Picketlink SVN: r640 - in federation/trunk: picketlink-fed-core and 7 other directories. - picketlink-commits

Thursday, 20 January 2011

Author: anil.saldhana(a)jboss.com
Date: 2011-01-20 14:13:23 -0500 (Thu, 20 Jan 2011)
New Revision: 640

Added:
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java
Removed:
  
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java
  
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java
Modified:
   federation/trunk/picketlink-fed-core/pom.xml
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java
   federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml
  
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
Log:
OpenID provider now works off the common STS

Deleted:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java	2011-01-19
20:47:31 UTC (rev 639)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDParameterList.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -1,47 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors. 
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.api.openid.provider;
-
-import java.util.Map;
-
-import org.openid4java.message.ParameterList;
-
-/**
- * Parameter List passed in the messages
- * @author Anil.Saldhana(a)redhat.com
- * @since Jul 15, 2009
- */
-public class OpenIDParameterList extends ParameterList
-{
-   private static final long serialVersionUID = 1L;
-
-   public OpenIDParameterList()
-   {
-      super(); 
-   }
-
-   @SuppressWarnings({ "rawtypes"})
-   public OpenIDParameterList(Map parameterMap)
-   {
-      super(parameterMap); 
-   }
-}

Deleted:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java	2011-01-19
20:47:31 UTC (rev 639)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/openid/provider/OpenIDProviderManager.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -1,142 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors. 
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.picketlink.identity.federation.api.openid.provider;
-
-import org.openid4java.message.AuthSuccess;
-import org.openid4java.message.DirectError;
-import org.openid4java.message.Message;
-import org.openid4java.message.ParameterList;
-import org.openid4java.server.InMemoryServerAssociationStore;
-import org.openid4java.server.ServerManager;
-
-/**
- * Manages a OpenID Provider
- * @author Anil.Saldhana(a)redhat.com
- * @since Jul 15, 2009
- */
-public class OpenIDProviderManager
-{
-   private ServerManager serverManager = new ServerManager();
-   
-   /**
-    * Initialize internal data structures
-    */
-   public void initialize()
-   {
-      serverManager.setSharedAssociations(new InMemoryServerAssociationStore());
-      serverManager.setPrivateAssociations(new InMemoryServerAssociationStore());
-   }
-   
-   /**
-    * Get the end point where the provider is active
-    * @return string an url
-    */
-   public String getEndPoint()
-   {
-      return serverManager.getOPEndpointUrl();
-   }
-   
-   /**
-    * Set the end point where the provider is active
-    * @param url
-    */
-   public void setEndPoint(String url)
-   {
-      serverManager.setOPEndpointUrl(url);
-   }
-   
-   /**
-    * Process a request from the RP/Relying Party (or OpenID Consumer)
-    * for authenticating an user
-    * @param requestParams
-    * @param userSelId
-    * @param userSelClaimed
-    * @param authenticatedAndApproved
-    * @return
-    */
-   public OpenIDMessage processAuthenticationRequest(ParameterList requestParams,
-         String userSelId,
-         String userSelClaimed,
-         boolean authenticatedAndApproved)
-   {
-      Message authMessage = serverManager.authResponse(requestParams, 
-            userSelId, userSelClaimed, authenticatedAndApproved);
-      
-      return new OpenIDMessage(authMessage); 
-   }
-   
-   /**
-    * Process a request for association from the RP
-    * @param requestParams
-    * @return
-    */
-   public OpenIDMessage processAssociationRequest(ParameterList requestParams)
-   {
-      return new OpenIDMessage(serverManager.associationResponse(requestParams));
-   }
-   
-   /**
-    * Process a verification request from RP for an already
-    * authenticated user
-    * @param requestParams
-    * @return
-    */
-   public OpenIDMessage verify(ParameterList requestParams)
-   {
-      return new OpenIDMessage(serverManager.verify(requestParams));
-   }
-   
-   /**
-    * Create an error message that needs to be passed to the RP
-    * @param msg
-    * @return
-    */
-   public OpenIDMessage getDirectError(String msg)
-   {
-     return new OpenIDMessage(DirectError.createDirectError(msg));  
-   }
-   
-   public static class OpenIDMessage
-   {
-      private Message message;
-      
-      OpenIDMessage(Message message)
-      {
-         this.message = message;
-      }
-      
-      public boolean isSuccessful()
-      {
-         return message instanceof AuthSuccess;
-      }
-      
-      public String getDestinationURL(boolean httpget)
-      {
-         return ((AuthSuccess) message).getDestinationUrl(httpget);
-      }
-      
-      public String getResponseText()
-      {
-         return message.keyValueFormEncoding();
-      }
-   }
-}
\ No newline at end of file

