUTHENTICATION
+ .equals(mode)) {
+ // Processing a verification request.
+ message = manager.verify(request);
+ responseText = message.keyValueFormEncoding();
+ } else {
+ // Error response.
+ message = DirectError.createDirectError("Unknown request");
+ responseText = message.keyValueFormEncoding();
+ }
+ } catch (Exception e) {
+ // Error response.
+ message = DirectError.createDirectError(e.getMessage());
+ responseText = message.keyValueFormEncoding();
+ }
+
+ try {
+ // Return the result to the user.
+ return directResponse(httpResp, responseText);
+ } catch (IOException e) {
+ throw new IdentityProviderException(
+ IdentityConstants.ErrorCodes.OPENID_DIRECT_RESP_FAILED);
+ }
+ }
+
+ /**
+ * Find the user name corresponding to the given OpenID.
+ *
+ * @param openId
+ * User's OpenID
+ * @return User name corresponding the given OpenID.
+ * @throws ServerException
+ * @throws IdentityProviderException
+ */
+ private String getUserName(String openId) throws ServerException,
+ IdentityProviderException {
+
+ UserStore userStore = null;
+ List users = null;
+
+ userStore = UserStore.getInstance();
+ users = userStore.getAllUserNames();
+
+ if (users == null)
+ throw new IdentityProviderException("No users found");
+
+ Map mapValues = null;
+ Iterator iterator = null;
+
+ iterator = users.iterator();
+
+ while (iterator.hasNext()) {
+
+ String user = (String) iterator.next();
+ mapValues = userStore.getClaimValues(user, null);
+
+ if (mapValues != null && !mapValues.isEmpty()) {
+
+ // User has defined claims!
+ String claimId = (String) mapValues
+ .get(IdentityConstants.CLAIM_OPENID);
+
+ if (claimId != null) {
+ if (openId.indexOf(claimId) >= 0
+ && openId.endsWith(claimId.substring(claimId
+ .length() - 1))) {
+ return user;
+ }
+ }
+ }
+ }
+
+ return null;
+ }
+
+ /**
+ * Generate OpenID for a given user.
+ *
+ * @param user
+ * User
+ * @return
+ */
+ public static String generateOpenID(String user) {
+
+ ServerConfiguration serverConfig = null;
+ String openIDServerUrl = null;
+ String openID = null;
+
+ serverConfig = ServerConfiguration.getInstance();
+ openIDServerUrl = serverConfig.getFirstProperty("OpenIDServerUrl");
+
+ openID = openIDServerUrl + "/user/" + user;
+
+ log.info("OpenID generated : " + openID);
+
+ return openID;
+ }
+
+ /**
+ *
+ * @param authPage
+ * Authentication page
+ */
+ public void setAuthPage(String authPage) {
+
+ ServerConfiguration serverConfig = null;
+ String host = null;
+ String httpsPort = null;
+
+ serverConfig = ServerConfiguration.getInstance();
+ host = serverConfig.getFirstProperty("HostName");
+ httpsPort = serverConfig.getFirstProperty("Ports.HTTPS");
+
+ this.authPage = "https://"; + host + ":" + httpsPort + "/" + authPage;
+ }
+
+ /**
+ *
+ * @return OpenID Provider server URL.
+ */
+ public static String getOpAddress() {
+ return opAddress;
+ }
+
+ public static ServerManager getManager() {
+ return manager;
+ }
+
+ /**
+ * Send a direct response to the RP.
