Upgraded PAPE implementation to v1.0 final.

johnny.bufu · johnny.bufu · commit 302f965f1cc0 · 2009-05-12T00:19:42.000Z
diff --git a/README b/README
@@ -12,7 +12,7 @@ The library currently supports the following OpenID specifications:
 	- OpenID Authentication 2.0
 	- OpenID Attribute Exchange 1.0
 	- OpenID Simple Registration 1.0 and 1.1
-	- OpenID Provider Authentication Policy Extension 1.0, draft 2
+	- OpenID Provider Authentication Policy Extension 1.0
 	- OpenID Information Cards 1.0, draft 1
 
 OpenID starts with the concept that anyone can identify themselves on the 
diff --git a/TODO b/TODO
@@ -17,7 +17,6 @@
 
   - Extensions to implement:
     - OpenID Signed Assertions 1.0
-	- OpenID Provider Authentication Policy Extension 1.0
 
   - MessageExtension.providesIdentifier()
     - review interface to allow exchange of messages with no identifiers at all
diff --git a/src/org/openid4java/message/pape/PapeMessage.java b/src/org/openid4java/message/pape/PapeMessage.java
@@ -8,6 +8,10 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import java.util.Map;
+import java.util.HashMap;
+import java.util.Iterator;
+
 /**
  * Base class for the OpenID Provider Authentication Policy extension
  * implementation.
@@ -35,6 +39,13 @@ public class PapeMessage implements MessageExtension, MessageExtensionFactory
     public static final String PAPE_POLICY_MULTI_FACTOR_PHYSICAL =
         "http://schemas.openid.net/pape/policies/2007/06/multi-factor-physical";
 
+    protected static final String AUTH_LEVEL_PREFIX       = "auth_level.";
+    protected static final String AUTH_LEVEL_NS_PREFIX    = "auth_level.ns.";
+    private   static final String AUTH_LEVEL_ALIAS_PREFIX = "papeauthlevel";
+
+    protected Map authLevelAliases = new HashMap(); // auth level URL -> alias
+    private int authLevelAliasCounter = 0;
+
     /**
      * The OpenID Provider Authentication Policy extension URI.
      */
@@ -67,7 +78,7 @@ public PapeMessage()
      */
     public PapeMessage(ParameterList params)
     {
-        _parameters = params;
+        setParameters(params);
 
         if (DEBUG)
             _log.debug("Created PapeMessage from parameter list:\n" + params);
@@ -108,6 +119,9 @@ public ParameterList getParameters()
     public void setParameters(ParameterList params)
     {
         _parameters = params;
+        Iterator iter = params.getParameters().iterator();
+        while(iter.hasNext())
+            checkAddAuthLevelExtension((Parameter) iter.next());
     }
 
     /**
@@ -131,7 +145,45 @@ public boolean hasParameter(String name)
      */
     protected void set(String name, String value)
     {
-        _parameters.set(new Parameter(name, value));
+        Parameter param = new Parameter(name, value);
+        _parameters.set(param);
+        checkAddAuthLevelExtension(param);
+    }
+
+    private void checkAddAuthLevelExtension(Parameter param) {
+        String key = param == null ? null : param.getKey();
+        String value = param == null ? null : param.getValue();
+        if (key != null && key.startsWith(AUTH_LEVEL_NS_PREFIX))
+            addAuthLevelExtension(value, key.substring(AUTH_LEVEL_NS_PREFIX.length()));
+    }
+
+    private synchronized String newAuthLevelAlias()
+    {
+        return AUTH_LEVEL_ALIAS_PREFIX + ++authLevelAliasCounter;
+    }
+
+    protected String addAuthLevelExtension(String authLevelTypeUri)
+    {
+        return addAuthLevelExtension(authLevelTypeUri, null);
+    }
+
+    private String addAuthLevelExtension(String authLevelTypeUri, String alias)
+    {
+        if (!authLevelAliases.containsKey(authLevelTypeUri)) {
+            String authLevelAlias = alias == null ? newAuthLevelAlias() : alias;
+            authLevelAliases.put(authLevelTypeUri, authLevelAlias);
+        }
+        return (String) authLevelAliases.get(authLevelTypeUri);
+    }
+
+    public boolean hasCustomAuthLevel(String authLevelTypeUri)
+    {
+        return authLevelAliases.containsKey(authLevelTypeUri);
+    }
+
+    protected String getCustomAuthLevelAlias(String authLevelTypeUri)
+    {
+        return (String) authLevelAliases.get(authLevelTypeUri);
     }
 
