void validate3LOMessage(OAuthMessage message, ServiceProviderToken token) throws OAuthException, IOException, URISyntaxException { printMessageToDebug(message); validator.validateMessage(message, converter.toOAuthAccessor(token)); }
public Authenticator.Result authenticate(HttpServletRequest request, HttpServletResponse response) { if (OAuthRequestUtils.is2LOAuthAccessAttempt(request)) { return authenticate2LORequest(request, response); } else if (OAuthRequestUtils.is3LOAuthAccessAttempt(request)) { return authenticate3LORequest(request, response); } else { throw new IllegalArgumentException("This Authenticator only works with OAuth requests"); } }
private Result handleException(HttpServletResponse response, OAuthMessage message, Exception e) { // this isn't likely to happen, it would result from some unknown error with the request that the OAuth.net // library couldn't handle appropriately LOG.error("Failed to validate OAuth message", e); sendError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return new Result.Error(new OAuthProblem.System(e)); }
public Authenticator.Result authenticate3LORequest(HttpServletRequest request, HttpServletResponse response) { OAuthMessage message = OAuthServlet.getMessage(request, getLogicalUri(request)); sendError(response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, message); return new Result.Error(new OAuthProblem.UnreadableToken(e)); try { token = getToken(tokenStr); } catch (InvalidTokenException e) { LOG.debug(String.format("3-Legged-OAuth Consumer provided token [%s] rejected by ServiceProviderTokenStore", tokenStr), e); validate3LOMessage(message, token); consumer = validateConsumer(message); return handleOAuthProblemException(response, message, tokenStr, ope); } catch (Exception e) { return handleException(response, message, e); LOG.debug(String.format("3-Legged-OAuth successful. Request marked with consumer key set to [%s]", consumer.getKey())); return getUserLoginResult(request, response, message, consumer, user);
public Authenticator.Result authenticate2LORequest(HttpServletRequest request, HttpServletResponse response) { OAuthMessage message = OAuthServlet.getMessage(request, getLogicalUri(request)); consumer = validateConsumer(message); validate2LOMessage(message, consumer); } catch (OAuthProblemException ope) { return handleOAuthProblemException(response, message, null, ope); } catch (Exception e) { return handleException(response, message, e); sendError(response, HttpServletResponse.SC_UNAUTHORIZED, message); return new Authenticator.Result.Failure(new OAuthProblem.PermissionDenied(userId)); sendError(response, HttpServletResponse.SC_UNAUTHORIZED, message); return new Authenticator.Result.Failure(new OAuthProblem.PermissionDenied()); return getUserLoginResult(request, response, message, consumer, user);
checkRequestToken(requestMessage, token); } else { checkAccessToken(requestMessage, token); validator.validateMessage(requestMessage, converter.toOAuthAccessor(token)); } catch (OAuthProblemException ope) { logOAuthProblem(requestMessage, ope, log); throw ope; accessToken = tokenStore.put(factory.generateAccessToken(token)); tokenStore.removeAndNotify(token.getToken()); } catch (Exception e) {
public void process(HttpServletRequest request, HttpServletResponse response, ServiceProviderToken token) throws IOException { ServiceProviderToken newToken; if (request.getParameter("approve") != null) { String verifier = randomizer.randomAlphanumericString(AuthorizeServlet.VERIFIER_LENGTH); newToken = token.authorize(getLoggedInUser(request), verifier); } else if (request.getParameter("deny") != null) { newToken = token.deny(getLoggedInUser(request)); } else { renderer.render(request, response, token); return; } redirectBackToConsumer(request, response, store.put(newToken)); }
private Result handleOAuthProblemException(HttpServletResponse response, OAuthMessage message, String tokenStr, OAuthProblemException ope) { logOAuthProblem(message, ope, LOG); try { OAuthServlet.handleException(response, ope, applicationProperties.getBaseUrl()); } catch (Exception e) { // there was an IOE or ServletException, nothing more we can really do LOG.error("Failure reporting OAuth error to client", e); } if (ope.getProblem().equals(CONSUMER_KEY_UNKNOWN)) { return new Result.Failure(new OAuthProblem(Problem.valueOf(ope.getProblem().toUpperCase(Locale.ENGLISH)))); } if (tokenStr != null) { return new Result.Failure(new OAuthProblem(Problem.valueOf(ope.getProblem().toUpperCase(Locale.ENGLISH)), tokenStr)); } else { return new Result.Failure(new OAuthProblem(Problem.valueOf(ope.getProblem().toUpperCase(Locale.ENGLISH)))); } }
/** * Validates the nonce. * * @param consumerKey consumer key * @param timestamp timestamp as the number of seconds since January 1, 1970 00:00:00 GMT (according to OAuth 1.0 spec) * @param nonce nonce * @throws OAuthProblemException if the nonce has been used. */ public void validateNonce(String consumerKey, long timestamp, String nonce) throws OAuthProblemException { Preconditions.checkNotNull(consumerKey); Preconditions.checkNotNull(nonce); NonceEntry entry = new NonceEntry(consumerKey, timestamp, nonce); synchronized (NONCES) { if (NONCES.contains(entry)) { throw new OAuthProblemException(OAuth.Problems.NONCE_USED); } else { NONCES.add(entry); } cleanupNonces(); } }