+ *
+ * @param httpResp
+ * HttpServletResponse
+ * @param response
+ * Response message
+ * @return
+ * @throws IOException
+ */
+ private String directResponse(HttpServletResponse httpResp, String
response)
+ throws IOException {
+ ServletOutputStream stream = null;
+ try {
+ stream = httpResp.getOutputStream();
+ stream.write(response.getBytes());
+ } finally {
+ if (stream != null)
+ stream.close();
+ }
+ return null;
+ }
}
\ No newline at end of file
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProviderData.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProviderData.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProviderData.java
Thu Feb 14 04:03:54 2008
@@ -122,7 +122,7 @@
// Get the claims values corresponding to the user from the user store.
mapValues = connector.getClaimValues(userId, list);
-
+
claimValues = new HashMap();
iterator = requiredClaims.iterator();
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDServerManager.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDServerManager.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDServerManager.java
Thu Feb 14 04:03:54 2008
@@ -16,78 +16,78 @@
public class OpenIDServerManager extends ServerManager {
- private static Log log = LogFactory.getLog(OpenIDServerManager.class);
+ private static Log log = LogFactory.getLog(OpenIDServerManager.class);
- /**
- *
- */
- public Message associationResponse(ParameterList requestParams) {
- boolean isVersion2 = requestParams.hasParameter("openid.ns");
-
- log.info("Processing association request...");
-
- try {
- // build request message from response params (+
integrity check)
- AssociationRequest assocReq = AssociationRequest
-
.createAssociationRequest(requestParams);
-
- isVersion2 = assocReq.isVersion2();
-
- AssociationSessionType type = assocReq.getType();
-
- // is supported / allowed ?
- if
(!Association.isHmacSupported(type.getAssociationType())
- ||
!DiffieHellmanSession.isDhSupported(type)
- || getMinAssocSessEnc().isBetter(type))
{
- throw new AssociationException(
- "Unable create association for:
"
- +
type.getSessionType() + " / "
- +
type.getAssociationType());
- } else // all ok, go ahead
- {
- Association assoc =
getPrivateAssociations().generate(
- type.getAssociationType(),
getExpireIn());
-
- log.info("Returning private association;
handle: "
- + assoc.getHandle());
-
- return
AssociationResponse.createAssociationResponse(assocReq,
- assoc);
- }
- } catch (OpenIDException e) {
- // association failed, respond accordingly
- if (isVersion2) {
- log.warn("Cannot establish association, "
- + "responding with an OpenID2
association error.", e);
-
- return
AssociationError.createAssociationError(e.getMessage(),
- getPrefAssocSessEnc());
- } else {
- log.warn("Error processing an OpenID1
association request: "
- + e.getMessage()
- + " Responding with a dummy
association.", e);
- try {
- // generate dummy association &
no-encryption response
- // for compatibility mode
- Association dummyAssoc =
getPrivateAssociations().generate(
-
Association.TYPE_HMAC_SHA1, 0);
-
- AssociationRequest dummyRequest =
AssociationRequest
-
.createAssociationRequest(AssociationSessionType.NO_ENCRYPTION_COMPAT_SHA1MAC);
-
- return
AssociationResponse.createAssociationResponse(
- dummyRequest,
dummyAssoc);
- } catch (OpenIDException ee) {
- log
- .error(
- "Error
creating negative OpenID1 association response.",
- e);
- return null;
- }
+ /**
+ *
+ */
+ public Message associationResponse(ParameterList requestParams) {
+ boolean isVersion2 = requestParams.hasParameter("openid.ns");
+
+ log.info("Processing association request...");
+
+ try {
+ // build request message from response params (+ integrity check)
+ AssociationRequest assocReq = AssociationRequest
+ .createAssociationRequest(requestParams);
+
+ isVersion2 = assocReq.isVersion2();
+
+ AssociationSessionType type = assocReq.getType();
+
+ // is supported / allowed ?
