Java Code Examples for org.openid4java.message.ParameterList#getParameterValue()

The following examples show how to use org.openid4java.message.ParameterList#getParameterValue() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SmartOpenIdController.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
/**
 * Gets the association response. Determines the mode first.
 * If mode is set to associate, will set the response. Then
 * builds the response parameters next and returns.
 *
 * @param request the request
 * @return the association response
 */
public Map<String, String> getAssociationResponse(final HttpServletRequest request) {
    final ParameterList parameters = new ParameterList(request.getParameterMap());

    final String mode = parameters.hasParameter(OpenIdConstants.OPENID_MODE)
            ? parameters.getParameterValue(OpenIdConstants.OPENID_MODE)
            : null;

    Message response = null;

    if (StringUtils.equals(mode, OpenIdConstants.ASSOCIATE)) {
        response = serverManager.associationResponse(parameters);
    }
    final Map<String, String> responseParams = new HashMap<>();
    if (response != null) {
        responseParams.putAll(response.getParameterMap());
    }

    return responseParams;

}
 
Example 2
Source File: SmartOpenIdController.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
public Map<String, String> getAssociationResponse(final HttpServletRequest request) {
    ParameterList parameters = new ParameterList(request.getParameterMap());

    final String mode = parameters.hasParameter("openid.mode")
            ? parameters.getParameterValue("openid.mode")
            : null;

    Message response = null;
    if (mode != null && mode.equals("associate")) {
        response = serverManager.associationResponse(parameters);
    }
    final Map<String, String> responseParams = new HashMap<String, String>();
    if (response != null) {
        responseParams.putAll(response.getParameterMap());
    }

    return responseParams;

}
 
Example 3
Source File: CustomOpenIdProviderHandler.java    From OpenID-Attacker with GNU General Public License v2.0 6 votes vote down vote up
private void handleCheckAuthentication(String info, HttpServletResponse response, final ParameterList requestParameter) throws IOException {

        LOG.info("--> BEGIN handleCheckAuthentication");
        String assocHandle = requestParameter.getParameterValue("openid.assoc_handle");
        String shortLog = String.format("Returning check_authentication = true for %s", assocHandle);
        LOG.info(String.format("    --> assoc_handle = %s", assocHandle));
        
        Message responseMessage;
        if (idpType.equals(IdpType.ATTACKER)) {
            responseMessage = getOpenIdProcessor().generatePositiveCheckAuthenticationResponse();
        } else {
            responseMessage = getOpenIdProcessor().generateCorrectCheckAuthenticationResponse(requestParameter);
        }
        String responseText = responseMessage.keyValueFormEncoding();
        response.getWriter().println(responseText);
        response.setStatus(HttpServletResponse.SC_OK);
        String requestText = String.format("%s\n\n%s", info, requestParameter.toString());
        RequestLogger.getInstance().add(RequestType.CHECK_AUTHENTICATION, shortLog, requestText, responseText, idpType);
        LOG.info("--> END handleCheckAuthentication");
    }
 
Example 4
Source File: OpenIDHandler.java    From carbon-identity with Apache License 2.0 6 votes vote down vote up
/**
 * Returns the mode field of the OpenID message.
 *
 * @param paramList
 * @param response
 * @param request
 * @return
 * @throws IOException
 */
private String getOpenIDMessageMode(ParameterList paramList, HttpServletResponse response,
                                    HttpServletRequest request) throws IOException {
    String mode = null;
    if (paramList == null) {
        if (log.isDebugEnabled()) {
            log.debug("Invalid OpenID message :" + request.getQueryString());
        }
        directResponse(response, getErrorResponseText("Invalid OpenID message"));
        return null;
    }
    mode = paramList.hasParameter(OpenId.ATTR_MODE) ? paramList.getParameterValue(OpenId.ATTR_MODE) : null;
    if (log.isDebugEnabled()) {
        log.debug("OpenID authentication mode :" + mode);
    }
    return mode;
}
 
