Search code examples
javaopenidopenid-provider

How to generate the OpenID 1.1 sig based on assoc_handle?


I have implemented an OpenID 1.1 provider in Java but I am having trouble with smart clients using an assoc_handle from associate coming up with different signatures. Dumb clients relying on check_authentication work fine. Specifically, I am testing against LiveJournal and it keeps returning:

signature_mismatch: Prior association invalidated ID provider response.

The body of my HMAC() function is:

public static byte[] HMAC(byte[] secret, String token_contents) {
    SecretKey sk = new SecretKeySpec(secret, "HMACSHA1");
    Mac m = Mac.getInstance(sk.getAlgorithm());
    m.init(sk);
    return m.doFinal(token_contents.getBytes("UTF-8"));
}

The token_contents for calling HMAC() comes from the following code during the handling for checkid_setup. That is, the signing is being done on mode,identity,return_to and this is also the value of the signed response parameter.

String token_contents = String.format(
    "mode:id_res\nidentity:%s\nreturn_to:%s\n",
    identity, return_to);

And finally, the secret is the base64-decoded version of mac_key returned by the initial associate call (e.g. retrieved via secret(assoc_handle) as per the spec). I've done a fair amount of testing to make sure the enc_mac_key can be decrypted properly.

Any thoughts? Is there anything glaringly wrong with this?

Or ... is there a simple, stand-alone client that anyone knows of which would do OpenID 1.1 and trace out its steps. Given that I may be able to figure out where I'm calculating things differently.


Solution

  • The problem in my case was using base64url encoding on output of key values (mac_key, enc_mac_key, dh_server_public) instead of standard base64. In Apache Commons I was using encodeBase64URLSafeString instead of simply encodeBase64String. This was an unfortunate carry over from having worked in Open ID Connect previously and I misunderstood the nature of the function.

    Anyway, something that helped me discover the answer was using the simply excellent OpenID4Java and its simple-openid JSP sample. Immediately it barfed out errors on my signature, complaining that it was 168 bits (instead of 160).