org.openid4java.association.AssociationException Java Examples
The following examples show how to use
org.openid4java.association.AssociationException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: CustomOpenIdProcessor.java From OpenID-Attacker with GNU General Public License v2.0 | 6 votes |
|
/**
* Creates an OpenID Token. Depending of the global config, either a token
* for the valid user or for the attacker is created.
*
* @param authRequest
*
* @return
*
* @throws MessageException
* @throws ServerException
* @throws AssociationException
*/
private AttackParameterKeeper processTokenRequest(final AuthRequest authRequest) throws OpenIdAttackerServerException {
final String userSelId = getValidUser().getIdentifier();
final String userSelClaimed = getValidUser().getClaimedId();
final Message token = serverManager.authResponse(authRequest, userSelId, userSelClaimed, true, false);
if (token instanceof AuthSuccess) {
try {
processAxExtension(token, authRequest);
processSRegExtension(token, authRequest);
generateSignatureForValidValues((AuthSuccess) token);
generateSignatureForAttackValues();
} catch (ServerException | MessageException | AssociationException ex) {
throw new OpenIdAttackerServerException(ex.getMessage());
}
} else {
throw new OpenIdAttackerServerException("Error while creating auth Response");
}
return getKeeper();
}
Example #2
| Source File: InMemoryServerAssociationStore.java From openid4java with Apache License 2.0 | 6 votes |
|
public synchronized Association generate(String type, int expiryIn)
throws AssociationException
{
removeExpired();
String handle = _timestamp + "-" + _counter++;
Association association = Association.generate(type, handle, expiryIn);
_handleMap.put(handle, association);
if (DEBUG) _log.debug("Generated association, handle: " + handle +
" type: " + type +
" expires in: " + expiryIn + " seconds.");
return association;
}
Example #3
| Source File: ServerManager.java From openid4java with Apache License 2.0 | 6 votes |
|
/**
* Signs an AuthSuccess message, using the association identified by the
* handle specified within the message.
*
* @param authSuccess The Authentication Success message to be signed.
*
* @throws ServerException If the Association corresponding to the handle
* in the @authSuccess cannot be retrieved from
* the store.
* @throws AssociationException If the signature cannot be computed.
*
*/
public void sign(AuthSuccess authSuccess)
throws ServerException, AssociationException
{
String handle = authSuccess.getHandle();
// try shared associations first, then private
Association assoc = _sharedAssociations.load(handle);
if (assoc == null)
assoc = _privateAssociations.load(handle);
if (assoc == null) throw new ServerException(
"No association found for handle: " + handle);
authSuccess.setSignature(assoc.sign(authSuccess.getSignedText()));
}
Example #4
| Source File: AuthSuccess.java From openid4java with Apache License 2.0 | 6 votes |
|
public static AuthSuccess createAuthSuccess(
String opEndpoint, String claimedId, String delegate,
boolean compatibility,
String returnTo, String nonce,
String invalidateHandle, Association assoc,
boolean signNow)
throws MessageException, AssociationException
{
AuthSuccess resp = new AuthSuccess(opEndpoint, claimedId, delegate,
compatibility, returnTo, nonce,
invalidateHandle, assoc, signNow);
resp.validate();
if (DEBUG) _log.debug("Created positive auth response:\n"
+ resp.keyValueFormEncoding());
return resp;
}
Example #5
| Source File: AuthSuccess.java From openid4java with Apache License 2.0 | 6 votes |
|
protected AuthSuccess(String opEndpoint, String claimedId, String delegate,
boolean compatibility,
String returnTo, String nonce,
String invalidateHandle, Association assoc,
boolean signNow)
throws AssociationException
{
if (! compatibility)
{
set("openid.ns", OPENID2_NS);
setOpEndpoint(opEndpoint);
setClaimed(claimedId);
setNonce(nonce);
}
set("openid.mode", MODE_IDRES);
setIdentity(delegate);
setReturnTo(returnTo);
if (invalidateHandle != null) setInvalidateHandle(invalidateHandle);
setHandle(assoc.getHandle());
buildSignedList();
setSignature(signNow ? assoc.sign(getSignedText()) : "");
}
Example #6
| Source File: OpenIDServerAssociationStore.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* Super will generate the association and it will be persisted by the DAO.
