Author: anil.saldhana(a)jboss.com Date: 2011-06-13 14:25:32 -0400 (Mon, 13 Jun 2011) New Revision: 985 Added: social/trunk/openid/src/ social/trunk/openid/src/main/ social/trunk/openid/src/main/java/ social/trunk/openid/src/main/java/org/ social/trunk/openid/src/main/java/org/picketlink/ social/trunk/openid/src/main/java/org/picketlink/social/ social/trunk/openid/src/main/java/org/picketlink/social/openid/ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java social/trunk/openid/src/main/java/org/picketlink/social/openid/web/ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java social/trunk/openid/src/main/resources/ social/trunk/openid/src/test/ social/trunk/openid/src/test/java/ social/trunk/openid/src/test/java/org/ social/trunk/openid/src/test/java/org/picketlink/ social/trunk/openid/src/test/java/org/picketlink/test/ social/trunk/openid/src/test/java/org/picketlink/test/social/ social/trunk/openid/src/test/java/org/picketlink/test/social/openid/ social/trunk/openid/src/test/resources/ Modified: social/trunk/openid/pom.xml Log: openid code moved from fed trunk Modified: social/trunk/openid/pom.xml =================================================================== --- social/trunk/openid/pom.xml 2011-06-08 04:17:28 UTC (rev 984) +++ social/trunk/openid/pom.xml 2011-06-13 18:25:32 UTC (rev 985) @@ -85,28 +85,14 @@ </dependency> <dependency> <groupId>org.picketlink</groupId> - <artifactId>picketlink-fed-core</artifactId> + <artifactId>picketlink-web</artifactId> <version>${project.version}</version> </dependency> <dependency> - <groupId>org.picketlink</groupId> - <artifactId>picketlink-xmlsec-model</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> - <groupId>org.picketlink</groupId> - <artifactId>picketlink-fed-api</artifactId> - <version>${project.version}</version> - </dependency> - <dependency> <groupId>org.openid4java</groupId> <artifactId>openid4java-nodeps</artifactId> </dependency> <dependency> - <groupId>org.apache</groupId> - <artifactId>xmlsec</artifactId> - </dependency> - <dependency> <groupId>apache-log4j</groupId> <artifactId>log4j</artifactId> </dependency> Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDTokenProvider.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,195 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers; + +import javax.xml.namespace.QName; + +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.interfaces.ProtocolContext; +import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDParameterList; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.AUTH_HOLDER; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProtocolContext.MODE; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDTokenRegistryStore; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage; +import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider; +import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS; + +/** + * @author Anil.Saldhana(a)redhat.com + * @since Jan 20, 2011 + */ +public class OpenIDTokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider +{ + public final static String OPENID_1_0_NS = "urn:openid:1:0"; + public final static String OPENID_1_1_NS = "urn:openid:1:1"; + public final static String OPENID_2_0_NS = "urn:openid:2:0"; + + protected static OpenIDProviderManager serverManager = null; //Will be initialized the first time of access + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String) + */ + public boolean supports(String namespace) + { + return OPENID_1_0_NS.equals( namespace ); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType() + */ + public String tokenType() + { + return OPENID_1_0_NS; + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#getSupportedQName() + */ + public QName getSupportedQName() + { + return new QName( OPENID_1_0_NS ); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#family() + */ + public String family() + { + return SecurityTokenProvider.FAMILY_TYPE.OPENID.name(); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) + */ + public void issueToken(ProtocolContext context) throws ProcessingException + { + if( context instanceof OpenIDProtocolContext == false ) + return; + + check(); + + OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context; + if( serverManager.getEndPoint() == null ) + { + serverManager.setEndPoint( openIDProtoCtx.getEndpoint() ); + } + + OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList(); + OpenIDMessage responsem = null; + + if( openIDProtoCtx.getIssueError() ) + { + String errorText = openIDProtoCtx.getErrorText() == null ? "Unknown request" : openIDProtoCtx.getErrorText(); + + responsem = serverManager.getDirectError( errorText ); + } + else + { + MODE mode = openIDProtoCtx.getMode(); + switch (mode ) + { + case ASSOCIATE : + responsem = serverManager.processAssociationRequest( requestp ); + break; + + case CHECK_AUTHENTICATION: + validateToken(openIDProtoCtx); + return; + + case CHECK_ID_SETUP: + case CHECK_ID_IMMEDIATE: + AUTH_HOLDER authHolder = openIDProtoCtx.getAuthenticationHolder(); + if( authHolder == null ) + throw new ProcessingException( "Authentication Holder is null" ); + + responsem = serverManager.processAuthenticationRequest(requestp, + authHolder.getUserSelectedId(), + authHolder.getUserSelectedClaimedId(), + authHolder.isAuthenticatedAndApproved() ); + break; + default: + throw new ProcessingException("Unknown mode"); + } + } + openIDProtoCtx.setResponseMessage( responsem ); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) + */ + public void renewToken(ProtocolContext context) throws ProcessingException + { + if( context instanceof OpenIDProtocolContext == false ) + return; + + check(); + } + + /* + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) + */ + public void cancelToken(ProtocolContext context) throws ProcessingException + { + if( context instanceof OpenIDProtocolContext == false ) + return; + + check(); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.interfaces.ProtocolContext) + */ + public void validateToken(ProtocolContext context) throws ProcessingException + { + if( context instanceof OpenIDProtocolContext == false ) + return; + + check(); + + OpenIDProtocolContext openIDProtoCtx = (OpenIDProtocolContext) context; + if( serverManager.getEndPoint() == null ) + { + serverManager.setEndPoint( openIDProtoCtx.getEndpoint() ); + } + + OpenIDParameterList requestp = openIDProtoCtx.getRequestParameterList(); + OpenIDMessage responsem = serverManager.verify( requestp ); + openIDProtoCtx.setResponseMessage( responsem ); + } + + protected void check() + { + SecurityManager sm = System.getSecurityManager(); + if( sm != null ) + sm.checkPermission( PicketLinkCoreSTS.rte ); + + if( serverManager == null ) + { + + serverManager = new OpenIDProviderManager(); + serverManager.initialize( new OpenIDTokenRegistryStore(), new OpenIDTokenRegistryStore()); + } + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/OpenIDVersion2TokenProvider.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,50 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers; + +import javax.xml.namespace.QName; + +/** + * A {@code SecurityTokenProvider} implementation for Open ID v2 + * @author Anil.Saldhana(a)redhat.com + * @since Jan 20, 2011 + */ +public class OpenIDVersion2TokenProvider extends OpenIDTokenProvider +{ + @Override + public boolean supports(String namespace) + { + return OPENID_2_0_NS.equals( namespace ); + } + + @Override + public String tokenType() + { + return OPENID_2_0_NS; + } + + @Override + public QName getSupportedQName() + { + return new QName( OPENID_2_0_NS ); + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDParameterList.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,47 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers.helpers; + +import java.util.Map; + +import org.openid4java.message.ParameterList; + +/** + * Parameter List passed in the messages + * @author Anil.Saldhana(a)redhat.com + * @since Jul 15, 2009 + */ +public class OpenIDParameterList extends ParameterList +{ + private static final long serialVersionUID = 1L; + + public OpenIDParameterList() + { + super(); + } + + @SuppressWarnings({ "rawtypes"}) + public OpenIDParameterList(Map parameterMap) + { + super(parameterMap); + } +} Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProtocolContext.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,273 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers.helpers; + +import javax.xml.namespace.QName; + +import org.picketlink.identity.federation.core.interfaces.ProtocolContext; +import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider; +import org.picketlink.identity.federation.core.openid.providers.OpenIDTokenProvider; +import org.picketlink.identity.federation.core.openid.providers.helpers.OpenIDProviderManager.OpenIDMessage; + +/** + * {@code ProtocolContext} for the OpenID Layer + * @author Anil.Saldhana(a)redhat.com + * @since Jan 20, 2011 + */ +public class OpenIDProtocolContext implements ProtocolContext +{ + /** + * The response message generated by the STS + */ + protected OpenIDMessage responseMessage; + + /** + * The list of request parameters for use by the STS + */ + protected OpenIDParameterList requestParameterList; + + /** + * The Server Manager needs an endpoint + */ + protected String endpoint; + + /** + * Should the STS issue an error? + */ + protected Boolean issueError = Boolean.FALSE; + + /** + * What is the text the STS should use for the error? + */ + protected String errorText = null; + + /** + * The OpenID mode + */ + protected MODE mode; + + /** + * STS uses the AUTH_HOLDER information for processing authentication requests + */ + protected AUTH_HOLDER authenticationHolder; + + /** + * An Enum indicating the OpenID mode + */ + public enum MODE { ASSOCIATE, CHECK_ID_SETUP, CHECK_ID_IMMEDIATE, CHECK_AUTHENTICATION }; + + /** + * Class to hold the information for authentication requests + */ + public static class AUTH_HOLDER + { + private String userSelectedId, userSelectedClaimedId; + private boolean authenticatedAndApproved; + + public AUTH_HOLDER(String userSelectedId, String userSelectedClaimedId, boolean authenticatedAndApproved) + { + this.userSelectedId = userSelectedId; + this.userSelectedClaimedId = userSelectedClaimedId; + this.authenticatedAndApproved = authenticatedAndApproved; + } + + @Override + public String toString() + { + return "AUTH_HOLDER [userSelectedId=" + userSelectedId + ", userSelectedClaimedId=" + userSelectedClaimedId + + ", authenticatedAndApproved=" + authenticatedAndApproved + "]"; + } + + public String getUserSelectedId() + { + return userSelectedId; + } + + public String getUserSelectedClaimedId() + { + return userSelectedClaimedId; + } + + public boolean isAuthenticatedAndApproved() + { + return authenticatedAndApproved; + } + } + + /** + * Get the holder of authentication information + * @return + */ + public AUTH_HOLDER getAuthenticationHolder() + { + return authenticationHolder; + } + + /** + * Set an authentication holder + * @param authenticationHolder + */ + public void setAuthenticationHolder(AUTH_HOLDER authenticationHolder) + { + this.authenticationHolder = authenticationHolder; + } + + /** + * Get the Open ID mode + * @return + */ + public MODE getMode() + { + return this.mode; + } + + /** + * Set the OpenID mode + * @param theMode + */ + public void setMode( MODE theMode ) + { + this.mode = theMode; + } + + /** + * Get the error text (Null by default) + * @return + */ + public String getErrorText() + { + return errorText; + } + + /** + * Set the error text + * @param errorText + */ + public void setErrorText(String errorText) + { + this.errorText = errorText; + } + + /** + * Should the STS issue an error response token + * @return + */ + public Boolean getIssueError() + { + return issueError; + } + + /** + * Set the error response token for the STS + * @param issueError + */ + public void setIssueError(Boolean issueError) + { + this.issueError = issueError; + } + + /** + * Get the endpoint address + * @return + */ + public String getEndpoint() + { + return endpoint; + } + + /** + * Set the endpoint address + * @param endpoint + */ + public void setEndpoint(String endpoint) + { + this.endpoint = endpoint; + } + + /** + * Get the request parameter list + * @return an instanceof {@code OpenIDParameterList} + */ + public OpenIDParameterList getRequestParameterList() + { + return requestParameterList; + } + + /** + * Set the request parameter list + * @param requestParameterList an instanceof {@code OpenIDParameterList} + */ + public void setRequestParameterList(OpenIDParameterList requestParameterList) + { + this.requestParameterList = requestParameterList; + } + + /** + * Get the {@code OpenIDMessage} response message that the STS has generated + * @return + */ + public OpenIDMessage getResponseMessage() + { + return responseMessage; + } + + /** + * Set the {@code OpenIDMessage} response message + * @param responseMessage + */ + public void setResponseMessage(OpenIDMessage responseMessage) + { + this.responseMessage = responseMessage; + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#serviceName() + */ + public String serviceName() + { + return null; + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#tokenType() + */ + public String tokenType() + { + return OpenIDTokenProvider.OPENID_1_0_NS; + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#getQName() + */ + public QName getQName() + { + return new QName( OpenIDTokenProvider.OPENID_1_0_NS ); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.ProtocolContext#family() + */ + public String family() + { + return SecurityTokenProvider.FAMILY_TYPE.OPENID.name(); + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDProviderManager.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,168 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers.helpers; + +import org.openid4java.message.AuthSuccess; +import org.openid4java.message.DirectError; +import org.openid4java.message.Message; +import org.openid4java.message.ParameterList; +import org.openid4java.server.InMemoryServerAssociationStore; +import org.openid4java.server.ServerAssociationStore; +import org.openid4java.server.ServerManager; + +/** + * Manages a OpenID Provider + * @author Anil.Saldhana(a)redhat.com + * @since Jul 15, 2009 + */ +public class OpenIDProviderManager +{ + /** + * Internal server manager for processing + */ + private ServerManager serverManager = new ServerManager(); + + /** + * Initialize internal data structures + */ + public void initialize() + { + serverManager.setSharedAssociations(new InMemoryServerAssociationStore()); + serverManager.setPrivateAssociations(new InMemoryServerAssociationStore()); + } + + /** + * Initialize the Shared Association and Private Association stores + * @param sharedAssociationStore a set of 2 association stores {@code ServerAssociationStore} + * @throws {@code IllegalArgumentException} if the number of stores is not 2 + */ + public void initialize( ServerAssociationStore... sharedAssociationStore ) + { + if( sharedAssociationStore == null || sharedAssociationStore.length == 0 ) + { + initialize(); + return; + } + + if( sharedAssociationStore.length != 2 ) + throw new IllegalArgumentException( "Number of association stores not equal to 2" ); + serverManager.setSharedAssociations( sharedAssociationStore[0] ); + serverManager.setPrivateAssociations( sharedAssociationStore[1] ); + } + + /** + * Get the end point where the provider is active + * @return string an url + */ + public String getEndPoint() + { + return serverManager.getOPEndpointUrl(); + } + + /** + * Set the end point where the provider is active + * @param url + */ + public void setEndPoint(String url) + { + serverManager.setOPEndpointUrl(url); + } + + /** + * Process a request from the RP/Relying Party (or OpenID Consumer) + * for authenticating an user + * @param requestParams + * @param userSelId + * @param userSelClaimed + * @param authenticatedAndApproved + * @return + */ + public OpenIDMessage processAuthenticationRequest(ParameterList requestParams, + String userSelId, + String userSelClaimed, + boolean authenticatedAndApproved) + { + Message authMessage = serverManager.authResponse(requestParams, + userSelId, userSelClaimed, authenticatedAndApproved); + + return new OpenIDMessage(authMessage); + } + + /** + * Process a request for association from the RP + * @param requestParams + * @return + */ + public OpenIDMessage processAssociationRequest(ParameterList requestParams) + { + return new OpenIDMessage(serverManager.associationResponse(requestParams)); + } + + /** + * Process a verification request from RP for an already + * authenticated user + * @param requestParams + * @return + */ + public OpenIDMessage verify(ParameterList requestParams) + { + return new OpenIDMessage(serverManager.verify(requestParams)); + } + + /** + * Create an error message that needs to be passed to the RP + * @param msg + * @return + */ + public OpenIDMessage getDirectError(String msg) + { + return new OpenIDMessage(DirectError.createDirectError(msg)); + } + + /** + * Class to hold the open id message + */ + public static class OpenIDMessage + { + private Message message; + + OpenIDMessage(Message message) + { + this.message = message; + } + + public boolean isSuccessful() + { + return message instanceof AuthSuccess; + } + + public String getDestinationURL(boolean httpget) + { + return ((AuthSuccess) message).getDestinationUrl(httpget); + } + + public String getResponseText() + { + return message.keyValueFormEncoding(); + } + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/providers/helpers/OpenIDTokenRegistryStore.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,81 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.providers.helpers; + +import java.io.IOException; + +import org.openid4java.association.Association; +import org.openid4java.association.AssociationException; +import org.openid4java.server.InMemoryServerAssociationStore; +import org.openid4java.server.ServerAssociationStore; +import org.picketlink.identity.federation.core.sts.registry.DefaultTokenRegistry; +import org.picketlink.identity.federation.core.sts.registry.SecurityTokenRegistry; + +/** + * A {@code SecurityTokenRegistry} for OpenID that uses in memory registry + * @author Anil.Saldhana(a)redhat.com + * @since Jan 20, 2011 + */ +public class OpenIDTokenRegistryStore extends DefaultTokenRegistry implements ServerAssociationStore, SecurityTokenRegistry +{ + protected InMemoryServerAssociationStore store = new InMemoryServerAssociationStore(); + + /** + * @see org.openid4java.server.ServerAssociationStore#generate(java.lang.String, int) + */ + public Association generate(String type, int expiryIn) throws AssociationException + { + Association association = store.generate(type, expiryIn); + try + { + addToken( association.getHandle(), association ); + } + catch (IOException e) + { + throw new AssociationException( e ); + } + return association; + } + + /** + * @see org.openid4java.server.ServerAssociationStore#load(java.lang.String) + */ + public Association load(String handle) + { + return (Association) getToken( handle ); + } + + /** + * @see org.openid4java.server.ServerAssociationStore#remove(java.lang.String) + */ + public void remove(String handle) + { + try + { + removeToken( handle ); + } + catch (IOException e) + { + throw new RuntimeException( e ); + } + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDContext.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,57 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.web; + +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.picketlink.identity.federation.web.core.HTTPContext; + +/** + * HTTP Context for OpenID + * @author Anil.Saldhana(a)redhat.com + * @since Jul 6, 2009 + */ +public class HTTPOpenIDContext extends HTTPContext +{ + private String returnURL; + + public HTTPOpenIDContext(HttpServletRequest httpReq, HttpServletResponse httpResp, + ServletContext sctx) + { + super(httpReq, httpResp, sctx); + } + + public String getReturnURL() + { + return returnURL; + } + + //Setters + + public HTTPOpenIDContext setReturnURL(String url) + { + this.returnURL = url; + return this; + } +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPOpenIDProvider.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,142 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.web; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.openid4java.message.AuthSuccess; +import org.openid4java.message.DirectError; +import org.openid4java.message.Message; +import org.openid4java.message.ParameterList; +import org.openid4java.server.InMemoryServerAssociationStore; +import org.openid4java.server.ServerManager; + +/** + * Common code at an OpenID Provider + * @author Anil.Saldhana(a)redhat.com + * @since Jul 7, 2009 + */ +public class HTTPOpenIDProvider +{ + public String process(HttpServletRequest request, HttpServletResponse response) + throws IOException + { + HttpSession session = request.getSession(); + + ServerManager manager=new ServerManager(); + manager.setSharedAssociations(new InMemoryServerAssociationStore()); + manager.setPrivateAssociations(new InMemoryServerAssociationStore()); + manager.setOPEndpointUrl(request.getScheme() + "://" + + request.getServerName() + ":" + + request.getServerPort() + "/simple-openid/provider.jsp"); + + ParameterList requestp; + + if ("complete".equals(request.getParameter("_action"))) // Completing the authz and authn process by redirecting here + { + requestp=(ParameterList) session.getAttribute("parameterlist"); // On a redirect from the OP authn & authz sequence + } + else + { + requestp = new ParameterList(request.getParameterMap()); + } + + String mode = requestp.hasParameter("openid.mode") ? + requestp.getParameterValue("openid.mode") : null; + + Message responsem; + String responseText; + + if ("associate".equals(mode)) + { + // --- process an association request --- + responsem = manager.associationResponse(requestp); + responseText = responsem.keyValueFormEncoding(); + } + else if ("checkid_setup".equals(mode) + || "checkid_immediate".equals(mode)) + { + // interact with the user and obtain data needed to continue + //List userData = userInteraction(requestp); + String userSelectedId = null; + String userSelectedClaimedId = null; + Boolean authenticatedAndApproved = Boolean.FALSE; + + if ((session.getAttribute("authenticatedAndApproved") == null) || + (((Boolean)session.getAttribute("authenticatedAndApproved")) == Boolean.FALSE) ) + { + session.setAttribute("parameterlist", requestp); + response.sendRedirect("provider_authorization.jsp"); + } + else + { + userSelectedId = (String) session.getAttribute("openid.claimed_id"); + userSelectedClaimedId = (String) session.getAttribute("openid.identity"); + authenticatedAndApproved = (Boolean) session.getAttribute("authenticatedAndApproved"); + // Remove the parameterlist so this provider can accept requests from elsewhere + session.removeAttribute("parameterlist"); + session.setAttribute("authenticatedAndApproved", Boolean.FALSE); // Makes you authorize each and every time + } + + // --- process an authentication request --- + responsem = manager.authResponse(requestp, + userSelectedId, + userSelectedClaimedId, + authenticatedAndApproved.booleanValue()); + + // caller will need to decide which of the following to use: + // - GET HTTP-redirect to the return_to URL + // - HTML FORM Redirection + //responseText = response.wwwFormEncoding(); + if (responsem instanceof AuthSuccess) + { + response.sendRedirect(((AuthSuccess) responsem).getDestinationUrl(true)); + return ""; + } + else + { + responseText="<pre>"+responsem.keyValueFormEncoding()+"</pre>"; + } + } + else if ("check_authentication".equals(mode)) + { + // --- processing a verification request --- + responsem = manager.verify(requestp); + responseText = responsem.keyValueFormEncoding(); + } + else + { + // --- error response --- + responsem = DirectError.createDirectError("Unknown request"); + responseText = responsem.keyValueFormEncoding(); + } + + + + return responseText != null ? responseText.trim() : null; + } + +} \ No newline at end of file Added: social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java =================================================================== --- social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java (rev 0) +++ social/trunk/openid/src/main/java/org/picketlink/social/openid/web/HTTPProtocolAdaptor.java 2011-06-13 18:25:32 UTC (rev 985) @@ -0,0 +1,211 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.social.openid.web; + +import java.io.IOException; +import java.util.Map; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletContext; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.picketlink.identity.federation.api.openid.OpenIDAttributeMap; +import org.picketlink.identity.federation.api.openid.OpenIDLifecycle; +import org.picketlink.identity.federation.api.openid.OpenIDLifecycleEvent; +import org.picketlink.identity.federation.api.openid.OpenIDProtocolAdapter; +import