Example 5
Source File: CustomOpenIdProviderHandler.java    From OpenID-Attacker with GNU General Public License v2.0 5 votes vote down vote up
public void handleTokenRequestWithPostRedirect(String info, HttpServletResponse response, final ParameterList requestParameter) throws OpenIdAttackerServerException, IOException {
    String assoc_handle = requestParameter.getParameterValue("openid.assoc_handle");
    LOG.info(String.format("--> BEGIN handleTokenRequestwithGetRedirect for assoc_handle='%s'",
      assoc_handle != null ? assoc_handle : "<NONE>"));
    AttackParameterKeeper keeper = getOpenIdProcessor().processTokenRequest(requestParameter);
    response.setStatus(HttpServletResponse.SC_OK);
    String destinationUrl = getDestinationUrl(keeper);
    
    boolean performAttack;
    boolean interceptIdpResponse;
    if (idpType == IdpType.ATTACKER) {
        performAttack = OpenIdServerConfiguration.getAttackerInstance().isPerformAttack();
        interceptIdpResponse = OpenIdServerConfiguration.getAttackerInstance().isInterceptIdPResponse();
    } else {
        performAttack = OpenIdServerConfiguration.getAnalyzerInstance().isPerformAttack();
        interceptIdpResponse = OpenIdServerConfiguration.getAnalyzerInstance().isInterceptIdPResponse();
    }
    
    Map<String, String> getParameters = AttackParameterHandler.createMapByMethod(keeper, HttpMethod.GET, performAttack);
    Map<String, String> postParamters = AttackParameterHandler.createMapByMethod(keeper, HttpMethod.POST, performAttack);
    String postRedirectHtml = HttpPostRedirect.createPostRedirect(destinationUrl, getParameters, postParamters, interceptIdpResponse);
    response.getWriter().println(postRedirectHtml);

    RequestType type;
    if (performAttack) {
        type = RequestType.TOKEN_ATTACK;
    } else {
        type = RequestType.TOKEN_VALID;
    }
    String responseText = String.format("GET:\n\n%s\nPOST:\n\n%s", PrintHelper.mapToString(getParameters), PrintHelper.mapToString(postParamters));
    RequestLogger.getInstance().add(type, "Token generated", info + "\n\n" + requestParameter.toString(), responseText, idpType);
    LOG.info("--> END handleTokenRequestwithGetRedirect");
}
 
Example 6
Source File: CustomOpenIdProviderHandler.java    From OpenID-Attacker with GNU General Public License v2.0 5 votes vote down vote up
public void handleTokenRequestwithGetRedirect(HttpServletResponse response, final ParameterList requestParameter)
  throws OpenIdAttackerServerException {
    String assoc_handle = requestParameter.getParameterValue("openid.assoc_handle");
    LOG.info(String.format("--> BEGIN handleTokenRequestwithGetRedirect for assoc_handle='%s'",
      assoc_handle != null ? assoc_handle : "<NONE>"));
    AttackParameterKeeper keeper = openIdProcessor.processTokenRequest(requestParameter);
    response.setStatus(HttpServletResponse.SC_SEE_OTHER);
    
    boolean performAttack = false;
    if (idpType == IdpType.ATTACKER) {
        performAttack = OpenIdServerConfiguration.getAttackerInstance().isPerformAttack();
    } else {
        performAttack = OpenIdServerConfiguration.getAnalyzerInstance().isPerformAttack();
    }
    
    RequestType type;
    if (performAttack) {
        type = RequestType.TOKEN_ATTACK;
    } else {
        type = RequestType.TOKEN_VALID;
    }
    
    Map<String, String> getParameters = AttackParameterHandler.createMapByMethod(keeper, HttpMethod.GET, performAttack);
    String location = HttpPostRedirect.createGetRequest(getDestinationUrl(keeper), getParameters);
    
    response.setHeader("Location", location);
    String responseText = String.format("GET:\n\n%s", PrintHelper.mapToString(getParameters));
    RequestLogger.getInstance().add(type, "Token generated", requestParameter.toString(), responseText, idpType);
    