Modified: federation/trunk/picketlink-fed-core/pom.xml
===================================================================

--- federation/trunk/picketlink-fed-core/pom.xml	2011-01-19 20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-core/pom.xml	2011-01-20 19:13:23 UTC (rev 640)
@@ -129,7 +129,16 @@
         <version>2.7.1.patch01-brew</version>
         <scope>test</scope>
       </dependency>
-
+      <dependency>
+        <groupId>org.openid4java</groupId>
+        <artifactId>openid4java</artifactId>
+      </dependency>
+      <dependency>
+        <groupId>commons-httpclient</groupId>
+        <artifactId>commons-httpclient</artifactId>
+        <version>3.1</version>
+        <scope>test</scope>
+      </dependency>
    </dependencies>
    
    <reporting>

Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java	
                       (rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDTokenProvider.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -0,0 +1,195 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDParameterList;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.AUTH_HOLDER;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.MODE;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDTokenRegistryStore;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+
+/**
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDTokenProvider extends AbstractSecurityTokenProvider implements
SecurityTokenProvider
+{ 
+   public final static String OPENID_1_0_NS = "urn:openid:1:0";
+   public final static String OPENID_1_1_NS = "urn:openid:1:1";
+   public final static String OPENID_2_0_NS = "urn:openid:2:0";
+   
+   protected static OpenIDProviderManager serverManager = null; //Will be initialized the
first time of access
+   
+   /**
+    * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String)
+    */
+   public boolean supports(String namespace)
+   { 
+      return OPENID_1_0_NS.equals( namespace );
+   }
+
+   /**
+    * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+    */
+   public String tokenType()
+   { 
+      return OPENID_1_0_NS;
+   }
+
+   /**
+    * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#getSupportedQName()
+    */
+   public QName getSupportedQName()
+   { 
+      return new QName( OPENID_1_0_NS );
+   }
+
+   /**
+    * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#family()
+    */
+   public String family()
+   { 
+      return SecurityTokenProvider.FAMILY_TYPE.OPENID.name();
+   }
+
+   /**
+    * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+    */
+   public void issueToken(ProtocolContext context) throws ProcessingException
+   { 
+      if( context instanceof OpenIDProtocolContext == false )
+         return;
+      
+      check();
+      
+      OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context;
+      if( serverManager.getEndPoint() == null )
+      {
+         serverManager.setEndPoint( openIDProtoCtx.getEndpoint() );
+      }
+      
+      OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList();
+      OpenIDMessage responsem = null;
+      
+      if( openIDProtoCtx.getIssueError() )
+      {
+         String errorText = openIDProtoCtx.getErrorText() == null ? "Unknown
request" : openIDProtoCtx.getErrorText();
+         
+         responsem = serverManager.getDirectError( errorText );
+      }
+      else
+      {
+         MODE mode = openIDProtoCtx.getMode();
+         switch (mode )
+         {
+            case ASSOCIATE :
+               responsem = serverManager.processAssociationRequest( requestp );
+               break;
+            
+            case CHECK_AUTHENTICATION:
+               validateToken(openIDProtoCtx);
+               return;
+            
+            case CHECK_ID_SETUP:
+            case CHECK_ID_IMMEDIATE:
+               AUTH_HOLDER authHolder = openIDProtoCtx.getAuthenticationHolder();
+               if( authHolder == null )
+                  throw new ProcessingException( "Authentication Holder is
null" );
+               
+               responsem = serverManager.processAuthenticationRequest(requestp,
+                     authHolder.getUserSelectedId(),
+                     authHolder.getUserSelectedClaimedId(),
+                     authHolder.isAuthenticatedAndApproved() );
+               break;
+            default:
+               throw new ProcessingException("Unknown mode"); 
+         } 
+      }
+      openIDProtoCtx.setResponseMessage( responsem );
+   }
+
+   /**
+    * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+    */
+   public void renewToken(ProtocolContext context) throws ProcessingException
+   { 
+      if( context instanceof OpenIDProtocolContext == false )
+         return;
+      
+      check();
+   }
+
+   /*
+    * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+    */
+   public void cancelToken(ProtocolContext context) throws ProcessingException
+   { 
+      if( context instanceof OpenIDProtocolContext == false )
+         return;
+      
+      check();
+   }
+
+   /**
+    * @see
org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext)
+    */
+   public void validateToken(ProtocolContext context) throws ProcessingException
+   { 
+      if( context instanceof OpenIDProtocolContext == false )
+         return;
+      
+       check();
+      
+      OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context;
+      if( serverManager.getEndPoint() == null )
+      {
+         serverManager.setEndPoint( openIDProtoCtx.getEndpoint() );
+      }
+      
+      OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList();
+      OpenIDMessage responsem = serverManager.verify( requestp );
+      openIDProtoCtx.setResponseMessage( responsem );
+   }
+   
+   protected void check()
+   { 
+      SecurityManager sm = System.getSecurityManager();
+      if( sm != null )
+         sm.checkPermission( PicketLinkCoreSTS.rte );
+      
+      if( serverManager == null )
+      {
+
+         serverManager = new OpenIDProviderManager();
+         serverManager.initialize( new OpenIDTokenRegistryStore(), new
OpenIDTokenRegistryStore()); 
+      }
+   }
+}
\ No newline at end of file

Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java	
                       (rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/OpenIDVersion2TokenProvider.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers;
+
+import javax.xml.namespace.QName;
+
+/**
+ * A {@code SecurityTokenProvider} implementation for Open ID v2
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDVersion2TokenProvider extends OpenIDTokenProvider
+{ 
+   @Override
+   public boolean supports(String namespace)
+   {
+      return OPENID_2_0_NS.equals( namespace );
+   }
+
+   @Override
+   public String tokenType()
+   { 
+      return OPENID_2_0_NS;
+   }
+
+   @Override
+   public QName getSupportedQName()
+   { 
+      return new QName( OPENID_2_0_NS );
+   }   
+}
\ No newline at end of file

Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java	
                       (rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDParameterList.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import java.util.Map;
+
+import org.openid4java.message.ParameterList;
+
+/**
+ * Parameter List passed in the messages
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 15, 2009
+ */
+public class OpenIDParameterList extends ParameterList
+{
+   private static final long serialVersionUID = 1L;
+
+   public OpenIDParameterList()
+   {
+      super(); 
+   }
+
+   @SuppressWarnings({ "rawtypes"})
+   public OpenIDParameterList(Map parameterMap)
+   {
+      super(parameterMap); 
+   }
+}

Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java	
                       (rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProtocolContext.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -0,0 +1,273 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.openid.providers.OpenIDTokenProvider;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+
+/**
+ * {@code ProtocolContext} for the OpenID Layer
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDProtocolContext implements ProtocolContext
+{ 
+   /**
+    * The response message generated by the STS
+    */
+   protected OpenIDMessage responseMessage;
+   
+   /**
+    * The list of request parameters for use by the STS
+    */
+   protected OpenIDParameterList requestParameterList;
+   
+   /**
+    * The Server Manager needs an endpoint
+    */
+   protected String endpoint;
+   
+   /**
+    * Should the STS issue an error?
+    */
+   protected Boolean issueError = Boolean.FALSE;
+   
+   /**
+    * What is the text the STS should use for the error?
+    */
+   protected String errorText = null;
+
+   /**
+    * The OpenID mode
+    */
+   protected MODE mode;
+  
+   /**
+    * STS uses the AUTH_HOLDER information for processing authentication requests
+    */
+   protected AUTH_HOLDER authenticationHolder;
+   
+   /**
+    * An Enum indicating the OpenID mode 
+    */
+   public enum MODE { ASSOCIATE, CHECK_ID_SETUP, CHECK_ID_IMMEDIATE, CHECK_AUTHENTICATION
};
+   
+   /**
+    * Class to hold the information for authentication requests 
+    */
+   public static class AUTH_HOLDER
+   {
+      private String userSelectedId, userSelectedClaimedId;
+      private boolean authenticatedAndApproved;
+      
+      public AUTH_HOLDER(String userSelectedId, String userSelectedClaimedId, boolean
authenticatedAndApproved)
+      {
+         this.userSelectedId = userSelectedId;
+         this.userSelectedClaimedId = userSelectedClaimedId;
+         this.authenticatedAndApproved = authenticatedAndApproved;
+      }
+
+      @Override
+      public String toString()
+      {
+         return "AUTH_HOLDER [userSelectedId=" + userSelectedId + ",
userSelectedClaimedId=" + userSelectedClaimedId
+               + ", authenticatedAndApproved=" + authenticatedAndApproved +
