openidinfocardheader.java

开源的OpenId的一个java实现

/*
 * Copyright 2005-2008 WSO2, Inc. (http://wso2.com)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wso2.solutions.identity.openid.infocard;

import org.openid4java.association.Association;
import org.openid4java.association.AssociationException;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.Parameter;
import org.openid4java.message.ParameterList;
import org.openid4java.server.ServerManager;
import org.wso2.solutions.identity.IdentityConstants;
import org.wso2.solutions.identity.IdentityProviderException;

public class OpenIDInfoCardHeader {

    private final static int EXPIRES_IN = 1000;

    private ServerManager manager;
    private String nonce;
    private Association assoc;
    private String openID;
    private String returnTo;
    private String opAdress;

    /**
     * @param manager
     */
    public OpenIDInfoCardHeader(ServerManager manager) {
        this.manager = manager;
    }

    /**
     * Build the OpenIDToken header with the provided parameters.
     * @param openID OpenID Url
     * @param opAddress OpenID Provider server Url
     * @param appliesTo true/false
     * @return OpenIDToken header
     * @throws IdentityProviderException
     */
    public ParameterList buildHeader(String openID, String opAddress,
            String appliesTo) throws IdentityProviderException {

        ParameterList params = null;

        params = new ParameterList();
        this.nonce = getNonce();
        this.returnTo = appliesTo;
        this.openID = openID;
        this.opAdress = opAddress;

        params.set(new Parameter(IdentityConstants.OpenId.ATTR_NS,
                IdentityConstants.OpenId.OPENID_URL));

        params.set(new Parameter(IdentityConstants.OpenId.ATTR_OP_ENDPOINT,
                opAddress));

        params
                .set(new Parameter(IdentityConstants.OpenId.ATTR_CLAIM_ID,
                        openID));

        params.set(new Parameter(IdentityConstants.OpenId.ATTR_RESPONSE_NONCE,
                nonce));

        params.set(new Parameter(IdentityConstants.OpenId.ATTR_MODE, "id_res"));

        params
                .set(new Parameter(IdentityConstants.OpenId.ATTR_IDENTITY,
                        openID));

        params.set(new Parameter(IdentityConstants.OpenId.ATTR_RETURN_TO,
                appliesTo));

        try {
            this.assoc = getAssocHandle();
            params.set(new Parameter(
                    IdentityConstants.OpenId.ATTR_ASSOC_HANDLE, assoc
                            .getHandle()));
        } catch (AssociationException e) {
            throw new IdentityProviderException(e.getMessage());
        }

        params
                .set(new Parameter(IdentityConstants.OpenId.ATTR_SIGNED,
                        "op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle"));

        try {
            params.set(new Parameter(IdentityConstants.OpenId.ATTR_SIG,
                    getSignature(false)));
        } catch (AssociationException e) {
            throw new IdentityProviderException(e.getMessage());
        } catch (MessageException msgEx) {
            throw new IdentityProviderException(msgEx.getMessage());
        }

        return params;
    }

    /**
     * Creates an association between the OpenID Provider and the Relying Party.
     * @return Association.
     * @throws AssociationException
     */
    private Association getAssocHandle() throws AssociationException {

        return manager.getPrivateAssociations().generate(
                org.openid4java.association.Association.TYPE_HMAC_SHA1,
                EXPIRES_IN);
    }

    /**
     * Generates nonce token to uniquely identify authentication responses.
     * @return Nonce token.
     */
    private String getNonce() {
        return manager.getNonceGenerator().next();
    }

    /**
     * Creates the signature out of the specified parameters
     * @param compatibilty Indicates the compatibility.
     * @return Signature.
     * @throws MessageException
     * @throws AssociationException
     */
    private String getSignature(boolean compatibilty) throws MessageException,
            AssociationException {
        AuthSuccess openidResp = null;

        openidResp = AuthSuccess.createAuthSuccess(opAdress, openID, openID,
                compatibilty, returnTo, nonce, null, assoc, true);

        // sign the message
        return openidResp.getSignature();
    }

}