+ if (!Association.isHmacSupported(type.getAssociationType())
+ || !DiffieHellmanSession.isDhSupported(type)
+ || getMinAssocSessEnc().isBetter(type)) {
+ throw new AssociationException(
+ "Unable create association for: "
+ + type.getSessionType() + " / "
+ + type.getAssociationType());
+ } else // all ok, go ahead
+ {
+ Association assoc = getPrivateAssociations().generate(
+ type.getAssociationType(), getExpireIn());
+
+ log.info("Returning private association; handle: "
+ + assoc.getHandle());
+
+ return AssociationResponse.createAssociationResponse(assocReq,
+ assoc);
+ }
+ } catch (OpenIDException e) {
+ // association failed, respond accordingly
+ if (isVersion2) {
+ log.warn("Cannot establish association, "
+ + "responding with an OpenID2 association error.", e);
+
+ return AssociationError.createAssociationError(e.getMessage(),
+ getPrefAssocSessEnc());
+ } else {
+ log.warn("Error processing an OpenID1 association request: "
+ + e.getMessage()
+ + " Responding with a dummy association.", e);
+ try {
+ // generate dummy association & no-encryption response
+ // for compatibility mode
+ Association dummyAssoc = getPrivateAssociations().generate(
+ Association.TYPE_HMAC_SHA1, 0);
+
+ AssociationRequest dummyRequest = AssociationRequest
+
.createAssociationRequest(AssociationSessionType.NO_ENCRYPTION_COMPAT_SHA1MAC);
+
+ return AssociationResponse.createAssociationResponse(
+ dummyRequest, dummyAssoc);
+ } catch (OpenIDException ee) {
+ log
+ .error(
+ "Error creating negative OpenID1
association response.",
+ e);
+ return null;
+ }
- }
+ }
- }
- }
+ }
+ }
}
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/UserInfoServlet.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/UserInfoServlet.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/UserInfoServlet.java
Thu Feb 14 04:03:54 2008
@@ -30,42 +30,31 @@
serverUrl = OpenIDProvider.getOpAddress();
caller = req.getPathInfo();
-
if (!isUserExist(caller.substring(1))) {
resp.setContentType("text/html");
back = "<html><head>\n"
+ "</head><body><h1>You are trying to do something fishy
!!!</h1></body></html>";
} else {
- //if ("html".equals(req.getParameter("format"))) {
- resp.setContentType("text/html");
- back = "<html><head>\n"
- + "<link rel='openid2.provider' href='" + serverUrl
+ "'/>\n"
- + "<link rel='openid.server' href='" + serverUrl +
"'/>\n"
- + "</head><body>"
- + "<h2>This is the OpenID Url of user, "
- + caller.substring(1)
- +"</h2>"
- +"</body></html>";
- /*} else {
- resp.setContentType("application/xrds+xml");
- back = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
- + "<xrds:XRDS\n"
- + " xmlns:xrds=\"xri://$xrds\"\n"
- + " xmlns:openid=\"http://openid.net/xmlns/1.0\"\n";
- + " xmlns=\"xri://$xrd*($v*2.0)\">\n"
- + " <XRD>\n"
- + " <Service priority=\"0\">\n"
- + " <Type>http://openid.net/signon/1.0</Type>\n"
- + " <URI>"
- + serverUrl
- + "</URI>\n"
- + " </Service>\n"
- + " <Service priority=\"1\">\n"
- + "
<Type>http://specs.openid.net/auth/2.0/signon</Type>\n"
- + " <URI>" + serverUrl + "</URI>\n"
- + " </Service>\n" + " </XRD>\n" + "</xrds:XRDS>";
- }*/
+ // if ("html".equals(req.getParameter("format"))) {
+ resp.setContentType("text/html");
+ back = "<html><head>\n" + "<link rel='openid2.provider' href='"
+ + serverUrl + "'/>\n" + "<link rel='openid.server' href='"
+ + serverUrl + "'/>\n" + "</head><body>"
+ + "<h2>This is the OpenID Url of user, "
+ + caller.substring(1) + "</h2>" + "</body></html>";
+ /*
+ * } else { resp.setContentType("application/xrds+xml"); back =
"<?xml
+ * version=\"1.0\" encoding=\"UTF-8\"?>\n" + "<xrds:XRDS\n" + "
+ * xmlns:xrds=\"xri://$xrds\"\n" + "
+ * xmlns:openid=\"http://openid.net/xmlns/1.0\"\n"; + "
+ * xmlns=\"xri://$xrd*($v*2.0)\">\n" + " <XRD>\n" + " <Service
+ * priority=\"0\">\n" + "
<Type>http://openid.net/signon/1.0</Type>\n" + "
+ * <URI>" + serverUrl + "</URI>\n" + " </Service>\n" + " <Service
+ * priority=\"1\">\n" + "
+ * <Type>http://specs.openid.net/auth/2.0/signon</Type>\n" + "
+ * <URI>" + serverUrl + "</URI>\n" + " </Service>\n" + " </XRD>\n"
+ "</xrds:XRDS>"; }
+ */
}
PrintWriter out = resp.getWriter();
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIDTokenIssuer.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIDTokenIssuer.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/sts/OpenIDTokenIssuer.java
Thu Feb 14 04:03:54 2008
@@ -41,233 +41,234 @@
public class OpenIDTokenIssuer extends IdentityTokenIssuer {
- private String appliesTo;
+ private String appliesTo;
- private static Log log = LogFactory.getLog(OpenIDTokenIssuer.class);
+ private static Log log = LogFactory.getLog(OpenIDTokenIssuer.class);
- /**
- * Overrides the base functionality to cater OpenID related
functionality.