*
* @param type association type defined in the OpenID 2.0
* @param expiryIn date
* @return <code>Association</code>
*/
@Override
public Association generate(String type, int expiryIn)
throws AssociationException {
String handle = storeId + timestamp + "-" + getCounter();
final Association association = Association.generate(type, handle, expiryIn);
cache.addToCache(association);
// Asynchronous write to database
Thread thread = new Thread() {
@Override
public void run() {
if(log.isDebugEnabled()) {
log.debug("Storing association " + association.getHandle() + " in the database.");
}
dao.storeAssociation(association);
}
};
thread.start();
return association;
}
Example #7
| Source File: PrivateAssociationReplicationStore.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public Association generate(String type, int expiryIn) throws AssociationException {
String handle = storeId + timestamp + "-" + getCounter();
Association association = Association.generate(type, handle, expiryIn);
// replicating association using cluster messages
if(log.isDebugEnabled()) {
log.debug("Storing association " + association.getHandle() + " in the map.");
}
OpenIDAssociationReplicationManager.getPersistenceManager().addAssociation(association);
return association;
}
Example #8
| Source File: PrivateAssociationCryptoStore.java From carbon-identity with Apache License 2.0 | 5 votes |
|
@Override
public Association generate(String type, int expiryIn) throws AssociationException {
if(log.isDebugEnabled()){
log.debug("Inside generate(); type : " + type + " expiryIn : " + expiryIn);
}
long timestamp = new Date().getTime();
if(log.isDebugEnabled()){
log.debug("Current Time : " + timestamp);
}
// make time in to millisecond before it is set
if(this.expireIn == 0){
this.expireIn = expiryIn * 1000;
}
if(log.isDebugEnabled()){
log.debug("Expires In : " + this.expireIn);
}
Date expireDate = new Date(timestamp + this.expireIn);
if(log.isDebugEnabled()){
log.debug("Expiry Time : " + expireDate.getTime());
}
String handle = Integer.toString(storeId) + Long.toString(timestamp) + "-" + Integer.toString(counter++);
if(log.isDebugEnabled()){
log.debug("Handle generated by crypto store : " + handle);
}
// SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
// PBEKeySpec spec = new PBEKeySpec(serverKey.toCharArray(), handle.getBytes(), 1, 256);
// SecretKey secretKey = factory.generateSecret(spec);
Association association = Association.createHmacSha256(handle, (serverKey + handle).getBytes(), expireDate);
OpenIDServerManager.setThreadLocalAssociation(association);
return association;
}
Example #9
| Source File: CustomInMemoryServerAssociationStore.java From OpenID-Attacker with GNU General Public License v2.0 | 5 votes |
|
@Override
public synchronized Association generate(String type, int expiryIn)
throws AssociationException {
removeExpired();
String handle;
// If this is the first, just use the prefix
handle = associationPrefix;
while (_handleMap.containsKey(handle)) {
// Otherwise, use prefix plus counter
++counter;
handle = associationPrefix + "-" + counter;
}
Association association = Association.generate(type, handle, expiryIn);
_handleMap.put(handle, association);
if (DEBUG) {
LOG.debug("Generated association, handle: " + handle
+ " type: " + type
+ " expires in: " + expiryIn + " seconds.");
}
removeExpired();
return association;
}
Example #10
| Source File: CustomOpenIdProcessor.java From OpenID-Attacker with GNU General Public License v2.0 | 5 votes |
|
private void generateSignatureForAttackValues() throws AssociationException, MessageException, ServerException {
AttackParameter signature = getKeeper().getParameter("openid.sig");
// only compute sig if no custom value is specified
if (signature != null && !signature.isAttackValueUsedForSignatureComputation()) {
Map<String, String> currentAttackMap = AttackParameterHandler.createToSignMap(getKeeper());
ParameterList pl = new ParameterList(currentAttackMap);
AuthSuccess success = UnvalidatedAuthSuccess.createAuthSuccess(pl);
