org.openid4java.message.MessageException Java Examples

private Message processSRegExtension(Message token, final AuthRequest authRequest) throws MessageException {
    String sregNamespace = detectSRegVersion(authRequest);
    if (sregNamespace != null) {
        MessageExtension ext = authRequest.getExtension(sregNamespace);
        if (ext instanceof SRegRequest) {
            SRegRequest sregReq = (SRegRequest) ext;
            SRegResponse sregResp = SRegResponse.createSRegResponse(sregReq, getValidUser().getUserDataMap());
            token.addExtension(sregResp, "sreg");
        } else if (ext instanceof SRegResponse) {
            // what to do here?
        } else {
            final String message = String.format("TODO - Support of '%s'", ext.getClass().getCanonicalName());
            throw new UnsupportedOperationException(message);
        }
    }
    return token;
}
 

/**
 * Simple Registration Extension example.
 * 
 * @param httpReq
 * @param authReq
 * @throws MessageException
 * @see <a href="http://code.google.com/p/openid4java/wiki/SRegHowTo">Simple Registration HowTo</a>
 * @see <a href="http://openid.net/specs/openid-simple-registration-extension-1_0.html">OpenID Simple Registration Extension 1.0</a>
 */
private void addSimpleRegistrationToAuthRequest(HttpServletRequest httpReq,
		AuthRequest authReq) throws MessageException {
	// Attribute Exchange example: fetching the 'email' attribute
	// FetchRequest fetch = FetchRequest.createFetchRequest();
	SRegRequest sregReq = SRegRequest.createFetchRequest();

	String[] attributes = { "nickname", "email", "fullname", "dob",
			"gender", "postcode", "country", "language", "timezone" };
	for (int i = 0, l = attributes.length; i < l; i++) {
		String attribute = attributes[i];
		String value = httpReq.getParameter(attribute);
		if (OPTIONAL_VALUE.equals(value)) {
			sregReq.addAttribute(attribute, false);
		} else if (REQUIRED_VALUE.equals(value)) {
			sregReq.addAttribute(attribute, true);
		}
	}

	// attach the extension to the authentication request
	if (!sregReq.getAttributes().isEmpty()) {
		authReq.addExtension(sregReq);
	}
}
 

/**
 * Attribute exchange example.
 * 
 * @param httpReq
 * @param authReq
 * @throws MessageException
 * @see <a href="http://code.google.com/p/openid4java/wiki/AttributeExchangeHowTo">Attribute Exchange HowTo</a>
 * @see <a href="http://openid.net/specs/openid-attribute-exchange-1_0.html">OpenID Attribute Exchange 1.0 - Final</a>
 */
private void addAttributeExchangeToAuthRequest(HttpServletRequest httpReq,
		AuthRequest authReq) throws MessageException {
	String[] aliases = httpReq.getParameterValues("alias");
	String[] typeUris = httpReq.getParameterValues("typeUri");
	String[] counts = httpReq.getParameterValues("count");
	FetchRequest fetch = FetchRequest.createFetchRequest();
	for (int i = 0, l = typeUris == null ? 0 : typeUris.length; i < l; i++) {
		String typeUri = typeUris[i];
		if (StringUtils.isNotBlank(typeUri)) {
			String alias = aliases[i];
			boolean required = httpReq.getParameter("required" + i) != null;
			int count = NumberUtils.toInt(counts[i], 1);
			fetch.addAttribute(alias, typeUri, required, count);
		}
	}
	authReq.addExtension(fetch);
}
 

/**
 * Checks the validity of the extension.
 * <p>
 * Used when constructing a extension from a parameter list.
 *
 * @throws MessageException if the PapeRequest is not valid.
 */
public void validate() throws MessageException
{
    if (! _parameters.hasParameter("preferred_auth_policies"))
    {
        throw new MessageException(
            "preferred_auth_policies is required in a PAPE request.",
            OpenIDException.PAPE_ERROR);
    }

    Iterator it = _parameters.getParameters().iterator();
    while (it.hasNext())
    {
        String paramName = ((Parameter) it.next()).getKey();
        if (! PAPE_FIELDS.contains(paramName) && ! paramName.startsWith(PapeMessage.AUTH_LEVEL_NS_PREFIX))
        {
            throw new MessageException(
                "Invalid parameter name in PAPE request: " + paramName,
                OpenIDException.PAPE_ERROR);
        }
    }
}
 

/**
 * @param httpReq
 * @param authSuccess
 * @throws MessageException 
 */
private void receiveSimpleRegistration(HttpServletRequest httpReq,
		AuthSuccess authSuccess) throws MessageException {
	if (authSuccess.hasExtension(SRegMessage.OPENID_NS_SREG)) {
		MessageExtension ext = authSuccess
				.getExtension(SRegMessage.OPENID_NS_SREG);
		if (ext instanceof SRegResponse) {
			SRegResponse sregResp = (SRegResponse) ext;
			for (Iterator iter = sregResp.getAttributeNames()
					.iterator(); iter.hasNext();) {
				String name = (String) iter.next();
				String value = sregResp.getParameterValue(name);
				httpReq.setAttribute(name, value);
			}
		}
	}
}
 

/**
 * @param httpReq
 * @param authSuccess
 * @throws MessageException 
 */
private void receiveAttributeExchange(HttpServletRequest httpReq,
		AuthSuccess authSuccess) throws MessageException {
	if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) {
		FetchResponse fetchResp = (FetchResponse) authSuccess
				.getExtension(AxMessage.OPENID_NS_AX);

		// List emails = fetchResp.getAttributeValues("email");
		// String email = (String) emails.get(0);

		List aliases = fetchResp.getAttributeAliases();
		Map attributes = new LinkedHashMap();
		for (Iterator iter = aliases.iterator(); iter.hasNext();) {
			String alias = (String) iter.next();
			List values = fetchResp.getAttributeValues(alias);
			if (values.size() > 0) {
				String[] arr = new String[values.size()];
				values.toArray(arr);
				attributes.put(alias, StringUtils.join(arr));
			}
		}
		httpReq.setAttribute("attributes", attributes);
	}
}
 

/**
 * Creates a SRegResponse from a SRegRequest message and the data released
 * by the user.
 *
 * @param req               SRegRequest message.
 * @param userData          Map<String attributeName, String attributeValue> with the
 *                          data released by the user.
 * @return                  Properly formed SRegResponse.
 * @throws MessageException if any attribute-name in the userData map does not
 *                          correspond to an SREG field-name.
 */
public static SRegResponse createSRegResponse(SRegRequest req, Map userData)
        throws MessageException
{
    SRegResponse resp = new SRegResponse();

    List attributes = req.getAttributes();
    Iterator iter = attributes.iterator();
    while (iter.hasNext())
    {
        String attr = (String) iter.next();
        String value = (String) userData.get(attr);
        if (value != null)
            resp.addAttribute(attr, value);
    }

    return resp;
}
 

/**
 * Creates an OpenID Token. Depending of the global config, either a token
 * for the valid user or for the attacker is created.
 *
 * @param authRequest
 *
 * @return
 *
 * @throws MessageException
 * @throws ServerException
 * @throws AssociationException
 */
private AttackParameterKeeper processTokenRequest(final AuthRequest authRequest) throws OpenIdAttackerServerException {
    final String userSelId = getValidUser().getIdentifier();
    final String userSelClaimed = getValidUser().getClaimedId();
    final Message token = serverManager.authResponse(authRequest, userSelId, userSelClaimed, true, false);
    if (token instanceof AuthSuccess) {
        try {
            processAxExtension(token, authRequest);
            processSRegExtension(token, authRequest);
            generateSignatureForValidValues((AuthSuccess) token);
            generateSignatureForAttackValues();
        } catch (ServerException | MessageException | AssociationException ex) {
            throw new OpenIdAttackerServerException(ex.getMessage());
        }
    } else {
        throw new OpenIdAttackerServerException("Error while creating auth Response");
    }
    return getKeeper();
}
 