"]";
+      }
+
+      public String getUserSelectedId()
+      {
+         return userSelectedId;
+      }
+
+      public String getUserSelectedClaimedId()
+      {
+         return userSelectedClaimedId;
+      }
+
+      public boolean isAuthenticatedAndApproved()
+      {
+         return authenticatedAndApproved;
+      } 
+   }
+   
+   /**
+    * Get the holder of authentication information
+    * @return
+    */
+   public AUTH_HOLDER getAuthenticationHolder()
+   {
+      return authenticationHolder;
+   }
+
+   /**
+    * Set an authentication holder
+    * @param authenticationHolder
+    */
+   public void setAuthenticationHolder(AUTH_HOLDER authenticationHolder)
+   {
+      this.authenticationHolder = authenticationHolder;
+   }
+
+   /**
+    * Get the Open ID mode
+    * @return
+    */
+   public MODE getMode()
+   {
+      return this.mode;
+   }
+   
+   /**
+    * Set the OpenID mode
+    * @param theMode
+    */
+   public void setMode( MODE theMode )
+   {
+      this.mode = theMode;
+   }
+   
+   /**
+    * Get the error text (Null by default)
+    * @return
+    */
+   public String getErrorText()
+   {
+      return errorText;
+   }
+
+   /**
+    * Set the error text
+    * @param errorText
+    */
+   public void setErrorText(String errorText)
+   {
+      this.errorText = errorText;
+   }
+
+   /**
+    * Should the STS issue an error response token
+    * @return
+    */
+   public Boolean getIssueError()
+   {
+      return issueError;
+   }
+
+   /**
+    * Set the error response token for the STS
+    * @param issueError
+    */
+   public void setIssueError(Boolean issueError)
+   {
+      this.issueError = issueError;
+   }
+
+   /**
+    * Get the endpoint address
+    * @return
+    */
+   public String getEndpoint()
+   {
+      return endpoint;
+   }
+   
+   /**
+    * Set the endpoint address
+    * @param endpoint
+    */
+   public void setEndpoint(String endpoint)
+   {
+      this.endpoint = endpoint;
+   }
+
+   /**
+    * Get the request parameter list
+    * @return an instanceof {@code OpenIDParameterList}
+    */
+   public OpenIDParameterList getRequestParameterList()
+   {
+      return requestParameterList;
+   }
+
+   /**
+    * Set the request parameter list
+    * @param requestParameterList an instanceof {@code OpenIDParameterList}
+    */
+   public void setRequestParameterList(OpenIDParameterList requestParameterList)
+   {
+      this.requestParameterList = requestParameterList;
+   }
+
+   /**
+    * Get the {@code OpenIDMessage} response message that the STS has generated
+    * @return 
+    */
+   public OpenIDMessage getResponseMessage()
+   {
+      return responseMessage;
+   }
+   
+   /**
+    * Set the {@code OpenIDMessage} response message
+    * @param responseMessage
+    */
+   public void setResponseMessage(OpenIDMessage responseMessage)
+   {
+      this.responseMessage = responseMessage;
+   }
+
+   /**
+    * @see
org.picketlink.identity.federation.core.interfaces.ProtocolContext#serviceName()
+    */
+   public String serviceName()
+   {
+      return null;
+   }
+
+   /**
+    * @see
org.picketlink.identity.federation.core.interfaces.ProtocolContext#tokenType()
+    */
+   public String tokenType()
+   {
+      return OpenIDTokenProvider.OPENID_1_0_NS;
+   }
+
+   /**
+    * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#getQName()
+    */
+   public QName getQName()
+   {
+      return new QName( OpenIDTokenProvider.OPENID_1_0_NS );
+   }
+
+   /**
+    * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#family()
+    */
+   public String family()
+   { 
+      return SecurityTokenProvider.FAMILY_TYPE.OPENID.name();
+   } 
+}
\ No newline at end of file

Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java	
                       (rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDProviderManager.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -0,0 +1,168 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import org.openid4java.message.AuthSuccess;
+import org.openid4java.message.DirectError;
+import org.openid4java.message.Message;
+import org.openid4java.message.ParameterList;
+import org.openid4java.server.InMemoryServerAssociationStore;
+import org.openid4java.server.ServerAssociationStore;
+import org.openid4java.server.ServerManager;
+
+/**
+ * Manages a OpenID Provider
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 15, 2009
+ */
+public class OpenIDProviderManager
+{
+   /**
+    * Internal server manager for processing
+    */
+   private ServerManager serverManager = new ServerManager();
+   
+   /**
+    * Initialize internal data structures
+    */
+   public void initialize()
+   {
+      serverManager.setSharedAssociations(new InMemoryServerAssociationStore());
+      serverManager.setPrivateAssociations(new InMemoryServerAssociationStore());
+   }
+   
+   /**
+    * Initialize the Shared Association and Private Association stores
+    * @param sharedAssociationStore a set of 2 association stores {@code
ServerAssociationStore}
+    * @throws {@code IllegalArgumentException} if the number of stores is not 2
+    */
+   public void initialize( ServerAssociationStore... sharedAssociationStore )
+   {
+      if( sharedAssociationStore == null || sharedAssociationStore.length == 0 )
+      {
+         initialize();
+         return;
+      }
+      
+      if( sharedAssociationStore.length != 2 )
+         throw new IllegalArgumentException( "Number of association stores not equal
to 2" );
+      serverManager.setSharedAssociations( sharedAssociationStore[0] );
+      serverManager.setPrivateAssociations( sharedAssociationStore[1] );
+   }
+   
+   /**
+    * Get the end point where the provider is active
+    * @return string an url
+    */
+   public String getEndPoint()
+   {
+      return serverManager.getOPEndpointUrl();
+   }
+   
+   /**
+    * Set the end point where the provider is active
+    * @param url
+    */
+   public void setEndPoint(String url)
+   {
+      serverManager.setOPEndpointUrl(url);
+   }
+   
+   /**
+    * Process a request from the RP/Relying Party (or OpenID Consumer)
+    * for authenticating an user
+    * @param requestParams
+    * @param userSelId
+    * @param userSelClaimed
+    * @param authenticatedAndApproved
+    * @return
+    */
+   public OpenIDMessage processAuthenticationRequest(ParameterList requestParams,
+         String userSelId,
+         String userSelClaimed,
+         boolean authenticatedAndApproved)
+   {
+      Message authMessage = serverManager.authResponse(requestParams, 
+            userSelId, userSelClaimed, authenticatedAndApproved);
+      
+      return new OpenIDMessage(authMessage); 
+   }
+   
+   /**
+    * Process a request for association from the RP
+    * @param requestParams
+    * @return
+    */
+   public OpenIDMessage processAssociationRequest(ParameterList requestParams)
+   {
+      return new OpenIDMessage(serverManager.associationResponse(requestParams));
+   }
+   
+   /**
+    * Process a verification request from RP for an already
+    * authenticated user
+    * @param requestParams
+    * @return
+    */
+   public OpenIDMessage verify(ParameterList requestParams)
+   {
+      return new OpenIDMessage(serverManager.verify(requestParams));
+   }
+   
+   /**
+    * Create an error message that needs to be passed to the RP
+    * @param msg
+    * @return
+    */
+   public OpenIDMessage getDirectError(String msg)
+   {
+     return new OpenIDMessage(DirectError.createDirectError(msg));  
+   }
+   
+   /**
+    * Class to hold the open id message 
+    */
+   public static class OpenIDMessage
+   {
+      private Message message;
+      
+      OpenIDMessage(Message message)
+      {
+         this.message = message;
+      }
+      
+      public boolean isSuccessful()
+      {
+         return message instanceof AuthSuccess;
+      }
+      
+      public String getDestinationURL(boolean httpget)
+      {
+         return ((AuthSuccess) message).getDestinationUrl(httpget);
+      }
+      
+      public String getResponseText()
+      {
+         return message.keyValueFormEncoding();
+      }
+   }
+}
\ No newline at end of file

Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java	
                       (rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/openid/providers/helpers/OpenIDTokenRegistryStore.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors. 
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.openid.providers.helpers;
+
+import java.io.IOException;
+
+import org.openid4java.association.Association;
+import org.openid4java.association.AssociationException;
+import org.openid4java.server.InMemoryServerAssociationStore;
+import org.openid4java.server.ServerAssociationStore;
+import org.picketlink.identity.federation.core.sts.registry.DefaultTokenRegistry;
+import org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry;
+
+/**
+ * A {@code SecurityTokenRegistry} for OpenID that uses in memory registry
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 20, 2011
+ */
+public class OpenIDTokenRegistryStore extends DefaultTokenRegistry implements
ServerAssociationStore, SecurityTokenRegistry
+{
+   protected InMemoryServerAssociationStore store = new
InMemoryServerAssociationStore();
+   
+   /**
+    * @see org.openid4java.server.ServerAssociationStore#generate(java.lang.String, int)
+    */
+   public Association generate(String type, int expiryIn) throws AssociationException
+   { 
+      Association association = store.generate(type, expiryIn);
+      try
+      {
+         addToken( association.getHandle(), association );
+      }
+      catch (IOException e)
+      {
+         throw new AssociationException( e );
+      }
+      return association;
+   }
+
+   /**
+    * @see org.openid4java.server.ServerAssociationStore#load(java.lang.String)
+    */
+   public Association load(String handle)
+   { 
+      return (Association) getToken( handle );
+   }
+
+   /**
+    * @see org.openid4java.server.ServerAssociationStore#remove(java.lang.String)
+    */
+   public void remove(String handle)
+   {  
+      try
+      {
+         removeToken( handle );
+      }
+      catch (IOException e)
+      { 
+         throw new RuntimeException( e );
+      }
+   }
+}
\ No newline at end of file

Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java	2011-01-19
20:47:31 UTC (rev 639)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/sts/registry/DefaultTokenRegistry.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -39,7 +39,7 @@
    /**
     * @see
org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry#addToken(java.lang.String,
java.lang.Object)
     */
-   public void addToken(String tokenID, Object token)
+   public void addToken(String tokenID, Object token) throws IOException
    {
       SecurityManager sm = System.getSecurityManager();
       if( sm != null )

Modified: federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml	2011-01-19
20:47:31 UTC (rev 639)
+++ federation/trunk/picketlink-fed-core/src/main/resources/core-sts.xml	2011-01-20
19:13:23 UTC (rev 640)
@@ -5,5 +5,8 @@
             TokenType="urn:oasis:names:tc:SAML:2.0:assertion"
 	        TokenElement="Assertion"
 	        TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>
+	    <TokenProvider
ProviderClass="org.picketlink.identity.federation.core.openid.providers.OpenIDTokenProvider"
+            TokenType="urn:openid:1:0" 
+	        TokenElementNS="urn:openid:1:0"/>
 	</TokenProviders>
 </PicketLinkSTS>
\ No newline at end of file

Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java	2011-01-19
20:47:31 UTC (rev 639)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/OpenIDProviderServlet.java	2011-01-20
19:13:23 UTC (rev 640)
@@ -32,9 +32,13 @@
 import javax.servlet.http.HttpSession;
 
 import org.openid4java.message.Parameter;
-import org.picketlink.identity.federation.api.openid.provider.OpenIDParameterList;
-import org.picketlink.identity.federation.api.openid.provider.OpenIDProviderManager;
-import
org.picketlink.identity.federation.api.openid.provider.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDParameterList;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.AUTH_HOLDER;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.MODE;
+import
org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage;
+import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
 
 /**
  * Servlet that provides the Provider functionality
@@ -47,10 +51,9 @@
    private static final long serialVersionUID = 1L;
    private transient ServletContext servletContext = null;
    private String securePageName = "securepage.jsp";
+   
+   private transient PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance();
 
-   private transient OpenIDProviderManager serverManager = new OpenIDProviderManager();
-   //private ServerManager serverManager = new ServerManager();
-
    @Override
    public void init(ServletConfig config) throws ServletException
    {
@@ -60,7 +63,7 @@
       if(secpageStr != null && secpageStr.length() > 0)
          securePageName = secpageStr;
 
-      serverManager.initialize(); 
+      sts.installDefaultConfiguration( ( String[] )null ); 
    }
 