serverManager.sign(success);
AttackParameterHandler.updateAttackParameters(getKeeper(), success.getParameterMap());
}
}
Example #11
| Source File: AssociationResponse.java From openid4java with Apache License 2.0 | 5 votes |
|
public static AssociationResponse createAssociationResponse(
AssociationRequest assocReq, Association assoc)
throws MessageException, AssociationException
{
AssociationResponse resp = new AssociationResponse(assocReq, assoc);
resp.validate();
if (DEBUG) _log.debug("Created association response:\n"
+ resp.keyValueFormEncoding());
return resp;
}
Example #12
| Source File: InMemoryServerAssociationStoreTest.java From openid4java with Apache License 2.0 | 5 votes |
|
public void testCleanup() throws AssociationException, InterruptedException
{
super.testCleanup();
InMemoryServerAssociationStore inMemoryAssociationStore = (InMemoryServerAssociationStore) _associationStore;
assertEquals(1, inMemoryAssociationStore.size());
}
Example #13
| Source File: AbstractServerAssociationStoreTest.java From openid4java with Apache License 2.0 | 5 votes |
|
public void testCleanup() throws AssociationException, InterruptedException
{
_associationStore.generate(Association.TYPE_HMAC_SHA1, 1);
_associationStore.generate(Association.TYPE_HMAC_SHA1, 1);
_associationStore.generate(Association.TYPE_HMAC_SHA1, 1);
_associationStore.generate(Association.TYPE_HMAC_SHA1, 1);
Thread.sleep(2000);
_associationStore.generate(Association.TYPE_HMAC_SHA1, 1);
}
Example #14
| Source File: AbstractServerAssociationStoreTest.java From openid4java with Apache License 2.0 | 5 votes |
|
public void testRemove() throws AssociationException
{
String handle = _associationStore.generate(Association.TYPE_HMAC_SHA1, 1).getHandle();
assertNotNull(_associationStore.load(handle));
_associationStore.remove(handle);
assertNull(_associationStore.load(handle));
}
Example #15
| Source File: OpenIDServerManager.java From carbon-identity with Apache License 2.0 | 5 votes |
|
public void sign(AuthSuccess authSuccess)
throws ServerException, AssociationException {
String handle = authSuccess.getHandle();
Association assoc = null;
try {
// First try in thread local
assoc = getThreadLocalAssociation();
} finally {
// Clear thread local
clearThreadLocalAssociation();
}
// try shared associations, then private
if (assoc == null) {
assoc = getSharedAssociations().load(handle);
}
if (assoc == null) {
assoc = getPrivateAssociations().load(handle);
}
if (assoc == null) {
throw new ServerException("No association found for handle: " + handle);
}
authSuccess.setSignature(assoc.sign(authSuccess.getSignedText()));
}
Example #16
| Source File: AbstractServerAssociationStoreTest.java From openid4java with Apache License 2.0 | 5 votes |
|
public void testExpiry() throws AssociationException, InterruptedException
{
String handle = _associationStore.generate(Association.TYPE_HMAC_SHA1, 1).getHandle();
assertNotNull(_associationStore.load(handle));
Thread.sleep(2000);
assertNull(_associationStore.load(handle));
}
Example #17
| Source File: AbstractServerAssociationStoreTest.java From openid4java with Apache License 2.0 | 5 votes |
|
public void testLoad() throws AssociationException
{
assertNull(_associationStore.load(null));
assertNull(_associationStore.load(""));
assertNull(_associationStore.load("xyz"));
String handle = _associationStore.generate(Association.TYPE_HMAC_SHA1, 60).getHandle();
assertNotNull(_associationStore.load(handle));
assertNotNull(_associationStore.load(handle));
}
Example #18
| Source File: AbstractServerAssociationStoreTest.java From openid4java with Apache License 2.0 | 5 votes |
|
public void testGenerateBadType()
{
try
{
String badType = "xyz";
_associationStore.generate(badType, 60);
fail("Should throw exception for bad associtation type: " + badType);
}
catch (AssociationException e)
{
}
}
Example #19
| Source File: AssociationResponse.java From openid4java with Apache License 2.0 | 5 votes |
|
/**
* Constructs an AssociationResponse for a given association request.