/**
 * Instantiates the apropriate Simple Registration object
 * (request / response) for the supplied parameter list.
 *
 * Similar to SRegMessage.getExtension(), but sets the SREG 1.1 type URI.
 *
 * @param parameterList         The Simple Registration specific parameters
 *                              (without the openid.<ext_alias> prefix)
 *                              extracted from the openid message.
 * @param isRequest             Indicates whether the parameters were
 *                              extracted from an OpenID request (true),
 *                              or from an OpenID response.
 * @return                      MessageExtension implementation for
 *                              the supplied extension parameters.
 * @throws MessageException     If a Simple Registration object could not be
 *                              instantiated from the supplied parameter list.
 */
public MessageExtension getExtension(
        ParameterList parameterList, boolean isRequest)
        throws MessageException
{
    SRegMessage sreg;

    if ( parameterList.hasParameter("required") ||
         parameterList.hasParameter("optional"))

        sreg = SRegRequest.createSRegRequest(parameterList);

    else
        sreg = SRegResponse.createSRegResponse(parameterList);

    sreg.setTypeUri(SRegMessage.OPENID_NS_SREG11);

    return sreg;
}
 

/**
 * Sets the optional 'update_url' parameter where the OP can later re-post
 * fetch-response updates for the values of the requested attributes.
 *
 * @param       updateUrl   The URL where the RP accepts later updates
 *                          for the requested attributes.
 */
public void setUpdateUrl(String updateUrl) throws MessageException
{
    try
    {
        new URL(updateUrl);
    }
    catch (MalformedURLException e)
    {
        throw new MessageException("Invalid update_url: " + updateUrl);
    }

    if (DEBUG) _log.debug("Setting fetch response update_url: " + updateUrl);

    _parameters.set(new Parameter("update_url", updateUrl));
}
 

/**
 * Populate the response with claim values. If we can't find the required values with us, we
 * simply avoid sending them. An Identity Provider MAY return any subset of the following fields
 * in response to the query.
 *
 * @param claimValues Claim values.
 * @throws MessageException
 */
protected void setAttributeExchangeValues(FetchResponse response,
                                          Map<String, OpenIDClaimDTO> claimValues) throws MessageException {

    Iterator<Entry<String, OpenIDClaimDTO>> iterator = null;
    Entry<String, OpenIDClaimDTO> entry = null;
    OpenIDClaimDTO claim = null;

    iterator = claimValues.entrySet().iterator();

    while (iterator.hasNext()) {
        entry = iterator.next();
        claim = entry.getValue();
        response.addAttribute(claim.getClaimUri(), claim.getClaimValue());
    }
}
 

/**
 * Populate the response with claim values. If we can't find the required values with us, we
 * simply avoid sending them. An Identity Provider MAY return any subset of the following fields
 * in response to the query.
 *
 * @param response    Simple Registration response.
 * @param claimValues Claim values.
 * @throws MessageException
 */
protected void setSimpleAttributeRegistrationValues(SRegResponse response,
                                                    Map<String, OpenIDClaimDTO> claimValues)
        throws MessageException {

    Iterator<Entry<String, OpenIDClaimDTO>> iterator = null;
    OpenIDClaimDTO claim = null;
    Entry<String, OpenIDClaimDTO> entry = null;

    iterator = claimValues.entrySet().iterator();

    while (iterator.hasNext()) {
        entry = iterator.next();
        claim = entry.getValue();
        response.addAttribute(claim.getClaimUri(), claim.getClaimValue());
    }
}
 

/**
 * @param authRequest OpenID authentication request
 * @return A set of policies requested
 * @throws IdentityException
 */
public static String[] getAuthenticationPolicies(AuthRequest authRequest) throws IdentityException {

