private void addCallback(List<Parameter> requestTokenParams) throws OAuthRequestException { // This will be either the consumer key callback URL or the global callback URL. String baseCallback = StringUtils.trimToNull(accessorInfo.getConsumer().getCallbackUrl()); if (baseCallback != null) { String callbackUrl = fetcherConfig.getOAuthCallbackGenerator().generateCallback( fetcherConfig, baseCallback, realRequest, responseParams); if (callbackUrl != null) { requestTokenParams.add(new Parameter(OAuth.OAUTH_CALLBACK, callbackUrl)); } } }
/** * Add signature type to the message. */ private void addSignatureParams(List<Parameter> params) { if (accessorInfo.getConsumer().getConsumer().consumerKey == null) { params.add( new Parameter(OAuth.OAUTH_CONSUMER_KEY, realRequest.getSecurityToken().getDomain())); } if (accessorInfo.getConsumer().getKeyName() != null) { params.add(new Parameter(XOAUTH_PUBLIC_KEY_OLD, accessorInfo.getConsumer().getKeyName())); params.add(new Parameter(XOAUTH_PUBLIC_KEY_NEW, accessorInfo.getConsumer().getKeyName())); } params.add(new Parameter(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0)); params.add(new Parameter(OAuth.OAUTH_TIMESTAMP, Long.toString(fetcherConfig.getClock().currentTimeMillis() / 1000L))); // the oauth.net java code uses a clock to generate nonces, which causes nonce collisions // under heavy load. A random nonce is more reliable. params.add(new Parameter(OAuth.OAUTH_NONCE, String.valueOf(Math.abs(Crypto.RAND.nextLong())))); }
private void addCallback(List<Parameter> requestTokenParams) throws OAuthRequestException { // This will be either the consumer key callback URL or the global callback URL. String baseCallback = StringUtils.trimToNull(accessorInfo.getConsumer().getCallbackUrl()); if (baseCallback != null) { String callbackUrl = fetcherConfig.getOAuthCallbackGenerator().generateCallback( fetcherConfig, baseCallback, realRequest, responseParams); if (callbackUrl != null) { requestTokenParams.add(new Parameter(OAuth.OAUTH_CALLBACK, callbackUrl)); } } }
private void addCallback(List<Parameter> requestTokenParams) throws OAuthRequestException { // This will be either the consumer key callback URL or the global callback URL. String baseCallback = StringUtils.trimToNull(accessorInfo.getConsumer().getCallbackUrl()); if (baseCallback != null) { String callbackUrl = fetcherConfig.getOAuthCallbackGenerator().generateCallback( fetcherConfig, baseCallback, realRequest, responseParams); if (callbackUrl != null) { requestTokenParams.add(new Parameter(OAuth.OAUTH_CALLBACK, callbackUrl)); } } }
private void fetchRequestToken() throws OAuthRequestException, OAuthProtocolException { OAuthAccessor accessor = accessorInfo.getAccessor(); HttpRequest request = createRequestTokenRequest(accessor); List<Parameter> requestTokenParams = Lists.newArrayList(); addCallback(requestTokenParams); HttpRequest signed = sanitizeAndSign(request, requestTokenParams, true, this.accessorInfo.getConsumer().isOauthBodyHash()); OAuthMessage reply = sendOAuthMessage(signed); accessor.requestToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN); accessor.tokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET); }
/** * Save off our new token and secret to the persistent store. */ private void saveAccessToken() throws OAuthRequestException { OAuthAccessor accessor = accessorInfo.getAccessor(); TokenInfo tokenInfo = new TokenInfo(accessor.accessToken, accessor.tokenSecret, accessorInfo.getSessionHandle(), accessorInfo.getTokenExpireMillis()); fetcherConfig.getTokenStore().storeTokenKeyAndSecret(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), tokenInfo, responseParams); }
/** * Get honest-to-goodness user data. * * @throws OAuthProtocolException if the service provider returns an OAuth * related error instead of user data. */ private HttpResponseBuilder fetchData() throws OAuthRequestException, OAuthProtocolException { HttpResponseBuilder builder; if (accessTokenData != null) { // This is a request for access token data, return it. builder = formatAccessTokenData(); } else { HttpRequest signed = sanitizeAndSign(realRequest, null, false, this.accessorInfo.getConsumer().isOauthBodyHash()); HttpResponse response = fetchFromServer(signed); checkForProtocolProblem(response); builder = new HttpResponseBuilder(response); } return builder; }
/** * Save off our new token and secret to the persistent store. */ private void saveAccessToken() throws OAuthRequestException { OAuthAccessor accessor = accessorInfo.getAccessor(); TokenInfo tokenInfo = new TokenInfo(accessor.accessToken, accessor.tokenSecret, accessorInfo.getSessionHandle(), accessorInfo.getTokenExpireMillis()); fetcherConfig.getTokenStore().storeTokenKeyAndSecret(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), tokenInfo, responseParams); }
/** * Save off our new token and secret to the persistent store. */ private void saveAccessToken() throws OAuthRequestException { OAuthAccessor accessor = accessorInfo.getAccessor(); TokenInfo tokenInfo = new TokenInfo(accessor.accessToken, accessor.tokenSecret, accessorInfo.getSessionHandle(), accessorInfo.getTokenExpireMillis()); fetcherConfig.getTokenStore().storeTokenKeyAndSecret(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), tokenInfo, responseParams); }
