Context Navigation

source: josm/trunk/src/oauth/signpost/AbstractOAuthConsumer.java@ 13723

Last change on this file since 13723 was 11288, checked in by simon04, 8 years ago
see #13376 - Use TimeUnit instead of combinations of 1000/60/60/24
File size: 9.3 KB

Rev	Line
[4231]	1	/* Copyright (c) 2009 Matthias Kaeppler
	2	*
	3	* Licensed under the Apache License, Version 2.0 (the "License");
	4	* you may not use this file except in compliance with the License.
	5	* You may obtain a copy of the License at
	6	*
	7	* http://www.apache.org/licenses/LICENSE-2.0
	8	*
	9	* Unless required by applicable law or agreed to in writing, software
	10	* distributed under the License is distributed on an "AS IS" BASIS,
	11	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	12	* See the License for the specific language governing permissions and
	13	* limitations under the License.
	14	*/
	15	package oauth.signpost;
	16
	17	import java.io.IOException;
	18	import java.io.InputStream;
	19	import java.util.Random;
[11288]	20	import java.util.concurrent.TimeUnit;
[4231]	21
	22	import oauth.signpost.basic.UrlStringRequestAdapter;
	23	import oauth.signpost.exception.OAuthCommunicationException;
	24	import oauth.signpost.exception.OAuthExpectationFailedException;
	25	import oauth.signpost.exception.OAuthMessageSignerException;
	26	import oauth.signpost.http.HttpParameters;
	27	import oauth.signpost.http.HttpRequest;
	28	import oauth.signpost.signature.AuthorizationHeaderSigningStrategy;
	29	import oauth.signpost.signature.HmacSha1MessageSigner;
	30	import oauth.signpost.signature.OAuthMessageSigner;
	31	import oauth.signpost.signature.QueryStringSigningStrategy;
	32	import oauth.signpost.signature.SigningStrategy;
	33
	34	/**
	35	* ABC for consumer implementations. If you're developing a custom consumer you
	36	* will probably inherit from this class to save you a lot of work.
[6849]	37	*
[4231]	38	* @author Matthias Kaeppler
	39	*/
	40	public abstract class AbstractOAuthConsumer implements OAuthConsumer {
	41
	42	private static final long serialVersionUID = 1L;
	43
	44	private String consumerKey, consumerSecret;
	45
	46	private String token;
	47
	48	private OAuthMessageSigner messageSigner;
	49
	50	private SigningStrategy signingStrategy;
	51
	52	// these are params that may be passed to the consumer directly (i.e.
	53	// without going through the request object)
	54	private HttpParameters additionalParameters;
	55
	56	// these are the params which will be passed to the message signer
	57	private HttpParameters requestParameters;
[10831]	58
[4231]	59	private boolean sendEmptyTokens;
[10831]	60
[6849]	61	final private Random random = new Random(System.nanoTime());
[4231]	62
	63	public AbstractOAuthConsumer(String consumerKey, String consumerSecret) {
	64	this.consumerKey = consumerKey;
	65	this.consumerSecret = consumerSecret;
	66	setMessageSigner(new HmacSha1MessageSigner());
	67	setSigningStrategy(new AuthorizationHeaderSigningStrategy());
	68	}
	69
[10831]	70	@Override
[4231]	71	public void setMessageSigner(OAuthMessageSigner messageSigner) {
	72	this.messageSigner = messageSigner;
	73	messageSigner.setConsumerSecret(consumerSecret);
	74	}
	75
[10831]	76	@Override
[4231]	77	public void setSigningStrategy(SigningStrategy signingStrategy) {
	78	this.signingStrategy = signingStrategy;
	79	}
	80
[10831]	81	@Override
[4231]	82	public void setAdditionalParameters(HttpParameters additionalParameters) {
	83	this.additionalParameters = additionalParameters;
	84	}
	85
[10831]	86	@Override
[6849]	87	public synchronized HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException,
[4231]	88	OAuthExpectationFailedException, OAuthCommunicationException {
	89	if (consumerKey == null) {
	90	throw new OAuthExpectationFailedException("consumer key not set");
	91	}
	92	if (consumerSecret == null) {
	93	throw new OAuthExpectationFailedException("consumer secret not set");
	94	}
	95
	96	requestParameters = new HttpParameters();
	97	try {
	98	if (additionalParameters != null) {
	99	requestParameters.putAll(additionalParameters, false);
	100	}
	101	collectHeaderParameters(request, requestParameters);
	102	collectQueryParameters(request, requestParameters);
	103	collectBodyParameters(request, requestParameters);
	104
	105	// add any OAuth params that haven't already been set
	106	completeOAuthParameters(requestParameters);
	107
	108	requestParameters.remove(OAuth.OAUTH_SIGNATURE);
	109
	110	} catch (IOException e) {
	111	throw new OAuthCommunicationException(e);
	112	}
	113
	114	String signature = messageSigner.sign(request, requestParameters);
	115	OAuth.debugOut("signature", signature);
	116
	117	signingStrategy.writeSignature(signature, request, requestParameters);
	118	OAuth.debugOut("Request URL", request.getRequestUrl());
	119
	120	return request;
	121	}
	122
[10831]	123	@Override
[6849]	124	public synchronized HttpRequest sign(Object request) throws OAuthMessageSignerException,
[4231]	125	OAuthExpectationFailedException, OAuthCommunicationException {
