/** Throw an exception if any SINGLE_PARAMETERS occur repeatedly. */
protected void checkSingleParameters(OAuthMessage message) throws IOException, OAuthException {
// Check for repeated oauth_ parameters:
boolean repeated = false;
Map<String, Collection<String>> nameToValues = new HashMap<String, Collection<String>>();
for (Map.Entry<String, String> parameter : message.getParameters()) {
String name = parameter.getKey();
if (SINGLE_PARAMETERS.contains(name)) {
Collection<String> values = nameToValues.get(name);
if (values == null) {
values = new ArrayList<String>();
nameToValues.put(name, values);
} else {
repeated = true;
}
values.add(parameter.getValue());
}
}
if (repeated) {
Collection<OAuth.Parameter> rejected = new ArrayList<OAuth.Parameter>();
for (Map.Entry<String, Collection<String>> p : nameToValues.entrySet()) {
String name = p.getKey();
Collection<String> values = p.getValue();
if (values.size() > 1) {
for (String value : values) {
rejected.add(new OAuth.Parameter(name, value));
}
}
}
OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.PARAMETER_REJECTED);
problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_REJECTED, OAuth.formEncode(rejected));
throw problem;
}
}
/** Throw an exception if the timestamp [sec] is out of range. */
protected void validateTimestamp(OAuthMessage message, long timestamp, long currentTimeMsec)
throws IOException, OAuthProblemException {
long min = (currentTimeMsec - maxTimestampAgeMsec + 500) / 1000L;
long max = (currentTimeMsec + maxTimestampAgeMsec + 500) / 1000L;
if (timestamp < min || max < timestamp) {
OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.TIMESTAMP_REFUSED);
problem.setParameter(OAuth.Problems.OAUTH_ACCEPTABLE_TIMESTAMPS, min + "-" + max);
throw problem;
}
}
protected void validateVersion(OAuthMessage message) throws OAuthException, IOException {
String versionString = message.getParameter(OAuth.OAUTH_VERSION);
if (versionString != null) {
double version = Double.parseDouble(versionString);
if (version < minVersion || maxVersion < version) {
OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.VERSION_REJECTED);
problem.setParameter(
OAuth.Problems.OAUTH_ACCEPTABLE_VERSIONS, minVersion + "-" + maxVersion);
throw problem;
}
}
}
protected OAuthEntry getOAuthEntry(OAuthMessage message) throws OAuthProblemException {
OAuthEntry entry = null;
String token = getParameter(message, OAuth.OAUTH_TOKEN);
if (!StringUtils.isEmpty(token)) {
entry = store.getEntry(token);
if (entry == null) {
OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "cannot find token");
throw e;
} else if (entry.type != OAuthEntry.Type.ACCESS) {
OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "token is not an access token");
throw e;
} else if (entry.isExpired()) {
throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
}
}
return entry;
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
OAuthConsumer consumer = null;
try {
final OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
requestMessage.requireParameters("consumer");
final String consumerName = requestMessage.getParameter("consumer");
consumer = CookieConsumer.getConsumer(consumerName, null);
final CookieMap cookies = new CookieMap(request, response);
final OAuthAccessor accessor = CookieConsumer.newAccessor(consumer, cookies);
final String expectedToken = accessor.requestToken;
String requestToken = requestMessage.getParameter(OAuth.OAUTH_TOKEN);
if (requestToken == null || requestToken.length() <= 0) {
log.warning(request.getMethod() + " " + OAuthServlet.getRequestURL(request));
requestToken = expectedToken;
if (requestToken == null) {
OAuthProblemException problem =
new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_TOKEN);
throw problem;
}
} else if (!requestToken.equals(expectedToken)) {
OAuthProblemException problem = new OAuthProblemException("token_rejected");
problem.setParameter("oauth_rejected_token", requestToken);
problem.setParameter("oauth_expected_token", expectedToken);
throw problem;
}
List<OAuth.Parameter> parameters = null;
String verifier = requestMessage.getParameter(OAuth.OAUTH_VERIFIER);
if (verifier != null) {
parameters = OAuth.newList(OAuth.OAUTH_VERIFIER, verifier);
}
