Author: prabath
Date: Tue Dec 18 00:14:19 2007
New Revision: 11340
Log:
logic related to consuming an OpenID
Added:
branches/solutions/identity/openid-poc/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/
branches/solutions/identity/openid-poc/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/
branches/solutions/identity/openid-poc/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIdConsumer.java
Added:
branches/solutions/identity/openid-poc/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIdConsumer.java
==============================================================================
--- (empty file)
+++
branches/solutions/identity/openid-poc/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/openid/relyingparty/OpenIdConsumer.java
Tue Dec 18 00:14:19 2007
@@ -0,0 +1,280 @@
+package org.wso2.solutions.identity.openid.relyingparty;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.openid4java.OpenIDException;
+import org.openid4java.consumer.ConsumerManager;
+import org.openid4java.consumer.InMemoryConsumerAssociationStore;
+import org.openid4java.consumer.InMemoryNonceVerifier;
+import org.openid4java.consumer.VerificationResult;
+import org.openid4java.discovery.DiscoveryInformation;
+import org.openid4java.discovery.Identifier;
+import org.openid4java.infocard.InfocardException;
+import org.openid4java.infocard.OpenIDToken;
+import org.openid4java.message.AuthRequest;
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.Message;
+import org.openid4java.message.MessageExtension;
+import org.openid4java.message.ParameterList;
+import org.openid4java.message.ax.AxMessage;
+import org.openid4java.message.ax.FetchResponse;
+import org.openid4java.message.sreg.SRegMessage;
+import org.openid4java.message.sreg.SRegRequest;
+import org.openid4java.message.sreg.SRegResponse;
+
+//TODO: Exception handling
+//TODO: Method header comments
+
+public class OpenIdConsumer {
+
+ private ConsumerManager manager;
+ private static OpenIdConsumer consumer;
+ private static HashMap<String, String> attributes = new HashMap<String,
String>();
+
+ static {
+ // TODO: read from a configuration file
+ attributes.put("http://axschema.org/contact/email";, "Email");
+ attributes.put("http://axschema.org/namePerson/first";,
"FirstName");
+ attributes.put("http://axschema.org/namePerson/last";,
"LastName");
+ attributes.put("http://axschema.org/namePerson/fullname";,
"FullName");
+ attributes.put("http://axschema.org/namePerson/nickname";,
"NickName");
+ attributes.put("http://axschema.org/contact/phone/default";,
"Phone");
+ attributes.put("http://axschema.org/contact/postalAddress/home";,
+ "Address");
+ attributes.put("http://axschema.org/contact/city/home";, "City");
+ attributes
+
.put("http://axschema.org/contact/postalCode/home";, "ZipCode");
+ attributes.put("http://axschema.org/contact/country/home";,
"Country");
+ attributes.put("http://axschema.org/contact/web/blog";, "Blog");
+ }
+
+ private OpenIdConsumer() throws Exception {
+
+ // instantiate a ConsumerManager object
+ manager = new ConsumerManager();
+ manager.setAssociations(new InMemoryConsumerAssociationStore());
+ manager.setNonceVerifier(new InMemoryNonceVerifier(5000));
+
+ // not enforcing RP realm discovery
+ // since this new feature is not deployed in openid4java
+ manager.getRealmVerifier().setEnforceRpId(false);
+ }
+
+ public static OpenIdConsumer getInstance() throws Exception {
+
+ if (consumer == null)
+ consumer = new OpenIdConsumer();
+
+ return consumer;
+
+ }
+
+ public String authRequest(String userSuppliedString, String returnToUrl,
+ HttpServletRequest httpReq, HttpServletResponse
httpResp)
+ throws IOException {
+ try {
+
+ // perform discovery on the user-supplied identifier
+ List discoveries = manager.discover(userSuppliedString);
+
+ // attempt to associate with the OpenID provider
+ // and retrieve one service endpoint for authentication
+ DiscoveryInformation discovered =
manager.associate(discoveries);
+
+ // store the discovery information in the user's session
+ httpReq.getSession().setAttribute("openid-disc",
discovered);
+
+ // obtain a AuthRequest message to be sent to the
OpenID provider
+ AuthRequest authReq = manager.authenticate(discovered,
returnToUrl);
+
+ // OpenID Simple Registration Extension 1.1 - Draft 1
+ SRegRequest sregReq = SRegRequest.createFetchRequest();
+
+ // TODO: add constants
+ sregReq.addAttribute("nickname", true);
+ sregReq.addAttribute("fullname", true);
+ sregReq.addAttribute("email", true);
+ sregReq.addAttribute("dob", true);
+ sregReq.addAttribute("gender", true);
+ sregReq.addAttribute("postcode", true);
+ sregReq.addAttribute("country", true);
+ sregReq.addAttribute("language", true);
+ sregReq.addAttribute("timezone", true);
+ authReq.addExtension(sregReq);
+
+ httpResp.sendRedirect(authReq.getDestinationUrl(true));
+
+ } catch (OpenIDException e) {
+ // present error to the user
+ throw new RuntimeException("wrap:" + e.getMessage(), e);
+ }
+
+ return null;
+ }
+
+ public void setSessionAttributes(HttpServletRequest request) {
+
+ try {
