Пример #1
0
 /** Throw an exception if any SINGLE_PARAMETERS occur repeatedly. */
 protected void checkSingleParameters(OAuthMessage message) throws IOException, OAuthException {
   // Check for repeated oauth_ parameters:
   boolean repeated = false;
   Map<String, Collection<String>> nameToValues = new HashMap<String, Collection<String>>();
   for (Map.Entry<String, String> parameter : message.getParameters()) {
     String name = parameter.getKey();
     if (SINGLE_PARAMETERS.contains(name)) {
       Collection<String> values = nameToValues.get(name);
       if (values == null) {
         values = new ArrayList<String>();
         nameToValues.put(name, values);
       } else {
         repeated = true;
       }
       values.add(parameter.getValue());
     }
   }
   if (repeated) {
     Collection<OAuth.Parameter> rejected = new ArrayList<OAuth.Parameter>();
     for (Map.Entry<String, Collection<String>> p : nameToValues.entrySet()) {
       String name = p.getKey();
       Collection<String> values = p.getValue();
       if (values.size() > 1) {
         for (String value : values) {
           rejected.add(new OAuth.Parameter(name, value));
         }
       }
     }
     OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.PARAMETER_REJECTED);
     problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_REJECTED, OAuth.formEncode(rejected));
     throw problem;
   }
 }
Пример #2
0
 /** Throw an exception if the timestamp [sec] is out of range. */
 protected void validateTimestamp(OAuthMessage message, long timestamp, long currentTimeMsec)
     throws IOException, OAuthProblemException {
   long min = (currentTimeMsec - maxTimestampAgeMsec + 500) / 1000L;
   long max = (currentTimeMsec + maxTimestampAgeMsec + 500) / 1000L;
   if (timestamp < min || max < timestamp) {
     OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.TIMESTAMP_REFUSED);
     problem.setParameter(OAuth.Problems.OAUTH_ACCEPTABLE_TIMESTAMPS, min + "-" + max);
     throw problem;
   }
 }
Пример #3
0
 protected void validateVersion(OAuthMessage message) throws OAuthException, IOException {
   String versionString = message.getParameter(OAuth.OAUTH_VERSION);
   if (versionString != null) {
     double version = Double.parseDouble(versionString);
     if (version < minVersion || maxVersion < version) {
       OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.VERSION_REJECTED);
       problem.setParameter(
           OAuth.Problems.OAUTH_ACCEPTABLE_VERSIONS, minVersion + "-" + maxVersion);
       throw problem;
     }
   }
 }
 protected OAuthEntry getOAuthEntry(OAuthMessage message) throws OAuthProblemException {
   OAuthEntry entry = null;
   String token = getParameter(message, OAuth.OAUTH_TOKEN);
   if (!StringUtils.isEmpty(token)) {
     entry = store.getEntry(token);
     if (entry == null) {
       OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
       e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "cannot find token");
       throw e;
     } else if (entry.type != OAuthEntry.Type.ACCESS) {
       OAuthProblemException e = new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);
       e.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, "token is not an access token");
       throw e;
     } else if (entry.isExpired()) {
       throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);
     }
   }
   return entry;
 }
Пример #5
0
 public void doGet(HttpServletRequest request, HttpServletResponse response)
     throws IOException, ServletException {
   OAuthConsumer consumer = null;
   try {
     final OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
     requestMessage.requireParameters("consumer");
     final String consumerName = requestMessage.getParameter("consumer");
     consumer = CookieConsumer.getConsumer(consumerName, null);
     final CookieMap cookies = new CookieMap(request, response);
     final OAuthAccessor accessor = CookieConsumer.newAccessor(consumer, cookies);
     final String expectedToken = accessor.requestToken;
     String requestToken = requestMessage.getParameter(OAuth.OAUTH_TOKEN);
     if (requestToken == null || requestToken.length() <= 0) {
       log.warning(request.getMethod() + " " + OAuthServlet.getRequestURL(request));
       requestToken = expectedToken;
       if (requestToken == null) {
         OAuthProblemException problem =
             new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
         problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_TOKEN);
         throw problem;
       }
     } else if (!requestToken.equals(expectedToken)) {
       OAuthProblemException problem = new OAuthProblemException("token_rejected");
       problem.setParameter("oauth_rejected_token", requestToken);
       problem.setParameter("oauth_expected_token", expectedToken);
       throw problem;
     }
     List<OAuth.Parameter> parameters = null;
     String verifier = requestMessage.getParameter(OAuth.OAUTH_VERIFIER);
     if (verifier != null) {
       parameters = OAuth.newList(OAuth.OAUTH_VERIFIER, verifier);
     }
     OAuthMessage result = CookieConsumer.CLIENT.getAccessToken(accessor, null, parameters);
     if (accessor.accessToken != null) {
       String returnTo = requestMessage.getParameter("returnTo");
       if (returnTo == null) {
         returnTo = request.getContextPath(); // home page
       }
       cookies.remove(consumerName + ".requestToken");
       cookies.put(consumerName + ".accessToken", accessor.accessToken);
       cookies.put(consumerName + ".tokenSecret", accessor.tokenSecret);
       throw new RedirectException(returnTo);
     }
     OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
     problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_TOKEN);
     problem.getParameters().putAll(result.getDump());
     throw problem;
   } catch (Exception e) {
     CookieConsumer.handleException(e, request, response, consumer);
   }
 }
Пример #6
0
  // Hand out a request token if the consumer key and secret are valid
  private void createRequestToken(
      HttpServletRequest servletRequest, HttpServletResponse servletResponse)
      throws IOException, OAuthException, URISyntaxException {
    OAuthMessage requestMessage = OAuthServlet.getMessage(servletRequest, null);

