Package org.openid4java.association

Examples of org.openid4java.association.Association

650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
     * @see Discovery#discover(org.openid4java.discovery.Identifier)
     */
    public DiscoveryInformation associate(List discoveries)
    {
        DiscoveryInformation discovered;
        Association assoc;

        int attemptsLeft = _maxAssocAttempts;
        Iterator itr = discoveries.iterator();
        while (itr.hasNext() && attemptsLeft > 0)
        {
            discovered = (DiscoveryInformation) itr.next();
            attemptsLeft -= associate(discovered, attemptsLeft);

            // check if an association was established
            assoc = _associations.load(discovered.getOPEndpoint().toString());

            if ( assoc != null &&
                    ! Association.FAILED_ASSOC_HANDLE.equals(assoc.getHandle()))
                return discovered;
        }

        if (discoveries.size() > 0)
        {
View Full Code Here
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
        _log.info("Trying to associate with " + opEndpoint +
                " attempts left: " + maxAttempts);

        // check if there's an already established association
        Association a = _associations.load(opEndpoint);
        if ( a != null &&
                (Association.FAILED_ASSOC_HANDLE.equals(a.getHandle()) ||
                a.getExpiry().getTime() - System.currentTimeMillis() > _preExpiryAssocLockInterval * 1000) )
        {
            _log.info("Found an existing association: " + a.getHandle());
            return 0;
        }

        String handle = Association.FAILED_ASSOC_HANDLE;

        // build a list of association types, with the preferred one at the end
        LinkedHashMap requests = new LinkedHashMap();

        if (discovered.isVersion2())
        {
            requests.put(AssociationSessionType.NO_ENCRYPTION_SHA1MAC, null);
            requests.put(AssociationSessionType.NO_ENCRYPTION_SHA256MAC, null);
            requests.put(AssociationSessionType.DH_SHA1, null);
            requests.put(AssociationSessionType.DH_SHA256, null);
        }
        else
        {
            requests.put(AssociationSessionType.NO_ENCRYPTION_COMPAT_SHA1MAC, null);
            requests.put(AssociationSessionType.DH_COMPAT_SHA1, null);
        }

        if (_prefAssocSessEnc.isVersion2() == discovered.isVersion2())
            requests.put(_prefAssocSessEnc, null);

        // build a stack of Association Request objects
        // and keep only the allowed by the configured preferences
        // the most-desirable entry is always at the top of the stack
        Stack reqStack = new Stack();
        Iterator iter = requests.keySet().iterator();
        while(iter.hasNext())
        {
            AssociationSessionType type = (AssociationSessionType) iter.next();

            // create the appropriate Association Request
            AssociationRequest newReq = createAssociationRequest(type, opUrl);
            if (newReq != null) reqStack.push(newReq);
        }

        // perform the association attempts
        int attemptsLeft = maxAttempts;
        LinkedHashMap alreadyTried = new LinkedHashMap();
        while (attemptsLeft > 0 && ! reqStack.empty())
        {
            try
            {
                attemptsLeft--;
                AssociationRequest assocReq =
                        (AssociationRequest) reqStack.pop();

                if (DEBUG)
                    _log.debug("Trying association type: " + assocReq.getType());

                // was this association / session type attempted already?
                if (alreadyTried.keySet().contains(assocReq.getType()))
                {
                    if (DEBUG) _log.debug("Already tried.");
                    continue;
                }

                // mark the current request type as already tried
                alreadyTried.put(assocReq.getType(), null);

                ParameterList respParams = new ParameterList();
                int status = call(opEndpoint, assocReq, respParams);

                // process the response
                if (status == HttpStatus.SC_OK) // success response
                {
                    AssociationResponse assocResp;

                    assocResp = AssociationResponse
                            .createAssociationResponse(respParams);

                    // valid association response
                    Association assoc =
                            assocResp.getAssociation(assocReq.getDHSess());
                    handle = assoc.getHandle();

