public void save(String opUrl, Association association) { cleanupExpired(); try { JdbcTemplate jdbcTemplate = getJdbcTemplate(); int cnt = jdbcTemplate.update(_sqlInsert, new Object[] { opUrl, association.getHandle(), association.getType(), association.getMacKey() == null ? null : new String( Base64.encodeBase64(association.getMacKey().getEncoded())), association.getExpiry()}); } catch (Exception e) { _log.error("Error saving association to table: " + _tableName, e); } }
/** * Is association valid. * * @param association the association * @return the boolean */ protected boolean isAssociationValid(final Association association) { return association != null && !association.hasExpired(); } }
@Override public Association load(String handle) { if(IdentityUtil.isBlank(handle)){ throw new IllegalArgumentException("Handle is empty"); } if(log.isDebugEnabled()){ log.debug("Inside load(); handle : " + handle); } String timeStamp = handle.substring((Integer.toString(storeId)).length(), handle.indexOf("-")); Date expireDate = new Date(Long.parseLong(timeStamp)+ this.expireIn); if(log.isDebugEnabled()){ log.debug("Calculated Expiry Time : " + expireDate.getTime()); } // SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); // PBEKeySpec spec = new PBEKeySpec(serverKey.toCharArray(), handle.getBytes(), 1, 256); // SecretKey secretKey = factory.generateSecret(spec); return Association.createHmacSha256(handle, (serverKey + handle).getBytes(), expireDate); }
public void removeExpiredAssociations() { Date currentTime = new Date(); for (Map.Entry<String, Association> entry : associationMap.entrySet()) { Association association = entry.getValue(); if(currentTime.after(association.getExpiry())) { if (log.isDebugEnabled()) { log.debug("Current time : " + currentTime.getTime() + ", expiry time : " + association.getExpiry().getTime() + ". Hence removing expired association : " + association.getHandle()); } removeAssociation(association.getHandle()); } } } }
public Association generate(String type, int expiryIn) throws AssociationException { String handle = storeId + timestamp + "-" + getCounter(); Association association = Association.generate(type, handle, expiryIn); // replicating association using cluster messages if(log.isDebugEnabled()) { log.debug("Storing association " + association.getHandle() + " in the map."); } OpenIDAssociationReplicationManager.getPersistenceManager().addAssociation(association); return association; }
InvalidAlgorithmParameterException, NoSuchProviderException { ByteArrayOutputStream encodedAssociation = new ByteArrayOutputStream(); String type = association.getType(); if (type == Association.TYPE_HMAC_SHA1) { encodedAssociation.write(1); throw new AssociationException("unknown type: " + type); SecretKey macKey = association.getMacKey(); byte[] macKeyBytes = macKey.getEncoded(); encodedAssociation.write(macKeyBytes); Date expiry = association.getExpiry(); Long time = expiry.getTime(); DataOutputStream dos = new DataOutputStream(encodedAssociation); return Association.createHmacSha1(handle, macKeyBytes, expiry); } else if (type == Association.TYPE_HMAC_SHA256) { return Association.createHmacSha256(handle, macKeyBytes, expiry);
assoc = Association.createHmacSha1(assocHandle, Base64.decode(macKey), expireIn); assoc = Association.createHmacSha256(assocHandle, Base64.decode(macKey), expireIn);
+ " association handle: " + assoc.getHandle()); setType(type); setAssocHandle(assoc.getHandle()); Long expiryIn = new Long( ( assoc.getExpiry().getTime() - System.currentTimeMillis() ) / 1000 ); setExpire(expiryIn); assoc.getMacKey().getEncoded(), assocReq.getDhPublicKey() )); Base64.encodeBase64(assoc.getMacKey().getEncoded())));
public synchronized void save(String opUrl, Association association) { removeExpired(); Map handleMap = (Map) _opMap.get(opUrl); if (handleMap == null) { handleMap = new HashMap(); _opMap.put(opUrl, handleMap); } String handle = association.getHandle(); if (DEBUG) { _log.debug("Adding association to the in-memory store: " + handle + " with OP: " + opUrl); } handleMap.put(association.getHandle(), association); }
