Issue with ParameterList.createFromKeyValueForm method (?)

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Create a keyValueForm string that ends in \r\n

What is the expected output? What do you see instead?

An exception is thrown for invalid key-value form

What version of the product are you using? On what operating system?

latest version pulled from SVN on 6 march

Original issue reported on code.google.com by m...@tsoares.net on 7 Mar 2007 at 12:00

[GoogleCodeExporter]

Can you please provide a stack trace, and the input data that generated the 
exception?

Also the revision number of the code would help.

Original comment by johnny%s...@gtempaccount.com on 7 Mar 2007 at 12:39

[GoogleCodeExporter]

Original comment by Johnny.B...@gmail.com on 25 Apr 2007 at 5:25

• Changed state: Invalid

[GoogleCodeExporter]

Hello, I have the same problem.
When the server returns a keyValueForm string (responseText =
response.keyValueFormEncoding() in SampleServer.java) there is a new line at 
the end,
and then an exception is thrown for invalid key-value form because a colon is 
missing.

But if the server returns this string without the new line there's no problem.
Because of the new line, the last keyValue is probably "".

I think the code in createFromKeyValueForm(String keyValueForm) of ParameterList
should be like :

  if(!keyValue.equals("")){
    int posColon = keyValue.indexOf(':');
    ...
   }

During association mode, because of this exception the consumer falls into dumb 
mode.
And when the consumer send the check_authentification message there is the same
problem with "is_valid:true\n" sent by the server.
With my own OP I can drop the last new line and it works but I have a problem 
when OP
is openid.aol.com or myopenid.com.

I'm using the (latest?) version java-openid-sxip-0.9.2.249

François

Original comment by Francois...@gmail.com on 10 May 2007 at 7:13

[GoogleCodeExporter]

So I tried with :
if(!keyValue.equals("\r")){
    int posColon = keyValue.indexOf(':');
    ...
   }
And when my OP send the key-value form with the function 
createFromKeyValueForm, it
works :)

But I still have a problem with openid.aol.com and myopenid.com, and 
getStatusMsg()
is different, with openid.aol.com it's "Error verifying signature with the OP: 
null"
and with myopenid.com it's "Nonce verificaton failed."
And if for the consumer, I disable stateless with allowStateless(false), I have 
the
same message for openid.aol.col and myopenid.com and it's :
"Authentication cannot be performed: no association available and stateless 
mode is
disable"

I use "Forward proxy setup" in SampleConsumer. I need it and without it I have 
this
stack trace :
Fatal transport error: 
org.openid4java.discovery.HtmlResolver.call(HtmlResolver.java:191)
org.openid4java.discovery.HtmlResolver.discover(HtmlResolver.java:134)
org.openid4java.discovery.Discovery.discover(Discovery.java:201)
org.openid4java.discovery.Discovery.discover(Discovery.java:137)
org.openid4java.consumer.ConsumerManager.discover(ConsumerManager.java:497)
SampleConsumer.authRequest(SampleConsumer.java:61)

François

Original comment by Francois...@gmail.com on 10 May 2007 at 8:58

[GoogleCodeExporter]

>When the server returns a keyValueForm string (responseText =
>response.keyValueFormEncoding() in SampleServer.java) there is a new line at 
the end

According to the spec, the final newline character is part of what's defined as 
a 
line in the key-value form encoding, so the code in 
Message.keyValueFormEncoding() 
seems ok to me.

>and then an exception is thrown for invalid key-value form because a colon is 
missing.

Can you please post the stacktrace for this (and the input data that generated 
it)? 
I added a string terminated with a newline to the 
ParameterListTest.testCreateFromKeyValueForm() and it passes, so I can't 
reproduce 
the problem.

Johnny

Original comment by Johnny.B...@gmail.com on 10 May 2007 at 5:53

• Changed state: New

[GoogleCodeExporter]

This is what I get with ethereal, consumer try to associate and the server's 
response
is =>
http://img510.imageshack.us/img510/3941/response1kh0.png

A key-value form with a final new line character, and it's ok with the spec. 
But the
consumer falls into dumb mode, consumer can't verify the response and send a
"check_authentification" message.
The server's response is =>
http://img215.imageshack.us/img215/4894/response2rw2.png

This is also a key-value form with a final new line character, and then an 
exception
is thrown.

The message of the exception is =>
Invalid Key-Value form, colon missing: 

And the stack trace =>
org.openid4java.message.ParameterList.createFromKeyValueForm(ParameterList.java:
185)
org.openid4java.consumer.ConsumerManager.call(ConsumerManager.java:590)
org.openid4java.consumer.ConsumerManager.verifySignature(ConsumerManager.java:16
94)
org.openid4java.consumer.ConsumerManager.verify(ConsumerManager.java:1144)
SampleConsumer.verifyResponse(SampleConsumer.java:167)
ServletConsumer.doGet(ServletConsumer.java:72)
javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)

I wanted to understand how to use the librairy and I modified SampleConsumer
(returnToUrl string for example), that's why SampleConsumer is not in the 
package
org.openid4java.consumer in the stack trace.

Then I let SampleConsumer in the original package and modified returnToUrl 
string,
and ... it works with my OP :)
I suppose tsoa...@pacbell.net did something similar.

With myopenid.com and openid.aol.com it doesn't work yet, I have an exception 
and the
message is "Error verifying signature with the OP". But It's not because of a
key-value form :P
I saw that you said myopenid.com work for you at
http://www.javalobby.org/java/forums/t93250.html so it should work for me too. 
I will
post in the openid4java discussion group at google if my problem persists (it 
seems
associate fails)

Thanks,
François

Original comment by Francois...@gmail.com on 11 May 2007 at 2:22

[GoogleCodeExporter]

Can you please double-check what kind of line endings you are receiving? 
ParameterList.createFromKeyValue() only throws the error if there is no colon 
character (if (posColon == -1)) on a non-empty line (tokenizer.hasMoreTokens()).

I have just checked our DemoRP against myopenid.com and it worked fine - both 
associations and direct verification.

One thing that looks suspect in your screenshots above is the missing 'ns' 
parameter 
from the responses. Unless you were sending OpenID v1 requests, the 'ns' param 
should be there (and myopenid.com does send it).

Johnny

Original comment by Johnny.B...@gmail.com on 12 May 2007 at 12:06

[GoogleCodeExporter]

Ok, now I know what was the problem : I renamed the SampleConsumer.java of my
workspace and then I didn't have the colon missing exception. I suppose the 
problem
was two files had the same name, one in the package org.openid4java.consumer 
and the
other in the workspace.

>Unless you were sending OpenID v1 requests
In the HTML document I wrote => link rel="openid.server"
that's why there was not the 'ns' param.
Then I wrote => link rel="openid.server openid2.provider"
And then I have the 'ns' param =>

openid.op_endpoint:Http://192.168.57.154/openid/server
openid.assoc_handle:1179131623439-0
openid.signed:op_endpoint,claimed_id,identity,return_to,response_nonce,assoc_han
dle
openid.identity:http://192.168.57.154/openid/id2.html
openid.return_to:http://192.168.57.154/openid/consumer
openid.claimed_id:http://192.168.57.154/openid/id2.html
openid.mode:id_res
openid.sig:eMm0cdyRrdC4CF+ZsnbdleTerz8/YzQkY2WiCpnwEJk=
openid.response_nonce:2007-05-14T08:33:43Z0
openid.ns:http://specs.openid.net/auth/2.0

But when the consumer verifies the response of my OP, I have "Discovered 
information
verification failed." because at line 1127 of ConsumerManager, discovered 
becomes
null (discovered = verifyDiscovered(authResp, discovered);)
Step 2/4 fails with my OP, but with myopenid it is at step 3/4.

Finaly, the 'createFromKeyValueForm issue' is resolved :)
François

Original comment by Francois...@gmail.com on 14 May 2007 at 10:05

[GoogleCodeExporter]

I use the originals files of the librairie and then... I still have the colon 
missing
exception...
In fact I modified ParameterList in order like this :
if(!keyValue.equals("\r")){

            int posColon = keyValue.indexOf(':');
            if (posColon == -1)
                throw new MessageException("Invalid Key-Value form, colon missing: "
+ keyValue);

            String key   = keyValue.substring(0, posColon);
            String value = keyValue.substring(posColon + 1);

            parameterList.set(new Parameter(key, value));
           }

And I forgot it... I believed I used the original ParameterList.java
That's why I didn't get the "Invalid Key-Value form".

>Can you please double-check what kind of line endings you are receiving?
If what I wrote prevents the exception, the kind of line endings is "\r".

With "("+keyValue+")" printed this is the data :

Invalid Key-Value form, colon missing:
(is_valid:true)
(ns:http://specs.openid.net/auth/2.0)
( )

So the problem is tokenizer has more token after
"ns:http://specs.openid.net/auth/2.0" and it is the token "\r"
I think the problem also occurs during the associate mode.

The 'createFromKeyValueForm issue' is not resolved :(
François

Original comment by Francois...@gmail.com on 14 May 2007 at 12:46

[GoogleCodeExporter]

I tried this :

At the server when he answers to the consumer :
res.getWriter().println(keyvalueform+"len:"+keyvalueform.length()+"\n");
I get =>
Invalid Key-Value form, colon missing:
(is_valid:true)
(len:14)
( )

But if the server answers that : (no line endings)
res.getWriter().println(keyvalueform+"len:"+keyvalueform.length());

There is no problem and the consumer can verify the signature. In fact he 
associates
sucessfully with the consumer.

So it seems when the server's answer ends with '\n', a '\r' appears.
With ethereal I saw that the server's answer always ended with 0x0d 0x0a. It 
may be
the cause of the issue ?

François

Original comment by Francois...@gmail.com on 14 May 2007 at 3:20

[GoogleCodeExporter]

>So the problem is tokenizer has more token after
>"ns:http://specs.openid.net/auth/2.0" and it is the token "\r"

Yes, that's the problem; the \r is not defined as a line-ending character:
http://openid.net/specs/openid-authentication-2_0-11.html#anchor4

So I would suggest fixing the server to not send \r characters. BTW - what are 
you 
using on the server? If you use openid4java, you can send to the consumer the 
output 
from the keyValueFormEncoding() method.

Johnny

Original comment by johnny%s...@gtempaccount.com on 14 May 2007 at 10:25

[GoogleCodeExporter]

>If you use openid4java, you can send to the consumer the output 
from the keyValueFormEncoding() method.
I did it, keyvalueform is the string of the keyValueFormEncoding() method.

But I found my mistake :
"res.getWriter().println"
instead of 
"res.getWriter().print"

So "Issue with ParameterList.createFromKeyValueForm method (?)" happens 
beacause of
println.

François

Original comment by Francois...@gmail.com on 15 May 2007 at 7:55

[GoogleCodeExporter]

Good to hear! So the issue can be closed, since there isn't a bug in the 
library 
code.

Alternatively you could use a raw stream writer, as in the SampleServer example:

ServletOutputStream os = httpResp.getOutputStream();
os.write(response.getBytes());
os.close();

Johnny

Original comment by johnny%s...@gtempaccount.com on 15 May 2007 at 2:29

[GoogleCodeExporter]

Original comment by Johnny.B...@gmail.com on 19 May 2007 at 7:30

• Changed state: Invalid