                    AssociationSessionType respType = assocResp.getType();
                    if ( respType.equals(assocReq.getType()) ||
                            // v1 OPs may return a success no-encryption resp
                            ( ! discovered.isVersion2() &&
                              respType.getHAlgorithm() == null &&
                              createAssociationRequest(respType,opUrl) != null))
                    {
                        // store the association and do no try alternatives
                        _associations.save(opEndpoint, assoc);
                        _log.info("Associated with " + discovered.getOPEndpoint()
                                + " handle: " + assoc.getHandle());
                        break;
                    }
                    else
                        _log.info("Discarding association response, " +
                                  "not matching consumer criteria");
View Full Code Here
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
    {
        if (discovered == null)
            throw new ConsumerException("Authentication cannot continue: " +
                    "no discovery information provided.");

        Association assoc =
                _associations.load(discovered.getOPEndpoint().toString());

        if (assoc == null)
        {
            associate(discovered, _maxAssocAttempts);
            assoc = _associations.load(discovered.getOPEndpoint().toString());
        }

        String handle = assoc != null ?
                assoc.getHandle() : Association.FAILED_ASSOC_HANDLE;

        // get the Claimed ID and Delegate ID (aka OP-specific identifier)
        String claimedId, delegate;
        if (discovered.hasClaimedIdentifier())
        {
View Full Code Here
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
    {
        String nonce = _consumerNonceGenerator.next();

        returnTo += (returnTo.indexOf('?') != -1) ? '&' : '?';

        Association privateAssoc = _privateAssociations.load(opUrl);
        if( privateAssoc == null )
        {
      try
      {
        if (DEBUG) _log.debug( "Creating private association for opUrl " + opUrl);
        privateAssoc = Association.generate(
              getPrefAssocSessEnc().getAssociationType(), "", _failedAssocExpire);
        _privateAssociations.save( opUrl, privateAssoc );
      }
      catch ( AssociationException e )
      {
        _log.error("Cannot initialize private association.", e);
        return null;
      }
        }

        try
        {
            returnTo += "openid.rpnonce=" + URLEncoder.encode(nonce, "UTF-8");

            returnTo += "&openid.rpsig=" +
                    URLEncoder.encode(privateAssoc.sign(returnTo),
                            "UTF-8");

            _log.info("Inserted consumer nonce: " + nonce);

            if (DEBUG) _log.debug("return_to:" + returnTo);
View Full Code Here
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
        if (DEBUG) _log.debug("Consumer signed text:\n" + signed);

        try
        {
            if (DEBUG) _log.debug( "Loading private association for opUrl " + opUrl );
            Association privateAssoc = _privateAssociations.load(opUrl);
            if( privateAssoc == null )
            {
                _log.error("Null private association.");
                return null;
            }

            if (privateAssoc.verifySignature(signed, signature))
            {
                _log.info("Consumer nonce signature verified.");
                return nonce;
            }
View Full Code Here
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
            // keep the first endpoint that matches
            if (firstServiceMatch == null)
                firstServiceMatch = service;

            Association assoc = _associations.load(
                service.getOPEndpoint().toString(),
                authResp.getHandle());

            // don't look further if there is an association with this endpoint
            if (assoc != null)
View Full Code Here
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
            {
                if (DEBUG) _log.debug("Found matching service: " + service);
                firstServiceMatch = service;
            }

            Association assoc = _associations.load(
                    service.getOPEndpoint().toString(),
                    authResp.getHandle());

            // don't look further if there is an association with this endpoint
            if (assoc != null)
View Full Code Here
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
            _discovery.parseIdentifier(authResp.getClaimed()) : //may have frag
            discovered.getClaimedIdentifier(); //assert id may be delegate in v1

