/**
* Add some of the parameters needed to request access to a protected resource, if they aren't
* already in the message.
*
* @throws IOException
* @throws URISyntaxException
*/
public void addRequiredParameters(OAuthAccessor accessor)
throws OAuthException, IOException, URISyntaxException {
final Map<String, String> pMap = OAuth.newMap(parameters);
if (pMap.get(OAuth.OAUTH_TOKEN) == null && accessor.accessToken != null) {
addParameter(OAuth.OAUTH_TOKEN, accessor.accessToken);
}
final OAuthConsumer consumer = accessor.consumer;
if (pMap.get(OAuth.OAUTH_CONSUMER_KEY) == null) {
addParameter(OAuth.OAUTH_CONSUMER_KEY, consumer.consumerKey);
}
String signatureMethod = pMap.get(OAuth.OAUTH_SIGNATURE_METHOD);
if (signatureMethod == null) {
signatureMethod = (String) consumer.getProperty(OAuth.OAUTH_SIGNATURE_METHOD);
if (signatureMethod == null) {
signatureMethod = OAuth.HMAC_SHA1;
}
addParameter(OAuth.OAUTH_SIGNATURE_METHOD, signatureMethod);
}
if (pMap.get(OAuth.OAUTH_TIMESTAMP) == null) {
addParameter(OAuth.OAUTH_TIMESTAMP, (System.currentTimeMillis() / 1000) + "");
}
if (pMap.get(OAuth.OAUTH_NONCE) == null) {
addParameter(OAuth.OAUTH_NONCE, System.nanoTime() + "");
}
if (pMap.get(OAuth.OAUTH_VERSION) == null) {
addParameter(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0);
}
if (pMap.get(OAuth.OAUTH_BODY_HASH) == null && bodyAsStream != null) {
addParameter(OAuth.OAUTH_BODY_HASH, getBodyHash());
}
this.sign(accessor);
}
public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl)
throws OAuthMessageSignerException, OAuthNotAuthorizedException,
OAuthExpectationFailedException, OAuthCommunicationException {
// invalidate current credentials, if any
consumer.setTokenWithSecret(null, null);
// 1.0a expects the callback to be sent while getting the request token.
// 1.0 service providers would simply ignore this parameter.
retrieveToken(consumer, this.requestTokenEndpointUrl, OAuth.OAUTH_CALLBACK, callbackUrl);
String callbackConfirmed = this.responseParameters.getFirst(OAuth.OAUTH_CALLBACK_CONFIRMED);
this.responseParameters.remove(OAuth.OAUTH_CALLBACK_CONFIRMED);
this.isOAuth10a = Boolean.TRUE.toString().equals(callbackConfirmed);
// 1.0 service providers expect the callback as part of the auth URL,
// Do not send when 1.0a.
if (this.isOAuth10a) {
return OAuth.addQueryParameters(
this.authorizationWebsiteUrl, OAuth.OAUTH_TOKEN, consumer.getToken());
} else {
return OAuth.addQueryParameters(
this.authorizationWebsiteUrl,
OAuth.OAUTH_TOKEN,
consumer.getToken(),
OAuth.OAUTH_CALLBACK,
callbackUrl);
}
}
protected OAuthConsumer newConsumer(String name) throws MalformedURLException {
String base = consumerProperties.getProperty(name + ".serviceProvider.baseURL");
URL baseURL = (base == null) ? null : new URL(base);
OAuthServiceProvider serviceProvider =
new OAuthServiceProvider(
getURL(baseURL, name + ".serviceProvider.requestTokenURL"),
getURL(baseURL, name + ".serviceProvider.userAuthorizationURL"),
getURL(baseURL, name + ".serviceProvider.accessTokenURL"));
OAuthConsumer consumer =
new OAuthConsumer(
consumerProperties.getProperty(name + ".callbackURL"),
consumerProperties.getProperty(name + ".consumerKey"),
consumerProperties.getProperty(name + ".consumerSecret"),
serviceProvider);
consumer.setProperty("name", name);
if (baseURL != null) {
consumer.setProperty("serviceProvider.baseURL", baseURL);
}
for (Map.Entry prop : consumerProperties.entrySet()) {
String propName = (String) prop.getKey();
if (propName.startsWith(name + ".consumer.")) {
String c = propName.substring(name.length() + 10);
consumer.setProperty(c, prop.getValue());
}
}
return consumer;
}
@Test
public void shouldSignHttpRequestMessage() throws Exception {
OAuthConsumer consumer =
new DefaultOAuthConsumer(CONSUMER_KEY, CONSUMER_SECRET, SignatureMethod.HMAC_SHA1);
consumer.setTokenWithSecret(TOKEN, TOKEN_SECRET);
consumer.sign(request);
Header authHeader = request.getFirstHeader("Authorization");
assertNotNull(authHeader);
String oauthHeader = authHeader.getValue();
assertTrue(oauthHeader.startsWith("OAuth "));
HashMap<String, String> params = oauthHeaderToParamsMap(oauthHeader);
assertNotNull(params.get("oauth_consumer_key"));
assertNotNull(params.get("oauth_token"));
assertNotNull(params.get("oauth_signature_method"));
assertNotNull(params.get("oauth_signature"));
assertNotNull(params.get("oauth_timestamp"));
assertNotNull(params.get("oauth_nonce"));
assertNotNull(params.get("oauth_version"));
}
@Test(expected = OAuthExpectationFailedException.class)
public void shouldThrowIfConsumerSecretNotSet() throws Exception {
OAuthConsumer consumer =
new DefaultOAuthConsumer(CONSUMER_KEY, null, SignatureMethod.HMAC_SHA1);
consumer.setTokenWithSecret(TOKEN, TOKEN_SECRET);
consumer.sign(request);
}
public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier)
throws OAuthMessageSignerException, OAuthNotAuthorizedException,