org.picketlink.identity.federation.api.openid.OpenIDLifecycleEvent.OP; +import org.picketlink.identity.federation.api.openid.OpenIDLifecycleEvent.TYPE; +import org.picketlink.identity.federation.api.openid.exceptions.OpenIDLifeCycleException; +import org.picketlink.identity.federation.api.openid.exceptions.OpenIDProtocolException; + +/** + * Protocol adapter for HTTP + * @author Anil.Saldhana(a)redhat.com + * @since Jul 6, 2009 + */ +public class HTTPProtocolAdaptor implements OpenIDProtocolAdapter, OpenIDLifecycle +{ + private static Logger log = Logger.getLogger(HTTPProtocolAdaptor.class); + private boolean trace = log.isTraceEnabled(); + + private HttpServletRequest request; + private HttpServletResponse response; + private ServletContext servletContext; + private String returnURL; + + public HTTPProtocolAdaptor(HTTPOpenIDContext octx) + { + if(octx == null) + throw new IllegalArgumentException("http openid context is null"); + + this.request = octx.getRequest(); + this.response = octx.getResponse(); + this.returnURL = octx.getReturnURL(); + this.servletContext = octx.getServletContext(); + } + + public OpenIDAttributeMap getAttributeMap() + { + OpenIDAttributeMap map = new OpenIDAttributeMap(); + if ("1".equals(request.getParameter("nickname"))) + { + map.put("nickname", "1"); + } + if ("1".equals(request.getParameter("email"))) + { + map.put("email", "1"); + } + if ("1".equals(request.getParameter("fullname"))) + { + map.put("fullname", "1"); + } + if ("1".equals(request.getParameter("dob"))) + { + map.put("dob", "1"); + } + if ("1".equals(request.getParameter("gender"))) + { + map.put("gender", "1"); + } + if ("1".equals(request.getParameter("postcode"))) + { + map.put("postcode", "1"); + } + if ("1".equals(request.getParameter("country"))) + { + map.put("country", "1"); + } + if ("1".equals(request.getParameter("language"))) + { + map.put("language", "1"); + } + if ("1".equals(request.getParameter("timezone"))) + { + map.put("timezone", "1"); + } + + return map; + } + + public String getReturnURL() + { + return this.returnURL; + } + + /** + * @throws OpenIDLifeCycleException + * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent) + */ + public void handle(OpenIDLifecycleEvent event) throws OpenIDLifeCycleException + { + if(event == null) + throw new IllegalArgumentException("event is null"); + + if(event.getEventType() == TYPE.SESSION) + { + String attr = event.getAttributeName(); + Object attrVal = event.getAttributeValue(); + + if(event.getOperation() == OP.ADD) + { + request.getSession().setAttribute(attr, attrVal); + } + else if(event.getOperation() == OP.REMOVE) + { + request.getSession().removeAttribute(attr); + } + } + + if(event.getEventType() == TYPE.SUCCESS) + try + { + response.sendRedirect("."); + } + catch (IOException e) + { + throw new OpenIDLifeCycleException(e); + } + } + + /** + * @see OpenIDLifecycle#handle(OpenIDLifecycleEvent[]) + */ + public void handle(OpenIDLifecycleEvent[] eventArr) throws OpenIDLifeCycleException + { + for(OpenIDLifecycleEvent ev: eventArr) + { + this.handle(ev); + } + } + + public void sendToProvider(int version, String destinationURL, + Map<String, String> paramMap) throws OpenIDProtocolException + { + if(trace) + log.trace("send to provider=" + version + "::destinationURL=" + destinationURL); + + if(version == 1) + { + try + { + response.sendRedirect(destinationURL); + return; + } + catch (IOException e) + { + throw new OpenIDProtocolException(e); + } + } + + //Version != 1 + + // Option 2: HTML FORM Redirection (Allows payloads >2048 bytes) + + RequestDispatcher dispatcher = + this.servletContext.getRequestDispatcher("/formredirection.jsp"); + request.setAttribute("parameterMap", paramMap); + request.setAttribute("destinationUrl", destinationURL); + try + { + dispatcher.forward(request, response); + } + catch(IOException io) + { + throw new OpenIDProtocolException(io); + } + catch (ServletException e) + { + throw new OpenIDProtocolException(e); + } + } + + /** + * @see OpenIDLifecycle#getAttributeValue(String) + */ + public Object getAttributeValue(String name) + { + return this.request.getSession().getAttribute(name); + } +} \ No newline at end of file