/** * Add signature type to the message. */ private void addSignatureParams(List<Parameter> params) { if (accessorInfo.getConsumer().getConsumer().consumerKey == null) { params.add( new Parameter(OAuth.OAUTH_CONSUMER_KEY, realRequest.getSecurityToken().getDomain())); } if (accessorInfo.getConsumer().getKeyName() != null) { params.add(new Parameter(XOAUTH_PUBLIC_KEY_OLD, accessorInfo.getConsumer().getKeyName())); params.add(new Parameter(XOAUTH_PUBLIC_KEY_NEW, accessorInfo.getConsumer().getKeyName())); } params.add(new Parameter(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0)); params.add(new Parameter(OAuth.OAUTH_TIMESTAMP, Long.toString(fetcherConfig.getClock().currentTimeMillis() / 1000L))); // the oauth.net java code uses a clock to generate nonces, which causes nonce collisions // under heavy load. A random nonce is more reliable. params.add(new Parameter(OAuth.OAUTH_NONCE, String.valueOf(Math.abs(Crypto.RAND.nextLong())))); }
/** * Add signature type to the message. */ private void addSignatureParams(List<Parameter> params) { if (accessorInfo.getConsumer().getConsumer().consumerKey == null) { params.add( new Parameter(OAuth.OAUTH_CONSUMER_KEY, realRequest.getSecurityToken().getDomain())); } if (accessorInfo.getConsumer().getKeyName() != null) { params.add(new Parameter(XOAUTH_PUBLIC_KEY_OLD, accessorInfo.getConsumer().getKeyName())); params.add(new Parameter(XOAUTH_PUBLIC_KEY_NEW, accessorInfo.getConsumer().getKeyName())); } params.add(new Parameter(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0)); params.add(new Parameter(OAuth.OAUTH_TIMESTAMP, Long.toString(fetcherConfig.getClock().currentTimeMillis() / 1000))); // the oauth.net java code uses a clock to generate nonces, which causes nonce collisions // under heavy load. A random nonce is more reliable. params.add(new Parameter(OAuth.OAUTH_NONCE, String.valueOf(Math.abs(Crypto.RAND.nextLong())))); }
@Test public void testGetOAuthAccessor_fullOAuth_socialPage() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName("testservice"); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setServiceName("testservice"); arguments.setUseToken(UseToken.ALWAYS); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); Assert.assertNull(info.getConsumer().getKeyName()); assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_socialOAuth_socialPage() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName("testservice"); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setServiceName("testservice"); arguments.setUseToken(UseToken.IF_AVAILABLE); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); Assert.assertNull(info.getConsumer().getKeyName()); assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_signedFetch_hmacKey() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName("hmac"); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); arguments.setServiceName("hmac"); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); Assert.assertNull(info.getConsumer().getKeyName()); assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_oauthParamsInHeader() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setServiceName("testservice"); arguments.setUseToken(UseToken.ALWAYS); privateToken.setAppUrl("http://www.example.com/header.xml"); AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState, responseParams, fetcherConfig); assertEquals( FakeOAuthServiceProvider.REQUEST_TOKEN_URL, info.getConsumer().getConsumer().serviceProvider.requestTokenURL); assertEquals( FakeOAuthServiceProvider.APPROVAL_URL, info.getConsumer().getConsumer().serviceProvider.userAuthorizationURL); assertEquals( FakeOAuthServiceProvider.ACCESS_TOKEN_URL, info.getConsumer().getConsumer().serviceProvider.accessTokenURL); assertEquals(HttpMethod.GET, info.getHttpMethod()); assertEquals(OAuthParamLocation.AUTH_HEADER, info.getParamLocation()); }
@Test public void testGetOAuthAccessor_signedFetch_defaultHmac() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName(""); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); Assert.assertNull(info.getConsumer().getKeyName()); assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_signedFetch_defaultHmac() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName(""); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); Assert.assertNull(info.getConsumer().getKeyName()); assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
public AccessorInfo create(OAuthResponseParams responseParams) throws OAuthRequestException { if (location == null) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "no location"); } if (consumer == null) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "no consumer"); } OAuthAccessor accessor = new OAuthAccessor(consumer.getConsumer()); // request token/access token/token secret can all be null, for signed fetch, or if the OAuth // dance is just beginning accessor.requestToken = requestToken; accessor.accessToken = accessToken; accessor.tokenSecret = tokenSecret; return new AccessorInfo(accessor, consumer, method, location, sessionHandle, tokenExpireMillis); }