    MessageExtension message = null;
    PapeRequest papeRequest = null;
    List preferredPolicies = null;

    try {
        if (authRequest.hasExtension(PapeMessage.OPENID_NS_PAPE)) {
            message = authRequest.getExtension(PapeMessage.OPENID_NS_PAPE);

            if (message instanceof PapeRequest) {
                papeRequest = (PapeRequest) message;
                preferredPolicies = papeRequest.getPreferredAuthPoliciesList();
                if (preferredPolicies != null && !preferredPolicies.isEmpty()) {
                    return (String[]) preferredPolicies.toArray(new String[preferredPolicies.size()]);
                }
            }
        }
        return new String[0];
    } catch (MessageException e) {
        throw IdentityException.error("Failed retrieve authentication policies", e);
    }
}
 

private void generateSignatureForAttackValues() throws AssociationException, MessageException, ServerException {
    AttackParameter signature = getKeeper().getParameter("openid.sig");
    // only compute sig if no custom value is specified
    if (signature != null && !signature.isAttackValueUsedForSignatureComputation()) {
        Map<String, String> currentAttackMap = AttackParameterHandler.createToSignMap(getKeeper());
        ParameterList pl = new ParameterList(currentAttackMap);
        AuthSuccess success = UnvalidatedAuthSuccess.createAuthSuccess(pl);
        serverManager.sign(success);
        AttackParameterHandler.updateAttackParameters(getKeeper(), success.getParameterMap());
    }
}
 

public static PapeResponse createPapeResponse(ParameterList params)
        throws MessageException
{
    PapeResponse resp = new PapeResponse(params);

    resp.validate();

    if (DEBUG)
        _log.debug("Created PAPE response from parameter list:\n" + params);

    return resp;
}
 

private AuthRequest createAuthenticationRequest(final ParameterList token_parameter) throws OpenIdAttackerServerException {
        AuthRequest authRequest;
        try {
//            authRequest = AuthRequest.createAuthRequest(token_parameter, serverManager.getRealmVerifier());
            authRequest = UnvalidatedAuthRequest.createAuthRequest(token_parameter, serverManager.getRealmVerifier());
        } catch (MessageException ex) {
            throw new OpenIdAttackerServerException(ex);
        }
        return authRequest;
    }
 

private Message processAxExtension(Message token, final AuthRequest authRequest) throws MessageException {
    if (authRequest.hasExtension(AxMessage.OPENID_NS_AX)) {
        MessageExtension extension = authRequest.getExtension(AxMessage.OPENID_NS_AX);
        if (extension instanceof FetchRequest) {
            final FetchRequest fetchRequest = (FetchRequest) extension;
            final Map userDataMap = getValidUser().getUserDataMap();
            final FetchResponse fetchResponse = FetchResponse.createFetchResponse(fetchRequest, userDataMap);
            token.addExtension(fetchResponse, "ax");
        } else {
            throw new UnsupportedOperationException("TODO: if (ext instanceof StoreRequest)");
        }
    }
    return token;
}
 

public static AuthSuccess createAuthSuccess(ParameterList params)
  throws MessageException {
    AuthSuccess resp = new UnvalidatedAuthSuccess(params);

    // The response token must not be validated
    // This allows e.g. to create signed tokens WITHOUT claimed_id etc.
    // resp.validate();
    if (DEBUG) {
        LOG.debug("Created positive auth response:\n"
          + resp.keyValueFormEncoding());
    }

    return resp;
}
 

public Message generatePositiveCheckAuthenticationResponse() {        
    HashMap<String, String> result = new LinkedHashMap<>();
    result.put("ns", "http://specs.openid.net/auth/2.0");
    result.put("is_valid", "true");
    ParameterList responseParameters = new ParameterList(result);
    try {
        Message m = VerifyResponse.createVerifyResponse(responseParameters);
        return m;
    } catch (MessageException ex) {
        throw new IllegalStateException("This should never happen", ex);
    }
}
 

public static AuthRequest createAuthRequest(ParameterList params,
  RealmVerifier realmVerifier)
  throws MessageException {
    AuthRequest req = new UnvalidatedAuthRequest(params);

    req.setRealmVerifier(realmVerifier);

    // The request must not be validated
    // req.validate();
    if (DEBUG) {
        LOG.debug("Created auth request:\n" + req.keyValueFormEncoding());
    }

    return req;
}
 

/**
 * {@inheritDoc}
 */
@Override
public MessageExtension getMessageExtension(String userId, String profileName, OpenIDAuthRequestDTO requestDTO)
        throws IdentityException {

    MessageExtension message = null;
    PapeResponse papeResponse = null;
    AuthRequest authRequest = null;

    try {
        authRequest = request.getAuthRequest();

        if (authRequest != null) {
            message = authRequest.getExtension(PapeMessage.OPENID_NS_PAPE);

            if (message instanceof PapeRequest) {
                papeResponse = PapeResponse.createPapeResponse();
                if (request.isPhishingResistanceLogin()) {
                    papeResponse.addAuthPolicy(PapeMessage.PAPE_POLICY_PHISHING_RESISTANT);
                    //papeResponse.setNistAuthLevel(1);  TODO
                }
                if (request.isMultifactorLogin()) {
                    papeResponse.addAuthPolicy(PapeMessage.PAPE_POLICY_MULTI_FACTOR);
                    //papeResponse.setNistAuthLevel(2);  TODO
                }
            }
        }
    } catch (MessageException e) {
        log.error("Failed to create message extension for PAPE", e);
        throw IdentityException.error("Failed to create message extension for PAPE", e);
    }

    return papeResponse;
}
 

/**
 * Get Profile details of an user
 *
 * @param openId
 * @return
 * @throws IdentityProviderException
 */
public OpenIDUserProfileDTO[] getUserProfiles(String openId, OpenIDParameterDTO[] requredClaims)
        throws IdentityProviderException {
    String userName = null;
    UserRealm realm = null;
    UserStoreManager reader = null;
    String tenatUser = null;
    String domainName = null;

    try {
        userName = OpenIDUtil.getUserName(openId);
        tenatUser = MultitenantUtils.getTenantAwareUsername(userName);
        domainName = MultitenantUtils.getDomainNameFromOpenId(openId);
        realm = IdentityTenantUtil.getRealm(domainName, userName);
        reader = realm.getUserStoreManager();
        String[] profileNames = reader.getProfileNames(tenatUser);
        OpenIDUserProfileDTO[] profileDtoSet = new OpenIDUserProfileDTO[profileNames.length];

        List<String> claimList = null;
        ParameterList paramList = getParameterList(requredClaims);
        AuthRequest authReq =
                AuthRequest.createAuthRequest(paramList, OpenIDProvider.getInstance()
                                                                       .getManager()
                                                                       .getRealmVerifier());

        claimList = getRequestedAttributes(authReq);

        for (int i = 0; i < profileNames.length; i++) {
            OpenIDUserProfileDTO profileDTO = new OpenIDUserProfileDTO();
            OpenIDClaimDTO[] claimSet =
                    getOpenIDClaimValues(openId, profileNames[i], claimList);
            profileDTO.setProfileName(profileNames[i]);
            profileDTO.setClaimSet(claimSet);
            profileDtoSet[i] = profileDTO;
        }
        return profileDtoSet;
    } catch (MalformedURLException | UserStoreException | MessageException | IdentityException e) {
        throw new IdentityProviderException("Error while retrieving user profiles", e);
    }
}
 