+ // extract the parameters from the authentication
response
+ // (which comes in as a HTTP request from the OpenID
provider)
+ ParameterList response = new ParameterList(request
+ .getParameterMap());
+
+ // retrieve the previously stored discovery information
+ DiscoveryInformation discovered =
(DiscoveryInformation) request
+
.getSession().getAttribute("openid-disc");
+
+ // extract the receiving URL from the HTTP request
+ StringBuffer receivingURL = request.getRequestURL();
+ String queryString = request.getQueryString();
+
+ if (queryString != null && queryString.length() > 0)
+
receivingURL.append("?").append(request.getQueryString());
+
+ // verify the response; ConsumerManager needs to be the
same
+ // (static) instance used to place the authentication
request
+ VerificationResult verification =
manager.verify(receivingURL
+ .toString(), response, discovered);
+
+ AuthSuccess authSuccess = (AuthSuccess) verification
+ .getAuthResponse();
+
+ HttpSession session = request.getSession(true);
+ session
+ .setAttribute("openid_identifier",
authSuccess
+ .getIdentity());
+
+ // OpenID Attribute Exchange 1.0 - Draft 07
+ if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
+ FetchResponse fetchResp = (FetchResponse)
authSuccess
+
.getExtension(AxMessage.OPENID_NS_AX);
+ session.setAttribute("emailFromFetch", fetchResp
+
.getAttributeValues("email").get(0));
+ }
+
+ // OpenID Simple Registration Extension 1.1 - Draft 1
+ if
(authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) {
+ SRegResponse sregResp = (SRegResponse)
authSuccess
+
.getExtension(SRegMessage.OPENID_NS_SREG);
+ request.setAttribute("nickname", sregResp
+ .getAttributeValue("nickname"));
+ request.setAttribute("fullname", sregResp
+ .getAttributeValue("fullname"));
+ request.setAttribute("email", sregResp
+ .getAttributeValue("email"));
+ request.setAttribute("dob",
sregResp.getAttributeValue("dob"));
+ request.setAttribute("gender", sregResp
+ .getAttributeValue("gender"));
+ request.setAttribute("postcode", sregResp
+ .getAttributeValue("postcode"));
+ request.setAttribute("country", sregResp
+ .getAttributeValue("country"));
+ request.setAttribute("language", sregResp
+ .getAttributeValue("language"));
+ request.setAttribute("timezone", sregResp
+ .getAttributeValue("timezone"));
+
+ }
+
+ } catch (OpenIDException e) {
+ // present error to the user
+ throw new RuntimeException("wrap:" + e.getMessage(), e);
+ }
+ }
+
+ public void setInfocardSessionAttributes(HttpServletRequest
request)throws InfocardException,OpenIDException {
+
+ String xmlToken = request.getParameter("xmlToken");
+ HttpSession session = request.getSession();
+
+ if (xmlToken != null) {
+
+ // received an xmlToken from an identity selector
+ ParameterList openidResp =
extractFromInfocardPost(request);
+ processOpenIDResp(request, session, openidResp);
+ }
+ else
+ {
+ throw new InfocardException("xmlToken not set");
+ }
+ }
+
+ private ParameterList extractFromInfocardPost(HttpServletRequest
request)
+ throws InfocardException {
+
+ String xmlToken = request.getParameter("xmlToken");
+
+ request.getSession().setAttribute("openidAssertion", xmlToken);
+
+ OpenIDToken token = OpenIDToken.createFromXmlToken(xmlToken);
+
+ return token.getOpenIDParams();
+ }
+
+ private void processOpenIDResp(HttpServletRequest request,
+ HttpSession session, ParameterList openidResp)
+ throws OpenIDException {
+
+ // retrieve the previously stored discovery information
+ DiscoveryInformation discovered = (DiscoveryInformation) session
+ .getAttribute("discovered");
+
+ // TODO: remove the hard-coded string
+ StringBuffer receivingURL = new StringBuffer(
+
"https://localhost:12443/OpenIdInfoCardLogin.action";);//
request.getRequestURL();
+ String queryString = request.getQueryString();
+
+ if (queryString != null && queryString.length() > 0)
+
receivingURL.append("?").append(request.getQueryString());
+
+ // verify the response
+ VerificationResult verification = manager.verify(receivingURL
+ .toString(), openidResp, discovered);
+
+ verification.getVerifiedId();
+
+ Message authResponse = verification.getAuthResponse();
+
+ if (authResponse instanceof AuthSuccess) {
+
+ Identifier verified = verification.getVerifiedId();
+ String identifier = null;
+
+ if (verified != null) {
+ identifier = verified.getIdentifier();
+ }
+
+ AuthSuccess authSuccess = (AuthSuccess) authResponse;
+
+ FetchResponse fetchResp = null;
+
+ MessageExtension ext = authSuccess
+ .getExtension(AxMessage.OPENID_NS_AX);
+
+ if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)
+ && ext instanceof FetchResponse) {
+ fetchResp = (FetchResponse) ext;
+
+ // extract the rest of the optional attributes
+ List aliases = fetchResp.getAttributeAliases();
+ Map types = fetchResp.getAttributeTypes();
+ String alias;
+ List values;
+ for (Object a : aliases) {
+ alias = (String) a;
+ values =
fetchResp.getAttributeValues(alias);
+
request.setAttribute(alias.toLowerCase(), (String) values
+ .get(0));
+ }
+ }
+ }
+
+ }
+}
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