    String consumerKey = requestMessage.getConsumerKey();
    if (consumerKey == null) {
      OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
      e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY);
      throw e;
    }
    OAuthConsumer consumer = dataStore.getConsumer(consumerKey);

    if (consumer == null) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);

    OAuthAccessor accessor = new OAuthAccessor(consumer);
    VALIDATOR.validateMessage(requestMessage, accessor);

    String callback = null;
    if (enableSignedCallbacks) {
      callback = requestMessage.getParameter(OAuth.OAUTH_CALLBACK);
    }
    if (callback == null && !enableOAuth10) {
      OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
      e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CALLBACK);
      throw e;
    }

    // generate request_token and secret
    OAuthEntry entry =
        dataStore.generateRequestToken(
            consumerKey, requestMessage.getParameter(OAuth.OAUTH_VERSION), callback);

    List<Parameter> responseParams =
        OAuth.newList(OAuth.OAUTH_TOKEN, entry.token, OAuth.OAUTH_TOKEN_SECRET, entry.tokenSecret);
    if (callback != null) {
      responseParams.add(new Parameter(OAuthConstants.OAUTH_CALLBACK_CONFIRMED, "true"));
    }
    sendResponse(servletResponse, responseParams);
  }
  protected SecurityToken verifyMessage(OAuthMessage message) throws OAuthProblemException {
    OAuthEntry entry = getOAuthEntry(message);
    OAuthConsumer authConsumer = getConsumer(message);

    OAuthAccessor accessor = new OAuthAccessor(authConsumer);

    if (entry != null) {
      accessor.tokenSecret = entry.tokenSecret;
      accessor.accessToken = entry.token;
    }

    try {
      message.validateMessage(accessor, new SimpleOAuthValidator());
    } catch (OAuthProblemException e) {
      throw e;
    } catch (OAuthException e) {
      OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID);
      ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage());
      throw ope;
    } catch (IOException e) {
      OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID);
      ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage());
      throw ope;
    } catch (URISyntaxException e) {
      OAuthProblemException ope = new OAuthProblemException(OAuth.Problems.SIGNATURE_INVALID);
      ope.setParameter(OAuth.Problems.OAUTH_PROBLEM_ADVICE, e.getMessage());
      throw ope;
    }
    return getTokenFromVerifiedRequest(message, entry, authConsumer);
  }
Пример #8
0
  private OAuthEntry getValidatedEntry(OAuthMessage requestMessage)
      throws IOException, ServletException, OAuthException, URISyntaxException {

    OAuthEntry entry = dataStore.getEntry(requestMessage.getToken());
    if (entry == null) throw new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED);

    if (entry.type != OAuthEntry.Type.REQUEST)
      throw new OAuthProblemException(OAuth.Problems.TOKEN_USED);

    if (entry.isExpired()) throw new OAuthProblemException(OAuth.Problems.TOKEN_EXPIRED);

    // find consumer key, compare with supplied value, if present.

    if (requestMessage.getConsumerKey() == null) {
      OAuthProblemException e = new OAuthProblemException(OAuth.Problems.PARAMETER_ABSENT);
      e.setParameter(OAuth.Problems.OAUTH_PARAMETERS_ABSENT, OAuth.OAUTH_CONSUMER_KEY);
      throw e;
    }

    String consumerKey = entry.consumerKey;
    if (!consumerKey.equals(requestMessage.getConsumerKey()))
      throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_REFUSED);

    OAuthConsumer consumer = dataStore.getConsumer(consumerKey);

    if (consumer == null) throw new OAuthProblemException(OAuth.Problems.CONSUMER_KEY_UNKNOWN);

    OAuthAccessor accessor = new OAuthAccessor(consumer);

    accessor.requestToken = entry.token;
    accessor.tokenSecret = entry.tokenSecret;

    VALIDATOR.validateMessage(requestMessage, accessor);

    return entry;
  }