*
* @param assocReq The association request that needs to be responded.
* @param assoc The association which will be used to sign
* authentication responses.
*/
protected AssociationResponse(AssociationRequest assocReq, Association assoc)
throws AssociationException
{
if (DEBUG)
_log.debug("Creating association response, type: " + assocReq.getType()
+ " association handle: " + assoc.getHandle());
if (assocReq.isVersion2()) set("ns", OPENID2_NS);
AssociationSessionType type = assocReq.getType();
setType(type);
setAssocHandle(assoc.getHandle());
Long expiryIn = new Long( ( assoc.getExpiry().getTime() -
System.currentTimeMillis() ) / 1000 );
setExpire(expiryIn);
if (type.getHAlgorithm() != null) // DH session, encrypt the MAC key
{
DiffieHellmanSession dhSess = DiffieHellmanSession.create(
type, assocReq.getDhModulus(), assocReq.getDhGen() );
setPublicKey(dhSess.getPublicKey());
setMacKeyEnc(dhSess.encryptMacKey(
assoc.getMacKey().getEncoded(),
assocReq.getDhPublicKey() ));
}
else // no-encryption session, unecrypted MAC key
{
setMacKey(new String(
Base64.encodeBase64(assoc.getMacKey().getEncoded())));
}
}
Example #20
| Source File: JdbcServerAssociationStore.java From openid4java with Apache License 2.0 | 4 votes |
|
public Association load(String handle)
{
try
{
String sql = "SELECT type,mackey,expdate FROM " + _tableName +
" WHERE handle=?";
JdbcTemplate jdbcTemplate = getJdbcTemplate();
Map res = jdbcTemplate.queryForMap(sql, new Object[] {handle});
String type = (String) res.get("type");
String macKey = (String) res.get("mackey");
Date expDate = (Date) res.get("expdate");
if (type == null || macKey == null || expDate == null)
throw new AssociationException("Invalid association data " +
"retrived from database; cannot create Association " +
"object for handle: " + handle);
Association assoc;
if (Association.TYPE_HMAC_SHA1.equals(type))
assoc = Association.createHmacSha1(handle,
Base64.decodeBase64(macKey.getBytes() ), expDate);
else if (Association.TYPE_HMAC_SHA256.equals(type))
assoc = Association.createHmacSha256(handle,
Base64.decodeBase64(macKey.getBytes() ), expDate);
else
throw new AssociationException("Invalid association type " +
"retrieved from database: " + type);
if (DEBUG)
_log.debug("Retrieved association for handle: " + handle +
" from table: " + _tableName);
return assoc;
}
catch (AssociationException ase )
{
_log.error("Error retrieving association from table: " + _tableName, ase);
return null;
}
catch (IncorrectResultSizeDataAccessException rse)
{
_log.warn("Association not found for handle: " + handle +
" in the table: " + _tableName);
return null;
}
catch (DataAccessException dae)
{
_log.error("Error retrieving association for handle: " + handle +
"from table: " + _tableName, dae);
return null;
}
}
Example #21
| Source File: JdbcServerAssociationStore.java From openid4java with Apache License 2.0 | 4 votes |
|
public Association generate(String type, int expiryIn)
throws AssociationException
{
cleanupExpired();
String sql = "INSERT INTO " + _tableName +
" (handle, type, mackey, expdate) VALUES (?,?,?,?)";
JdbcTemplate jdbcTemplate = getJdbcTemplate();
int attemptsLeft = 5;
while (attemptsLeft > 0)
{
try
{
String handle = Long.toHexString(_random.nextLong());
Association association =
Association.generate(type, handle, expiryIn);
int cnt = jdbcTemplate.update(sql,
new Object[] {
association.getHandle(),
association.getType(),
new String(Base64.encodeBase64(
association.getMacKey().getEncoded())),
association.getExpiry()
});
if (cnt == 1)
{
if (DEBUG)
_log.debug("Generated association, handle: " + handle +
" type: " + type +
" expires in: " + expiryIn + " seconds.");
return association;
}
}
catch (DataAccessException e)
{