    LOG.info("--> END handleTokenRequestwithGetRedirect");
}
 
Example 7
Source File: CustomOpenIdProviderHandler.java    From OpenID-Attacker with GNU General Public License v2.0 5 votes vote down vote up
private void handleRequest(ParameterList requestParameter, String target, HttpServletResponse response, Request baseRequest) throws IOException, OpenIdAttackerServerException, TransformerException {
       // get the openIdProcessor.mode
       final String method = baseRequest.getMethod();
       final HttpURI uri = baseRequest.getUri();
       final String protocol = baseRequest.getProtocol();
       final String info = String.format("%s %s %s", method, uri, protocol);
       final String mode = requestParameter.hasParameter("openid.mode")
         ? requestParameter.getParameterValue("openid.mode") : null;

if (uri.getCompletePath().equals("/favicon.ico")) {
           handleFaviconRequest(info, response);
       } else if (target.contains("xxe")) {
           // Case: XXE
           handleXxeRequest(info, response, requestParameter);
       } /*else if (target.contains("dtd")) {
           // Case: DTD
           handleDtdRequest(info, response, requestParameter);
       }*/ else if (mode == null) {
           if (target.contains("xrds") || requestParameter.toString().contains("xrds")) {
               // Case: Request XRDS Document
               handleXrdsRequest(info, response);                
           } else {
               // Case: Request HTML Document
               handleHtmlDiscovery(info, response);
           }
       } else if ("associate".equals(mode)) {
           // Case: Process Association
           handleAssociationRequest(info, response, requestParameter);
       } else if ("checkid_setup".equals(mode) || "checkid_immediate".equals(mode)) {
           // Case: Generate Token
           handleTokenRequest(info, response, requestParameter);
       } else if ("check_authentication".equals(mode)) {
           handleCheckAuthentication(info, response, requestParameter);
       } else {
           throw new IllegalStateException("Unknown Request");
       }
       baseRequest.setHandled(true);
   }
 
Example 8
Source File: OpenIDHandler.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
/**
 * Returns the login page URL. User will be redirected to this URL when they
 * are not authenticated.
 *
 * @param claimedID
 * @param request
 * @param params
 * @return loginPageUrl
 * @throws IdentityException
 * @throws IOException
 */
private String getLoginPageUrl(String claimedID, HttpServletRequest request, ParameterList params)
        throws IdentityException, IOException {
        
    /*
     * We are setting the request's openid identifier to the session
     * here.  
     */
    request.getSession().setAttribute(OpenIDConstants.SessionAttribute.OPENID, claimedID);

    String commonAuthURL = IdentityUtil.getServerURL(FrameworkConstants.COMMONAUTH, false, true);
    String selfPath = request.getContextPath();
    String sessionDataKey = UUIDGenerator.generateUUID();

    //Authentication context keeps data which should be sent to commonAuth endpoint
    AuthenticationRequest authenticationRequest = new
            AuthenticationRequest();
    authenticationRequest.setRelyingParty(getRelyingParty(request));
    authenticationRequest.setCommonAuthCallerPath(selfPath);
    String username = null;
    String tenantDomain = null;
    if (params.getParameterValue(FrameworkConstants.OPENID_IDENTITY) != null) {
        username = OpenIDUtil.getUserName(params.getParameterValue(FrameworkConstants.OPENID_IDENTITY));
        authenticationRequest.addRequestQueryParam(FrameworkConstants.USERNAME, new String[] { username });
    }
    if (params.getParameterValue(FrameworkConstants.RequestParams.TENANT_DOMAIN) != null) {
        tenantDomain = params.getParameterValue(FrameworkConstants.RequestParams.TENANT_DOMAIN);
        authenticationRequest.setTenantDomain(tenantDomain);
    }

    boolean forceAuthenticate = false;
    if (!claimedID.endsWith("/openid/")) {
        String authenticatedUser =
                (String) request.getSession().getAttribute(OpenIDConstants.SessionAttribute.AUTHENTICATED_OPENID);
        if (log.isDebugEnabled()) {
            log.debug("claimedID : " + claimedID + ", authenticated user : " + authenticatedUser);
        }
        if (authenticatedUser != null && !"".equals(authenticatedUser.trim())
            && !claimedID.equals(authenticatedUser.trim())) {
            if (log.isDebugEnabled()) {
                log.debug("Overriding previously authenticated OpenID : " + authenticatedUser
                          + " with the OpenID in the current request :" + claimedID
                          + " and setting forceAuthenticate.");
            }
            forceAuthenticate = true;
        }
    }
    authenticationRequest.setForceAuth(forceAuthenticate);
    //Add request headers to authentication request context. ie to cache
    authenticationRequest.setRequestQueryParams(request.getParameterMap());
    for (Enumeration headerNames = request.getHeaderNames(); headerNames.hasMoreElements(); ) {
        String headerName = headerNames.nextElement().toString();
        authenticationRequest.addHeader(headerName, request.getHeader(headerName));
    }

