Examples with ParameterList org.openid4java.message.ParameterList used on opensource projects

Example 1 with ParameterList

use of org.openid4java.message.ParameterList in project spring-security by spring-projects.

the class OpenID4JavaConsumer method endConsumption.

public OpenIDAuthenticationToken endConsumption(HttpServletRequest request) throws OpenIDConsumerException {
    // extract the parameters from the authentication response
    // (which comes in as a HTTP request from the OpenID provider)
    ParameterList openidResp = new ParameterList(request.getParameterMap());
    // retrieve the previously stored discovery information
    DiscoveryInformation discovered = (DiscoveryInformation) request.getSession().getAttribute(DISCOVERY_INFO_KEY);
    if (discovered == null) {
        throw new OpenIDConsumerException("DiscoveryInformation is not available. Possible causes are lost session or replay attack");
    }
    List<OpenIDAttribute> attributesToFetch = (List<OpenIDAttribute>) request.getSession().getAttribute(ATTRIBUTE_LIST_KEY);
    request.getSession().removeAttribute(DISCOVERY_INFO_KEY);
    request.getSession().removeAttribute(ATTRIBUTE_LIST_KEY);
    // extract the receiving URL from the HTTP request
    StringBuffer receivingURL = request.getRequestURL();
    String queryString = request.getQueryString();
    if (StringUtils.hasLength(queryString)) {
        receivingURL.append("?").append(request.getQueryString());
    }
    // verify the response
    VerificationResult verification;
    try {
        verification = consumerManager.verify(receivingURL.toString(), openidResp, discovered);
    } catch (MessageException e) {
        throw new OpenIDConsumerException("Error verifying openid response", e);
    } catch (DiscoveryException e) {
        throw new OpenIDConsumerException("Error verifying openid response", e);
    } catch (AssociationException e) {
        throw new OpenIDConsumerException("Error verifying openid response", e);
    }
    // examine the verification result and extract the verified identifier
    Identifier verified = verification.getVerifiedId();
    if (verified == null) {
        Identifier id = discovered.getClaimedIdentifier();
        return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.FAILURE, id == null ? "Unknown" : id.getIdentifier(), "Verification status message: [" + verification.getStatusMsg() + "]", Collections.<OpenIDAttribute>emptyList());
    }
    List<OpenIDAttribute> attributes = fetchAxAttributes(verification.getAuthResponse(), attributesToFetch);
    return new OpenIDAuthenticationToken(OpenIDAuthenticationStatus.SUCCESS, verified.getIdentifier(), "some message", attributes);
}

Example 2 with ParameterList

use of org.openid4java.message.ParameterList in project cas by apereo.

the class OpenIdValidateController method handleRequestInternal.

@Override
protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    final String openIdMode = request.getParameter(OpenIdProtocolConstants.OPENID_MODE);
    if (StringUtils.equals(openIdMode, OpenIdProtocolConstants.CHECK_AUTHENTICATION)) {
        final VerifyResponse message = (VerifyResponse) this.serverManager.verify(new ParameterList(request.getParameterMap()));
        final Map<String, String> parameters = new HashMap<>();
        parameters.putAll(message.getParameterMap());
        if (message.isSignatureVerified()) {
            LOGGER.debug("Signature verification request successful.");
            return new ModelAndView(getSuccessView(), VIEW_MODEL_KEY_PARAMETERS, parameters);
        } else {
            LOGGER.debug("Signature verification request unsuccessful.");
            return new ModelAndView(getFailureView(), VIEW_MODEL_KEY_PARAMETERS, parameters);
        }
    } else {
        // since we only deal OpenId signature verification
        return super.handleRequestInternal(request, response);
    }
}

Example 3 with ParameterList

use of org.openid4java.message.ParameterList in project cas by apereo.

the class SmartOpenIdController method getAssociationResponse.

