/** Throw an exception if any SINGLE_PARAMETERS occur repeatedly. */ protected void checkSingleParameters(OAuthMessage message) throws IOException, OAuthException { // Check for repeated oauth_ parameters: boolean repeated = false; Map<String, Collection<String>> nameToValues = new HashMap<String, Collection<String>>(); for (Map.Entry<String, String> parameter : message.getParameters()) { String name = parameter.getKey(); if (SINGLE_PARAMETERS.contains(name)) { Collection<String> values = nameToValues.get(name); if (values == null) { values = new ArrayList<String>(); nameToValues.put(name, values); } else { repeated = true; } values.add(parameter.getValue()); } } if (repeated) { Collection<OAuth.Parameter> rejected = new ArrayList<OAuth.Parameter>(); for (Map.Entry<String, Collection<String>> p : nameToValues.entrySet()) { String name = p.getKey(); Collection<String> values = p.getValue(); if (values.size() > 1) { for (String value : values) { rejected.add(new OAuth.Parameter(name, value)); } } } OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.PARAMETER_REJECTED); problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_REJECTED, OAuth.formEncode(rejected)); throw problem; } }
/** Throw an exception if the timestamp [sec] is out of range. */ protected void validateTimestamp(OAuthMessage message, long timestamp, long currentTimeMsec) throws IOException, OAuthProblemException { long min = (currentTimeMsec - maxTimestampAgeMsec + 500) / 1000L; long max = (currentTimeMsec + maxTimestampAgeMsec + 500) / 1000L; if (timestamp < min || max < timestamp) { OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.TIMESTAMP_REFUSED); problem.setParameter(OAuth.Problems.OAUTH_ACCEPTABLE_TIMESTAMPS, min + "-" + max); throw problem; } }
protected void validateVersion(OAuthMessage message) throws OAuthException, IOException { String versionString = message.getParameter(OAuth.OAUTH_VERSION); if (versionString != null) { double version = Double.parseDouble(versionString); if (version < minVersion || maxVersion < version) { OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.VERSION_REJECTED); problem.setParameter( OAuth.Problems.OAUTH_ACCEPTABLE_VERSIONS, minVersion + "-" + maxVersion); throw problem; } } }
protected OAuthEntry getOAuthEntry(OAuthMessage message) throws OAuthProblemException { OAuthEntry entry = null; String token = getParameter(message, OAuth.OAUTH_TOKEN); if (!StringUtils.isEmpty(token)) { entry = store.getEntry(token); if (entry == null) { OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "cannot find token"); throw e; } else if (entry.type != OAuthEntry.Type.ACCESS) { OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "token is not an access token"); throw e; } else if (entry.isExpired()) { throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED); } } return entry; }
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { OAuthConsumer consumer = null; try { final OAuthMessage requestMessage = OAuthServlet.getMessage(request, null); requestMessage.requireParameters("consumer"); final String consumerName = requestMessage.getParameter("consumer"); consumer = CookieConsumer.getConsumer(consumerName, null); final CookieMap cookies = new CookieMap(request, response); final OAuthAccessor accessor = CookieConsumer.newAccessor(consumer, cookies); final String expectedToken = accessor.requestToken; String requestToken = requestMessage.getParameter(OAuth.OAUTH_TOKEN); if (requestToken == null || requestToken.length() <= 0) { log.warning(request.getMethod() + " " + OAuthServlet.getRequestURL(request)); requestToken = expectedToken; if (requestToken == null) { OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT); problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_TOKEN); throw problem; } } else if (!requestToken.equals(expectedToken)) { OAuthProblemException problem = new OAuthProblemException("token_rejected"); problem.setParameter("oauth_rejected_token", requestToken); problem.setParameter("oauth_expected_token", expectedToken); throw problem; } List<OAuth.Parameter> parameters = null; String verifier = requestMessage.getParameter(OAuth.OAUTH_VERIFIER); if (verifier != null) { parameters = OAuth.newList(OAuth.OAUTH_VERIFIER, verifier); } OAuthMessage result = CookieConsumer.CLIENT.getAccessToken(accessor, null, parameters); if (accessor.accessToken != null) { String returnTo = requestMessage.getParameter("returnTo"); if (returnTo == null) { returnTo = request.getContextPath(); // home page } cookies.remove(consumerName + ".requestToken"); cookies.put(consumerName + ".accessToken", accessor.accessToken); cookies.put(consumerName + ".tokenSecret", accessor.tokenSecret); throw new RedirectException(returnTo); } OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT); problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_TOKEN); problem.getParameters().putAll(result.getDump()); throw problem; } catch (Exception e) { CookieConsumer.handleException(e, request, response, consumer); } }
