package examples.providers.identityassertion.openid; import java.util.

List; import import import import import import import import import import import import import import import import javax.security.auth.callback.CallbackHandler; javax.servlet.ServletException; javax.servlet.ServletRequest; javax.servlet.http.HttpServletRequest; javax.servlet.http.HttpSession; org.openid4java.OpenIDException; org.openid4java.consumer.ConsumerManager; org.openid4java.consumer.VerificationResult; org.openid4java.discovery.DiscoveryException; org.openid4java.discovery.DiscoveryInformation; org.openid4java.discovery.Identifier; org.openid4java.message.AuthRequest; org.openid4java.message.AuthSuccess; org.openid4java.message.ParameterList; org.openid4java.message.ax.AxMessage; org.openid4java.server.RealmVerifier;

import weblogic.security.service.ContextHandler; import weblogic.security.spi.ProviderChallengeContext; public class OpenIdProviderChallengeContext implements ProviderChallengeContext { private boolean completed = false; private Object challengeToken = null; private CallbackHandler handler = null; private VerificationResult verification; public ConsumerManager manager; private DiscoveryInformation discovered = null; private String originalRequest; private String openIdPath = null; private String serverURL = null; public OpenIdProviderChallengeContext(OpenIdIdentityAsserterMBean config ) { super(); try { this.manager = new ConsumerManager(); RealmVerifier rv = new RealmVerifier(); rv.setEnforceRpId(false); manager.setRealmVerifier(rv); this.openIdPath = config.getOpenIdWebAppPath(); this.serverURL = config.getServerURL(); } catch (Exception e) { throw new SecurityException(e.getMessage()); } } void setCallbackHandler(CallbackHandler handler) {

this.handler = handler; } VerificationResult getVerificationResult() { return this.verification; } String getOriginalRequest() { return this.originalRequest; } @Override public CallbackHandler getCallbackHandler() { // TODO Auto-generated method stub return handler; } @Override public Object getChallengeToken() { // TODO Auto-generated method stub return challengeToken; } @Override public boolean hasChallengeIdentityCompleted() { // TODO Auto-generated method stub return completed; } //There are two states //State 1 - Discovered Information is NULL && URL -> generate the authen ticate request //State 2 - Discovered Information in NOT NULL -> validate the response void processRequest(ContextHandler ctx) throws OpenIDException { HttpServletRequest req = (HttpServletRequest) ctx.getValue("req" ); HttpSession session = req.getSession(true); if (this.discovered == null) { String claimedURL = req.getParameter("claim"); if (claimedURL == null || claimedURL.trim().length() == 0) { throw new OpenIDException("No discovery informat ion and no claim in request"); } else { this.originalRequest = req.getParameter("origina lRequest"); System.out.println("Saving the original request: "+this.originalRequest); this.generateAuthRequest(req); } } else {

this.validateResponse(req); } } private void validateResponse(HttpServletRequest req) throws OpenIDException { // TODO Auto-generated method stub System.out.println("Getting Validated...."); // extract the parameters from the authentication response // (which comes in as a HTTP request from the OpenID provider) ParameterList response = new ParameterList(req.getParameterMap() ); // retrieve the previously stored discovery information DiscoveryInformation discovered = (DiscoveryInformation) req .getSession().getAttribute("discovered"); // extract the receiving URL from the HTTP request StringBuffer receivingURL = req.getRequestURL(); String queryString = req.getQueryString(); if (queryString != null && queryString.length() > 0) receivingURL.append("?").append(req.getQueryString()); // verify the response; ConsumerManager needs to be the same // (static) instance used to place the authentication request VerificationResult verification = manager.verify(receivingURL .toString(), response, discovered); // examine the verification result and extract the verified iden tifier Identifier verified = verification.getVerifiedId(); if (verified != null) { AuthSuccess authSuccess = (AuthSuccess) verification .getAuthResponse(); if (authSuccess.hasExtension(AxMessage.OPENID_NS_AX)) { org.openid4java.message.ax.FetchResponse fetchRe sp = (org.openid4java.message.ax.FetchResponse) authSuccess .getExtension(AxMessage.OPENID_N S_AX); //List emails = fetchResp.getAttributeValues("em ail"); //String email = (String) emails.get(0); } this.completed = true; this.verification = verification; if (this.originalRequest!=null) { //Set it as an attribute on the request, so the filter can use it req.setAttribute("originalRequest", this.origina lRequest); } else {

throw new OpenIDException("Couldn't locate origi nal request in ChallengeContext"); } //return verified; // success } } private void generateAuthRequest(HttpServletRequest req) throws OpenIDException { // TODO Auto-generated method stub String claimedURL = req.getParameter("claim"); if (!claimedURL.startsWith("http")) { claimedURL = "http://"+claimedURL; } // perform discovery on the user-supplied identifier List discoveries = manager.discover(claimedURL); // attempt to associate with the OpenID provider // and retrieve one service endpoint for authentication this.discovered = manager.associate(discoveries); String target = this.serverURL; if (target==null || target.trim().length()==0) { String protocol = "http"; if (req.isSecure()) { protocol = "https"; } target = protocol+"://"+req.getServerName()+":"+req.getS erverPort(); } target+=this.openIdPath+"/login"; System.out.println("Using Realm="+target); // obtain a AuthRequest message to be sent to the OpenID provide r AuthRequest authReq = manager.authenticate(discovered, target); this.challengeToken = authReq; } }