[Identity-dev] svn commit r18584 - in trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid: . extensions

Mon, 23 Jun 2008 22:36:38 -0700 

Author: prabath
Date: Mon Jun 23 22:36:30 2008
New Revision: 18584
URL: http://wso2.org/svn/browse/wso2?view=rev&revision=18584

Log:
return_to_url validation modified

Modified:
   
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDConsumer.java
   
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDUtil.java
   
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/extensions/OpenIDAttributeExchange.java

Modified: 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDConsumer.java
URL: 
http://wso2.org/svn/browse/wso2/trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDConsumer.java?rev=18584&r1=18583&r2=18584&view=diff
==============================================================================
--- 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDConsumer.java
      (original)
+++ 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDConsumer.java
      Mon Jun 23 22:36:30 2008
@@ -58,6 +58,7 @@
         // Instantiate a ConsumerManager object.
         try {
             manager = new ConsumerManager();
+
         } catch (ConsumerException e) {
             log.error(e.getMessage());
             // Present error to the user
@@ -189,11 +190,11 @@
         receivingURL = request.getRequestURL();
         queryString = request.getQueryString();
 
-        if (queryString != null && queryString.length() > 0)
-            receivingURL.append("?").append(request.getQueryString());
-
         recUrl = OpenIDUtil.getMappedReturningUrl(receivingURL.toString());
 
+        if (queryString != null && queryString.length() > 0)
+            recUrl = recUrl.concat("?").concat(request.getQueryString());
+
         // Verify the response
         verification = manager.verify(recUrl, openidResp, discovered);
 

Modified: 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDUtil.java
URL: 
http://wso2.org/svn/browse/wso2/trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDUtil.java?rev=18584&r1=18583&r2=18584&view=diff
==============================================================================
--- 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDUtil.java
  (original)
+++ 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/OpenIDUtil.java
  Mon Jun 23 22:36:30 2008
@@ -1,21 +1,20 @@
 /*
- * Copyright 2005-2008 WSO2, Inc. (http://wso2.com)
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Copyright 2005-2008 WSO2, Inc. (http://wso2.com) Licensed under the Apache
+ * License, Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law
+ * or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
  */
 
 package org.wso2.solutions.identity.relyingparty.openid;
 
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
@@ -24,6 +23,7 @@
 import org.openid4java.infocard.OpenIDToken;
 import org.openid4java.message.ParameterList;
 import org.wso2.solutions.identity.IdentityConstants;
+import org.wso2.solutions.identity.relyingparty.RelyingPartyException;
 import org.wso2.solutions.identity.relyingparty.servletfilter.RelyingPartyData;
 
 public class OpenIDUtil {
@@ -56,31 +56,69 @@
      * to provide a host/port mapping in the web.xml.
      * @param returnUrl
      * @return mapped returing irl
+     * @throws RelyingPartyException
      */
-    public static String getMappedReturningUrl(String returnUrl) {
+    public static String getMappedReturningUrl(String returnUrl)
+            throws RelyingPartyException {
+
+        URI uri = null;
+        URL url = null;
+        String hostName = null;
+        int portNumber;
+
+        try {
+            uri = new URI(returnUrl);
+        } catch (URISyntaxException e) {
+            throw new RelyingPartyException(
+                    IdentityConstants.ErrorCodes.INVALID_OPENID_RETURNTO);
+        }
+
+        try {
+            url = uri.normalize().toURL();
+
+        } catch (MalformedURLException e) {
+            throw new RelyingPartyException(
+                    IdentityConstants.ErrorCodes.INVALID_OPENID_RETURNTO);
+        }
+
+        hostName = url.getHost();
+        portNumber = url.getPort();
 
         if (rpData != null) {
             if (rpData.getMappedHostName() != null
                     && rpData.getMappingHostName() != null) {
-                if (returnUrl.contains(rpData.getMappingHostName())) {
-                    returnUrl = returnUrl.replace(rpData.getMappingHostName(),
-                            rpData.getMappedHostName());
+                if (rpData.getMappingHostName().equals(url.getHost())) {
+                    hostName = rpData.getMappedHostName();
                 }
-
             }
 
             if (rpData.getMappedPortNumber() != null
                     && rpData.getMappingPortNumber() != null) {
-                if (returnUrl.contains(rpData.getMappingPortNumber())) {
-                    returnUrl = returnUrl.replace(
-                            rpData.getMappingPortNumber(), rpData
-                                    .getMappedPortNumber());
+                if (Integer.parseInt(rpData.getMappingPortNumber()) == url
+                        .getPort()) {
+                    portNumber = Integer
+                            .parseInt(rpData.getMappedPortNumber());
                 }
 
             }
         }
 
-        return returnUrl;
+        try {
+
+            if ((url.getProtocol().toLowerCase().equals("http") && portNumber 
== 80)
+                    || (url.getProtocol().toLowerCase().equals("https") && 
portNumber == 443)) {
+                url = new URL(url.getProtocol().toLowerCase(), hostName, url
+                        .getPath());
+
+            } else {
+                url = new URL(url.getProtocol().toLowerCase(), hostName,
+                        portNumber, url.getPath());
+            }
+            return url.toString();
+        } catch (MalformedURLException e) {
+            throw new RelyingPartyException(
+                    IdentityConstants.ErrorCodes.INVALID_OPENID_RETURNTO);
+        }
     }
 
     /**

Modified: 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/extensions/OpenIDAttributeExchange.java
URL: 
http://wso2.org/svn/browse/wso2/trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/extensions/OpenIDAttributeExchange.java?rev=18584&r1=18583&r2=18584&view=diff
==============================================================================
--- 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/extensions/OpenIDAttributeExchange.java
  (original)
+++ 
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/openid/extensions/OpenIDAttributeExchange.java
  Mon Jun 23 22:36:30 2008
@@ -115,8 +115,9 @@
                 for (Object alias : aliases) {
                     values = fetchReponse.getAttributeValues((String) alias);
                     if (values != null && !values.isEmpty()) {
-                        request.setAttribute(getAlias((String) attributeTypes
-                                .get(alias)), (String) values.get(0));
+                        request.setAttribute(
+                                (String) attributeTypes.get(alias),
+                                (String) values.get(0));
                     }
                 }
             } else if (authSuccess
@@ -129,8 +130,9 @@
                 for (Object alias : aliases) {
                     values = fetchReponse.getAttributeValues((String) alias);
                     if (values != null && !values.isEmpty()) {
-                        request.setAttribute(getAlias((String) attributeTypes
-                                .get(alias)), (String) values.get(0));
+                        request.setAttribute(
+                                (String) attributeTypes.get(alias),
+                                (String) values.get(0));
                     }
                 }
             }

_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev

Reply via email to