/** * Creates a default nonce that is 32 bytes long. * @return */ public static String createNonce() { return createNonce(32); } public static String createNonce(int length) {
public static void removeNonce(String nonce){ getNonces().remove(nonce); } public static boolean hasNonce(String nonce) {
public ATResponse2 getAccessToken(OA2Asset asset, AuthorizationGrant ag) { DelegatedAssetRequest dar = new DelegatedAssetRequest(); dar.setAuthorizationGrant(ag); dar.setClient(getEnvironment().getClient()); Map<String, String> m1 = getATParameters(asset, ag, null); dar.setParameters(m1); ATResponse2 atResponse2 = (ATResponse2) getEnvironment().getDelegationService().getAT(dar); asset.setIssuedAt((Date) atResponse2.getParameters().get(OA2Claims.ISSUED_AT)); asset.setUsername((String) atResponse2.getParameters().get(OA2Claims.SUBJECT)); if (!NonceHerder.hasNonce((String) atResponse2.getParameters().get(OA2Constants.NONCE))) { throw new InvalidNonceException("Unknown nonce."); } NonceHerder.removeNonce((String) atResponse2.getParameters().get(OA2Constants.NONCE)); // prevent replay attacks. asset.setAccessToken(atResponse2.getAccessToken()); asset.setRefreshToken(atResponse2.getRefreshToken()); getAssetStore().save(asset); return atResponse2; }
public static String createNonce(int length) { byte[] bytes = new byte[length]; random.nextBytes(bytes); String nonce = Base64.encodeBase64URLSafeString(bytes); putNonce(nonce); return nonce; }
info("No nonce in initial request for " + ((AGResponse) iResponse).getClient().getIdentifierString()); } else { NonceHerder.putNonce(nonce); // Don't check it, just store it and return it later.
@Override public void preRequestCert(Asset asset, Map parameters) { // do nothing here in this case. Protocol says add cert req before getCert. if (!parameters.containsKey(getEnvironment().getConstants().get(CALLBACK_URI_KEY))) { parameters.put(getEnvironment().getConstants().get(CALLBACK_URI_KEY), getEnvironment().getCallback().toString()); } OA2Asset a = (OA2Asset) asset; a.setState(NonceHerder.createNonce()); a.setNonce(NonceHerder.createNonce()); // Next is for testing exception handling on the server. This creates an unsupported request which should fail everytime. //parameters.put(OA2Constants.REQUEST, "My_request"); parameters.put(OA2Constants.RESPONSE_TYPE, OA2Constants.AUTHORIZATION_CODE); //parameters.put(OA2Constants.CLIENT_ID, delegationRequest.getClient().getIdentifierString()); parameters.put(OA2Constants.SCOPE, getRequestedScopes()); //parameters.put(OA2Constants.REDIRECT_URI, delegationRequest.getParameters().get(OA2Constants.REDIRECT_URI)); parameters.put(OA2Constants.STATE, a.getState()); // random state is ok. parameters.put(OA2Constants.NONCE, a.getNonce()); parameters.put(OA2Constants.PROMPT, OA2Constants.PROMPT_LOGIN); }
public static boolean hasNonce(String nonce) { return getNonces().contains(nonce); } public static void checkNonce(String nonce) {
String nonce = NonceHerder.createNonce(); HashMap m = new HashMap(); m.put(OA2Constants.RESPONSE_TYPE, OA2Constants.AUTHORIZATION_CODE);
public static void putNonce(String nonce){ getNonces().add(nonce); }