@Test public void testGetOAuthAccessor_signedFetch() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); assertNull(info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_signedFetch() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); assertNull(info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_signedFetch() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); assertNull(info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
private boolean handleProtocolException(OAuthProtocolException pe, int attempts) throws OAuthRequestException { if (pe.canExtend()) { accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_FORCE_EXPIRE); } else if (pe.startFromScratch()) { fetcherConfig.getTokenStore().removeToken(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), responseParams); accessorInfo.getAccessor().accessToken = null; accessorInfo.getAccessor().requestToken = null; accessorInfo.getAccessor().tokenSecret = null; accessorInfo.setSessionHandle(null); accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN); } return (attempts < MAX_ATTEMPTS && pe.canRetry()); }
private boolean handleProtocolException(OAuthProtocolException pe, int attempts) throws OAuthRequestException { if (pe.canExtend()) { accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_FORCE_EXPIRE); } else if (pe.startFromScratch()) { fetcherConfig.getTokenStore().removeToken(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), responseParams); accessorInfo.getAccessor().accessToken = null; accessorInfo.getAccessor().requestToken = null; accessorInfo.getAccessor().tokenSecret = null; accessorInfo.setSessionHandle(null); accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN); } return (attempts < MAX_ATTEMPTS && pe.canRetry()); }
private boolean handleProtocolException(OAuthProtocolException pe, int attempts) throws OAuthRequestException { if (pe.canExtend()) { accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_FORCE_EXPIRE); } else if (pe.startFromScratch()) { fetcherConfig.getTokenStore().removeToken(realRequest.getSecurityToken(), accessorInfo.getConsumer(), realRequest.getOAuthArguments(), responseParams); accessorInfo.getAccessor().accessToken = null; accessorInfo.getAccessor().requestToken = null; accessorInfo.getAccessor().tokenSecret = null; accessorInfo.setSessionHandle(null); accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN); } return (attempts < MAX_ATTEMPTS && pe.canRetry()); }
@Test public void testGetOAuthAccessor_signedFetch_badServiceName() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName("otherservice"); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); arguments.setServiceName("hmac"); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); }
@Test public void testGetOAuthAccessor_signedFetch_badServiceName() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName("otherservice"); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); arguments.setServiceName("hmac"); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); }
@Test public void testGetOAuthAccessor_signedFetch_badServiceName() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName("otherservice"); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); arguments.setServiceName("hmac"); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals("keyname", info.getConsumer().getKeyName()); assertEquals("key", info.getConsumer().getConsumer().consumerKey); }
@Test public void testGetOAuthAccessor_signedFetch_defaultHmac() throws Exception { BasicOAuthStoreConsumerIndex index = new BasicOAuthStoreConsumerIndex(); index.setGadgetUri(GADGET_URL); index.setServiceName(""); BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret("hmac", "hmacsecret", KeyType.HMAC_SYMMETRIC, null, null); backingStore.setConsumerKeyAndSecret(index, cks); OAuthArguments arguments = new OAuthArguments(); arguments.setUseToken(UseToken.NEVER); AccessorInfo info = store.getOAuthAccessor(socialToken, arguments, clientState, responseParams, fetcherConfig); assertEquals(OAuthParamLocation.URI_QUERY, info.getParamLocation()); Assert.assertNull(info.getConsumer().getKeyName()); assertEquals("hmac", info.getConsumer().getConsumer().consumerKey); assertEquals("hmacsecret", info.getConsumer().getConsumer().consumerSecret); assertNull(info.getAccessor().requestToken); assertNull(info.getAccessor().accessToken); assertNull(info.getAccessor().tokenSecret); }
@Test public void testGetOAuthAccessor_oauthParamsInHeader() throws Exception { OAuthArguments arguments = new OAuthArguments(); arguments.setServiceName("testservice"); arguments.setUseToken(UseToken.ALWAYS); privateToken.setAppUrl("http://www.example.com/header.xml"); AccessorInfo info = store.getOAuthAccessor(privateToken, arguments, clientState, responseParams, fetcherConfig); assertEquals( FakeOAuthServiceProvider.REQUEST_TOKEN_URL, info.getConsumer().getConsumer().serviceProvider.requestTokenURL); assertEquals( FakeOAuthServiceProvider.APPROVAL_URL, info.getConsumer().getConsumer().serviceProvider.userAuthorizationURL); assertEquals( FakeOAuthServiceProvider.ACCESS_TOKEN_URL, info.getConsumer().getConsumer().serviceProvider.accessTokenURL); assertEquals(HttpMethod.GET, info.getHttpMethod()); assertEquals(OAuthParamLocation.AUTH_HEADER, info.getParamLocation()); }