/*
* Copyright 2005-2008 WSO2, Inc. (http://wso2.com)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.identity.provider.openid.infocard;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.association.Association;
import org.openid4java.association.AssociationException;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.Parameter;
import org.openid4java.message.ParameterList;
import org.openid4java.server.ServerManager;
import org.wso2.carbon.identity.base.IdentityConstants;
import org.wso2.carbon.identity.provider.IdentityProviderException;
public class OpenIDInfoCardHeader {
private final static int EXPIRES_IN = 1000;
private static Log log = LogFactory.getLog(OpenIDInfoCardHeader.class);
private ServerManager manager;
private String nonce;
private Association assoc;
private String openID;
private String returnTo;
private String opAdress;
/**
* @param manager
*/
public OpenIDInfoCardHeader(ServerManager manager) {
this.manager = manager;
}
/**
* Build the OpenIDToken header with the provided parameters.
*
* @param openID OpenID Url
* @param opAddress OpenID Provider server Url
* @param appliesTo true/false
* @return OpenIDToken header
* @throws IdentityProviderException
*/
public ParameterList buildHeader(String openID, String opAddress, String appliesTo)
throws IdentityProviderException {
ParameterList params = null;
params = new ParameterList();
this.nonce = getNonce();
this.returnTo = appliesTo;
this.openID = openID;
this.opAdress = opAddress;
params.set(new Parameter(IdentityConstants.OpenId.ATTR_NS,
IdentityConstants.OpenId.OPENID_URL));
params.set(new Parameter(IdentityConstants.OpenId.ATTR_OP_ENDPOINT, opAddress));
params.set(new Parameter(IdentityConstants.OpenId.ATTR_CLAIM_ID, openID));
params.set(new Parameter(IdentityConstants.OpenId.ATTR_RESPONSE_NONCE, nonce));
params.set(new Parameter(IdentityConstants.OpenId.ATTR_MODE, "id_res"));
params.set(new Parameter(IdentityConstants.OpenId.ATTR_IDENTITY, openID));
params.set(new Parameter(IdentityConstants.OpenId.ATTR_RETURN_TO, appliesTo));
try {
this.assoc = getAssocHandle();
params
.set(new Parameter(IdentityConstants.OpenId.ATTR_ASSOC_HANDLE, assoc
.getHandle()));
if (log.isDebugEnabled()) {
log.debug("Association generated :::::" + assoc.getHandle());
}
} catch (AssociationException e) {
log.error("Failed to retreive assoc handle while building OpenID InfoCard header", e);
throw new IdentityProviderException(e.getMessage());
}
params.set(new Parameter(IdentityConstants.OpenId.ATTR_SIGNED,
"op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle"));
try {
params.set(new Parameter(IdentityConstants.OpenId.ATTR_SIG, getSignature(false)));
} catch (AssociationException e) {
throw new IdentityProviderException(e.getMessage());
} catch (MessageException msgEx) {
throw new IdentityProviderException(msgEx.getMessage());
}
return params;
}
/**
* Creates an association between the OpenID Provider and the Relying Party.
*
* @return Association.
* @throws AssociationException
*/
private Association getAssocHandle() throws AssociationException {
return manager.getPrivateAssociations().generate(
org.openid4java.association.Association.TYPE_HMAC_SHA1, EXPIRES_IN);
}
/**
* Generates nonce token to uniquely identify authentication responses.
*
* @return Nonce token.
*/
private String getNonce() {
return manager.getNonceGenerator().next();
}
/**
* Creates the signature out of the specified parameters
*
* @param compatibilty Indicates the compatibility.
* @return Signature.
* @throws MessageException
* @throws AssociationException
*/
private String getSignature(boolean compatibilty) throws MessageException, AssociationException {
AuthSuccess openidResp = null;
openidResp = AuthSuccess.createAuthSuccess(opAdress, openID, openID, compatibilty,
returnTo, nonce, null, assoc, true);
// sign the message
return openidResp.getSignature();
}
}