OAuthMessage result = CookieConsumer.CLIENT.getAccessToken(accessor, null, parameters);
if (accessor.accessToken != null) {
String returnTo = requestMessage.getParameter("returnTo");
if (returnTo == null) {
returnTo = request.getContextPath(); // home page
}
cookies.remove(consumerName + ".requestToken");
cookies.put(consumerName + ".accessToken", accessor.accessToken);
cookies.put(consumerName + ".tokenSecret", accessor.tokenSecret);
throw new RedirectException(returnTo);
}
OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_TOKEN);
problem.getParameters().putAll(result.getDump());
throw problem;
} catch (Exception e) {
CookieConsumer.handleException(e, request, response, consumer);
}
}
// Hand out a request token if the consumer key and secret are valid
private void createRequestToken(
HttpServletRequest servletRequest, HttpServletResponse servletResponse)
throws IOException, OAuthException, URISyntaxException {
OAuthMessage requestMessage = OAuthServlet.getMessage(servletRequest, null);
String consumerKey = requestMessage.getConsumerKey();
if (consumerKey == null) {
OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY);
throw e;
}
OAuthConsumer consumer = dataStore.getConsumer(consumerKey);
if (consumer == null) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
OAuthAccessor accessor = new OAuthAccessor(consumer);
VALIDATOR.validateMessage(requestMessage, accessor);
String callback = null;
if (enableSignedCallbacks) {
callback = requestMessage.getParameter(OAuth.OAUTH_CALLBACK);
}
if (callback == null && !enableOAuth10) {
OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CALLBACK);
throw e;
}
// generate request_token and secret
OAuthEntry entry =
dataStore.generateRequestToken(
consumerKey, requestMessage.getParameter(OAuth.OAUTH_VERSION), callback);
List<Parameter> responseParams =
OAuth.newList(OAuth.OAUTH_TOKEN, entry.token, OAuth.OAUTH_TOKEN_SECRET, entry.tokenSecret);
if (callback != null) {
responseParams.add(new Parameter(OAuthConstants.OAUTH_CALLBACK_CONFIRMED, "true"));
}
sendResponse(servletResponse, responseParams);
}
protected SecurityToken verifyMessage(OAuthMessage message) throws OAuthProblemException {
OAuthEntry entry = getOAuthEntry(message);
OAuthConsumer authConsumer = getConsumer(message);
OAuthAccessor accessor = new OAuthAccessor(authConsumer);
if (entry != null) {
accessor.tokenSecret = entry.tokenSecret;
accessor.accessToken = entry.token;
}
try {
message.validateMessage(accessor, new SimpleOAuthValidator());
} catch (OAuthProblemException e) {
throw e;
} catch (OAuthException e) {
OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID);
ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage());
throw ope;
} catch (IOException e) {
OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID);
ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage());
throw ope;
} catch (URISyntaxException e) {
OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID);
ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage());
throw ope;
}
return getTokenFromVerifiedRequest(message, entry, authConsumer);
}
private OAuthEntry getValidatedEntry(OAuthMessage requestMessage)
throws IOException, ServletException, OAuthException, URISyntaxException {
OAuthEntry entry = dataStore.getEntry(requestMessage.getToken());
if (entry == null) throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
if (entry.type != OAuthEntry.Type.REQUEST)
throw new OAuthProblemException(OAuth.Problems.TOKEN_USED);
if (entry.isExpired()) throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
// find consumer key, compare with supplied value, if present.
if (requestMessage.getConsumerKey() == null) {
OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY);
throw e;
}
String consumerKey = entry.consumerKey;
if (!consumerKey.equals(requestMessage.getConsumerKey()))
throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED);
OAuthConsumer consumer = dataStore.getConsumer(consumerKey);
if (consumer == null) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);
OAuthAccessor accessor = new OAuthAccessor(consumer);
accessor.requestToken = entry.token;
accessor.tokenSecret = entry.tokenSecret;
VALIDATOR.validateMessage(requestMessage, accessor);
return entry;
}