- */
- public SOAPEnvelope issue(RahasData data) throws TrustException {
-
- appliesTo = data.getAppliesToAddress();
-
- return super.issue(data);
- }
-
- /**
- * Override this method from the base class : we don't need SAML :)
- */
- protected Element createSAMLAssertionAsDOM(IdentityProviderData ipData,
- RahasData rahasData, DateTime notBefore, DateTime
notAfter,
- String assertionId) throws IdentityProviderException {
- return null;
- }
-
- /**
- * Overrides the base functionality to cater OpenID related
functionality.
- */
- protected OMElement createRSTR(RahasData data, Date notBefore,
- Date notAfter, SOAPEnvelope env, Document doc, Node
assertionElem,
- String assertionId, WSSecEncryptedKey encryptedKey)
- throws TrustException, SAMLException,
IdentityProviderException {
-
- int wstVersion = data.getVersion();
- MessageContext inMsgCtx = data.getInMessageContext();
-
- OMElement rstrElem = TrustUtil
-
.createRequestSecurityTokenResponseElement(wstVersion, env
- .getBody());
- TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
- data.getTokenType());
-
- createDisplayToken(rstrElem, ipData);
-
- if (log.isDebugEnabled())
- log.debug("Display token for OpenID Information card,
created successfully");
-
- OMElement appliesToEpr = null;
- if (encryptedKey != null) {
- int keysize = data.getKeysize();
- if (keysize == -1) {
- keysize = encryptedKey.getEphemeralKey().length
* 8;
- }
-
- TrustUtil.createKeySizeElement(wstVersion, rstrElem,
keysize);
-
- OMElement incomingAppliesToEpr = data.getAppliesToEpr();
- try {
- Document eprDoc =
DocumentBuilderFactory.newInstance()
- .newDocumentBuilder().parse(
- new
ByteArrayInputStream(incomingAppliesToEpr
-
.toString().getBytes()));
- appliesToEpr = (OMElement) doc.importNode(eprDoc
- .getDocumentElement(), true);
- } catch (Exception e) {
- new
TrustException(TrustException.REQUEST_FAILED, e);
- }
-
- OMElement appliesToElem = rstrElem
- .getOMFactory()
- .createOMElement(
- new QName(
-
RahasConstants.WSP_NS,
-
RahasConstants.IssuanceBindingLocalNames.APPLIES_TO,
-
RahasConstants.WSP_PREFIX), rstrElem);
- appliesToElem.addChild(appliesToEpr);
- }
-
- // Use GMT time in milliseconds
- DateFormat zulu = new XmlSchemaDateFormat();
-
- // Add the Lifetime element
- TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
- .format(notBefore), zulu.format(notAfter));
-
- OMElement reqSecTokenElem = TrustUtil
-
.createRequestedSecurityTokenElement(wstVersion, rstrElem);
-
- createOpenIdToken(reqSecTokenElem);
-
- createAttachedRef(rstrElem, assertionId);
- createUnattachedRef(rstrElem, assertionId);
-
- if (log.isDebugEnabled())
- log.debug("RSTR for OpenID Information card, created
successfully");
-
- return rstrElem;
- }
-
- /**
- * Creates an OpenID token.
