source: josm/trunk/src/oauth/signpost/AbstractOAuthConsumer.java@ 13723

Last change on this file since 13723 was 11288, checked in by simon04, 8 years ago

see #13376 - Use TimeUnit instead of combinations of 1000/60/60/24

File size: 9.3 KB
Line 
1/* Copyright (c) 2009 Matthias Kaeppler
2 *
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15package oauth.signpost;
16
17import java.io.IOException;
18import java.io.InputStream;
19import java.util.Random;
20import java.util.concurrent.TimeUnit;
21
22import oauth.signpost.basic.UrlStringRequestAdapter;
23import oauth.signpost.exception.OAuthCommunicationException;
24import oauth.signpost.exception.OAuthExpectationFailedException;
25import oauth.signpost.exception.OAuthMessageSignerException;
26import oauth.signpost.http.HttpParameters;
27import oauth.signpost.http.HttpRequest;
28import oauth.signpost.signature.AuthorizationHeaderSigningStrategy;
29import oauth.signpost.signature.HmacSha1MessageSigner;
30import oauth.signpost.signature.OAuthMessageSigner;
31import oauth.signpost.signature.QueryStringSigningStrategy;
32import oauth.signpost.signature.SigningStrategy;
33
34/**
35 * ABC for consumer implementations. If you're developing a custom consumer you
36 * will probably inherit from this class to save you a lot of work.
37 *
38 * @author Matthias Kaeppler
39 */
40public abstract class AbstractOAuthConsumer implements OAuthConsumer {
41
42 private static final long serialVersionUID = 1L;
43
44 private String consumerKey, consumerSecret;
45
46 private String token;
47
48 private OAuthMessageSigner messageSigner;
49
50 private SigningStrategy signingStrategy;
51
52 // these are params that may be passed to the consumer directly (i.e.
53 // without going through the request object)
54 private HttpParameters additionalParameters;
55
56 // these are the params which will be passed to the message signer
57 private HttpParameters requestParameters;
58
59 private boolean sendEmptyTokens;
60
61 final private Random random = new Random(System.nanoTime());
62
63 public AbstractOAuthConsumer(String consumerKey, String consumerSecret) {
64 this.consumerKey = consumerKey;
65 this.consumerSecret = consumerSecret;
66 setMessageSigner(new HmacSha1MessageSigner());
67 setSigningStrategy(new AuthorizationHeaderSigningStrategy());
68 }
69
70 @Override
71 public void setMessageSigner(OAuthMessageSigner messageSigner) {
72 this.messageSigner = messageSigner;
73 messageSigner.setConsumerSecret(consumerSecret);
74 }
75
76 @Override
77 public void setSigningStrategy(SigningStrategy signingStrategy) {
78 this.signingStrategy = signingStrategy;
79 }
80
81 @Override
82 public void setAdditionalParameters(HttpParameters additionalParameters) {
83 this.additionalParameters = additionalParameters;
84 }
85
86 @Override
87 public synchronized HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException,
88 OAuthExpectationFailedException, OAuthCommunicationException {
89 if (consumerKey == null) {
90 throw new OAuthExpectationFailedException("consumer key not set");
91 }
92 if (consumerSecret == null) {
93 throw new OAuthExpectationFailedException("consumer secret not set");
94 }
95
96 requestParameters = new HttpParameters();
97 try {
98 if (additionalParameters != null) {
99 requestParameters.putAll(additionalParameters, false);
100 }
101 collectHeaderParameters(request, requestParameters);
102 collectQueryParameters(request, requestParameters);
103 collectBodyParameters(request, requestParameters);
104
105 // add any OAuth params that haven't already been set
106 completeOAuthParameters(requestParameters);
107
108 requestParameters.remove(OAuth.OAUTH_SIGNATURE);
109
110 } catch (IOException e) {
111 throw new OAuthCommunicationException(e);
112 }
113
114 String signature = messageSigner.sign(request, requestParameters);
115 OAuth.debugOut("signature", signature);
116
117 signingStrategy.writeSignature(signature, request, requestParameters);
118 OAuth.debugOut("Request URL", request.getRequestUrl());
119
120 return request;
121 }
122
123 @Override
124 public synchronized HttpRequest sign(Object request) throws OAuthMessageSignerException,
125 OAuthExpectationFailedException, OAuthCommunicationException {
126 return sign(wrap(request));
127 }
128
129 @Override
130 public synchronized String sign(String url) throws OAuthMessageSignerException,
131 OAuthExpectationFailedException, OAuthCommunicationException {
132 HttpRequest request = new UrlStringRequestAdapter(url);