@Test public void testNullCallback() throws Exception { store = new BasicOAuthStore(); store.initFromConfigString(SAMPLE_FILE); FakeGadgetToken t = new FakeGadgetToken(); t.setAppUrl("http://localhost:8080/samplecontainer/examples/oauth.xml"); OAuthServiceProvider provider = new OAuthServiceProvider("req", "authorize", "access"); ConsumerInfo consumerInfo = store.getConsumerKeyAndSecret(t, "", provider); OAuthConsumer consumer = consumerInfo.getConsumer(); assertEquals("gadgetConsumer", consumer.consumerKey); assertNull(consumerInfo.getKeyName()); assertNull(consumerInfo.getCallbackUrl()); } }
public AccessorInfo create(OAuthResponseParams responseParams) throws OAuthRequestException { if (location == null) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "no location"); } if (consumer == null) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "no consumer"); } OAuthAccessor accessor = new OAuthAccessor(consumer.getConsumer()); // request token/access token/token secret can all be null, for signed fetch, or if the OAuth // dance is just beginning accessor.requestToken = requestToken; accessor.accessToken = accessToken; accessor.tokenSecret = tokenSecret; return new AccessorInfo(accessor, consumer, method, location, sessionHandle, tokenExpireMillis); }
@Test public void testGetOAuthAccessor_signedFetch_badServiceName() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName("otherservice"); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); arguments.setServiceName("hmac"); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); }
@Test public void testGetOAuthAccessor_signedFetch_badServiceName() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName("otherservice"); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); arguments.setServiceName("hmac"); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); }
@Test public void testGetOAuthAccessor_signedFetch_badServiceName() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName("otherservice"); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); arguments.setServiceName("hmac"); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); }
public AccessorInfo create(OAuthResponseParams responseParams) throws OAuthRequestException { if (location == null) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "no location"); } if (consumer == null) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "no consumer"); } OAuthAccessor accessor = new OAuthAccessor(consumer.getConsumer()); // request token/access token/token secret can all be null, for signed fetch, or if the OAuth // dance is just beginning accessor.requestToken = requestToken; accessor.accessToken = accessToken; accessor.tokenSecret = tokenSecret; return new AccessorInfo(accessor, consumer, method, location, sessionHandle, tokenExpireMillis); }
@Test public void testGetOAuthAccessor_signedFetch() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); assertNull(info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_signedFetch() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); assertNull(info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testNullCallback() throws Exception { store = new BasicOAuthStore(); store.initFromConfigString(SAMPLE_FILE); FakeGadgetToken t = new FakeGadgetToken(); t.setAppUrl("http://localhost:8080/gadgets/oauth.xml"); OAuthServiceProvider provider = new OAuthServiceProvider("req", "authorize", "access"); ConsumerInfo consumerInfo = store.getConsumerKeyAndSecret(t, "", provider); OAuthConsumer consumer = consumerInfo.getConsumer(); assertEquals("gadgetConsumer", consumer.consumerKey); assertNull(consumerInfo.getKeyName()); assertNull(consumerInfo.getCallbackUrl()); } }
@Test public void testNullCallback() throws Exception { store = new BasicOAuthStore(); store.initFromConfigString(SAMPLE_FILE); FakeGadgetToken t = new FakeGadgetToken(); t.setAppUrl("http://localhost:8080/gadgets/oauth.xml"); OAuthServiceProvider provider = new OAuthServiceProvider("req", "authorize", "access"); ConsumerInfo consumerInfo = store.getConsumerKeyAndSecret(t, "", provider); OAuthConsumer consumer = consumerInfo.getConsumer(); assertEquals("gadgetConsumer", consumer.consumerKey); assertNull(consumerInfo.getKeyName()); assertNull(consumerInfo.getCallbackUrl()); } }
@Test public void testGetOAuthAccessor_signedFetch() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); assertNull(info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }