Author: prabath
Date: Thu Feb 28 23:23:01 2008
New Revision: 14340
Log:
code review fixes + normalizing OpenID Url
Modified:
trunk/solutions/identity/modules/admin-ui/src/main/resources/org/wso2/solutions/identity/package.properties
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/UserInfoServlet.java
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/resources.properties
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UserRegistrationFormSubmitAction.java
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/util/UserUtil.java
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/openidauthentication.jsp
Modified:
trunk/solutions/identity/modules/admin-ui/src/main/resources/org/wso2/solutions/identity/package.properties
==============================================================================
---
trunk/solutions/identity/modules/admin-ui/src/main/resources/org/wso2/solutions/identity/package.properties
(original)
+++
trunk/solutions/identity/modules/admin-ui/src/main/resources/org/wso2/solutions/identity/package.properties
Thu Feb 28 23:23:01 2008
@@ -22,6 +22,7 @@
no_token_types_selected = Please select at least one token type
invalid_card_login = Invalid login : Information card used is not registered
with the identity provider
user_reg_disabled = User registration is disabled when "{0}" user store is
used
+invalid_user_name= Invalid characters found in the user name
add_claim_duplicate_claim = Duplicate claim : {0}
add_claim_uri_null = Claim URI missing
Modified:
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
==============================================================================
---
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
(original)
+++
trunk/solutions/identity/modules/base/src/main/java/org/wso2/solutions/identity/IdentityConstants.java
Thu Feb 28 23:23:01 2008
@@ -123,6 +123,8 @@
public final static String NO_OPENID_FOUND = "noOpenIDFound";
public final static String CARD_ISSUER_INIT_FAILURE =
"cardIssuerInitializationFailure";
public final static String PROFILE_RETRIEVAL_FAILURE =
"profileRetrievalError";
+ public final static String
INVALID_USERNAME_FOR_OPENID="invalidUserNameForOpenID";
+ public final static String
INVALID_OPENID_RETURNTO="invalidOpenIDReturnTo";
}
/**
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/OpenIDProvider.java
Thu Feb 28 23:23:01 2008
@@ -1,10 +1,19 @@
package org.wso2.solutions.identity.openid;
import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.net.URLDecoder;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Set;
+
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -41,6 +50,8 @@
private static String opAddress = null;
+ private static final Set UNRESERVED_CHARACTERS = new HashSet();
+
/**
* Configure the OpenID Provider's end-point URL.
*/
@@ -55,6 +66,20 @@
// This is the OpenID provider server URL
opAddress = openIDServerUrl + "/server/";
manager.setOPEndpointUrl(opAddress);
+
+ for (char c = 'a'; c <= 'z'; c++)
+ UNRESERVED_CHARACTERS.add(new Character(c));
+
+ for (char c = 'A'; c <= 'A'; c++)
+ UNRESERVED_CHARACTERS.add(new Character(c));
+
+ for (char c = '0'; c <= '9'; c++)
+ UNRESERVED_CHARACTERS.add(new Character(c));
+
+ UNRESERVED_CHARACTERS.add(new Character('-'));
+ UNRESERVED_CHARACTERS.add(new Character('.'));
+ UNRESERVED_CHARACTERS.add(new Character('_'));
+ UNRESERVED_CHARACTERS.add(new Character('~'));
}
/**
@@ -298,7 +323,8 @@
users = userStore.getAllUserNames();
if (users == null)
- throw new IdentityProviderException("No users found");
+ throw new IdentityProviderException(
+ IdentityConstants.ErrorCodes.NO_USERS_FOUND);
Map mapValues = null;
Iterator iterator = null;
@@ -316,12 +342,8 @@
String claimId = (String) mapValues
.get(IdentityConstants.CLAIM_OPENID);
- if (claimId != null) {
- if (openId.indexOf(claimId) >= 0
- && openId.endsWith(claimId.substring(claimId
- .length() - 1))) {
- return user;
- }
+ if (claimId != null && claimId.equals(openId)) {
+ return user;
}
}
}
@@ -332,18 +354,43 @@
* Generate OpenID for a given user.
