/* * Copyright 2006-2008 Sxip Identity Corporation */ package org.openid4java.message.pape; import org.openid4java.message.ParameterList; import org.openid4java.message.MessageException; import org.openid4java.message.Parameter; import org.openid4java.util.InternetDateFormat; import org.openid4java.OpenIDException; import java.util.*; import java.text.ParseException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; /** * Implements the extension for OpenID Provider Authentication Policy responses. * * @author Marius Scurtescu, Johnny Bufu */ public class PapeResponse extends PapeMessage { private static Log _log = LogFactory.getLog(PapeResponse.class); private static final boolean DEBUG = _log.isDebugEnabled(); protected final static List PAPE_FIELDS = Arrays.asList( new String[] { "auth_policies", "auth_time", }); private static final String AUTH_POLICY_NONE = "http://schemas.openid.net/pape/policies/2007/06/none"; private static InternetDateFormat _dateFormat = new InternetDateFormat(); /** * Constructs a Pape Response with an empty parameter list. */ protected PapeResponse() { set("auth_policies", AUTH_POLICY_NONE); if (DEBUG) _log.debug("Created empty PAPE response."); } /** * Constructs a Pape Response with an empty parameter list. */ public static PapeResponse createPapeResponse() { return new PapeResponse(); } /** * Constructs a Pape Response from a parameter list. *

* The parameter list can be extracted from a received message with the * getExtensionParams method of the Message class, and MUST NOT contain * the "openid.." prefix. */ protected PapeResponse(ParameterList params) { super(params); } public static PapeResponse createPapeResponse(ParameterList params) throws MessageException { PapeResponse resp = new PapeResponse(params); resp.validate(); if (DEBUG) _log.debug("Created PAPE response from parameter list:\n" + params); return resp; } /** * Gets the auth_policies parameter value. */ public String getAuthPolicies() { return getParameterValue("auth_policies"); } /** * Sets a new value for the auth_policies parameter. * * The previous value of the parameter will be owerwritten. * * @param policyUris Space separated list of authentication policy * URIs to be set. * @see #addAuthPolicy(String) */ public void setAuthPolicies(String policyUris) { // todo: enforce that policyUri is a valid URI? set("auth_policies", policyUris); } /** * Adds an authentication policy URI to the auth_policies * parameter. * * @param policyUri The authentication policy URI to be set. * @see #setAuthPolicies(String) */ public void addAuthPolicy(String policyUri) { // todo: check that policyUri isn't already in the list? String policies = getAuthPolicies(); if (policies == null || AUTH_POLICY_NONE.equals(policies)) // should never be null setAuthPolicies(policyUri); else setAuthPolicies(policies + " " + policyUri); } /** * Gets a list with the auth_policies. An empty list is * returned if no authentication policies exist. */ public List getAuthPoliciesList() { String policies = getParameterValue("auth_policies"); if (policies == null || AUTH_POLICY_NONE.equals(policies)) // should never be null return new ArrayList(); else return Arrays.asList(policies.split(" ")); } /** * Sets the auth_time parameter. * * @param timestamp The most recent timestamp when the End User has * actively authenticated to the OP in a manner * fitting the asserted policies. */ public void setAuthTime(Date timestamp) { set("auth_time", _dateFormat.format(timestamp)); } /** * Gets the timestamp when the End User has most recentnly authenticated * to the OpenID Provider in a manner fitting the asserted policies. * * @return The verbatim value of the auth_time parameter. * Null is returned if the parameter is not present * in the PapeResponse. * * @see #getAuthDate() */ public String getAuthTime() { return getParameterValue("auth_time"); } /** * Gets the timestamp when the End User has most recentnly authenticated * to the OpenID Provider in a manner fitting the asserted policies. * * @return The value of the auth_time parameter parsed into * a java.util.Date. Null is returned if the parameter * is not present in the PapeResponse, or if the * parameter value is invalid. * * @see #getAuthTime() */ public Date getAuthDate() { String authTime = getParameterValue("auth_time"); if (authTime != null) { try { return _dateFormat.parse(authTime); } catch (ParseException e) { _log.warn("Invalid auth_time: " + authTime + "; returning null."); } } return null; } /** * Checks the validity of the extension. *

* Used when constructing a extension from a parameter list. * * @throws MessageException if the PapeResponse is not valid. */ private void validate() throws MessageException { if (! _parameters.hasParameter("auth_policies")) { throw new MessageException( "auth_policies is required in a PAPE response.", OpenIDException.PAPE_ERROR); } String authTime = getAuthTime(); if (authTime != null) { try { _dateFormat.parse(authTime); } catch (ParseException e) { throw new MessageException( "Invalid auth_time in PAPE response: " + authTime, OpenIDException.PAPE_ERROR, e); } } Iterator it = _parameters.getParameters().iterator(); while (it.hasNext()) { String paramName = ((Parameter) it.next()).getKey(); if (PAPE_FIELDS.contains(paramName) || paramName.startsWith(PapeMessage.AUTH_LEVEL_NS_PREFIX)) continue; if ( paramName.startsWith(AUTH_LEVEL_PREFIX) && (authLevelAliases.values().contains(paramName.substring(AUTH_LEVEL_PREFIX.length())))) continue; throw new MessageException( "Invalid parameter in PAPE response: " + paramName, OpenIDException.PAPE_ERROR); } } public void setCustomAuthLevel(String authLevelTypeUri, String level) { String alias = addAuthLevelExtension(authLevelTypeUri); set(AUTH_LEVEL_PREFIX + alias, level); } public String getCustomAuthLevel(String authLevelTypeUri) { if (hasCustomAuthLevel(authLevelTypeUri)) return getParameterValue(AUTH_LEVEL_PREFIX + getCustomAuthLevelAlias(authLevelTypeUri)); else return null; } }