/** * Builds the data we'll cache on the client while we make requests. */ private void buildClientAccessState() { OAuthAccessor accessor = accessorInfo.getAccessor(); responseParams.getNewClientState().setAccessToken(accessor.accessToken); responseParams.getNewClientState().setAccessTokenSecret(accessor.tokenSecret); responseParams.getNewClientState().setOwner(realRequest.getSecurityToken().getOwnerId()); responseParams.getNewClientState().setSessionHandle(accessorInfo.getSessionHandle()); responseParams.getNewClientState().setTokenExpireMillis(accessorInfo.getTokenExpireMillis()); }
/** * Save off our new token and secret to the persistent store. */ private void saveAccessToken() throws OAuthRequestException { OAuthAccessor accessor = accessorInfo.getAccessor(); TokenInfo tokenInfo = new TokenInfo(accessor.accessToken, accessor.tokenSecret, accessorInfo.getSessionHandle(), accessorInfo.getTokenExpireMillis()); fetcherConfig.getTokenStore().storeTokenKeyAndSecret(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), tokenInfo, responseParams); }
if (accessorInfo.getAccessor().accessToken != null) { accessorInfo.getAccessor().requestToken = accessorInfo.getAccessor().accessToken; accessorInfo.getAccessor().accessToken = null; OAuthAccessor accessor = accessorInfo.getAccessor(); request.setMethod(accessorInfo.getHttpMethod().toString()); if (accessorInfo.getHttpMethod() == HttpMethod.POST) { request.setHeader("Content-Type", OAuth.FORM_ENCODED); if (accessorInfo.getSessionHandle() != null) { msgParams.add(new Parameter(OAuthConstants.OAUTH_SESSION_HANDLE, accessorInfo.getSessionHandle())); accessorInfo.setSessionHandle(OAuthUtil.getParameter(reply, OAuthConstants.OAUTH_SESSION_HANDLE)); accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN); if (OAuthUtil.getParameter(reply, OAuthConstants.OAUTH_EXPIRES_IN) != null) { try { OAuthConstants.OAUTH_EXPIRES_IN)); long expireMillis = fetcherConfig.getClock().currentTimeMillis() + expireSecs * 1000L; accessorInfo.setTokenExpireMillis(expireMillis); } catch (NumberFormatException e) {
private boolean handleProtocolException(OAuthProtocolException pe, int attempts) throws OAuthRequestException { if (pe.canExtend()) { accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_FORCE_EXPIRE); } else if (pe.startFromScratch()) { fetcherConfig.getTokenStore().removeToken(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), responseParams); accessorInfo.getAccessor().accessToken = null; accessorInfo.getAccessor().requestToken = null; accessorInfo.getAccessor().tokenSecret = null; accessorInfo.setSessionHandle(null); accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN); } return (attempts < MAX_ATTEMPTS && pe.canRetry()); }
private void fetchRequestToken() throws OAuthRequestException, OAuthProtocolException { OAuthAccessor accessor = accessorInfo.getAccessor(); HttpRequest request = createRequestTokenRequest(accessor); List<Parameter> requestTokenParams = Lists.newArrayList(); addCallback(requestTokenParams); HttpRequest signed = sanitizeAndSign(request, requestTokenParams, true, this.accessorInfo.getConsumer().isOauthBodyHash()); OAuthMessage reply = sendOAuthMessage(signed); accessor.requestToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN); accessor.tokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET); }
@Test public void testGetOAuthAccessor_signedFetch() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); assertNull(info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_oauthParamsInBody() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setServiceName("testservice"); arguments.setUseToken(UseToken.ALWAYS); privateToken.setAppUrl("http://www.example.com/body.xml"); AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState, responseParams, fetcherConfig); assertEquals( FakeOAuthServiceProvider.REQUEST_TOKEN_URL, info.getConsumer().getConsumer().serviceProvider.requestTokenURL); assertEquals( FakeOAuthServiceProvider.APPROVAL_URL, info.getConsumer().getConsumer().serviceProvider.userAuthorizationURL); assertEquals( FakeOAuthServiceProvider.ACCESS_TOKEN_URL, info.getConsumer().getConsumer().serviceProvider.accessTokenURL); assertEquals(HttpMethod.POST, info.getHttpMethod()); assertEquals(OAuthParamLocation.POST_BODY, info.getParamLocation()); }
/** * Do we need to get the user's approval to access the data? */ private boolean needApproval() { return (realRequest.getOAuthArguments().mustUseToken() && accessorInfo.getAccessor().requestToken == null && accessorInfo.getAccessor().accessToken == null); }
private void addCallback(List<Parameter> requestTokenParams) throws OAuthRequestException { // This will be either the consumer key callback URL or the global callback URL. String baseCallback = StringUtils.trimToNull(accessorInfo.getConsumer().getCallbackUrl()); if (baseCallback != null) { String callbackUrl = fetcherConfig.getOAuthCallbackGenerator().generateCallback( fetcherConfig, baseCallback, realRequest, responseParams); if (callbackUrl != null) { requestTokenParams.add(new Parameter(OAuth.OAUTH_CALLBACK, callbackUrl)); } } }