     /**
diff --git a/src/org/openid4java/message/pape/PapeRequest.java b/src/org/openid4java/message/pape/PapeRequest.java
@@ -26,7 +26,7 @@ public class PapeRequest extends PapeMessage
     private static final boolean DEBUG = _log.isDebugEnabled();
 
     protected final static List PAPE_FIELDS = Arrays.asList( new String[] {
-            "preferred_auth_policies", "max_auth_age"
+            "preferred_auth_policies", "preferred_auth_level_types", "max_auth_age"
     });
 
     /**
@@ -56,7 +56,7 @@ public static PapeRequest createPapeRequest()
      */
     protected PapeRequest(ParameterList params)
     {
-        _parameters = params;
+        super(params);
     }
 
     /**
@@ -186,12 +186,19 @@ public void validate() throws MessageException
         while (it.hasNext())
         {
             String paramName = ((Parameter) it.next()).getKey();
-            if (! PAPE_FIELDS.contains(paramName) )
+            if (! PAPE_FIELDS.contains(paramName) && ! paramName.startsWith(PapeMessage.AUTH_LEVEL_NS_PREFIX))
             {
                 throw new MessageException(
                     "Invalid parameter name in PAPE request: " + paramName,
                     OpenIDException.PAPE_ERROR);
             }
         }
     }
+
+    public void addPreferredCustomAuthLevel(String authLevelTypeUri)
+    {
+        String alias = addAuthLevelExtension(authLevelTypeUri);
+        String preferred = getParameterValue("preferred_auth_level_types");
+        set("preferred_auth_level_types", preferred == null ? alias : preferred + " " + alias);
+    }
 }
diff --git a/src/org/openid4java/message/pape/PapeResponse.java b/src/org/openid4java/message/pape/PapeResponse.java
@@ -27,17 +27,19 @@ public class PapeResponse extends PapeMessage
     private static final boolean DEBUG = _log.isDebugEnabled();
 
     protected final static List PAPE_FIELDS = Arrays.asList( new String[] {
-            "auth_policies", "auth_time", "nist_auth_level"
+            "auth_policies", "auth_time",
     });
 
+    private static final String AUTH_POLICY_NONE = "http://schemas.openid.net/pape/policies/2007/06/none";
+
     private static InternetDateFormat _dateFormat = new InternetDateFormat();
 
     /**
      * Constructs a Pape Response with an empty parameter list.
      */
     protected PapeResponse()
     {
-        set("auth_policies", "none");
+        set("auth_policies", AUTH_POLICY_NONE);
 
         if (DEBUG) _log.debug("Created empty PAPE response.");
     }
@@ -59,7 +61,7 @@ public static PapeResponse createPapeResponse()
      */
     protected PapeResponse(ParameterList params)
     {
-        _parameters = params;
+        super(params);
     }
 
     public static PapeResponse createPapeResponse(ParameterList params)
@@ -112,7 +114,7 @@ public void addAuthPolicy(String policyUri)
 
         String policies = getAuthPolicies();
 
-        if (policies == null || "none".equals(policies)) // should never be null
+        if (policies == null || AUTH_POLICY_NONE.equals(policies)) // should never be null
             setAuthPolicies(policyUri);
         else
             setAuthPolicies(policies + " " + policyUri);
@@ -126,7 +128,7 @@ public List getAuthPoliciesList()
     {
         String policies = getParameterValue("auth_policies");
 
-        if (policies == null || "none".equals(policies)) // should never be null
+        if (policies == null || AUTH_POLICY_NONE.equals(policies)) // should never be null
             return new ArrayList();
         else
             return Arrays.asList(policies.split(" "));
@@ -190,33 +192,6 @@ public Date getAuthDate()
         return null;
     }
 