_log.error("Error generating association; attempts left: "
+ (attemptsLeft-1), e);
}
attemptsLeft--;
}
throw new AssociationException(
"JDBCServerAssociationStore: Error generating association.");
}
Example #22
| Source File: ServerManager.java From openid4java with Apache License 2.0 | 4 votes |
|
/**
* Processes a Association Request and returns a Association Response
* message, according to the request parameters and the preferences
* configured for the OpenID Provider
*
* @return AssociationResponse upon successfull association,
* or AssociationError if no association
* was established
*
*/
public Message associationResponse(ParameterList requestParams)
{
boolean isVersion2 = requestParams.hasParameter("openid.ns");
_log.info("Processing association request...");
try
{
// build request message from response params (+ integrity check)
AssociationRequest assocReq =
AssociationRequest.createAssociationRequest(requestParams);
isVersion2 = assocReq.isVersion2();
AssociationSessionType type = assocReq.getType();
// is supported / allowed ?
if (! Association.isHmacSupported(type.getAssociationType()) ||
! DiffieHellmanSession.isDhSupported(type) ||
_minAssocSessEnc.isBetter(type))
{
throw new AssociationException("Unable create association for: "
+ type.getSessionType() + " / "
+ type.getAssociationType() );
}
else // all ok, go ahead
{
Association assoc = _sharedAssociations.generate(
type.getAssociationType(), _expireIn);
_log.info("Returning shared association; handle: " + assoc.getHandle());
return AssociationResponse.createAssociationResponse(assocReq, assoc);
}
}
catch (OpenIDException e)
{
// association failed, respond accordingly
if (isVersion2)
{
_log.warn("Cannot establish association, " +
"responding with an OpenID2 association error.", e);
return AssociationError.createAssociationError(
e.getMessage(), _prefAssocSessEnc);
}
else
{
_log.warn("Error processing an OpenID1 association request: " +
e.getMessage() +
" Responding with a dummy association.", e);
try
{
// generate dummy association & no-encryption response
// for compatibility mode
Association dummyAssoc = _sharedAssociations.generate(
Association.TYPE_HMAC_SHA1, 0);
AssociationRequest dummyRequest =
AssociationRequest.createAssociationRequest(
AssociationSessionType.NO_ENCRYPTION_COMPAT_SHA1MAC);
return AssociationResponse.createAssociationResponse(
dummyRequest, dummyAssoc);
}
catch (OpenIDException ee)
{
_log.error("Error creating negative OpenID1 association response.", e);
return null;
}
}
}
}
Example #23
| Source File: ConsumerManager.java From openid4java with Apache License 2.0 | 4 votes |
|
/**
* Performs verification on the Authentication Response (assertion)
* received from the OpenID Provider.
* <p>
* Three verification steps are performed:
* <ul>
* <li> nonce: the same assertion will not be accepted more
* than once
* <li> signatures: verifies that the message was indeed sent
* by the OpenID Provider that was contacted
* earlier after discovery
* <li> discovered information: the information contained in the assertion
* matches the one obtained during the
* discovery (the OpenID Provider is
* authoritative for the claimed identifier;
* the received assertion is not meaningful
* otherwise
* </ul>
*
* @param receivingUrl The URL where the Consumer (Relying Party) has
* accepted the incoming message.
* @param response ParameterList of the authentication response
* being verified.
* @param discovered Previously discovered information (which can
* therefore be trusted) obtained during the discovery
* phase; this should be stored and retrieved by the RP
* in the user's session.
*
* @return A VerificationResult, containing a verified
* identifier; the verified identifier is null if
* the verification failed).