        String handle = authResp.getHandle();
        URL op = discovered.getOPEndpoint();
        Association assoc = _associations.load(op.toString(), handle);

        if (assoc != null) // association available, local verification
        {
            _log.info("Found association: " + assoc.getHandle() +
                      " verifying signature locally...");
            String text = authResp.getSignedText();
            String signature = authResp.getSignature();

            if (assoc.verifySignature(text, signature))
            {
                result.setVerifiedId(claimedId);
                if (DEBUG) _log.debug("Local signature verification succeeded.");
            }
            else if (DEBUG)
View Full Code Here
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
                        + type.getSessionType() + " / "
                        + type.getAssociationType() );
            }
            else // all ok, go ahead
            {
                Association assoc = _sharedAssociations.generate(
                        type.getAssociationType(), _expireIn);

                _log.info("Returning shared association; handle: " + assoc.getHandle());

                return AssociationResponse.createAssociationResponse(assocReq, assoc);
            }
        }
        catch (OpenIDException e)
        {
            // association failed, respond accordingly
            if (isVersion2)
            {
                _log.warn("Cannot establish association, " +
                           "responding with an OpenID2 association error.", e);

                return AssociationError.createAssociationError(
                        e.getMessage(), _prefAssocSessEnc);
            }
            else
            {
                _log.warn("Error processing an OpenID1 association request: " +
                          e.getMessage() +
                          " Responding with a dummy association.", e);
                try
                {
                    // generate dummy association & no-encryption response
                    // for compatibility mode
                    Association dummyAssoc = _sharedAssociations.generate(
                            Association.TYPE_HMAC_SHA1, 0);

                    AssociationRequest dummyRequest =
                            AssociationRequest.createAssociationRequest(
                            AssociationSessionType.NO_ENCRYPTION_COMPAT_SHA1MAC);
View Full Code Here
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
            if (DEBUG) _log.debug("Using ClaimedID: " + claimed +
                                  " OP-specific ID: " + id);

            if (authenticatedAndApproved) // positive response
            {
                Association assoc = null;
                String handle = authReq.getHandle();
                String invalidateHandle = null;

                if (handle != null)
                {
                    assoc = _sharedAssociations.load(handle);
                    if (assoc == null)
                    {
                        _log.info("Invalidating handle: " + handle);
                        invalidateHandle = handle;
                    }
                    else
                        _log.info("Loaded shared association; handle: " + handle);
                }

                if (assoc == null)
                {
                    assoc = _privateAssociations.generate(
                            _prefAssocSessEnc.getAssociationType(),
                            _expireIn);

                    _log.info("Generated private association; handle: "
                              + assoc.getHandle());
                }

                AuthSuccess response = AuthSuccess.createAuthSuccess(
                            opEndpoint, claimed, id, !isVersion2,
                            authReq.getReturnTo(),
                            isVersion2 ? _nonceGenerator.next() : null,
                            invalidateHandle, assoc, false);

                if (_signFields != null)
                    response.setSignFields(_signFields);

                if (_signExtensions != null)
                    response.setSignExtensions(_signExtensions);

                if (signNow)
                    response.setSignature(assoc.sign(response.getSignedText()));

                _log.info("Returning positive assertion for " +
                          response.getReturnTo());

                return response;
View Full Code Here
TOP

Related Classes of org.openid4java.association.Association

  • com.google.step2.ConsumerHelper
  • org.cognitor.server.openid.service.impl.AssociationStoreServiceImpl
  • org.cognitor.server.openid.service.impl.AssociationStoreServiceImplTest
  • org.openid4java.consumer.ConsumerManager
  • org.openid4java.consumer.InMemoryConsumerAssociationStore
  • org.openid4java.consumer.JdbcConsumerAssociationStore
  • org.openid4java.infocard.sts.OpenIDTokenGeneratorHandler
  • org.openid4java.message.AssociationResponse
  • org.openid4java.server.AbstractServerAssociationStoreTest
  • org.openid4java.server.InMemoryServerAssociationStore
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.