private Result getUserLoginResult(HttpServletRequest request, HttpServletResponse response, OAuthMessage message, Consumer consumer, Principal user) { // if a user is provided, they must exist and be able to login if (user != null && !authenticationController.canLogin(user, request)) { LOG.info("Access denied because user:'{}' cannot login", user.getName()); sendError(response, HttpServletResponse.SC_UNAUTHORIZED, message); return new Result.Failure(new OAuthProblem.PermissionDenied(user.getName())); } LOG.info("Authenticated app '{}' as user '{}' successfully", consumer.getKey(), user == null ? "null" : user.getName()); return new Result.Success(user); }
void validate2LOMessage(OAuthMessage message, Consumer consumer) throws OAuthException, IOException, URISyntaxException { final OAuthConsumer oauthConsumer = converter.toOAuthConsumer(consumer); oauthConsumer.setProperty(RSA_SHA1.PUBLIC_KEY, consumer.getPublicKey().getEncoded()); final OAuthAccessor oauthAccessor = new OAuthAccessor(oauthConsumer); printMessageToDebug(message); validator.validateMessage(message, oauthAccessor); }
public ServiceProviderToken generateAccessToken(ServiceProviderToken token) { checkNotNull(token, "token"); // make sure token is authorized if (token.isRequestToken() && token.getAuthorization() != Authorization.AUTHORIZED) { throw new IllegalArgumentException("token is not an authorized request token"); } String t = randomizer.randomAlphanumericString(32); return ServiceProviderToken.newAccessToken(t) .tokenSecret(token.getTokenSecret()) .consumer(token.getConsumer()) .authorizedBy(token.getUser()) .properties(propertiesFactory.newAccessTokenProperties(token)) .session(newSession(token)) .build(); }
/** * Converts a {@code ServiceProviderToken} to an {@code OAuthAccessor}, setting the {@code requestToken} or * {@code accessToken} accordingly to the type of the {@code ServiceProviderToken}. * * @param token {@code ServiceProviderToken} to convert to {@code OAuthAccessor} * @return {@code OAuthAccessor} converted from the {@code ServiceProviderToken} */ public OAuthAccessor toOAuthAccessor(ServiceProviderToken token) { return ServiceProviderTokens.asOAuthAccessor(token, serviceProviderFactory.newServiceProvider()); }
public ServiceProviderToken generateRequestToken(Consumer consumer, @Nullable URI callback, OAuthMessage message, Version version) { checkNotNull(consumer, "consumer"); String token = randomizer.randomAlphanumericString(32); String secret = randomizer.randomAlphanumericString(32); return ServiceProviderToken.newRequestToken(token) .tokenSecret(secret) .consumer(consumer) .callback(callback) .version(version) .properties(propertiesFactory.newRequestTokenProperties(Requests.fromOAuthMessage(message))) .build(); }
public String getKey() { return "com.atlassian.oauth.serviceprovider.oauth.problem." + problem.name().toLowerCase(); }
@Override public String toString() { StringBuilder builder = new StringBuilder(); builder.append(problem.toString().toLowerCase()); builder.append(": "); for (Serializable argument : arguments) { builder.append(argument); builder.append(", "); } return builder.toString(); }
private void cleanupNonces() { long now = System.currentTimeMillis() / 1000; // don't clean out the NONCES for each request, this would cause the service to be constantly locked on this // loop under load. One second is small enough that cleaning up does not become too expensive. // Also see SECOAUTH-180 for reasons this class was refactored. if (now - lastCleaned > 1) { Iterator<NonceEntry> iterator = NONCES.iterator(); while (iterator.hasNext()) { // the nonces are already sorted, so simply iterate and remove until the first nonce within the validity // window. NonceEntry nextNonce = iterator.next(); long difference = now - nextNonce.timestamp; if (difference > getValidityWindowSeconds()) { iterator.remove(); } else { break; } } // keep track of when cleanupNonces last ran lastCleaned = now; } }
@Override protected void validateTimestampAndNonce(OAuthMessage message) throws IOException, OAuthProblemException { super.validateTimestampAndNonce(message); // Both timestamp and nonce params cannot be null since they have been checked in {@link SimpleOAuthValidator#validateTimestampAndNonce}. final long timestamp = Long.parseLong(message.getParameter(OAuth.OAUTH_TIMESTAMP)); final String nonce = message.getParameter(OAuth.OAUTH_NONCE); nonceServiceService.validateNonce(message.getConsumerKey(), timestamp, nonce); } };
/** * Converts a {@code Consumer} to an {@code OAuthConsumer}. * * @param consumer {@code Consumer} to convert to {@code OAuthConsumer} * @return {@code OAuthConsumer} converted from the {@code Consumer} */ public OAuthConsumer toOAuthConsumer(Consumer consumer) { return Consumers.asOAuthConsumer(consumer, serviceProviderFactory.newServiceProvider()); } }
private Session newSession(ServiceProviderToken token) { Session.Builder builder = Session.newSession(randomizer.randomAlphanumericString(32)); if (token.getSession() != null) { builder.creationTime(token.getSession().getCreationTime()); } return builder.build(); } }