*/
public VerificationResult verify(String receivingUrl,
ParameterList response,
DiscoveryInformation discovered)
throws MessageException, DiscoveryException, AssociationException
{
VerificationResult result = new VerificationResult();
_log.info("Verifying authentication response...");
// non-immediate negative response
if ( "cancel".equals(response.getParameterValue("openid.mode")) )
{
result.setAuthResponse(AuthFailure.createAuthFailure(response));
_log.info("Received auth failure.");
return result;
}
// immediate negative response
if ( "setup_needed".equals(response.getParameterValue("openid.mode")) ||
("id_res".equals(response.getParameterValue("openid.mode"))
&& response.hasParameter("openid.user_setup_url") ) )
{
AuthImmediateFailure fail =
AuthImmediateFailure.createAuthImmediateFailure(response);
result.setAuthResponse(fail);
result.setOPSetupUrl(fail.getUserSetupUrl());
_log.info("Received auth immediate failure.");
return result;
}
AuthSuccess authResp = AuthSuccess.createAuthSuccess(response);
_log.info("Received positive auth response.");
result.setAuthResponse(authResp);
// [1/4] return_to verification
if (! verifyReturnTo(receivingUrl, authResp))
{
result.setStatusMsg("Return_To URL verification failed.");
_log.error("Return_To URL verification failed.");
return result;
}
// [2/4] : discovered info verification
discovered = verifyDiscovered(authResp, discovered);
if (discovered == null || ! discovered.hasClaimedIdentifier())
{
result.setStatusMsg("Discovered information verification failed.");
_log.error("Discovered information verification failed.");
return result;
}
// [3/4] : nonce verification
if (! verifyNonce(authResp, discovered))
{
result.setStatusMsg("Nonce verification failed.");
_log.error("Nonce verification failed.");
return result;
}
// [4/4] : signature verification
return (verifySignature(authResp, discovered, result));
}
Example #24
| Source File: JdbcConsumerAssociationStore.java From openid4java with Apache License 2.0 | 4 votes |
|
public Association load ( String opUrl )
{
try
{
JdbcTemplate jdbcTemplate = getJdbcTemplate ( ) ;
Map res = jdbcTemplate.queryForMap ( _sqlSelectAlt, new Object[]
{ opUrl } ) ;
String handle = (String) res.get ( "handle" ) ;
String type = (String) res.get ( "type" ) ;
String macKey = (String) res.get ( "mackey" ) ;
Date expDate = (Date) res.get ( "expdate" ) ;
Association assoc ;
if ( expDate == null || ( type == null || macKey == null ) &&
! Association.FAILED_ASSOC_HANDLE.equals(handle) ) {
throw new AssociationException (
"Invalid expiry date retrived from database; cannot create Association "
+ "object for handle: "
+ handle ) ;
} else if (Association.FAILED_ASSOC_HANDLE.equals(handle)) {
assoc = Association.getFailedAssociation(expDate);
} else if ( Association.TYPE_HMAC_SHA1.equals ( type ) ) {
assoc = Association.createHmacSha1 ( handle,
Base64.decodeBase64 ( macKey.getBytes ( ) ),
expDate ) ;
} else if ( Association.TYPE_HMAC_SHA256.equals ( type ) ) {
assoc = Association.createHmacSha256 ( handle,
Base64.decodeBase64 ( macKey.getBytes ( ) ),
expDate ) ;
} else {
throw new AssociationException (
"Invalid association type "
+ "retrieved from database: "
+ type ) ;
}
if ( _log.isDebugEnabled ( ) )
_log.debug ( "Retrieved association for handle: " + handle
+ " from table: " + _tableName ) ;
return assoc ;
}
catch ( AssociationException ase )
{
_log.error ( "Error retrieving association from table: "
+ _tableName, ase ) ;
return null ;
}
catch ( IncorrectResultSizeDataAccessException rse )
{
_log.warn ( "Association not found for opUrl: " + opUrl
+ " in the table: " + _tableName ) ;
return null ;
}
catch ( DataAccessException dae )
{
_log.error ( "Error retrieving association for opUrl: " + opUrl
+ "from table: " + _tableName, dae ) ;
return null ;
}
}
Example #25
