/** * Create a new builder instance. * * @param consumerCredentials Consumer credentials. */ OAuth1BuilderImpl(final ConsumerCredentials consumerCredentials) { this(new OAuth1Parameters(), new OAuth1Secrets(), consumerCredentials); }
private OAuth1BuilderImpl(final OAuth1Parameters params, final OAuth1Secrets secrets, final ConsumerCredentials consumerCredentials) { this.params = params; this.secrets = secrets; // spec defines that when no callback uri is used (e.g. client is unable to receive callback // as it is a mobile application), the "oob" value should be used. if (this.params.getCallback() == null) { this.params.setCallback(OAuth1Parameters.NO_CALLBACK_URI_VALUE); } this.consumerCredentials = consumerCredentials; }
private void checkParametersConsistency(OAuth1Parameters oauth1Parameters, OAuth1Secrets oauth1Secrets) { if (oauth1Parameters.getSignatureMethod() == null) { oauth1Parameters.signatureMethod("HMAC-SHA1"); } if (oauth1Parameters.getVersion() == null) { oauth1Parameters.version(); } if (oauth1Secrets.getConsumerSecret() == null || oauth1Parameters.getConsumerKey() == null) { throw new ProcessingException(LocalizationMessages.ERROR_CONFIGURATION_MISSING_CONSUMER()); } if (oauth1Parameters.getToken() != null && oauth1Secrets.getTokenSecret() == null) { throw new ProcessingException(LocalizationMessages.ERROR_CONFIGURATION_MISSING_TOKEN_SECRET()); } } }
/** * Generates an OAuth signature for the given request, parameters and * secrets, and stores it as a signature parameter, and writes the * OAuth parameters to the request as an Authorization header. * * @param request the request to generate signature for and write header to. * @param params the OAuth authorization parameters. * @param secrets the secrets used to generate the OAuth signature. * @throws OAuth1SignatureException if an error occurred generating the signature. */ public void sign(final OAuth1Request request, OAuth1Parameters params, final OAuth1Secrets secrets) throws OAuth1SignatureException { params = params.clone(); // don't modify caller's parameters params.setSignature(generate(request, params, secrets)); params.writeRequest(request); }
private OAuth1SecurityContext getSecurityContext(ContainerRequestContext request) throws OAuth1Exception { OAuthServerRequest osr = new OAuthServerRequest(request); OAuth1Parameters params = new OAuth1Parameters().readRequest(osr); if (params.size() == 0) { throw newUnauthorizedException(); String consumerKey = requiredOAuthParam(params.getConsumerKey()); String token = params.getToken(); String timestamp = requiredOAuthParam(params.getTimestamp()); String nonce = requiredOAuthParam(params.getNonce()); requiredOAuthParam(params.getSignature()); supportedOAuthParam(params.getVersion(), versions);
public Response postReqTokenRequest() { OAuthServerRequest request = new OAuthServerRequest(requestContext); OAuth1Parameters params = new OAuth1Parameters(); params.readRequest(request); String tok = params.getToken(); if ((tok != null) && (!tok.contentEquals(""))) { throw new OAuth1Exception(Response.Status.BAD_REQUEST, null); String consKey = params.getConsumerKey(); if (consKey == null) { throw new OAuth1Exception(Response.Status.BAD_REQUEST, null); OAuth1Token rt = provider.newRequestToken(consKey, params.getCallback(), parameters);
final OAuth1Parameters paramCopy = parameters.clone(); final OAuth1Secrets secretsCopy = secrets.clone(); paramCopy.consumerKey(consumerFromProperties.getConsumerKey()); secretsCopy.consumerSecret(consumerFromProperties.getConsumerSecret()); paramCopy.token(tokenFromProperties.getToken()); secretsCopy.tokenSecret(tokenFromProperties.getAccessTokenSecret()); if (paramCopy.getTimestamp() == null) { paramCopy.setTimestamp(); if (paramCopy.getNonce() == null) { paramCopy.setNonce();