/**
 * Constructs a FetchRequest from a parameter list.
 * <p>
 * The parameter list can be extracted from a received message with the
 * getExtensionParams method of the Message class, and MUST NOT contain
 * the "openid.<extension_alias>." prefix.
 */
public static FetchRequest createFetchRequest(ParameterList params)
        throws MessageException
{
    FetchRequest req = new FetchRequest(params);

    if (! req.isValid())
        throw new MessageException("Invalid parameters for a fetch request");

    if (DEBUG)
        _log.debug("Created fetch request from parameter list:\n" + params);

    return req;
}
 

/**
 * Constructs a PapeRequest from a parameter list.
 * <p>
 * The parameter list can be extracted from a received message with the
 * getExtensionParams method of the Message class, and MUST NOT contain
 * the "openid.<extension_alias>." prefix.
 */
public static PapeRequest createPapeRequest(ParameterList params)
        throws MessageException
{
    PapeRequest req = new PapeRequest(params);

    req.validate();

    if (DEBUG)
        _log.debug("Created PAPE request from parameter list:\n" + params);

    return req;
}
 

/**
 * Adds an attribute to the SReg response. The allowed attribute names are
 * the ones defined in the SReg specification: nickname, email, fullname,
 * dob, gender, postcode, country, language, timezone.
 *
 * @param       attr        An attribute name.
 * @param       value       The value of the attribute.
 */
public void addAttribute(String attr, String value) throws MessageException
{
    _parameters.set(new Parameter(attr, value));

    if (! SREG_FIELDS.contains(attr))
        throw new MessageException("Invalid attribute for SReg: " + attr);

    if (DEBUG)
        _log.debug("Added new attribute to SReg response: " + attr +
                   " value: " + value);
}
 

public static SRegResponse createSRegResponse(ParameterList params)
        throws MessageException
{
    SRegResponse resp = new SRegResponse(params);

    if (! resp.isValid())
        throw new MessageException("Invalid parameters for a SReg response");

    if (DEBUG)
        _log.debug("Created SReg response from parameter list:\n" + params);

    return resp;
}
 

/**
 * Sets the optional policy URL.
 *
 * @param   policyUrl   A URL which the Consumer provides to give the
 *                      End User a place to read about the how the profile
 *                      data will be used. The Identity Provider SHOULD
 *                      display this URL to the End User if it is given.
 */
public void setPolicyUrl(String policyUrl) throws MessageException {
    try
    {
        new URL(policyUrl);
    } catch (MalformedURLException e)
    {
        throw new MessageException("Invalid policy_url: " + policyUrl);
    }

    if (DEBUG) _log.debug("Setting SReg request policy_url: " + policyUrl);

    _parameters.set(new Parameter("policy_url", policyUrl));
}
 

/**
 * Constructs a SRegRequest from a parameter list.
 * <p>
 * The parameter list can be extracted from a received message with the
 * getExtensionParams method of the Message class, and MUST NOT contain
 * the "openid.<extension_alias>." prefix.
 */
public static SRegRequest createSRegRequest(ParameterList params)
        throws MessageException
{
    SRegRequest req = new SRegRequest(params);

    if (! req.isValid())
        throw new MessageException("Invalid parameters for a SReg request");

    if (DEBUG)
        _log.debug("Created SReg request from parameter list:\n" + params);

    return req;
}
 

/**
 * Constructs a StoreRequest from a parameter list.
 * <p>
 * The parameter list can be extracted from a received message with the
 * getExtensionParams method of the Message class, and MUST NOT contain
 * the "openid.<extension_alias>." prefix.
 */
public static StoreRequest createStoreRequest(ParameterList params)
        throws MessageException
{
    StoreRequest req = new StoreRequest(params);

    if (! req.isValid())
        throw new MessageException("Invalid parameters for a store request");

    if (DEBUG)
        _log.debug("Created store request from parameter list:\n" + params);

    return req;
}
 

public static FetchResponse createFetchResponse(ParameterList params)
        throws MessageException
{
    FetchResponse resp = new FetchResponse(params);

    if (! resp.isValid())
        throw new MessageException("Invalid parameters for a fetch response");

    if (DEBUG)
        _log.debug("Created fetch response from parameter list:\n" + params);

    return resp;
}