| Source File: JdbcConsumerAssociationStore.java From openid4java with Apache License 2.0 | 4 votes |
|
public Association load ( String opUrl, String handle )
{
try
{
JdbcTemplate jdbcTemplate = getJdbcTemplate ( ) ;
Map res = jdbcTemplate.queryForMap ( _sqlSelect, new Object[]
{ opUrl, handle } ) ;
String type = (String) res.get ( "type" ) ;
String macKey = (String) res.get ( "mackey" ) ;
Date expDate = (Date) res.get ( "expdate" ) ;
if ( type == null || macKey == null || expDate == null )
throw new AssociationException (
"Invalid association data retrived from database; cannot create Association "
+ "object for handle: "
+ handle ) ;
Association assoc ;
if ( Association.TYPE_HMAC_SHA1.equals ( type ) )
assoc = Association.createHmacSha1 ( handle,
Base64.decodeBase64 ( macKey.getBytes ( ) ),
expDate ) ;
else if ( Association.TYPE_HMAC_SHA256.equals ( type ) )
assoc = Association.createHmacSha256 ( handle,
Base64.decodeBase64 ( macKey.getBytes ( ) ),
expDate ) ;
else
throw new AssociationException (
"Invalid association type "
+ "retrieved from database: "
+ type ) ;
if ( _log.isDebugEnabled ( ) )
_log.debug ( "Retrieved association for handle: " + handle
+ " from table: " + _tableName ) ;
return assoc ;
}
catch ( AssociationException ase )
{
_log.error ( "Error retrieving association from table: "
+ _tableName, ase ) ;
return null ;
}
catch ( IncorrectResultSizeDataAccessException rse )
{
_log.warn ( "Association not found for handle: " + handle
+ " in the table: " + _tableName ) ;
return null ;
}
catch ( DataAccessException dae )
{
_log.error ( "Error retrieving association for handle: " + handle
+ "from table: " + _tableName, dae ) ;
return null ;
}
}
Example #26
| Source File: CustomOpenIdProcessor.java From OpenID-Attacker with GNU General Public License v2.0 | 4 votes |
|
private void generateSignatureForValidValues(AuthSuccess token) throws AssociationException, ServerException {
serverManager.sign(token);
AttackParameterHandler.updateValidParameters(getKeeper(), token.getParameterMap());
}
Example #27
| Source File: AssociationRequest.java From openid4java with Apache License 2.0 | 4 votes |
|
/**
* Checks if the message is a valid OpenID Association Request.
*
* @throws MessageException if message validation failed.
*/
public void validate() throws MessageException
{
// basic checks
super.validate();
// association / session type checks
// (includes most of the compatibility stuff)
AssociationSessionType type;
try
{
// throws exception for invalid session / association types
type = getType();
// make sure compatibility mode is the same for type and message
if (type.isVersion2() != isVersion2())
{
throw new MessageException("Protocol verison mismatch " +
"between association session type: " + type +
" and AssociationRequest message type.",
OpenIDException.ASSOC_ERROR);
}
}
catch (AssociationException e)
{
throw new MessageException(
"Error verifying association request validity.",
OpenIDException.ASSOC_ERROR, e);
}
// additional compatibility checks
if (! isVersion2() && getSessionType() == null)
{
throw new MessageException(
"sess_type cannot be omitted in OpenID1 association requests",
OpenIDException.ASSOC_ERROR);
}
// DH seesion parameters
if ( type.getHAlgorithm() != null && getDhPublicKey() == null)
{
throw new MessageException("DH consumer public key not specified.",
OpenIDException.ASSOC_ERROR);
}
// no-enc session
if (type.getHAlgorithm() == null && (getDhGen() != null ||
getDhModulus() != null || getDhPublicKey() != null) )
{
throw new MessageException(
"No-encryption session, but DH parameters specified.",
OpenIDException.ASSOC_ERROR);
}
}
Example #28
| Source File: AssociationRequest.java From openid4java with Apache License 2.0 | 4 votes |
|
/**
* Gets the association / session type of the association request.