/**
     * Gets the association response. Determines the mode first.
     * If mode is set to associate, will set the response. Then
     * builds the response parameters next and returns.
     *
     * @param request the request
     * @return the association response
     */
public Map<String, String> getAssociationResponse(final HttpServletRequest request) {
    final ParameterList parameters = new ParameterList(request.getParameterMap());
    final String mode = parameters.hasParameter(OpenIdProtocolConstants.OPENID_MODE) ? parameters.getParameterValue(OpenIdProtocolConstants.OPENID_MODE) : null;
    Message response = null;
    if (StringUtils.equals(mode, OpenIdProtocolConstants.ASSOCIATE)) {
        response = this.serverManager.associationResponse(parameters);
    }
    final Map<String, String> responseParams = new HashMap<>();
    if (response != null) {
        responseParams.putAll(response.getParameterMap());
    }
    return responseParams;
}

Example 4 with ParameterList

use of org.openid4java.message.ParameterList in project cas by apereo.

the class OpenIdServiceTests method verifyExpiredAssociationGetResponse.

@Test
public void verifyExpiredAssociationGetResponse() {
    try {
        request.removeParameter(OpenIdProtocolConstants.OPENID_ASSOCHANDLE);
        request.addParameter(OpenIdProtocolConstants.OPENID_ASSOCHANDLE, association.getHandle());
        openIdService = openIdServiceFactory.createService(request);
        final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), openIdService);
        final String tgt = centralAuthenticationService.createTicketGrantingTicket(ctx).getId();
        final String st = centralAuthenticationService.grantServiceTicket(tgt, openIdService, ctx).getId();
        centralAuthenticationService.validateServiceTicket(st, openIdService);
        synchronized (this) {
            try {
                this.wait(3000);
            } catch (final InterruptedException e) {
                fail("Could not wait long enough to check association expiry date");
            }
        }
        final ParameterList paramList = new ParameterList(request.getParameterMap());
        final Response response = new OpenIdServiceResponseBuilder(OPEN_ID_PREFIX_URL, serverManager, centralAuthenticationService).build(openIdService, st);
        assertNotNull(response);
        assertEquals(2, response.getAttributes().size());
        assertEquals("cancel", response.getAttributes().get(OpenIdProtocolConstants.OPENID_MODE));
    } catch (final Exception e) {
        LOGGER.debug("Exception during verification of service ticket", e);
    }
}

Example 5 with ParameterList

use of org.openid4java.message.ParameterList in project cas by apereo.

the class OpenIdServiceResponseBuilder method build.

/**
     * Generates an Openid response.
     * If no ticketId is found, response is negative.
     * If we have a ticket id, then we check if we have an association.
     * If so, we ask OpenId server manager to generate the answer according with the existing association.
     * If not, we send back an answer with the ticket id as association handle.
     * This will force the consumer to ask a verification, which will validate the service ticket.
     *
     * @param ticketId              the service ticket to provide to the service.
     * @param webApplicationService the service requesting an openid response
     * @return the generated authentication answer
     */
@Override
public Response build(final WebApplicationService webApplicationService, final String ticketId) {
    final OpenIdService service = (OpenIdService) webApplicationService;
    final ParameterList parameterList = new ParameterList(WebUtils.getHttpServletRequestFromRequestAttributes().getParameterMap());
    final Map<String, String> parameters = new HashMap<>();
    if (StringUtils.isBlank(ticketId)) {
        parameters.put(OpenIdProtocolConstants.OPENID_MODE, OpenIdProtocolConstants.CANCEL);
        return buildRedirect(service, parameters);
    }
    final Association association = getAssociation(serverManager, parameterList);
    final boolean associated = association != null;
    final boolean associationValid = isAssociationValid(association);
    boolean successFullAuthentication = true;
    Assertion assertion = null;
    try {
        if (associated && associationValid) {
            assertion = centralAuthenticationService.validateServiceTicket(ticketId, service);
            LOGGER.debug("Validated openid ticket [{}] for [{}]", ticketId, service);
        } else if (!associated) {
            LOGGER.debug("Responding to non-associated mode. Service ticket [{}] must be validated by the RP", ticketId);
        } else {
            LOGGER.warn("Association does not exist or is not valid");
            successFullAuthentication = false;
        }
    } catch (final AbstractTicketException e) {
        LOGGER.error("Could not validate ticket : [{}]", e.getMessage(), e);
        successFullAuthentication = false;
    }
    final String id = determineIdentity(service, assertion);
    return buildAuthenticationResponse(service, parameters, successFullAuthentication, id, parameterList);
}