Hi Ron,
after a long period of debugging if come to the end that it did not work :-(
I find out that in the method verifyToken(Map token) of the AssociationManager the comparison of the two signatures failed every time.
All the data I received from my openid server looks really good. But I did not understand the method call:
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(a.getMacKey());
String signature = new String(Base64Helper.encode(mac.doFinal(bytes)));
The result signature is not equal the string in my token map
String msgSignature = (String) token.get("openid.sig");
I am not able to understand the method so I can not help me further more.
For example my token object look like this:
openid.signed=assoc_handle,identity,mode,op_endpoint,response_nonce,return_to,signed, openid.sig=7ezVn1jnG3eJKbOwN/W/OKmbyGU=,
openid.identity=
http://rsoika.myopenid.com/,
openid.mode=id_res,
openid.assoc_handle={HMAC-SHA1}{48f0840d}{6l8sWw==},
openid.return_to=
http://localhost:8080/sywapp/}
and the token_contents StringBuffer from which you generate the signature looks like this
assoc_handle:{HMAC-SHA1}{48f0840d}{6l8sWw==}
identity:
http://rsoika.myopenid.com/
mode:id_res
op_endpoint:null
response_nonce:null
return_to:
http://localhost:8080/sywapp/
signed:assoc_handle,identity,mode,op_endpoint,response_nonce,return_to,signed
can you help me here to find out what the problem could be?
Thanks
ralph
[Message sent by forum member 'rsoika' (rsoika)]
http://forums.java.net/jive/thread.jspa?messageID=305027