Java Code Examples for org.openid4java.association.Association#createHmacSha256()

The following examples show how to use org.openid4java.association.Association#createHmacSha256() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: PrivateAssociationCryptoStore.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
@Override
    public Association load(String handle) {

        if(IdentityUtil.isBlank(handle)){
            throw new IllegalArgumentException("Handle is empty");
        }
        if(log.isDebugEnabled()){
            log.debug("Inside load(); handle : " + handle);
        }
        String timeStamp = handle.substring((Integer.toString(storeId)).length(), handle.indexOf("-"));
        Date expireDate = new Date(Long.parseLong(timeStamp)+ this.expireIn);
        if(log.isDebugEnabled()){
            log.debug("Calculated Expiry Time : " + expireDate.getTime());
        }
//        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
//        PBEKeySpec spec = new PBEKeySpec(serverKey.toCharArray(), handle.getBytes(), 1, 256);
//        SecretKey secretKey = factory.generateSecret(spec);

        return Association.createHmacSha256(handle, (serverKey + handle).getBytes(), expireDate);
    }
 
Example 2
Source File: PrivateAssociationCryptoStore.java    From carbon-identity with Apache License 2.0 5 votes vote down vote up
@Override
    public Association generate(String type, int expiryIn) throws AssociationException {

        if(log.isDebugEnabled()){
            log.debug("Inside generate();  type : " + type + " expiryIn  : " + expiryIn);
        }

        long timestamp = new Date().getTime();
        if(log.isDebugEnabled()){
            log.debug("Current Time : " + timestamp);
        }
        // make time in to millisecond before it is set
        if(this.expireIn == 0){
            this.expireIn = expiryIn * 1000;
        }
        if(log.isDebugEnabled()){
            log.debug("Expires In : " + this.expireIn);
        }
        Date expireDate = new Date(timestamp + this.expireIn);
        if(log.isDebugEnabled()){
            log.debug("Expiry Time : " + expireDate.getTime());
        }

        String handle = Integer.toString(storeId) + Long.toString(timestamp) + "-" + Integer.toString(counter++);

        if(log.isDebugEnabled()){
            log.debug("Handle generated by crypto store : " + handle);
        }

//        SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
//        PBEKeySpec spec = new PBEKeySpec(serverKey.toCharArray(), handle.getBytes(), 1, 256);
//        SecretKey secretKey = factory.generateSecret(spec);

        Association association = Association.createHmacSha256(handle, (serverKey + handle).getBytes(), expireDate);
        OpenIDServerManager.setThreadLocalAssociation(association);
        return association;
    }
 
Example 3
Source File: AssociationResponse.java    From openid4java with Apache License 2.0 4 votes vote down vote up
/**
 * Generates an Association object from an Association Response.
 *
 * @param dhSess        The Diffie-Helman session containing the private key
 *                      used to encrypt / decrypt the MAC key exchange.
 *                      Should be null for no-encryption sessions.
 */
public Association getAssociation(DiffieHellmanSession dhSess)
        throws AssociationException
{
    if (DEBUG) _log.debug("Retrieving MAC key from association response...");

    String handle = getParameterValue("assoc_handle");
    int expiresIn = Integer.parseInt(
            getParameterValue("expires_in") );

    // get (and decrypt) the MAC key
    byte[] macKey;

    AssociationSessionType type = getType();

    if ( type.getHAlgorithm() != null )
    {
        macKey = dhSess.decryptMacKey(
                getParameterValue("enc_mac_key"),
                getParameterValue("dh_server_public") );
        if (DEBUG) _log.debug("Decrypted MAC key (base64): " +
                              new String(Base64.encodeBase64(macKey)));
    }
    else
    {
        macKey = Base64.decodeBase64(
                getParameterValue("mac_key").getBytes() );

        if (DEBUG) _log.debug("Unencrypted MAC key (base64): "
                              + getParameterValue("mac_key"));
    }

    Association assoc;

    if (Association.TYPE_HMAC_SHA1.equals(type.getAssociationType()))
        assoc = Association.createHmacSha1(handle, macKey, expiresIn);

    else if (Association.TYPE_HMAC_SHA256.equals(type.getAssociationType()))
        assoc = Association.createHmacSha256(handle, macKey, expiresIn);

    else
        throw new AssociationException("Unknown association type: " + type);

    if (DEBUG) _log.debug("Created association for handle: " + handle);

    return assoc;
}
 
Example 4
Source File: JdbcConsumerAssociationStore.java    From openid4java with Apache License 2.0 4 votes vote down vote up
public Association load ( String opUrl, String handle )
{		
	try
	{
		JdbcTemplate jdbcTemplate = getJdbcTemplate ( ) ;

		Map res = jdbcTemplate.queryForMap ( _sqlSelect, new Object[]
			{ opUrl, handle } ) ;

		String type = (String) res.get ( "type" ) ;
		String macKey = (String) res.get ( "mackey" ) ;
		Date expDate = (Date) res.get ( "expdate" ) ;

		if ( type == null || macKey == null || expDate == null )
			throw new AssociationException (
												"Invalid association data retrived from database; cannot create Association "
														+ "object for handle: "
														+ handle ) ;

