/** * アクセストークンを取得します. OAuthサービスプロバイダに認証コードを送信して、 認証済みリクエストトークンを交換してアクセストークンを取得します. * * @param verifier 認証コード * @param requestToken 認証済みリクエストトークン * @param tokenSecret トークンシークレット */ public void getAccessToken(String verifier, String requestToken, String tokenSecret) { // OAuthコンシューマを作成 OAuthConsumer consumer = new OAuthConsumer(callbackUrl, consumerKey, consumerSecret, provider); // OAuthのアクセサーを作成 accessor = new OAuthAccessor(consumer); accessor.requestToken = requestToken; accessor.tokenSecret = tokenSecret; try { // アクセスコードをパラメータで渡す Map<String, Object> parameters = new HashMap<String, Object>(); parameters.put(OAuth.OAUTH_VERIFIER, verifier); // アクセストークンを取得する OAuthMessage response = client.getAccessToken(accessor, null, parameters.entrySet()); response.requireParameters(OAuth.OAUTH_TOKEN, OAuth.OAUTH_TOKEN_SECRET); System.out.println(OAuth.OAUTH_TOKEN + "(AccessToken): " + accessor.accessToken); System.out.println(OAuth.OAUTH_TOKEN_SECRET + ": " + accessor.tokenSecret); } catch (IOException e) { e.printStackTrace(); } catch (OAuthException e) { e.printStackTrace(); } catch (URISyntaxException e) { e.printStackTrace(); } }
protected SecurityToken verifyMessage(OAuthMessage message) throws OAuthProblemException { OAuthEntry entry = getOAuthEntry(message); OAuthConsumer authConsumer = getConsumer(message); OAuthAccessor accessor = new OAuthAccessor(authConsumer); if (entry != null) { accessor.tokenSecret = entry.tokenSecret; accessor.accessToken = entry.token; } try { message.validateMessage(accessor, new SimpleOAuthValidator()); } catch (OAuthProblemException e) { throw e; } catch (OAuthException e) { OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID); ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage()); throw ope; } catch (IOException e) { OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID); ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage()); throw ope; } catch (URISyntaxException e) { OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID); ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage()); throw ope; } return getTokenFromVerifiedRequest(message, entry, authConsumer); }
/** * APIを実行します. * * @param url APIのURL * @param accessToken アクセストークン * @param tokenSecret トークンシークレット * @return boolean success */ public boolean api( String method, String url, Collection<? extends Entry<String, String>> parameters, String accessToken, String tokenSecret) { // OAuthコンシューマを作成 OAuthConsumer consumer = new OAuthConsumer(callbackUrl, consumerKey, consumerSecret, provider); // OAuthのアクセサーを作成 OAuthAccessor accessor = new OAuthAccessor(consumer); accessor.accessToken = accessToken; accessor.tokenSecret = tokenSecret; apiResponse = null; try { OAuthMessage request = accessor.newRequestMessage(method, url, parameters); OAuthResponseMessage responseMessage = client.access(request, ParameterStyle.AUTHORIZATION_HEADER); int statusCode = responseMessage.getHttpResponse().getStatusCode(); System.out.println("API: " + url); System.out.println("body type: " + responseMessage.getBodyType()); System.out.println("body encoding: " + responseMessage.getBodyEncoding()); if (statusCode == HttpResponseMessage.STATUS_OK) { apiResponse = responseMessage; return true; } else { System.out.println("API Error: " + statusCode); } } catch (OAuthException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (URISyntaxException e) { e.printStackTrace(); } return false; }
private OAuthEntry getValidatedEntry(OAuthMessage requestMessage) throws IOException, ServletException, OAuthException, URISyntaxException { OAuthEntry entry = dataStore.getEntry(requestMessage.getToken()); if (entry == null) throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); if (entry.type != OAuthEntry.Type.REQUEST) throw new OAuthProblemException(OAuth.Problems.TOKEN_USED); if (entry.isExpired()) throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED); // find consumer key, compare with supplied value, if present. if (requestMessage.getConsumerKey() == null) { OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT); e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY); throw e; } String consumerKey = entry.consumerKey; if (!consumerKey.equals(requestMessage.getConsumerKey())) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED); OAuthConsumer consumer = dataStore.getConsumer(consumerKey); if (consumer == null) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN); OAuthAccessor accessor = new OAuthAccessor(consumer); accessor.requestToken = entry.token; accessor.tokenSecret = entry.tokenSecret; VALIDATOR.validateMessage(requestMessage, accessor); return entry; }