* @param user User
* @return Generated OpenID
+ * @throws IdentityProviderException
*/
- public static String generateOpenID(String user) {
+ public static String generateOpenID(String user)
+ throws IdentityProviderException {
ServerConfiguration serverConfig = null;
String openIDServerUrl = null;
String openID = null;
+ URI uri = null;
+ URL url = null;
serverConfig = ServerConfiguration.getInstance();
openIDServerUrl = serverConfig.getFirstProperty("OpenIDServerUrl");
+
+ user = normalizeUrlEncoding(user);
openID = openIDServerUrl + "/user/" + user;
+ try {
+ uri = new URI(openID);
+ } catch (URISyntaxException e) {
+ throw new IdentityProviderException(
+ IdentityConstants.ErrorCodes.INVALID_USERNAME_FOR_OPENID);
+ }
+
+ try {
+ url = uri.normalize().toURL();
+ if (url.getQuery() != null || url.getRef() != null)
+ throw new IdentityProviderException(
+
IdentityConstants.ErrorCodes.INVALID_USERNAME_FOR_OPENID);
+ } catch (MalformedURLException e) {
+ throw new IdentityProviderException(
+ IdentityConstants.ErrorCodes.INVALID_USERNAME_FOR_OPENID);
+ }
+
+ openID = url.toString();
+
log.info("OpenID generated : " + openID);
return openID;
@@ -399,4 +446,38 @@
return null;
}
+ private static String normalizeUrlEncoding(String text) {
+
+ if (text == null)
+ return null;
+
+ int len = text.length();
+ StringBuffer normalized = new StringBuffer(len);
+
+ for (int i = 0; i < len; i++) {
+ char current = text.charAt(i);
+
+ if (current == '%' && i < len - 2) {
+ String percentCode = text.substring(i, i + 3).toUpperCase();
+
+ try {
+ String str = URLDecoder.decode(percentCode, "ISO-8859-1");
+ char chr = str.charAt(0);
+
+ if (UNRESERVED_CHARACTERS.contains(new Character(chr)))
+ normalized.append(chr);
+ else
+ normalized.append(percentCode);
+ } catch (UnsupportedEncodingException e) {
+ normalized.append(percentCode);
+ }
+
+ i += 2;
+ } else {
+ normalized.append(current);
+ }
+ }
+
+ return normalized.toString();
+ }
}
\ No newline at end of file
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/UserInfoServlet.java
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/UserInfoServlet.java
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/openid/UserInfoServlet.java
Thu Feb 28 23:23:01 2008
@@ -29,7 +29,7 @@
serverUrl = OpenIDProvider.getOpAddress();
- caller = req.getPathInfo();
+ caller = req.getRequestURI().substring(req.getServletPath().length());
if (!isUserExist(caller.substring(1))) {
resp.setContentType("text/html");
Modified:
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/resources.properties
==============================================================================
---
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/resources.properties
(original)
+++
trunk/solutions/identity/modules/identity-provider/src/main/java/org/wso2/solutions/identity/resources.properties
Thu Feb 28 23:23:01 2008
@@ -57,6 +57,11 @@
errorObtainingCertForService = Error obtaining certificate for service : {0}
noCertInKeystore = Cannot find certificate for alias "{0}" in keystore : {1}
errorInPasswordCallbackHandler = Error in password callback handler
+invalidUserNameForOpenID=Invalid user name provided for OpenID generation
+openIDDirectResponseFailed=Direct response from OP failed
+openIDTokenCreationFailed=OpenID token creation failed
+requredAttributeMissing=Required attribute,openid.identity, is missing
+noUsersFound=No users found, corresponding to the given OpenID
#db errors
createDuplicateEntity = Duplcate entity exist
Modified:
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
==============================================================================
---
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
(original)
+++
trunk/solutions/identity/modules/token-verifier-core/src/main/java/org/wso2/solutions/identity/relyingparty/resources.properties
Thu Feb 28 23:23:01 2008
@@ -30,6 +30,7 @@
errorLoadingTrustedIdpKeystore=Cannot load trusted IdP key store
noCertInToken=Certificate in the token is null
invalidOpenID=OpenID authentication failed due to invalid OpenID Url
+invalidOpenIDReturnTo=Invalid OpenID returnTo url
invalidXMLToken=XMLToken not set
openIDVerificationFailed=OpenID verification failed
openIDAuthenticationFailed=OpenID authentication failed
@@ -37,8 +38,6 @@
relyingPartyInitiationFailed=Relying Party initiation failed
openIDTokenExtractionFailed=OpenID extraction failed
requredAttributeMissing=Required attribute,openid.identity, is missing
-openIDDirectResponseFailed=Direct response from OP failed
-openIDTokenCreationFailed=OpenID token creation failed
usernameRetrievalFailed=Failed to retrieve user name corresponding to the
given OpenID
noUsersFound=No users found, corresponding to the given OpenID
claimRetrievalFailed=Failed to retrieve claim values corresponding to the
given user
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/OpenIDAuthVerificationAction.java