		Association assoc ;

		if ( Association.TYPE_HMAC_SHA1.equals ( type ) )
			assoc = Association.createHmacSha1 (	handle,
													Base64.decodeBase64 ( macKey.getBytes ( ) ),
													expDate ) ;

		else if ( Association.TYPE_HMAC_SHA256.equals ( type ) )
			assoc = Association.createHmacSha256 (	handle,
													Base64.decodeBase64 ( macKey.getBytes ( ) ),
													expDate ) ;

		else
			throw new AssociationException (
												"Invalid association type "
														+ "retrieved from database: "
														+ type ) ;

		if ( _log.isDebugEnabled ( ) )
			_log.debug ( "Retrieved association for handle: " + handle
							+ " from table: " + _tableName ) ;

		return assoc ;
	}
	catch ( AssociationException ase )
	{
		_log.error ( "Error retrieving association from table: "
						+ _tableName, ase ) ;
		return null ;
	}
	catch ( IncorrectResultSizeDataAccessException rse )
	{
		_log.warn ( "Association not found for handle: " + handle
					+ " in the table: " + _tableName ) ;
		return null ;
	}
	catch ( DataAccessException dae )
	{
		_log.error ( "Error retrieving association for handle: " + handle
						+ "from table: " + _tableName, dae ) ;
		return null ;
	}
}
 
Example 5
Source File: JdbcConsumerAssociationStore.java    From openid4java with Apache License 2.0 4 votes vote down vote up
public Association load ( String opUrl )
{		
	try
	{
		JdbcTemplate jdbcTemplate = getJdbcTemplate ( ) ;

		Map res = jdbcTemplate.queryForMap ( _sqlSelectAlt, new Object[]
			{ opUrl } ) ;

		String handle = (String) res.get ( "handle" ) ;
		String type = (String) res.get ( "type" ) ;
		String macKey = (String) res.get ( "mackey" ) ;
		Date expDate = (Date) res.get ( "expdate" ) ;

		Association assoc ;

           if ( expDate == null || ( type == null || macKey == null ) &&
                ! Association.FAILED_ASSOC_HANDLE.equals(handle) ) {
			throw new AssociationException (
												"Invalid expiry date retrived from database; cannot create Association "
														+ "object for handle: "
														+ handle ) ;

           } else if (Association.FAILED_ASSOC_HANDLE.equals(handle)) {
               assoc = Association.getFailedAssociation(expDate);

           } else if ( Association.TYPE_HMAC_SHA1.equals ( type ) ) {
			assoc = Association.createHmacSha1 (	handle,
													Base64.decodeBase64 ( macKey.getBytes ( ) ),
													expDate ) ;

           } else if ( Association.TYPE_HMAC_SHA256.equals ( type ) ) {
			assoc = Association.createHmacSha256 (	handle,
													Base64.decodeBase64 ( macKey.getBytes ( ) ),
													expDate ) ;

           } else {
			throw new AssociationException (
												"Invalid association type "
														+ "retrieved from database: "
														+ type ) ;

           }

		if ( _log.isDebugEnabled ( ) )
			_log.debug ( "Retrieved association for handle: " + handle
							+ " from table: " + _tableName ) ;

		return assoc ;
	}
	catch ( AssociationException ase )
	{
		_log.error ( "Error retrieving association from table: "
						+ _tableName, ase ) ;
		return null ;
	}
	catch ( IncorrectResultSizeDataAccessException rse )
	{
		_log.warn ( "Association not found for opUrl: " + opUrl
					+ " in the table: " + _tableName ) ;
		return null ;
	}
	catch ( DataAccessException dae )
	{
		_log.error ( "Error retrieving association for opUrl: " + opUrl
						+ "from table: " + _tableName, dae ) ;
		return null ;
	}
}
 
Example 6
Source File: JdbcServerAssociationStore.java    From openid4java with Apache License 2.0 4 votes vote down vote up
public Association load(String handle)
{
    try
    {
        String sql = "SELECT type,mackey,expdate FROM " + _tableName +
                " WHERE handle=?";

        JdbcTemplate jdbcTemplate = getJdbcTemplate();

        Map res = jdbcTemplate.queryForMap(sql, new Object[] {handle});

        String type = (String) res.get("type");
        String macKey = (String) res.get("mackey");
        Date expDate = (Date) res.get("expdate");

        if (type == null || macKey == null || expDate == null)
            throw new AssociationException("Invalid association data " +
                    "retrived from database; cannot create Association " +
                    "object for handle: " + handle);