- *
- * @param rstrElem
- * RSTR token
- * @return OpenID token
- * @throws MessageException
- */
- protected OMElement createOpenIdToken(OMElement rstrElem)
- throws IdentityProviderException {
- OMElement rdt = IdentityProviderUtil
- .createOpenIdToken(rstrElem, ipData);
-
- OpenIDInfoCardToken token = null;
- Message message = null;
- ParameterList params = null;
- String claimID = null;
- OpenIDInfoCardHeader header = null;
-
- header = new OpenIDInfoCardHeader(OpenIDProvider.getManager());
-
- claimID = ((RequestedClaimData) ipData.requestedClaims
- .get(IdentityConstants.CLAIM_OPENID)).value;
-
- params = header.buildHeader(claimID,
OpenIDProvider.getOpAddress(),
- appliesTo);
-
- setSimpleAttributeParams(params);
-
- try {
- message = Message.createMessage(params);
- } catch (MessageException e) {
- log.error(e.getMessage());
- throw new IdentityProviderException(
-
IdentityConstants.ErrorCodes.OPENID_TOKEN_CREATION_FAILED);
-
- }
-
- token = new OpenIDInfoCardToken(message);
-
- rdt.setText(token.getToken());
-
- if (log.isDebugEnabled())
- log.debug("OpenID token created successfully");
-
- return rdt;
- }
-
- /**
- * Set the attributes in the structure required by the Attribute
Exchange.
- *
- * @param params
- * Parameter list
- */
- protected void setAttributeExchangeParams(ParameterList params) {
-
- Iterator iterator = null;
- String key = null;
- OpenIDRequestedClaimData claim = null;
-
- params.set(new Parameter(
- IdentityConstants.OpenId.ExchangeAttributes.EXT,
-
IdentityConstants.OpenId.ExchangeAttributes.NS_AX));
-
- params.set(new Parameter(
-
IdentityConstants.OpenId.ExchangeAttributes.MODE,
-
IdentityConstants.OpenId.ExchangeAttributes.FETCH_RESPONSE));
-
- params.set(new Parameter(
-
IdentityConstants.OpenId.SimpleRegAttributes.OP_SREG,
-
IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG));
-
- iterator = ipData.requestedClaims.keySet().iterator();
-
- while (iterator.hasNext()) {
- key = (String) iterator.next();
- claim = (OpenIDRequestedClaimData)
ipData.requestedClaims.get(key);
-
- if (claim.openIDTag != null) {
- params.set(new Parameter(
-
IdentityConstants.OpenId.ExchangeAttributes.TYPE
- +
claim.openIDTag, claim.uri));
- params.set(new Parameter(
-
IdentityConstants.OpenId.ExchangeAttributes.VALUE
- +
claim.openIDTag, claim.value));
- }
- }
-
- if (log.isDebugEnabled())
- log.debug("OpenID Ax parameters set successfully");
- }
-
- /**
- * Set the attributes in the structure required by the Simple
Registration.
- *
- * @param params
- * Parameter list
- */
- protected void setSimpleAttributeParams(ParameterList params) {
-
- Iterator iterator = null;
- String key = null;
- OpenIDRequestedClaimData claim = null;
-
- params.set(new Parameter(
-
IdentityConstants.OpenId.SimpleRegAttributes.OP_SREG,
-
IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG));
-
- iterator = ipData.requestedClaims.keySet().iterator();
-
- while (iterator.hasNext()) {
- key = (String) iterator.next();
- claim = (OpenIDRequestedClaimData)
ipData.requestedClaims.get(key);
-
- if (claim.openIDTag != null)
- params.set(new Parameter(
-
IdentityConstants.OpenId.SimpleRegAttributes.SREG
- +
claim.openIDTag, claim.value));
- }
-
- if (log.isDebugEnabled())
- log.debug("OpenID simple attribute parameters set
successfully");
- }
-
- /**
- * Overrides the base functionality to cater OpenID related
functionality.