// Hand out a request token if the consumer key and secret are valid private void createRequestToken( HttpServletRequest servletRequest, HttpServletResponse servletResponse) throws IOException, OAuthException, URISyntaxException { OAuthMessage requestMessage = OAuthServlet.getMessage(servletRequest, null); String consumerKey = requestMessage.getConsumerKey(); if (consumerKey == null) { OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT); e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY); throw e; } OAuthConsumer consumer = dataStore.getConsumer(consumerKey); if (consumer == null) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN); OAuthAccessor accessor = new OAuthAccessor(consumer); VALIDATOR.validateMessage(requestMessage, accessor); String callback = null; if (enableSignedCallbacks) { callback = requestMessage.getParameter(OAuth.OAUTH_CALLBACK); } if (callback == null && !enableOAuth10) { OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT); e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CALLBACK); throw e; } // generate request_token and secret OAuthEntry entry = dataStore.generateRequestToken( consumerKey, requestMessage.getParameter(OAuth.OAUTH_VERSION), callback); List<Parameter> responseParams = OAuth.newList(OAuth.OAUTH_TOKEN, entry.token, OAuth.OAUTH_TOKEN_SECRET, entry.tokenSecret); if (callback != null) { responseParams.add(new Parameter(OAuthConstants.OAUTH_CALLBACK_CONFIRMED, "true")); } sendResponse(servletResponse, responseParams); }
protected SecurityToken verifyMessage(OAuthMessage message) throws OAuthProblemException { OAuthEntry entry = getOAuthEntry(message); OAuthConsumer authConsumer = getConsumer(message); OAuthAccessor accessor = new OAuthAccessor(authConsumer); if (entry != null) { accessor.tokenSecret = entry.tokenSecret; accessor.accessToken = entry.token; } try { message.validateMessage(accessor, new SimpleOAuthValidator()); } catch (OAuthProblemException e) { throw e; } catch (OAuthException e) { OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID); ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage()); throw ope; } catch (IOException e) { OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID); ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage()); throw ope; } catch (URISyntaxException e) { OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID); ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage()); throw ope; } return getTokenFromVerifiedRequest(message, entry, authConsumer); }
private OAuthEntry getValidatedEntry(OAuthMessage requestMessage) throws IOException, ServletException, OAuthException, URISyntaxException { OAuthEntry entry = dataStore.getEntry(requestMessage.getToken()); if (entry == null) throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED); if (entry.type != OAuthEntry.Type.REQUEST) throw new OAuthProblemException(OAuth.Problems.TOKEN_USED); if (entry.isExpired()) throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED); // find consumer key, compare with supplied value, if present. if (requestMessage.getConsumerKey() == null) { OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT); e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY); throw e; } String consumerKey = entry.consumerKey; if (!consumerKey.equals(requestMessage.getConsumerKey())) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED); OAuthConsumer consumer = dataStore.getConsumer(consumerKey); if (consumer == null) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN); OAuthAccessor accessor = new OAuthAccessor(consumer); accessor.requestToken = entry.token; accessor.tokenSecret = entry.tokenSecret; VALIDATOR.validateMessage(requestMessage, accessor); return entry; }