Thu Feb 28 23:23:01 2008
@@ -1,5 +1,9 @@
package org.wso2.solutions.identity.user.ui.action;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URL;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@@ -258,8 +262,25 @@
String rpUrl = requestParam
.getParameterValue(IdentityConstants.OpenId.ATTR_RETURN_TO);
- if (rpUrl != null && rpUrl.indexOf("?") > 0) {
- rpUrl = rpUrl.substring(0, rpUrl.indexOf("?"));
+ URI uri = null;
+ URL url = null;
+
+ try {
+ uri = new URI(rpUrl);
+ } catch (URISyntaxException e) {
+ throw new RelyingPartyException(
+ IdentityConstants.ErrorCodes.INVALID_OPENID_RETURNTO);
+ }
+
+ try {
+ url = uri.normalize().toURL();
+ url = new URL(url.getProtocol().toLowerCase(), url.getHost()
+ .toLowerCase(), url.getPort(), url.getPath());
+ rpUrl = url.toString();
+
+ } catch (MalformedURLException e) {
+ throw new RelyingPartyException(
+ IdentityConstants.ErrorCodes.INVALID_OPENID_RETURNTO);
}
try {
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UserRegistrationFormSubmitAction.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UserRegistrationFormSubmitAction.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/action/UserRegistrationFormSubmitAction.java
Thu Feb 28 23:23:01 2008
@@ -1,17 +1,12 @@
/*
- * Copyright 2004,2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Copyright 2004,2005 The Apache Software Foundation. Licensed under the
Apache
+ * License, Version 2.0 (the "License"); you may not use this file except in
+ * compliance with the License. You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law
+ * or agreed to in writing, software distributed under the License is
+ * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
*/
package org.wso2.solutions.identity.user.ui.action;
@@ -21,6 +16,7 @@
import org.apache.struts2.StrutsStatics;
import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.IdentityProviderConstants;
+import org.wso2.solutions.identity.IdentityProviderException;
import org.wso2.solutions.identity.UserStore;
import org.wso2.solutions.identity.admin.ClaimsAdmin;
import org.wso2.solutions.identity.admin.ParameterAdmin;
@@ -28,6 +24,8 @@
import org.wso2.solutions.identity.openid.OpenIDProvider;
import org.wso2.solutions.identity.persistence.dataobject.ActionDO;
import org.wso2.solutions.identity.persistence.dataobject.ClaimDO;
+import org.wso2.solutions.identity.relyingparty.RelyingPartyException;
+import org.wso2.solutions.identity.user.ui.util.UserUtil;
import org.wso2.usermanager.UserManagerException;
import org.wso2.usermanager.UserStoreAdmin;
import org.wso2.usermanager.verification.email.EmailVerifier;
@@ -95,9 +93,20 @@
String openid = null;
if (enableOpenIDRegistration) {
- // We create an OpenID for all registering users
- openid = OpenIDProvider.generateOpenID(this.username);
- props.put(IdentityConstants.CLAIM_OPENID, openid);
+ try {
+ // We create an OpenID for all registering users
+ openid = OpenIDProvider.generateOpenID(this.username);
+ UserUtil.getUserName(openid);
+ this.addErrorMessage(getText("sign_in_user_exist",
+ new String[] { username }));
+ return ERROR;
+ } catch (RelyingPartyException e) {
+ // There are no users corresponding to the given OpenID
+ props.put(IdentityConstants.CLAIM_OPENID, openid);
+ } catch (IdentityProviderException ex) {
+ this.addErrorMessage(getText("invalid_user_name"));
+ return ERROR;
+ }
}
boolean emailVerification = paramAdmin
Modified:
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/util/UserUtil.java
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/util/UserUtil.java
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/java/org/wso2/solutions/identity/user/ui/util/UserUtil.java
Thu Feb 28 23:23:01 2008
@@ -74,12 +74,8 @@
String claimId = (String) mapValues
.get(IdentityConstants.CLAIM_OPENID);
- if (claimId != null) {
- if (openID.indexOf(claimId) >= 0
- && openID.endsWith(claimId.substring(claimId
- .length() - 1))) {
- return user;
- }
+ if (claimId != null && claimId.equals(openID)) {
+ return user;
}
}
}
Modified:
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/openidauthentication.jsp
==============================================================================
---
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/openidauthentication.jsp
(original)
+++
trunk/solutions/identity/modules/user-ui/src/main/webapp/jsp/openidauthentication.jsp
Thu Feb 28 23:23:01 2008
@@ -45,11 +45,6 @@
: null;
String site = (String) (openidrealm == null ? openidreturnto
: openidrealm);
-
- if (openidreturnto != null && openidreturnto.indexOf("?") > 0) {
- openidreturnto = openidreturnto.substring(0, openidreturnto
- .indexOf("?"));
- }
%>
<table cellpadding="0" cellspacing="0" border="0" style="width: 100%;">
_______________________________________________
Identity-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/identity-dev