private HttpResponse handleResourceUrl(HttpRequest request) throws Exception { MessageInfo info = parseMessage(request); String consumerId = info.message.getParameter("oauth_consumer_key"); OAuthConsumer consumer; if (CONSUMER_KEY.equals(consumerId)) { consumer = oauthConsumer; } else if ("signedfetch".equals(consumerId)) { consumer = signedFetchConsumer; } else if ("container.com".equals(consumerId)) { consumer = signedFetchConsumer; } else { return makeOAuthProblemReport( OAuthConstants.PROBLEM_PARAMETER_MISSING, "oauth_consumer_key not found", HttpResponse.SC_BAD_REQUEST); } OAuthAccessor accessor = new OAuthAccessor(consumer); String responseBody = null; if (throttled) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_CONSUMER_KEY_REFUSED, "exceeded quota", HttpResponse.SC_FORBIDDEN); } if (unauthorized) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_PERMISSION_DENIED, "user refused access", HttpResponse.SC_UNAUTHORIZED); } if (consumer == oauthConsumer) { // for OAuth, check the access token. We skip this for signed fetch String accessToken = info.message.getParameter("oauth_token"); TokenState state = tokenState.get(accessToken); if (state == null) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_TOKEN_REJECTED, "Access token unknown", HttpResponse.SC_UNAUTHORIZED); } // Check the signature accessor.accessToken = accessToken; accessor.tokenSecret = state.getSecret(); validateMessage(accessor, info, false); if (state.getState() != State.APPROVED) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_TOKEN_REVOKED, "User revoked permissions", HttpResponse.SC_UNAUTHORIZED); } if (sessionExtension) { long expiration = state.issued + TOKEN_EXPIRATION_SECONDS * 1000; if (expiration < clock.currentTimeMillis()) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_ACCESS_TOKEN_EXPIRED, "token needs to be refreshed", HttpResponse.SC_UNAUTHORIZED); } } responseBody = "User data is " + state.getUserData(); } else { // Check the signature validateMessage(accessor, info, false); // For signed fetch, just echo back the query parameters in the body responseBody = request.getUri().getQuery(); } // Send back a response HttpResponseBuilder resp = new HttpResponseBuilder() .setHttpStatusCode(HttpResponse.SC_OK) .setResponseString(responseBody); if (info.aznHeader != null) { resp.setHeader(AUTHZ_ECHO_HEADER, info.aznHeader); } if (info.body != null) { resp.setHeader(BODY_ECHO_HEADER, info.body); } if (info.rawBody != null) { resp.setHeader(RAW_BODY_ECHO_HEADER, new String(Base64.encodeBase64(info.rawBody))); } return resp.create(); }
private HttpResponse handleAccessTokenUrl(HttpRequest request) throws Exception { MessageInfo info = parseMessage(request); String requestToken = info.message.getParameter("oauth_token"); TokenState state = tokenState.get(requestToken); if (throttled) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_CONSUMER_KEY_REFUSED, "exceeded quota", HttpResponse.SC_FORBIDDEN); } else if (unauthorized) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_PERMISSION_DENIED, "user refused access", HttpResponse.SC_UNAUTHORIZED); } else if (state == null) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_TOKEN_REJECTED, "Unknown request token", HttpResponse.SC_UNAUTHORIZED); } if (rejectExtraParams) { String extra = hasExtraParams(info.message); if (extra != null) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_PARAMETER_REJECTED, extra, HttpResponse.SC_BAD_REQUEST); } } OAuthAccessor accessor = new OAuthAccessor(oauthConsumer); accessor.requestToken = requestToken; accessor.tokenSecret = state.tokenSecret; validateMessage(accessor, info, true); if (state.getState() == State.APPROVED_UNCLAIMED) { String sentVerifier = info.message.getParameter("oauth_verifier"); if (state.verifier != null && !state.verifier.equals(sentVerifier)) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_BAD_VERIFIER, "wrong oauth verifier", HttpResponse.SC_UNAUTHORIZED); } state.claimToken(); } else if (state.getState() == State.APPROVED) { // Verify can refresh String sentHandle = info.message.getParameter("oauth_session_handle"); if (sentHandle == null) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_PARAMETER_ABSENT, "no oauth_session_handle", HttpResponse.SC_BAD_REQUEST); } if (!sentHandle.equals(state.sessionHandle)) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_TOKEN_INVALID, "token not valid", HttpResponse.SC_UNAUTHORIZED); } state.renewToken(); } else if (state.getState() == State.REVOKED) { return makeOAuthProblemReport( OAuthConstants.PROBLEM_TOKEN_REVOKED, "Revoked access token can't be renewed", HttpResponse.SC_UNAUTHORIZED); } else { throw new Exception("Token in weird state " + state.getState()); } String accessToken = Crypto.getRandomString(16); String accessTokenSecret = Crypto.getRandomString(16); state.tokenSecret = accessTokenSecret; tokenState.put(accessToken, state); tokenState.remove(requestToken); List<OAuth.Parameter> params = OAuth.newList( "oauth_token", accessToken, "oauth_token_secret", accessTokenSecret); if (sessionExtension) { params.add(new OAuth.Parameter("oauth_session_handle", state.sessionHandle)); if (reportExpirationTimes) { params.add(new OAuth.Parameter("oauth_expires_in", "" + TOKEN_EXPIRATION_SECONDS)); } } if (returnAccessTokenData) { params.add(new OAuth.Parameter("userid", "userid value")); params.add(new OAuth.Parameter("xoauth_stuff", "xoauth_stuff value")); params.add(new OAuth.Parameter("oauth_stuff", "oauth_stuff value")); } return new HttpResponse(OAuth.formEncode(params)); }