I have implemented an OpenID 1.1 provider in Java but I am having trouble with smart clients using an assoc_handle from associate coming up with different signatures. Dumb clients relying on check_authentication work fine. Specifically, I am testing against LiveJournal and it keeps returning:
signature_mismatch: Prior association invalidated ID provider response.
The body of my HMAC() function is:
public static byte[] HMAC(byte[] secret, String token_contents) {
SecretKey sk = new SecretKeySpec(secret, "HMACSHA1");
Mac m = Mac.getInstance(sk.getAlgorithm());
m.init(sk);
return m.doFinal(token_contents.getBytes("UTF-8"));
}
The token_contents for calling HMAC() comes from the following code during the handling for checkid_setup. That is, the signing is being done on mode,identity,return_to and this is also the value of the signed response parameter.
String token_contents = String.format(
"mode:id_res\nidentity:%s\nreturn_to:%s\n",
identity, return_to);
And finally, the secret is the base64-decoded version of mac_key returned by the initial associate call (e.g. retrieved via secret(assoc_handle) as per the spec). I've done a fair amount of testing to make sure the enc_mac_key can be decrypted properly.
Any thoughts? Is there anything glaringly wrong with this?
Or ... is there a simple, stand-alone client that anyone knows of which would do OpenID 1.1 and trace out its steps. Given that I may be able to figure out where I'm calculating things differently.
The problem in my case was using base64url encoding on output of key values (mac_key, enc_mac_key, dh_server_public) instead of standard base64. In Apache Commons I was using encodeBase64URLSafeString instead of simply encodeBase64String. This was an unfortunate carry over from having worked in Open ID Connect previously and I misunderstood the nature of the function.
Anyway, something that helped me discover the answer was using the simply excellent OpenID4Java and its simple-openid JSP sample. Immediately it barfed out errors on my signature, complaining that it was 168 bits (instead of 160).