- */
- protected IdentityProviderData getIdentityProviderData(RahasData
rahasData)
- throws Exception {
- return new OpenIDInfoCardProviderData(rahasData);
- }
+ /**
+ * Overrides the base functionality to cater OpenID related functionality.
+ */
+ public SOAPEnvelope issue(RahasData data) throws TrustException {
+
+ appliesTo = data.getAppliesToAddress();
+
+ return super.issue(data);
+ }
+
+ /**
+ * Override this method from the base class : we don't need SAML :)
+ */
+ protected Element createSAMLAssertionAsDOM(IdentityProviderData ipData,
+ RahasData rahasData, DateTime notBefore, DateTime notAfter,
+ String assertionId) throws IdentityProviderException {
+ return null;
+ }
+
+ /**
+ * Overrides the base functionality to cater OpenID related functionality.
+ */
+ protected OMElement createRSTR(RahasData data, Date notBefore,
+ Date notAfter, SOAPEnvelope env, Document doc, Node assertionElem,
+ String assertionId, WSSecEncryptedKey encryptedKey)
+ throws TrustException, SAMLException, IdentityProviderException {
+
+ int wstVersion = data.getVersion();
+ MessageContext inMsgCtx = data.getInMessageContext();
+
+ OMElement rstrElem = TrustUtil
+ .createRequestSecurityTokenResponseElement(wstVersion, env
+ .getBody());
+ TrustUtil.createTokenTypeElement(wstVersion, rstrElem).setText(
+ data.getTokenType());
+
+ createDisplayToken(rstrElem, ipData);
+
+ if (log.isDebugEnabled())
+ log
+ .debug("Display token for OpenID Information card, created
successfully");
+
+ OMElement appliesToEpr = null;
+ if (encryptedKey != null) {
+ int keysize = data.getKeysize();
+ if (keysize == -1) {
+ keysize = encryptedKey.getEphemeralKey().length * 8;
+ }
+
+ TrustUtil.createKeySizeElement(wstVersion, rstrElem, keysize);
+
+ OMElement incomingAppliesToEpr = data.getAppliesToEpr();
+ try {
+ Document eprDoc = DocumentBuilderFactory.newInstance()
+ .newDocumentBuilder().parse(
+ new ByteArrayInputStream(incomingAppliesToEpr
+ .toString().getBytes()));
+ appliesToEpr = (OMElement) doc.importNode(eprDoc
+ .getDocumentElement(), true);
+ } catch (Exception e) {
+ new TrustException(TrustException.REQUEST_FAILED, e);
+ }
+
+ OMElement appliesToElem = rstrElem
+ .getOMFactory()
+ .createOMElement(
+ new QName(
+ RahasConstants.WSP_NS,
+
RahasConstants.IssuanceBindingLocalNames.APPLIES_TO,
+ RahasConstants.WSP_PREFIX), rstrElem);
+ appliesToElem.addChild(appliesToEpr);
+ }
+
+ // Use GMT time in milliseconds
+ DateFormat zulu = new XmlSchemaDateFormat();
+
+ // Add the Lifetime element
+ TrustUtil.createLifetimeElement(wstVersion, rstrElem, zulu
+ .format(notBefore), zulu.format(notAfter));
+
+ OMElement reqSecTokenElem = TrustUtil
+ .createRequestedSecurityTokenElement(wstVersion, rstrElem);
+
+ createOpenIdToken(reqSecTokenElem);
+
+ createAttachedRef(rstrElem, assertionId);
+ createUnattachedRef(rstrElem, assertionId);
+
+ if (log.isDebugEnabled())
+ log.debug("RSTR for OpenID Information card, created
successfully");
+
+ return rstrElem;
+ }
+
+ /**
+ * Creates an OpenID token.