*
* @throws AssociationException
*/
public AssociationSessionType getType() throws AssociationException
{
return AssociationSessionType.create(
getSessionType(), getAssociationType(), ! isVersion2() );
}
Example #29
| Source File: AssociationResponse.java From openid4java with Apache License 2.0 | 4 votes |
|
/**
* Generates an Association object from an Association Response.
*
* @param dhSess The Diffie-Helman session containing the private key
* used to encrypt / decrypt the MAC key exchange.
* Should be null for no-encryption sessions.
*/
public Association getAssociation(DiffieHellmanSession dhSess)
throws AssociationException
{
if (DEBUG) _log.debug("Retrieving MAC key from association response...");
String handle = getParameterValue("assoc_handle");
int expiresIn = Integer.parseInt(
getParameterValue("expires_in") );
// get (and decrypt) the MAC key
byte[] macKey;
AssociationSessionType type = getType();
if ( type.getHAlgorithm() != null )
{
macKey = dhSess.decryptMacKey(
getParameterValue("enc_mac_key"),
getParameterValue("dh_server_public") );
if (DEBUG) _log.debug("Decrypted MAC key (base64): " +
new String(Base64.encodeBase64(macKey)));
}
else
{
macKey = Base64.decodeBase64(
getParameterValue("mac_key").getBytes() );
if (DEBUG) _log.debug("Unencrypted MAC key (base64): "
+ getParameterValue("mac_key"));
}
Association assoc;
if (Association.TYPE_HMAC_SHA1.equals(type.getAssociationType()))
assoc = Association.createHmacSha1(handle, macKey, expiresIn);
else if (Association.TYPE_HMAC_SHA256.equals(type.getAssociationType()))
assoc = Association.createHmacSha256(handle, macKey, expiresIn);
else
throw new AssociationException("Unknown association type: " + type);
if (DEBUG) _log.debug("Created association for handle: " + handle);
return assoc;
}
Example #30
| Source File: AssociationResponse.java From openid4java with Apache License 2.0 | 4 votes |
|
/**
* Checks if the message is a valid OpenID Association Response..
*
* @throws MessageException if message validation failed.
*/
public void validate() throws MessageException
{
// basic checks
super.validate();
// association / session type checks
// (includes most of the compatibility stuff)
AssociationSessionType type;
try
{
// throws exception for invalid session / association types
type = getType();
// make sure compatibility mode is the same for type and message
if (type.isVersion2() ^ isVersion2())
{
throw new MessageException(
"Protocol verison mismatch between association " +
"session type: " + type +
" and AssociationResponse message type.",
OpenIDException.ASSOC_ERROR);
}
}
catch (AssociationException e)
{
throw new MessageException(
"Error verifying association response validity.",
OpenIDException.ASSOC_ERROR, e);
}
// additional compatibility checks
if (! isVersion2() && getAssociationType() == null)
{
throw new MessageException(
"assoc_type cannot be omitted in OpenID1 responses",
OpenIDException.ASSOC_ERROR);
}
String macKey;
if (type.getHAlgorithm() != null) // DH session
{
if ( ! hasParameter("dh_server_public") ||
! hasParameter("enc_mac_key") )
{
throw new MessageException(
"DH public key or encrypted MAC key missing.",
OpenIDException.ASSOC_ERROR);
}
else
macKey = getParameterValue("enc_mac_key");
} else // no-enc session
{
if ( !hasParameter("mac_key") )
{
throw new MessageException("Missing MAC key.",
OpenIDException.ASSOC_ERROR);
}
else
macKey = getParameterValue("mac_key");
}
// mac key size
int macSize = Base64.decodeBase64(macKey.getBytes()).length * 8;
if ( macSize != type.getKeySize())
{
throw new MessageException("MAC key size: " + macSize +
" doesn't match the association/session type: " + type,
OpenIDException.ASSOC_ERROR);
}
}