    AuthenticationRequestCacheEntry authRequest = new AuthenticationRequestCacheEntry(authenticationRequest);
    FrameworkUtils.addAuthenticationRequestToCache(sessionDataKey, authRequest);
    StringBuilder queryStringBuilder = new StringBuilder();
    queryStringBuilder.append(commonAuthURL).
            append("?").
                              append(FrameworkConstants.SESSION_DATA_KEY).
                              append("=").
                              append(sessionDataKey).
                              append("&").
                              append(FrameworkConstants.RequestParams.TYPE).
                              append("=").
                              append(FrameworkConstants.RequestType.CLAIM_TYPE_OPENID);
    // reading the authorization header for request path authentication
    FrameworkUtils.setRequestPathCredentials(request);

    return queryStringBuilder.toString();
}
 
Example 9
Source File: OpenIDUtil.java    From carbon-identity with Apache License 2.0 4 votes vote down vote up
public static String getLoginPageQueryParams(ParameterList params) throws IdentityException {
    String queryParams = null;
    try {
        String realm = params.getParameterValue(OpenIDConstants.OpenIDRequestParameters.OPENID_REALM) != null ?
                       URLEncoder.encode(params.getParameterValue(
                               OpenIDConstants.OpenIDRequestParameters.OPENID_REALM),
                                         StandardCharsets.UTF_8.name()) : "";
        String returnTo =
                params.getParameterValue(OpenIDConstants.OpenIDRequestParameters.OPENID_RETURN_TO) != null ?
                URLEncoder.encode(
                        params.getParameterValue(OpenIDConstants.OpenIDRequestParameters.OPENID_RETURN_TO),
                        StandardCharsets.UTF_8.name()) : "";
        String claimedId =
                params.getParameterValue(OpenIDConstants.OpenIDRequestParameters.OPENID_CLAIMED_ID) != null ?
                URLEncoder.encode(
                        params.getParameterValue(OpenIDConstants.OpenIDRequestParameters.OPENID_CLAIMED_ID),
                        StandardCharsets.UTF_8.name()) : "";
        String identity =
                params.getParameterValue(OpenIDConstants.OpenIDRequestParameters.OPENID_IDENTITY) != null ?
                URLEncoder.encode(params.getParameterValue(OpenIDConstants.OpenIDRequestParameters.OPENID_IDENTITY),
                                  StandardCharsets.UTF_8.name()) : "";

        queryParams = "?" + OpenIDConstants.OpenIDRequestParameters.OPENID_REALM + "=" + realm
                      + "&" + OpenIDConstants.OpenIDRequestParameters.OPENID_RETURN_TO + "=" + returnTo
                      + "&" + OpenIDConstants.OpenIDRequestParameters.OPENID_CLAIMED_ID + "=" + claimedId
                      + "&" + OpenIDConstants.OpenIDRequestParameters.OPENID_IDENTITY + "=" + identity;
    } catch (UnsupportedEncodingException e) {
        log.error("UTF-8 encoding is not supported", e);
        throw IdentityException.error("UTF-8 encoding is not supported");
    }

    String username = null;
    if (params.getParameterValue(OpenIDConstants.OpenIDRequestParameters
                                         .OPENID_IDENTITY) != null) {
        username = OpenIDUtil.getUserName(params.getParameterValue(OpenIDConstants.OpenIDRequestParameters
                                                                           .OPENID_IDENTITY));
        queryParams = queryParams + "&" + OpenIDConstants.RequestParameter.USERNAME + "=" + username;
    }

    return queryParams;
}