133
134 // switch to URL signing
135 SigningStrategy oldStrategy = this.signingStrategy;
136 this.signingStrategy = new QueryStringSigningStrategy();
137
138 sign(request);
139
140 // revert to old strategy
141 this.signingStrategy = oldStrategy;
142
143 return request.getRequestUrl();
144 }
145
146 /**
147 * Adapts the given request object to a Signpost {@link HttpRequest}. How
148 * this is done depends on the consumer implementation.
149 *
150 * @param request
151 * the native HTTP request instance
152 * @return the adapted request
153 */
154 protected abstract HttpRequest wrap(Object request);
155
156 @Override
157 public void setTokenWithSecret(String token, String tokenSecret) {
158 this.token = token;
159 messageSigner.setTokenSecret(tokenSecret);
160 }
161
162 @Override
163 public String getToken() {
164 return token;
165 }
166
167 @Override
168 public String getTokenSecret() {
169 return messageSigner.getTokenSecret();
170 }
171
172 @Override
173 public String getConsumerKey() {
174 return this.consumerKey;
175 }
176
177 @Override
178 public String getConsumerSecret() {
179 return this.consumerSecret;
180 }
181
182 /**
183 * <p>
184 * Helper method that adds any OAuth parameters to the given request
185 * parameters which are missing from the current request but required for
186 * signing. A good example is the oauth_nonce parameter, which is typically
187 * not provided by the client in advance.
188 * </p>
189 * <p>
190 * It's probably not a very good idea to override this method. If you want
191 * to generate different nonces or timestamps, override
192 * {@link #generateNonce()} or {@link #generateTimestamp()} instead.
193 * </p>
194 *
195 * @param out
196 * the request parameter which should be completed
197 */
198 protected void completeOAuthParameters(HttpParameters out) {
199 if (!out.containsKey(OAuth.OAUTH_CONSUMER_KEY)) {
200 out.put(OAuth.OAUTH_CONSUMER_KEY, consumerKey, true);
201 }
202 if (!out.containsKey(OAuth.OAUTH_SIGNATURE_METHOD)) {
203 out.put(OAuth.OAUTH_SIGNATURE_METHOD, messageSigner.getSignatureMethod(), true);
204 }
205 if (!out.containsKey(OAuth.OAUTH_TIMESTAMP)) {
206 out.put(OAuth.OAUTH_TIMESTAMP, generateTimestamp(), true);
207 }
208 if (!out.containsKey(OAuth.OAUTH_NONCE)) {
209 out.put(OAuth.OAUTH_NONCE, generateNonce(), true);
210 }
211 if (!out.containsKey(OAuth.OAUTH_VERSION)) {
212 out.put(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0, true);
213 }
214 if (!out.containsKey(OAuth.OAUTH_TOKEN)) {
215 if (token != null && !token.equals("") || sendEmptyTokens) {
216 out.put(OAuth.OAUTH_TOKEN, token, true);
217 }
218 }
219 }
220
221 @Override
222 public HttpParameters getRequestParameters() {
223 return requestParameters;
224 }
225
226 @Override
227 public void setSendEmptyTokens(boolean enable) {
228 this.sendEmptyTokens = enable;
229 }
230
231 /**
232 * Collects OAuth Authorization header parameters as per OAuth Core 1.0 spec
233 * section 9.1.1
234 */
235 protected void collectHeaderParameters(HttpRequest request, HttpParameters out) {
236 HttpParameters headerParams = OAuth.oauthHeaderToParamsMap(request.getHeader(OAuth.HTTP_AUTHORIZATION_HEADER));
237 out.putAll(headerParams, false);
238 }
239
240 /**
241 * Collects x-www-form-urlencoded body parameters as per OAuth Core 1.0 spec
242 * section 9.1.1
243 */
244 protected void collectBodyParameters(HttpRequest request, HttpParameters out)
245 throws IOException {
246
247 // collect x-www-form-urlencoded body params
248 String contentType = request.getContentType();
249 if (contentType != null && contentType.startsWith(OAuth.FORM_ENCODED)) {
250 InputStream payload = request.getMessagePayload();
251 out.putAll(OAuth.decodeForm(payload), true);
252 }
253 }
254
255 /**
256 * Collects HTTP GET query string parameters as per OAuth Core 1.0 spec
257 * section 9.1.1
258 */
259 protected void collectQueryParameters(HttpRequest request, HttpParameters out) {
260
261 String url = request.getRequestUrl();
262 int q = url.indexOf('?');
263 if (q >= 0) {
264 // Combine the URL query string with the other parameters:
265 out.putAll(OAuth.decodeForm(url.substring(q + 1)), true);
266 }
267 }
268
269 protected String generateTimestamp() {
270 return Long.toString(System.currentTimeMillis() / TimeUnit.SECONDS.toMillis(1));
271 }
272
273 protected String generateNonce() {
274 return Long.toString(random.nextLong());
275 }
276}
Note: See TracBrowser for help on using the repository browser.