-    /**
-     * Gets the value of the nist_auth_level parameter.
-     * <p>
-     * NIST levels are integers between 1 and 4 inclusive. Level 0 is
-     * used to signify that the OP recognizes the parameter and the
-     * user authentication did not meet the requirements of Level 1.
-     *
-     * @return          The NIST level, or -1 if the parameter is not set.
-     */
-    public int getNistAuthLevel()
-    {
-        String level = getParameterValue("nist_auth_level");
-
-        if ( level != null && level.length() > 0 )
-            return Integer.parseInt(level);
-        else
-            return -1;
-    }
-
-    public void setNistAuthLevel(int level) throws MessageException
-    {
-        if (level < 0 || level > 4)
-            throw new MessageException("Invalid NIST level: " + level);
-
-        set("nist_auth_level", Integer.toString(level));
-    }
-
     /**
      * Checks the validity of the extension.
      * <p>
@@ -253,12 +228,31 @@ private void validate() throws MessageException
         {
             String paramName = ((Parameter) it.next()).getKey();
 
-            if (! PAPE_FIELDS.contains(paramName))
-            {
-                throw new MessageException(
-                    "Invalid parameter name in PAPE response: " + paramName,
-                    OpenIDException.PAPE_ERROR);
-            }
+            if (PAPE_FIELDS.contains(paramName) ||  paramName.startsWith(PapeMessage.AUTH_LEVEL_NS_PREFIX))
+                continue;
+
+            if ( paramName.startsWith(AUTH_LEVEL_PREFIX) &&
+                 (authLevelAliases.values().contains(paramName.substring(AUTH_LEVEL_PREFIX.length()))))
+                continue;
+
+            throw new MessageException(
+                "Invalid parameter in PAPE response: " + paramName,
+                OpenIDException.PAPE_ERROR);
         }
     }
+
+    public void setCustomAuthLevel(String authLevelTypeUri, String level)
+    {
+        String alias = addAuthLevelExtension(authLevelTypeUri);
+        set(AUTH_LEVEL_PREFIX + alias, level);
+    }
+
+    public String getCustomAuthLevel(String authLevelTypeUri)
+    {
+        if (hasCustomAuthLevel(authLevelTypeUri))
+            return getParameterValue(AUTH_LEVEL_PREFIX + getCustomAuthLevelAlias(authLevelTypeUri));
+        else
+            return null;
+    }
+
 }

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ public class PapeRequest extends PapeMessage`
`26`	`26`	`private static final boolean DEBUG = _log.isDebugEnabled();`
`27`	`27`
`28`	`28`	`protected final static List PAPE_FIELDS = Arrays.asList( new String[] {`
`29`		`- "preferred_auth_policies", "max_auth_age"`
	`29`	`+ "preferred_auth_policies", "preferred_auth_level_types", "max_auth_age"`
`30`	`30`	`});`
`31`	`31`
`32`	`32`	`/**`
`@@ -56,7 +56,7 @@ public static PapeRequest createPapeRequest()`
`56`	`56`	`*/`
`57`	`57`	`protected PapeRequest(ParameterList params)`
`58`	`58`	`{`
`59`		`- _parameters = params;`
	`59`	`+ super(params);`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`/**`
`@@ -186,12 +186,19 @@ public void validate() throws MessageException`
`186`	`186`	`while (it.hasNext())`
`187`	`187`	`{`
`188`	`188`	`String paramName = ((Parameter) it.next()).getKey();`
`189`		`- if (! PAPE_FIELDS.contains(paramName) )`
	`189`	`+ if (! PAPE_FIELDS.contains(paramName) && ! paramName.startsWith(PapeMessage.AUTH_LEVEL_NS_PREFIX))`
`190`	`190`	`{`
`191`	`191`	`throw new MessageException(`
`192`	`192`	`"Invalid parameter name in PAPE request: " + paramName,`
`193`	`193`	`OpenIDException.PAPE_ERROR);`
`194`	`194`	`}`
`195`	`195`	`}`
`196`	`196`	`}`
	`197`	`+`
	`198`	`+ public void addPreferredCustomAuthLevel(String authLevelTypeUri)`
	`199`	`+ {`
	`200`	`+ String alias = addAuthLevelExtension(authLevelTypeUri);`
	`201`	`+ String preferred = getParameterValue("preferred_auth_level_types");`
	`202`	`+ set("preferred_auth_level_types", preferred == null ? alias : preferred + " " + alias);`
	`203`	`+ }`
`197`	`204`	`}`