protected AuthSuccess(String opEndpoint, String claimedId, String delegate, boolean compatibility, String returnTo, String nonce, String invalidateHandle, Association assoc, boolean signNow) throws AssociationException { if (! compatibility) { set("openid.ns", OPENID2_NS); setOpEndpoint(opEndpoint); setClaimed(claimedId); setNonce(nonce); } set("openid.mode", MODE_IDRES); setIdentity(delegate); setReturnTo(returnTo); if (invalidateHandle != null) setInvalidateHandle(invalidateHandle); setHandle(assoc.getHandle()); buildSignedList(); setSignature(signNow ? assoc.sign(getSignedText()) : ""); }
assoc = Association.getFailedAssociation(expDate); assoc = Association.createHmacSha1(handle, Base64.decodeBase64(macKey.getBytes()), expDate); assoc = Association.createHmacSha256(handle, Base64.decodeBase64(macKey.getBytes()), expDate);
_log.info("Found association: " + assoc.getHandle() + " verifying signature locally..."); String text = authResp.getSignedText(); String signature = authResp.getSignature(); if (assoc.verifySignature(text, signature))
if (privateAssoc.verifySignature(signed, signature)) { _log.info("Consumer nonce signature verified."); return nonce;
public synchronized Association generate(String type, int expiryIn) throws AssociationException { removeExpired(); String handle = _timestamp + "-" + _counter++; Association association = Association.generate(type, handle, expiryIn); _handleMap.put(handle, association); if (DEBUG) _log.debug("Generated association, handle: " + handle + " type: " + type + " expires in: " + expiryIn + " seconds."); return association; }
public boolean verifySignature(String text, String signature) throws AssociationException { if (DEBUG) _log.debug("Verifying signature: " + signature); // The Java String.equals() method returns on the first difference in // its inputs, which allows a timing attack to recover signature values. // This verification method will take the same amount of time for any // two inputs of equal length. String textSig = sign(text); if (textSig.length() == 0 || textSig.length() != signature.length()) { return false; } int result = 0; for (int i = 0; i < textSig.length(); i++) { result |= textSig.charAt(i) ^ signature.charAt(i); } return result == 0; } }
public synchronized Association load(String opUrl) { removeExpired(); Association latest = null; if (_opMap.containsKey(opUrl)) { Map handleMap = (Map) _opMap.get(opUrl); Iterator handles = handleMap.keySet().iterator(); while (handles.hasNext()) { String handle = (String) handles.next(); Association association = (Association) handleMap.get(handle); if (latest == null || latest.getExpiry().before(association.getExpiry())) { latest = association; } } } return latest; }
assoc = Association.createHmacSha1(assocHandle, Base64.decode(macKey), expireIn); assoc = Association.createHmacSha256(assocHandle, Base64.decode(macKey), expireIn);
if (DEBUG) { _log.debug("Creating association response, type: " + assocReq.getType() + " association handle: " + assoc.getHandle()); setType(type); setAssocHandle(assoc.getHandle()); Long expiryIn = new Long((assoc.getExpiry().getTime() - System.currentTimeMillis()) / 1000); setExpire(expiryIn); assoc.getMacKey().getEncoded(), assocReq.getDhPublicKey())); } else // no-encryption session, unecrypted MAC key Base64.encodeBase64(assoc.getMacKey().getEncoded())));
public synchronized void save(String opUrl, Association association) { removeExpired(); Map handleMap = (Map) _opMap.get(opUrl); if (handleMap == null) { handleMap = new HashMap(); _opMap.put(opUrl, handleMap); } String handle = association.getHandle(); if(DEBUG) _log.debug("Adding association to the in-memory store: " + handle + " with OP: " + opUrl); handleMap.put(association.getHandle(), association); }
protected AuthSuccess(String opEndpoint, String claimedId, String delegate, boolean compatibility, String returnTo, String nonce, String invalidateHandle, Association assoc, boolean signNow) throws AssociationException { if (!compatibility) { set("openid.ns", OPENID2_NS); setOpEndpoint(opEndpoint); setClaimed(claimedId); setNonce(nonce); } set("openid.mode", MODE_IDRES); setIdentity(delegate); setReturnTo(returnTo); if (invalidateHandle != null) { setInvalidateHandle(invalidateHandle); } setHandle(assoc.getHandle()); buildSignedList(); setSignature(signNow ? assoc.sign(getSignedText()) : ""); }