	126	return sign(wrap(request));
	127	}
	128
[10831]	129	@Override
[6849]	130	public synchronized String sign(String url) throws OAuthMessageSignerException,
[4231]	131	OAuthExpectationFailedException, OAuthCommunicationException {
	132	HttpRequest request = new UrlStringRequestAdapter(url);
	133
	134	// switch to URL signing
	135	SigningStrategy oldStrategy = this.signingStrategy;
	136	this.signingStrategy = new QueryStringSigningStrategy();
	137
	138	sign(request);
	139
	140	// revert to old strategy
	141	this.signingStrategy = oldStrategy;
	142
	143	return request.getRequestUrl();
	144	}
	145
	146	/**
	147	* Adapts the given request object to a Signpost {@link HttpRequest}. How
	148	* this is done depends on the consumer implementation.
[6849]	149	*
[4231]	150	* @param request
	151	* the native HTTP request instance
	152	* @return the adapted request
	153	*/
	154	protected abstract HttpRequest wrap(Object request);
	155
[10831]	156	@Override
[4231]	157	public void setTokenWithSecret(String token, String tokenSecret) {
	158	this.token = token;
	159	messageSigner.setTokenSecret(tokenSecret);
	160	}
	161
[10831]	162	@Override
[4231]	163	public String getToken() {
	164	return token;
	165	}
	166
[10831]	167	@Override
[4231]	168	public String getTokenSecret() {
	169	return messageSigner.getTokenSecret();
	170	}
	171
[10831]	172	@Override
[4231]	173	public String getConsumerKey() {
	174	return this.consumerKey;
	175	}
	176
[10831]	177	@Override
[4231]	178	public String getConsumerSecret() {
	179	return this.consumerSecret;
	180	}
	181
	182	/**
	183	* <p>
	184	* Helper method that adds any OAuth parameters to the given request
	185	* parameters which are missing from the current request but required for
	186	* signing. A good example is the oauth_nonce parameter, which is typically
	187	* not provided by the client in advance.
	188	* </p>
	189	* <p>
	190	* It's probably not a very good idea to override this method. If you want
	191	* to generate different nonces or timestamps, override
	192	* {@link #generateNonce()} or {@link #generateTimestamp()} instead.
	193	* </p>
[6849]	194	*
[4231]	195	* @param out
	196	* the request parameter which should be completed
	197	*/
	198	protected void completeOAuthParameters(HttpParameters out) {
	199	if (!out.containsKey(OAuth.OAUTH_CONSUMER_KEY)) {
	200	out.put(OAuth.OAUTH_CONSUMER_KEY, consumerKey, true);
	201	}
	202	if (!out.containsKey(OAuth.OAUTH_SIGNATURE_METHOD)) {
	203	out.put(OAuth.OAUTH_SIGNATURE_METHOD, messageSigner.getSignatureMethod(), true);
	204	}
	205	if (!out.containsKey(OAuth.OAUTH_TIMESTAMP)) {
	206	out.put(OAuth.OAUTH_TIMESTAMP, generateTimestamp(), true);
	207	}
	208	if (!out.containsKey(OAuth.OAUTH_NONCE)) {
	209	out.put(OAuth.OAUTH_NONCE, generateNonce(), true);
	210	}
	211	if (!out.containsKey(OAuth.OAUTH_VERSION)) {
	212	out.put(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0, true);
	213	}
	214	if (!out.containsKey(OAuth.OAUTH_TOKEN)) {
	215	if (token != null && !token.equals("") \|\| sendEmptyTokens) {
	216	out.put(OAuth.OAUTH_TOKEN, token, true);
	217	}
	218	}
	219	}
	220
[10831]	221	@Override
[4231]	222	public HttpParameters getRequestParameters() {
	223	return requestParameters;
	224	}
	225
[10831]	226	@Override
[4231]	227	public void setSendEmptyTokens(boolean enable) {
	228	this.sendEmptyTokens = enable;
	229	}
	230
	231	/**
	232	* Collects OAuth Authorization header parameters as per OAuth Core 1.0 spec
	233	* section 9.1.1
	234	*/
	235	protected void collectHeaderParameters(HttpRequest request, HttpParameters out) {
	236	HttpParameters headerParams = OAuth.oauthHeaderToParamsMap(request.getHeader(OAuth.HTTP_AUTHORIZATION_HEADER));
	237	out.putAll(headerParams, false);
	238	}
	239
	240	/**
	241	* Collects x-www-form-urlencoded body parameters as per OAuth Core 1.0 spec
	242	* section 9.1.1
	243	*/
	244	protected void collectBodyParameters(HttpRequest request, HttpParameters out)
	245	throws IOException {
	246
	247	// collect x-www-form-urlencoded body params
	248	String contentType = request.getContentType();
	249	if (contentType != null && contentType.startsWith(OAuth.FORM_ENCODED)) {
	250	InputStream payload = request.getMessagePayload();
	251	out.putAll(OAuth.decodeForm(payload), true);
	252	}
	253	}
	254
	255	/**
	256	* Collects HTTP GET query string parameters as per OAuth Core 1.0 spec
	257	* section 9.1.1
	258	*/
	259	protected void collectQueryParameters(HttpRequest request, HttpParameters out) {
	260
	261	String url = request.getRequestUrl();
	262	int q = url.indexOf('?');
	263	if (q >= 0) {
	264	// Combine the URL query string with the other parameters:
	265	out.putAll(OAuth.decodeForm(url.substring(q + 1)), true);
	266	}
	267	}
	268
	269	protected String generateTimestamp() {
[11288]	270	return Long.toString(System.currentTimeMillis() / TimeUnit.SECONDS.toMillis(1));
[4231]	271	}
	272
	273	protected String generateNonce() {
[6849]	274	return Long.toString(random.nextLong());
[4231]	275	}
	276	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: