org.openid4java.message.AuthSuccess Java Examples

The following examples show how to use org.openid4java.message.AuthSuccess. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ConsumerServlet.java    From openid4java with Apache License 2.0 6 votes vote down vote up
/**
 * @param httpReq
 * @param authSuccess
 * @throws MessageException 
 */
private void receiveSimpleRegistration(HttpServletRequest httpReq,
		AuthSuccess authSuccess) throws MessageException {
	if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) {
		MessageExtension ext = authSuccess
				.getExtension(SRegMessage.OPENID_NS_SREG);
		if (ext instanceof SRegResponse) {
			SRegResponse sregResp = (SRegResponse) ext;
			for (Iterator iter = sregResp.getAttributeNames()
					.iterator(); iter.hasNext();) {
				String name = (String) iter.next();
				String value = sregResp.getParameterValue(name);
				httpReq.setAttribute(name, value);
			}
		}
	}
}
 
Example #2
Source File: ConsumerServlet.java    From openid4java with Apache License 2.0 6 votes vote down vote up
/**
 * @param httpReq
 * @param authSuccess
 * @throws MessageException 
 */
private void receiveAttributeExchange(HttpServletRequest httpReq,
		AuthSuccess authSuccess) throws MessageException {
	if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
		FetchResponse fetchResp = (FetchResponse) authSuccess
				.getExtension(AxMessage.OPENID_NS_AX);

		// List emails = fetchResp.getAttributeValues("email");
		// String email = (String) emails.get(0);

		List aliases = fetchResp.getAttributeAliases();
		Map attributes = new LinkedHashMap();
		for (Iterator iter = aliases.iterator(); iter.hasNext();) {
			String alias = (String) iter.next();
			List values = fetchResp.getAttributeValues(alias);
			if (values.size() > 0) {
				String[] arr = new String[values.size()];
				values.toArray(arr);
				attributes.put(alias, StringUtils.join(arr));
			}
		}
		httpReq.setAttribute("attributes", attributes);
	}
}
 
Example #3
Source File: CustomOpenIdProcessor.java    From OpenID-Attacker with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Creates an OpenID Token. Depending of the global config, either a token
 * for the valid user or for the attacker is created.
 *
 * @param authRequest
 *
 * @return
 *
 * @throws MessageException
 * @throws ServerException
 * @throws AssociationException
 */
private AttackParameterKeeper processTokenRequest(final AuthRequest authRequest) throws OpenIdAttackerServerException {
    final String userSelId = getValidUser().getIdentifier();
    final String userSelClaimed = getValidUser().getClaimedId();
    final Message token = serverManager.authResponse(authRequest, userSelId, userSelClaimed, true, false);
    if (token instanceof AuthSuccess) {
        try {
            processAxExtension(token, authRequest);
            processSRegExtension(token, authRequest);
            generateSignatureForValidValues((AuthSuccess) token);
            generateSignatureForAttackValues();
        } catch (ServerException | MessageException | AssociationException ex) {
            throw new OpenIdAttackerServerException(ex.getMessage());
        }
    } else {
        throw new OpenIdAttackerServerException("Error while creating auth Response");
    }
    return getKeeper();
}
 
Example #4
Source File: CustomOpenIdProcessor.java    From OpenID-Attacker with GNU General Public License v2.0 5 votes vote down vote up
private void generateSignatureForAttackValues() throws AssociationException, MessageException, ServerException {
    AttackParameter signature = getKeeper().getParameter("openid.sig");
    // only compute sig if no custom value is specified
    if (signature != null && !signature.isAttackValueUsedForSignatureComputation()) {
        Map<String, String> currentAttackMap = AttackParameterHandler.createToSignMap(getKeeper());
        ParameterList pl = new ParameterList(currentAttackMap);
        AuthSuccess success = UnvalidatedAuthSuccess.createAuthSuccess(pl);
        serverManager.sign(success);
        AttackParameterHandler.updateAttackParameters(getKeeper(), success.getParameterMap());
    }
}
 
Example #5
Source File: UnvalidatedAuthSuccess.java    From OpenID-Attacker with GNU General Public License v2.0 5 votes vote down vote up
public static AuthSuccess createAuthSuccess(ParameterList params)
  throws MessageException {
    AuthSuccess resp = new UnvalidatedAuthSuccess(params);

    // The response token must not be validated
    // This allows e.g. to create signed tokens WITHOUT claimed_id etc.
    // resp.validate();
    if (DEBUG) {
        LOG.debug("Created positive auth response:\n"
          + resp.keyValueFormEncoding());
    }

    return resp;
}
 
Example #6
Source File: OpenIDServerManager.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
public void sign(AuthSuccess authSuccess)
        throws ServerException, AssociationException {
    String handle = authSuccess.getHandle();

    Association assoc = null;
    try {
        // First try in thread local
        assoc = getThreadLocalAssociation();
    } finally {
        // Clear thread local
        clearThreadLocalAssociation();
    }

    // try shared associations, then private
    if (assoc == null) {
        assoc = getSharedAssociations().load(handle);
    }

    if (assoc == null) {
        assoc = getPrivateAssociations().load(handle);
    }

    if (assoc == null) {
        throw new ServerException("No association found for handle: " + handle);
    }

    authSuccess.setSignature(assoc.sign(authSuccess.getSignedText()));
}
 
Example #7
Source File: ConsumerServlet.java    From openid4java with Apache License 2.0 4 votes vote down vote up
public Identifier verifyResponse(HttpServletRequest httpReq)
		throws ServletException {
	try {
		// extract the parameters from the authentication response
		// (which comes in as a HTTP request from the OpenID provider)
		ParameterList response = new ParameterList(httpReq
				.getParameterMap());

		// retrieve the previously stored discovery information
		DiscoveryInformation discovered = (DiscoveryInformation) httpReq
				.getSession().getAttribute("openid-disc");

		// extract the receiving URL from the HTTP request
		StringBuffer receivingURL = httpReq.getRequestURL();
		String queryString = httpReq.getQueryString();
		if (queryString != null && queryString.length() > 0)
			receivingURL.append("?").append(httpReq.getQueryString());

		// verify the response; ConsumerManager needs to be the same
		// (static) instance used to place the authentication request
		VerificationResult verification = manager.verify(receivingURL
				.toString(), response, discovered);

		// examine the verification result and extract the verified
		// identifier
		Identifier verified = verification.getVerifiedId();
		if (verified != null) {
			AuthSuccess authSuccess = (AuthSuccess) verification
					.getAuthResponse();

			receiveSimpleRegistration(httpReq, authSuccess);

			receiveAttributeExchange(httpReq, authSuccess);

			return verified; // success
		}
	} catch (OpenIDException e) {
		// present error to the user
		throw new ServletException(e);
	}

	return null;
}
 
Example #8
Source File: CustomOpenIdProcessor.java    From OpenID-Attacker with GNU General Public License v2.0 4 votes vote down vote up
private void generateSignatureForValidValues(AuthSuccess token) throws AssociationException, ServerException {
    serverManager.sign(token);
    AttackParameterHandler.updateValidParameters(getKeeper(), token.getParameterMap());
}
 
Example #9
Source File: OpenIdImpl.java    From socialauth with MIT License 4 votes vote down vote up
/**
 * Verifies the user when the external provider redirects back to our
 * application.
 * 
 * 
 * @param requestParams
 *            request parameters, received from the provider
 * @return Profile object containing the profile information
 * @throws Exception
 */

@Override
public Profile verifyResponse(final Map<String, String> requestParams)
		throws Exception {
	if (!providerState) {
		throw new ProviderStateException();
	}
	try {
		// extract the parameters from the authentication response
		// (which comes in as a HTTP request from the OpenID provider)
		ParameterList response = new ParameterList(requestParams);

		// extract the receiving URL from the HTTP request
		StringBuffer receivingURL = new StringBuffer();
		receivingURL.append(successUrl);
		StringBuffer sb = new StringBuffer();
		for (Map.Entry<String, String> entry : requestParams.entrySet()) {
			String key = entry.getKey();
			String value = entry.getValue();
			if (sb.length() > 0) {
				sb.append("&");
			}
			sb.append(key).append("=").append(value);
		}
		receivingURL.append("?").append(sb.toString());

		// verify the response; ConsumerManager needs to be the same
		// (static) instance used to place the authentication request
		VerificationResult verification = manager.verify(
				receivingURL.toString(), response, discovered);

		// examine the verification result and extract the verified
		// identifier
		Identifier verified = verification.getVerifiedId();
		if (verified != null) {
			LOG.debug("Verified Id : " + verified.getIdentifier());
			Profile p = new Profile();
			p.setValidatedId(verified.getIdentifier());
			AuthSuccess authSuccess = (AuthSuccess) verification
					.getAuthResponse();

			if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
				FetchResponse fetchResp = (FetchResponse) authSuccess
						.getExtension(AxMessage.OPENID_NS_AX);

				p.setEmail(fetchResp.getAttributeValue("email"));
				p.setFirstName(fetchResp.getAttributeValue("firstname"));
				p.setLastName(fetchResp.getAttributeValue("lastname"));
				p.setFullName(fetchResp.getAttributeValue("fullname"));

				// also use the ax namespace for compatibility
				if (p.getEmail() == null) {
					p.setEmail(fetchResp.getAttributeValue("emailax"));
				}
				if (p.getFirstName() == null) {
					p.setFirstName(fetchResp
							.getAttributeValue("firstnameax"));
				}
				if (p.getLastName() == null) {
					p.setLastName(fetchResp.getAttributeValue("lastnameax"));
				}
				if (p.getFullName() == null) {
					p.setFullName(fetchResp.getAttributeValue("fullnameax"));
				}

			}
			userProfile = p;
			return p;
		}
	} catch (OpenIDException e) {
		throw e;
	}

	return null;
}
 
Example #10
Source File: OpenIdConsumer.java    From jerseyoauth2 with MIT License 4 votes vote down vote up
public Identifier verifyResponse(HttpServletRequest httpReq) {
	try {
		// extract the parameters from the authentication response
		// (which comes in as a HTTP request from the OpenID provider)
		ParameterList response = new ParameterList(httpReq.getParameterMap());

		// retrieve the previously stored discovery information
		DiscoveryInformation discovered = (DiscoveryInformation) httpReq.getSession().getAttribute(OpenIdConstants.OPENID_DISC);

		// extract the receiving URL from the HTTP request
		StringBuffer receivingURL = httpReq.getRequestURL();
		String queryString = httpReq.getQueryString();
		if (queryString != null && queryString.length() > 0)
			receivingURL.append("?").append(httpReq.getQueryString());

		// verify the response; ConsumerManager needs to be the same
		// (static) instance used to place the authentication request
		VerificationResult verification = manager.verify(receivingURL.toString(), response, discovered);

		// examine the verification result and extract the verified
		// identifier
		Identifier verified = verification.getVerifiedId();
		if (verified != null) {
			AuthSuccess authSuccess = (AuthSuccess) verification.getAuthResponse();

			if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
				FetchResponse fetchResp = (FetchResponse) authSuccess.getExtension(AxMessage.OPENID_NS_AX);

				List<?> emails = fetchResp.getAttributeValues("email");
				String email = (String) emails.get(0);
				
				httpReq.getSession().setAttribute(OpenIdConstants.OPENID_SESSION_VAR, new OpenIDUser(email));
			}

			return verified; // success
		}
	} catch (OpenIDException e) {
		// present error to the user
	}

	return null;
}