org.openid4java.server.ServerException Java Examples

private ModelAndView directResponse(HttpServletResponse httpResp, String response)
    throws ServerException
{
    if (DEBUG) _log.debug("Sending direct response:\n" + response);

    try
    {
        ServletOutputStream os = httpResp.getOutputStream();
        os.write(response.getBytes());
        os.close();
    }
    catch (IOException e)
    {
        throw new ServerException("Error generating direct verification response", e);
    }

    return null;
}
 

/**
 * Creates an OpenID Token. Depending of the global config, either a token
 * for the valid user or for the attacker is created.
 *
 * @param authRequest
 *
 * @return
 *
 * @throws MessageException
 * @throws ServerException
 * @throws AssociationException
 */
private AttackParameterKeeper processTokenRequest(final AuthRequest authRequest) throws OpenIdAttackerServerException {
    final String userSelId = getValidUser().getIdentifier();
    final String userSelClaimed = getValidUser().getClaimedId();
    final Message token = serverManager.authResponse(authRequest, userSelId, userSelClaimed, true, false);
    if (token instanceof AuthSuccess) {
        try {
            processAxExtension(token, authRequest);
            processSRegExtension(token, authRequest);
            generateSignatureForValidValues((AuthSuccess) token);
            generateSignatureForAttackValues();
        } catch (ServerException | MessageException | AssociationException ex) {
            throw new OpenIdAttackerServerException(ex.getMessage());
        }
    } else {
        throw new OpenIdAttackerServerException("Error while creating auth Response");
    }
    return getKeeper();
}
 

public ConsumerAndProviderTest(final String testName) throws Exception
{
    super(testName);
    int servletPort = Integer.parseInt(System.getProperty("SERVLET_PORT", "8989"));
    _server = new Server(servletPort);

    Context context = new Context(_server, "/", Context.SESSIONS);
    _baseUrl = "http://localhost:" + servletPort; // +
    // context.getContextPath();

    SampleConsumer consumer = new SampleConsumer(_baseUrl + "/loginCallback");
    context.addServlet(new ServletHolder(new LoginServlet(consumer)), "/login");
    context.addServlet(new ServletHolder(new LoginCallbackServlet(consumer)), "/loginCallback");

    context.addServlet(new ServletHolder(new UserInfoServlet()), "/user");

    SampleServer server = new SampleServer(_baseUrl + "/provider")
    {
        protected List userInteraction(ParameterList request) throws ServerException
        {
            List back = new ArrayList();
            back.add("userSelectedClaimedId"); // userSelectedClaimedId
            back.add(Boolean.TRUE); // authenticatedAndApproved
            back.add("[email protected]"); // email
            return back;
        }
    };
    context.addServlet(new ServletHolder(new ProviderServlet(server)), "/provider");
}
 

private ModelAndView handleVerifyReq(HttpServletRequest httpReq,
                                     HttpServletResponse httpResp,
                                     ParameterList requestParams)
    throws ServerException
{
    // --- processing a verification requestParams ---
    Message response = _manager.verify(requestParams);
    String responseText = response.keyValueFormEncoding();

    _log.info("Processed direct verification request from: "
              + httpReq.getRemoteAddr());

    return directResponse(httpResp, responseText);
}
 

private ModelAndView handleUnknownReq(HttpServletRequest httpReq,
                                      HttpServletResponse httpResp)
    throws ServerException
{
    // --- error response ---
    Message response = DirectError.createDirectError("Unknown requestParams");
    String responseText = response.keyValueFormEncoding();

    _log.error("Sending direct error response to "
               + httpReq.getRemoteAddr());

    return directResponse(httpResp, responseText);
}
 

private void generateSignatureForAttackValues() throws AssociationException, MessageException, ServerException {
    AttackParameter signature = getKeeper().getParameter("openid.sig");
    // only compute sig if no custom value is specified
    if (signature != null && !signature.isAttackValueUsedForSignatureComputation()) {
        Map<String, String> currentAttackMap = AttackParameterHandler.createToSignMap(getKeeper());
        ParameterList pl = new ParameterList(currentAttackMap);
        AuthSuccess success = UnvalidatedAuthSuccess.createAuthSuccess(pl);
        serverManager.sign(success);
        AttackParameterHandler.updateAttackParameters(getKeeper(), success.getParameterMap());
    }
}
 

public void sign(AuthSuccess authSuccess)
        throws ServerException, AssociationException {
    String handle = authSuccess.getHandle();

    Association assoc = null;
    try {
        // First try in thread local
        assoc = getThreadLocalAssociation();
    } finally {
        // Clear thread local
        clearThreadLocalAssociation();
    }

    // try shared associations, then private
    if (assoc == null) {
        assoc = getSharedAssociations().load(handle);
    }

    if (assoc == null) {
        assoc = getPrivateAssociations().load(handle);
    }

    if (assoc == null) {
        throw new ServerException("No association found for handle: " + handle);
    }

    authSuccess.setSignature(assoc.sign(authSuccess.getSignedText()));
}
 

private void generateSignatureForValidValues(AuthSuccess token) throws AssociationException, ServerException {
    serverManager.sign(token);
    AttackParameterHandler.updateValidParameters(getKeeper(), token.getParameterMap());
}