boolean sigIsOk = false; OAuthServerRequest request = new OAuthServerRequest(requestContext); OAuth1Parameters params = new OAuth1Parameters(); params.readRequest(request); if (params.getToken() == null) { throw new WebApplicationException(new Throwable("oauth_token MUST be present."), 400); String consKey = params.getConsumerKey(); if (consKey == null) { throw new OAuth1Exception(Response.Status.BAD_REQUEST, null); OAuth1Token rt = provider.getRequestToken(params.getToken()); if (rt == null) { OAuth1Token at = provider.newAccessToken(rt, params.getVerifier());
public AccessToken finish(final String verifier) { parameters.setVerifier(verifier); final Response response = addProperties(client.target(accessTokenUri).request()).post(null); // accessToken request failed if (response.getStatus() >= 400) { throw new RuntimeException(LocalizationMessages.ERROR_REQUEST_ACCESS_TOKEN(response.getStatus())); } final Form form = response.readEntity(Form.class); final String accessToken = form.asMap().getFirst(OAuth1Parameters.TOKEN); final String accessTokenSecret = form.asMap().getFirst(OAuth1Parameters.TOKEN_SECRET); if (accessToken == null) { throw new NotAuthorizedException(LocalizationMessages.ERROR_REQUEST_ACCESS_TOKEN_NULL()); } parameters.token(accessToken); secrets.tokenSecret(accessTokenSecret); final AccessToken resultToken = new AccessToken(parameters.getToken(), secrets.getTokenSecret()); this.accessToken = resultToken; return resultToken; }
for (final String key : params.keySet()) { final String value = params.get(key); if (key.startsWith("oauth_") && params.containsKey(key)) { continue;
@GET public Response getAuthenticate(@QueryParam("oauth_token") String token){ OAuthServerRequest request = new OAuthServerRequest(requestContext); OAuth1Parameters params = new OAuth1Parameters(); params.readRequest(request); log.trace("params:{}", params.toString()); String tok = params.getToken(); log.trace("check token: {}",tok); if (tok == null || tok.contentEquals("")) { throw new OAuth1Exception(Response.Status.BAD_REQUEST, null); } Set<String> roles = new HashSet<>(); roles.add("user"); String verifier = ((DefaultOAuth1Provider)provider).authorizeToken(((DefaultOAuth1Provider)provider).getRequestToken(tok), null, roles); log.debug("verifier:{}",verifier); return Response.ok().entity(verifier).build(); } }
/** * Returns the signature for the request. */ public String getSignature() { return get(SIGNATURE); }
public String start() { final Response response = addProperties(client.target(requestTokenUri).request()) .post(null); if (response.getStatus() != 200) { throw new RuntimeException(LocalizationMessages.ERROR_REQUEST_REQUEST_TOKEN(response.getStatus())); } final MultivaluedMap<String, String> formParams = response.readEntity(Form.class).asMap(); parameters.token(formParams.getFirst(OAuth1Parameters.TOKEN)); secrets.tokenSecret(formParams.getFirst(OAuth1Parameters.TOKEN_SECRET)); return UriBuilder.fromUri(authorizationUri).queryParam(OAuth1Parameters.TOKEN, parameters.getToken()) .build().toString(); }
private OAuth1AuthorizationFlowImpl(final OAuth1Parameters params, final OAuth1Secrets secrets, final String requestTokenUri, final String accessTokenUri, final String authorizationUri, final String callbackUri, final Client client, final boolean enableLogging) { this.parameters = params; this.secrets = secrets; this.requestTokenUri = requestTokenUri; this.accessTokenUri = accessTokenUri; this.authorizationUri = authorizationUri; if (client != null) { this.client = client; } else { this.client = ClientBuilder.newBuilder().build(); } final Configuration config = this.client.getConfiguration(); if (enableLogging && !config.isRegistered(LoggingFeature.class)) { this.client.register(new LoggingFeature(LOGGER, LoggingFeature.Verbosity.PAYLOAD_ANY)); } if (!config.isRegistered(OAuth1ClientFeature.class)) { this.client.register(new OAuth1ClientFeature(params, secrets)); } if (callbackUri != null) { this.parameters.callback(callbackUri); } if (secrets.getConsumerSecret() == null || parameters.getConsumerKey() == null) { throw new IllegalStateException(LocalizationMessages.ERROR_CONFIGURATION_MISSING_CONSUMER()); } }
/** * Writes the OAuth parameters to a request, as an Authorization header. * * @param request the request to write OAuth parameters to. * @return this parameters object. */ public OAuth1Parameters writeRequest(OAuth1Request request) { StringBuilder buf = new StringBuilder(SCHEME); boolean comma = false; for (String key : keySet()) { String value = get(key); if (value == null) { continue; } buf.append(comma ? ", " : " ").append(UriComponent.encode(key, UriComponent.Type.UNRESERVED)); buf.append("=\"").append(UriComponent.encode(value, UriComponent.Type.UNRESERVED)).append('"'); comma = true; } request.addHeaderValue(AUTHORIZATION_HEADER, buf.toString()); return this; }
/** * Create a new builder instance. * * @param params Pre-configured oauth parameters. * @param secrets Pre-configured oauth secrets. */ OAuth1BuilderImpl(final OAuth1Parameters params, final OAuth1Secrets secrets) { this(params, secrets, new ConsumerCredentials(params.getConsumerKey(), secrets.getConsumerSecret())); }
/** * Verifies the OAuth signature for a given request, parameters and * secrets. * * @param request the request to verify the signature from. * @param params the OAuth authorization parameters * @param secrets the secrets used to verify the OAuth signature. * @return true if the signature is verified. * @throws OAuth1SignatureException if an error occurred generating the signature. */ public boolean verify(final OAuth1Request request, final OAuth1Parameters params, final OAuth1Secrets secrets) throws OAuth1SignatureException { return getSignatureMethod(params).verify(baseString(request, params), secrets, params.getSignature()); }
/** * Retrieves an instance of a signature method that can be used to generate * or verify signatures for data. * * @return the retrieved signature method. * @throws UnsupportedSignatureMethodException if signature method not supported. */ private OAuth1SignatureMethod getSignatureMethod(final OAuth1Parameters params) throws UnsupportedSignatureMethodException { final OAuth1SignatureMethod method = methods.get(params.getSignatureMethod()); if (method == null) { throw new UnsupportedSignatureMethodException(params.getSignatureMethod()); } return method; }
private OAuth1SecurityContext getSecurityContext(ContainerRequestContext request) throws OAuth1Exception { OAuthServerRequest osr = new OAuthServerRequest(request); OAuth1Parameters params = new OAuth1Parameters().readRequest(osr); if (params.size() == 0) { throw newUnauthorizedException(); String consumerKey = requiredOAuthParam(params.getConsumerKey()); String token = params.getToken(); String timestamp = requiredOAuthParam(params.getTimestamp()); String nonce = requiredOAuthParam(params.getNonce()); requiredOAuthParam(params.getSignature()); supportedOAuthParam(params.getVersion(), versions);
public Response postReqTokenRequest() { OAuthServerRequest request = new OAuthServerRequest(requestContext); OAuth1Parameters params = new OAuth1Parameters(); params.readRequest(request); log.trace("params:{}", params.toString()); String tok = params.getToken(); if ((tok != null) && (!tok.contentEquals(""))) { log.warn("token empty, returning 400 BAD_REQUEST"); String consKey = params.getConsumerKey(); if (consKey == null) { log.warn("consumer key empty, returning 400 BAD_REQUEST"); OAuth1Token rt = provider.newRequestToken(consKey, params.getCallback(), parameters);