private boolean accessTokenExpired() { return (accessorInfo.getTokenExpireMillis() != ACCESS_TOKEN_EXPIRE_UNKNOWN && accessorInfo.getTokenExpireMillis() < fetcherConfig.getClock().currentTimeMillis()); }
private HttpRequest createRequestTokenRequest(OAuthAccessor accessor) throws OAuthRequestException { if (accessor.consumer.serviceProvider.requestTokenURL == null) { throw new OAuthRequestException(OAuthError.BAD_OAUTH_TOKEN_URL, "request token"); } HttpRequest request = new HttpRequest( Uri.parse(accessor.consumer.serviceProvider.requestTokenURL)); request.setMethod(accessorInfo.getHttpMethod().toString()); if (accessorInfo.getHttpMethod() == HttpMethod.POST) { request.setHeader("Content-Type", OAuth.FORM_ENCODED); } return request; }
private HttpRequest createHttpRequest(HttpRequest base, List<Map.Entry<String, String>> oauthParams) throws OAuthRequestException { OAuthParamLocation paramLocation = accessorInfo.getParamLocation();
public AccessorInfo create(OAuthResponseParams responseParams) throws OAuthRequestException { if (location == null) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "no location"); } if (consumer == null) { throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "no consumer"); } OAuthAccessor accessor = new OAuthAccessor(consumer.getConsumer()); // request token/access token/token secret can all be null, for signed fetch, or if the OAuth // dance is just beginning accessor.requestToken = requestToken; accessor.accessToken = accessToken; accessor.tokenSecret = tokenSecret; return new AccessorInfo(accessor, consumer, method, location, sessionHandle, tokenExpireMillis); }
@Test public void testGetOAuthAccessor_signedFetch() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); assertNull(info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_oauthParamsInHeader() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setServiceName("testservice"); arguments.setUseToken(UseToken.ALWAYS); privateToken.setAppUrl("http://www.example.com/header.xml"); AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState, responseParams, fetcherConfig); assertEquals( FakeOAuthServiceProvider.REQUEST_TOKEN_URL, info.getConsumer().getConsumer().serviceProvider.requestTokenURL); assertEquals( FakeOAuthServiceProvider.APPROVAL_URL, info.getConsumer().getConsumer().serviceProvider.userAuthorizationURL); assertEquals( FakeOAuthServiceProvider.ACCESS_TOKEN_URL, info.getConsumer().getConsumer().serviceProvider.accessTokenURL); assertEquals(HttpMethod.GET, info.getHttpMethod()); assertEquals(OAuthParamLocation.AUTH_HEADER, info.getParamLocation()); }
/** * Do we need to get the user's approval to access the data? */ private boolean needApproval() { return (realRequest.getOAuthArguments().mustUseToken() && accessorInfo.getAccessor().requestToken == null && accessorInfo.getAccessor().accessToken == null); }
private boolean handleProtocolException(OAuthProtocolException pe, int attempts) throws OAuthRequestException { if (pe.canExtend()) { accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_FORCE_EXPIRE); } else if (pe.startFromScratch()) { fetcherConfig.getTokenStore().removeToken(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), responseParams); accessorInfo.getAccessor().accessToken = null; accessorInfo.getAccessor().requestToken = null; accessorInfo.getAccessor().tokenSecret = null; accessorInfo.setSessionHandle(null); accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN); } return (attempts < MAX_ATTEMPTS && pe.canRetry()); }
/** * Add signature type to the message. */ private void addSignatureParams(List<Parameter> params) { if (accessorInfo.getConsumer().getConsumer().consumerKey == null) { params.add( new Parameter(OAuth.OAUTH_CONSUMER_KEY, realRequest.getSecurityToken().getDomain())); } if (accessorInfo.getConsumer().getKeyName() != null) { params.add(new Parameter(XOAUTH_PUBLIC_KEY_OLD, accessorInfo.getConsumer().getKeyName())); params.add(new Parameter(XOAUTH_PUBLIC_KEY_NEW, accessorInfo.getConsumer().getKeyName())); } params.add(new Parameter(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0)); params.add(new Parameter(OAuth.OAUTH_TIMESTAMP, Long.toString(fetcherConfig.getClock().currentTimeMillis() / 1000L))); // the oauth.net java code uses a clock to generate nonces, which causes nonce collisions // under heavy load. A random nonce is more reliable. params.add(new Parameter(OAuth.OAUTH_NONCE, String.valueOf(Math.abs(Crypto.RAND.nextLong())))); }
private boolean accessTokenExpired() { return (accessorInfo.getTokenExpireMillis() != ACCESS_TOKEN_EXPIRE_UNKNOWN && accessorInfo.getTokenExpireMillis() < fetcherConfig.getClock().currentTimeMillis()); }
private HttpRequest createRequestTokenRequest(OAuthAccessor accessor) throws OAuthRequestException { if (accessor.consumer.serviceProvider.requestTokenURL == null) { throw new OAuthRequestException(OAuthError.BAD_OAUTH_TOKEN_URL, "request token"); } HttpRequest request = new HttpRequest( Uri.parse(accessor.consumer.serviceProvider.requestTokenURL)); request.setMethod(accessorInfo.getHttpMethod().toString()); if (accessorInfo.getHttpMethod() == HttpMethod.POST) { request.setHeader("Content-Type", OAuth.FORM_ENCODED); } return request; }