OAuthExpectationFailedException, OAuthCommunicationException {
if (consumer.getToken() == null || consumer.getTokenSecret() == null) {
throw new OAuthExpectationFailedException(
"Authorized request token or token secret not set. "
+ "Did you retrieve an authorized request token before?");
}
if (this.isOAuth10a && oauthVerifier != null) {
retrieveToken(consumer, this.accessTokenEndpointUrl, OAuth.OAUTH_VERIFIER, oauthVerifier);
} else {
retrieveToken(consumer, this.accessTokenEndpointUrl);
}
}
@Test
public void shouldPercentEncodeOAuthParameters() throws Exception {
OAuthConsumer consumer =
new DefaultOAuthConsumer("1%2", CONSUMER_SECRET, SignatureMethod.HMAC_SHA1);
consumer.setTokenWithSecret("3 4", TOKEN_SECRET);
consumer.sign(request);
Header authHeader = request.getFirstHeader("Authorization");
assertNotNull(authHeader);
String oauthHeader = authHeader.getValue();
HashMap<String, String> params = oauthHeaderToParamsMap(oauthHeader);
assertEquals("\"1%252\"", params.get("oauth_consumer_key"));
assertEquals("\"3%204\"", params.get("oauth_token"));
}
/**
* Implemented by subclasses. The responsibility of this method is to contact the service provider
* at the given endpoint URL and fetch a request or access token. What kind of token is retrieved
* solely depends on the URL being used.
*
* <p>Correct implementations of this method must guarantee the following post-conditions:
*
* <ul>
* <li>the {@link OAuthConsumer} passed to this method must have a valid {@link
* OAuth#OAUTH_TOKEN} and {@link OAuth#OAUTH_TOKEN_SECRET} set by calling {@link
* OAuthConsumer#setTokenWithSecret(String, String)}
* <li>{@link #getResponseParameters()} must return the set of query parameters served by the
* service provider in the token response, with all OAuth specific parameters being removed
* </ul>
*
* @param consumer the {@link OAuthConsumer} that should be used to sign the request
* @param endpointUrl the URL at which the service provider serves the OAuth token that is to be
* fetched
* @param additionalParameters you can pass parameters here (typically OAuth parameters such as
* oauth_callback or oauth_verifier) which will go directly into the signer, i.e. you don't
* have to put them into the request first, just so the consumer pull them out again. Pass
* them sequentially in key/value order.
* @throws OAuthMessageSignerException if signing the token request fails
* @throws OAuthCommunicationException if a network communication error occurs
* @throws OAuthNotAuthorizedException if the server replies 401 - Unauthorized
* @throws OAuthExpectationFailedException if an expectation has failed, e.g. because the server
* didn't reply in the expected format
*/
protected void retrieveToken(
OAuthConsumer consumer, String endpointUrl, String... additionalParameters)
throws OAuthMessageSignerException, OAuthCommunicationException, OAuthNotAuthorizedException,
OAuthExpectationFailedException {
Map<String, String> defaultHeaders = getRequestHeaders();
if (consumer.getConsumerKey() == null || consumer.getConsumerSecret() == null) {
throw new OAuthExpectationFailedException("Consumer key or secret not set");
}
HttpRequest request = null;
HttpResponse response = null;
try {
request = createRequest(endpointUrl);
for (String header : defaultHeaders.keySet()) {
request.setHeader(header, defaultHeaders.get(header));
}
if (additionalParameters != null) {
HttpParameters httpParams = new HttpParameters();
httpParams.putAll(additionalParameters, true);
consumer.setAdditionalParameters(httpParams);
}
if (this.listener != null) {
this.listener.prepareRequest(request);
}
consumer.sign(request);
if (this.listener != null) {
this.listener.prepareSubmission(request);
}
response = sendRequest(request);
int statusCode = response.getStatusCode();
boolean requestHandled = false;
if (this.listener != null) {
requestHandled = this.listener.onResponseReceived(request, response);
}
if (requestHandled) {
return;
}
if (statusCode >= 300) {
handleUnexpectedResponse(statusCode, response);
}
HttpParameters responseParams = OAuth.decodeForm(response.getContent());
String token = responseParams.getFirst(OAuth.OAUTH_TOKEN);
String secret = responseParams.getFirst(OAuth.OAUTH_TOKEN_SECRET);
responseParams.remove(OAuth.OAUTH_TOKEN);
responseParams.remove(OAuth.OAUTH_TOKEN_SECRET);
setResponseParameters(responseParams);
if (token == null || secret == null) {
throw new OAuthExpectationFailedException(
"Request token or token secret not set in server reply. "
+ "The service provider you use is probably buggy.");
}
consumer.setTokenWithSecret(token, secret);
} catch (OAuthNotAuthorizedException e) {
throw e;
} catch (OAuthExpectationFailedException e) {
throw e;
} catch (Exception e) {
throw new OAuthCommunicationException(e);
} finally {
try {
closeConnection(request, response);
} catch (Exception e) {
throw new OAuthCommunicationException(e);
}
}
}