    @Override
@@ -72,17 +75,16 @@
    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws
ServletException, IOException
    {
-      HttpSession session = request.getSession();
+      HttpSession session = request.getSession(); 
+      
+      OpenIDProtocolContext protoCtx = new OpenIDProtocolContext();
+      
+      protoCtx.setEndpoint(request.getScheme() + "://" + 
+            request.getServerName() + ":" + 
+            request.getServerPort() + 
+            request.getContextPath() +
+      "/provider/");  
 
-      if(serverManager.getEndPoint() == null)
-      {
-         serverManager.setEndPoint(request.getScheme() + "://" + 
-               request.getServerName() + ":" + 
-               request.getServerPort() + 
-               request.getContextPath() +
-         "/provider/"); 
-      } 
-
       OpenIDParameterList requestp;
 
       if ("complete".equals(request.getParameter("_action"))) //
Completing the authz and authn process by redirecting here
@@ -103,6 +105,9 @@
          }
       }
 
+      protoCtx.setRequestParameterList( requestp );
+      
+      
       String mode = requestp.hasParameter("openid.mode") ?
             requestp.getParameterValue("openid.mode") : null;
 
@@ -113,8 +118,20 @@
 
             if ("associate".equals(mode))
             {
+               protoCtx.setMode( MODE.ASSOCIATE );
+               try
+               {
+                  sts.issueToken( protoCtx );
+               }
+               catch (ProcessingException e)
+               {
+                  throw new ServletException( e );
+               }
+               
+               responsem = protoCtx.getResponseMessage();
+               
                // --- process an association request ---
-               responsem = serverManager.processAssociationRequest(requestp);
+               /*responsem = serverManager.processAssociationRequest(requestp);*/
                responseText = responsem.getResponseText();
             }
             else if ("checkid_setup".equals(mode)
@@ -146,15 +163,33 @@
 
                   //Fallback
                   if( authenticatedAndApproved == Boolean.TRUE && userSelectedId
== null )
+                  { 
+                     userSelectedId = userSelectedClaimedId;
+                  }
+                  if( "checkid_setup".equals(mode) ) 
+                     protoCtx.setMode( MODE.CHECK_ID_SETUP );
+                  else
+                     protoCtx.setMode( MODE.CHECK_ID_IMMEDIATE );
+                  
+                  protoCtx.setAuthenticationHolder( new AUTH_HOLDER(userSelectedId, 
+                                                           userSelectedClaimedId,
authenticatedAndApproved));
+                  
+                  try
                   {
-                     if( request.getUserPrincipal() != null )
-                        userSelectedId = request.getUserPrincipal().getName();
+                     sts.issueToken(protoCtx);
                   }
-                  // --- process an authentication request ---
+                  catch (ProcessingException e)
+                  { 
+                     throw new ServletException( e );
+                  }
+                  
+                  /*// --- process an authentication request ---
                   responsem = serverManager.processAuthenticationRequest(requestp,
                         userSelectedId,
                         userSelectedClaimedId,
-                        authenticatedAndApproved.booleanValue());
+                        authenticatedAndApproved.booleanValue());*/
+                  
+                  responsem = protoCtx.getResponseMessage();
 
                   // caller will need to decide which of the following to use:
                   // - GET HTTP-redirect to the return_to URL
@@ -174,18 +209,41 @@
             }
             else if ("check_authentication".equals(mode))
             {
+               try
+               {
+                  sts.validateToken( protoCtx );
+               }
+               catch (ProcessingException e)
+               { 
+                  throw new ServletException( e );
+               }
+               responsem = protoCtx.getResponseMessage();
+               
+               
                // --- processing a verification request ---
-               responsem = serverManager.verify(requestp);
+               //responsem = serverManager.verify(requestp);
                responseText = responsem.getResponseText();
             }
             else
             {
+               protoCtx.setIssueError( Boolean.TRUE );
+               protoCtx.setErrorText( "Unknown request" );
+               try
+               {
+                  sts.issueToken(protoCtx);
+               }
+               catch (ProcessingException e)
+               { 
+                  throw new ServletException( e );
+               }
+               responsem = protoCtx.getResponseMessage();
+               
                // --- error response ---
-               responsem = serverManager.getDirectError("Unknown request");
+               //responsem = serverManager.getDirectError("Unknown request");
                responseText = responsem.getResponseText();
             }
 
             log( "response="+responseText );
             response.getWriter().write(responseText);
-   }  
+   }   
 }
\ No newline at end of file


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Picketlink SVN: r640 - in federation/trunk: picketlink-fed-core and 7 other directories.