Source Code of org.wso2.carbon.identity.provider.openid.infocard.OpenIDInfoCardHeader

/*
 * Copyright 2005-2008 WSO2, Inc. (http://wso2.com)
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.wso2.carbon.identity.provider.openid.infocard;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openid4java.association.Association;
import org.openid4java.association.AssociationException;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.MessageException;
import org.openid4java.message.Parameter;
import org.openid4java.message.ParameterList;
import org.openid4java.server.ServerManager;
import org.wso2.carbon.identity.base.IdentityConstants;
import org.wso2.carbon.identity.provider.IdentityProviderException;

public class OpenIDInfoCardHeader {

    private final static int EXPIRES_IN = 1000;
    private static Log log = LogFactory.getLog(OpenIDInfoCardHeader.class);

    private ServerManager manager;
    private String nonce;
    private Association assoc;
    private String openID;
    private String returnTo;
    private String opAdress;

    /**
     * @param manager
     */
    public OpenIDInfoCardHeader(ServerManager manager) {
        this.manager = manager;
    }

    /**
     * Build the OpenIDToken header with the provided parameters.
     *
     * @param openID OpenID Url
     * @param opAddress OpenID Provider server Url
     * @param appliesTo true/false
     * @return OpenIDToken header
     * @throws IdentityProviderException
     */
    public ParameterList buildHeader(String openID, String opAddress, String appliesTo)
            throws IdentityProviderException {

        ParameterList params = null;

        params = new ParameterList();
        this.nonce = getNonce();
        this.returnTo = appliesTo;
        this.openID = openID;
        this.opAdress = opAddress;

        params.set(new Parameter(IdentityConstants.OpenId.ATTR_NS,
                IdentityConstants.OpenId.OPENID_URL));
        params.set(new Parameter(IdentityConstants.OpenId.ATTR_OP_ENDPOINT, opAddress));
        params.set(new Parameter(IdentityConstants.OpenId.ATTR_CLAIM_ID, openID));
        params.set(new Parameter(IdentityConstants.OpenId.ATTR_RESPONSE_NONCE, nonce));
        params.set(new Parameter(IdentityConstants.OpenId.ATTR_MODE, "id_res"));
        params.set(new Parameter(IdentityConstants.OpenId.ATTR_IDENTITY, openID));
        params.set(new Parameter(IdentityConstants.OpenId.ATTR_RETURN_TO, appliesTo));

        try {
            this.assoc = getAssocHandle();
            params
                    .set(new Parameter(IdentityConstants.OpenId.ATTR_ASSOC_HANDLE, assoc
                            .getHandle()));
            if (log.isDebugEnabled()) {
                log.debug("Association generated :::::" + assoc.getHandle());
            }
        } catch (AssociationException e) {
            log.error("Failed to retreive assoc handle while building OpenID InfoCard header", e);
            throw new IdentityProviderException(e.getMessage());
        }

        params.set(new Parameter(IdentityConstants.OpenId.ATTR_SIGNED,
                "op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_handle"));

        try {
            params.set(new Parameter(IdentityConstants.OpenId.ATTR_SIG, getSignature(false)));
        } catch (AssociationException e) {
            throw new IdentityProviderException(e.getMessage());
        } catch (MessageException msgEx) {
            throw new IdentityProviderException(msgEx.getMessage());
        }

        return params;
    }

    /**
     * Creates an association between the OpenID Provider and the Relying Party.
     *
     * @return Association.
     * @throws AssociationException
     */
    private Association getAssocHandle() throws AssociationException {

        return manager.getPrivateAssociations().generate(
                org.openid4java.association.Association.TYPE_HMAC_SHA1, EXPIRES_IN);
    }

    /**
     * Generates nonce token to uniquely identify authentication responses.
     *
     * @return Nonce token.
     */
    private String getNonce() {
        return manager.getNonceGenerator().next();
    }

    /**
     * Creates the signature out of the specified parameters
     *
     * @param compatibilty Indicates the compatibility.
     * @return Signature.
     * @throws MessageException
     * @throws AssociationException
     */
    private String getSignature(boolean compatibilty) throws MessageException, AssociationException {
        AuthSuccess openidResp = null;

        openidResp = AuthSuccess.createAuthSuccess(opAdress, openID, openID, compatibilty,
                returnTo, nonce, null, assoc, true);

        // sign the message
        return openidResp.getSignature();
    }

}