+ *
+ * @param rstrElem
+ * RSTR token
+ * @return OpenID token
+ * @throws MessageException
+ */
+ protected OMElement createOpenIdToken(OMElement rstrElem)
+ throws IdentityProviderException {
+ OMElement rdt = IdentityProviderUtil
+ .createOpenIdToken(rstrElem, ipData);
+
+ OpenIDInfoCardToken token = null;
+ Message message = null;
+ ParameterList params = null;
+ String claimID = null;
+ OpenIDInfoCardHeader header = null;
+
+ header = new OpenIDInfoCardHeader(OpenIDProvider.getManager());
+
+ claimID = ((RequestedClaimData) ipData.requestedClaims
+ .get(IdentityConstants.CLAIM_OPENID)).value;
+
+ params = header.buildHeader(claimID, OpenIDProvider.getOpAddress(),
+ appliesTo);
+
+ setSimpleAttributeParams(params);
+
+ try {
+ message = Message.createMessage(params);
+ } catch (MessageException e) {
+ log.error(e.getMessage());
+ throw new IdentityProviderException(
+ IdentityConstants.ErrorCodes.OPENID_TOKEN_CREATION_FAILED);
+
+ }
+
+ token = new OpenIDInfoCardToken(message);
+
+ rdt.setText(token.getToken());
+
+ if (log.isDebugEnabled())
+ log.debug("OpenID token created successfully");
+
+ return rdt;
+ }
+
+ /**
+ * Set the attributes in the structure required by the Attribute Exchange.
+ *
+ * @param params
+ * Parameter list
+ */
+ protected void setAttributeExchangeParams(ParameterList params) {
+
+ Iterator iterator = null;
+ String key = null;
+ OpenIDRequestedClaimData claim = null;
+
+ params.set(new Parameter(
+ IdentityConstants.OpenId.ExchangeAttributes.EXT,
+ IdentityConstants.OpenId.ExchangeAttributes.NS_AX));
+
+ params.set(new Parameter(
+ IdentityConstants.OpenId.ExchangeAttributes.MODE,
+ IdentityConstants.OpenId.ExchangeAttributes.FETCH_RESPONSE));
+
+ params.set(new Parameter(
+ IdentityConstants.OpenId.SimpleRegAttributes.OP_SREG,
+ IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG));
+
+ iterator = ipData.requestedClaims.keySet().iterator();
+
+ while (iterator.hasNext()) {
+ key = (String) iterator.next();
+ claim = (OpenIDRequestedClaimData) ipData.requestedClaims.get(key);
+
+ if (claim.openIDTag != null) {
+ params.set(new Parameter(
+ IdentityConstants.OpenId.ExchangeAttributes.TYPE
+ + claim.openIDTag, claim.uri));
+ params.set(new Parameter(
+ IdentityConstants.OpenId.ExchangeAttributes.VALUE
+ + claim.openIDTag, claim.value));
+ }
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("OpenID Ax parameters set successfully");
+ }
+
+ /**
+ * Set the attributes in the structure required by the Simple Registration.
+ *
+ * @param params
+ * Parameter list
+ */
+ protected void setSimpleAttributeParams(ParameterList params) {
+
+ Iterator iterator = null;
+ String key = null;
+ OpenIDRequestedClaimData claim = null;
+
+ params.set(new Parameter(
+ IdentityConstants.OpenId.SimpleRegAttributes.OP_SREG,
+ IdentityConstants.OpenId.SimpleRegAttributes.NS_SREG));
+
+ iterator = ipData.requestedClaims.keySet().iterator();
+
+ while (iterator.hasNext()) {
+ key = (String) iterator.next();
+ claim = (OpenIDRequestedClaimData) ipData.requestedClaims.get(key);
+
+ if (claim.openIDTag != null)
+ params.set(new Parameter(
+ IdentityConstants.OpenId.SimpleRegAttributes.SREG
+ + claim.openIDTag, claim.value));
+ }
+
+ if (log.isDebugEnabled())
+ log.debug("OpenID simple attribute parameters set successfully");
+ }
+
+ /**
+ * Overrides the base functionality to cater OpenID related functionality.
+ */
+ protected IdentityProviderData getIdentityProviderData(RahasData rahasData)
+ throws Exception {
+ return new OpenIDInfoCardProviderData(rahasData);
+ }
}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