        Association assoc;

        if (Association.TYPE_HMAC_SHA1.equals(type))
            assoc = Association.createHmacSha1(handle,
                    Base64.decodeBase64(macKey.getBytes() ), expDate);

        else if (Association.TYPE_HMAC_SHA256.equals(type))
            assoc = Association.createHmacSha256(handle,
                    Base64.decodeBase64(macKey.getBytes() ), expDate);

        else
            throw new AssociationException("Invalid association type " +
                    "retrieved from database: " + type);

        if (DEBUG)
            _log.debug("Retrieved association for handle: " + handle +
                       " from table: " + _tableName);

        return assoc;
    }
    catch (AssociationException ase )
    {
        _log.error("Error retrieving association from table: " + _tableName, ase);
        return null;
    }
    catch (IncorrectResultSizeDataAccessException rse)
    {
        _log.warn("Association not found for handle: " + handle +
                  " in the table: " + _tableName);
        return null;
    }
    catch (DataAccessException dae)
    {
        _log.error("Error retrieving association for handle: " + handle +
                   "from table: " + _tableName, dae);
        return null;
    }
}
 
Example 7
Source File: OpenIDAssociationDAO.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
/**
 * Builds the Association object
 *
 * @param results
 * @return <code>Association</code>
 * @throws SQLException
 */
private synchronized Association buildAssociationObject(ResultSet results) {

    Association assoc = null;
    String assocHandle = null;

    try {

        assocHandle = results.getString(1);
        String assocType = results.getString(2);
        java.util.Date expireIn = new java.util.Date(results.getTimestamp(3).getTime());
        String macKey = results.getString(4);
        String assocStore = results.getString(5);

        // we check if params are missing
        if (assocHandle == null || assocType == null || expireIn == null || macKey == null || assocStore == null) {
            log.error("Required data missing. Cannot build the Association object");
            return null;
        }

        // Here we check if we are loading the correct associations
        if (associationStore.equals(OpenIDServerConstants.ASSOCIATION_STORE_TYPE_PRIVATE) &&
            assocStore.equals(OpenIDServerConstants.ASSOCIATION_STORE_TYPE_SHARED)) {
            log.error(
                    "Invalid association data found. Tried to load a Private Association but found a Shared Association");
            return null;
        } else if (associationStore.equals(OpenIDServerConstants.ASSOCIATION_STORE_TYPE_SHARED) &&
                   assocStore.equals(OpenIDServerConstants.ASSOCIATION_STORE_TYPE_PRIVATE)) {
            log.error(
                    "Invalid association data found. Tried to load a Shared Association but found a Private Association");
            return null;
        }

        // Checks for association handle
        if (Association.TYPE_HMAC_SHA1.equals(assocType)) {
            assoc = Association.createHmacSha1(assocHandle, Base64.decode(macKey), expireIn);

        } else if (Association.TYPE_HMAC_SHA256.equals(assocType)) {
            assoc = Association.createHmacSha256(assocHandle, Base64.decode(macKey), expireIn);

        } else {
            log.error("Invalid association type " + assocType + " loaded from database");
            return null;
        }

    } catch (SQLException e) {
        log.error("Failed to build the Association for " + assocHandle + ". Error while accessing the database.",
                  e);
    } finally {
        IdentityDatabaseUtil.closeResultSet(results);
    }

    log.debug("Association " + assocHandle + " loaded successfully from the database.");
    return assoc;
}
 
Example 8
Source File: OpenIDAssociationCache.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
/**
 * Read entries from the cache. If no value found then returns null.
 * If the association is expired then returns null.
 * Else returns the <code>Association</code>
 *
 * @param handle
 * @return <code>Association<code>
 */
public Association getFromCache(String handle) {

    if(IdentityUtil.isBlank(handle)){
        throw new IllegalArgumentException("Handle is \'NULL\'");
    }
    OpenIDIdentityCacheKey cacheKey = new OpenIDIdentityCacheKey(0, handle);
    OpenIDIdentityCacheEntry cacheEntry = associationCache.getValueFromCache(cacheKey);
    if (cacheEntry != null) {
        if (log.isDebugEnabled()) {
            log.debug("Cache hit for handle : " + handle);
        }
        Date expiry = cacheEntry.getDate();
        String type = cacheEntry.getCacheEntry();
        Key secretKey = cacheEntry.getSecretKey();
        if(Association.TYPE_HMAC_SHA1.equals(type)){
            return Association.createHmacSha1(handle, secretKey.getEncoded(), expiry);
        } else if(Association.TYPE_HMAC_SHA256.equals(type)) {
            return Association.createHmacSha256(handle, secretKey.getEncoded(), expiry);
        } else {
            throw IdentityRuntimeException.error("Invalid algorithm " + type);
        }

        /*
         * We are not removing expired handles from the cache. If we
         * do, then at a lookup for a expired search, it will fall
         * back to a database lookup which costs a lot. JCache
         * should remove an entry if an entry was never called.
         *
         * if(association.hasExpired()){
         * associationCache.removeCacheEntry(handle);
         * if(log.isDebugEnabled()){
         * log.debug("Expired entry in cache for handle : " +
         * handle); } } else { return association; }
         */
    } else {
        if (log.isDebugEnabled()) {
            log.debug("Cache miss for handle : " + handle);
        }
        return null;
    }
}