private void loadDefaultKey(String signingKeyFile, String signingKeyName) { BasicOAuthStoreConsumerKeyAndSecret key = null; if (!StringUtils.isBlank(signingKeyFile)) { try { if (LOG.isLoggable(Level.INFO)) { LOG.logp(Level.INFO, classname, "loadDefaultKey", MessageKeys.LOAD_KEY_FILE_FROM, new Object[] {signingKeyFile}); } String privateKey = IOUtils.toString(ResourceLoader.open(signingKeyFile), "UTF-8"); privateKey = BasicOAuthStore.convertFromOpenSsl(privateKey); key = new BasicOAuthStoreConsumerKeyAndSecret(null, privateKey, KeyType.RSA_PRIVATE, signingKeyName, null); } catch (Throwable t) { if (LOG.isLoggable(Level.WARNING)) { LOG.logp(Level.WARNING, classname, "loadDefaultKey", MessageKeys.COULD_NOT_LOAD_KEY_FILE, new Object[] {signingKeyFile}); LOG.logp(Level.WARNING, classname, "loadDefaultKey", "",t); } } } if (key != null) { store.setDefaultKey(key); } else { if (LOG.isLoggable(Level.WARNING)) { LOG.logp(Level.WARNING, classname, "loadDefaultKey", MessageKeys.COULD_NOT_LOAD_SIGN_KEY, new Object[] {OAUTH_SIGNING_KEY_FILE,OAUTH_SIGNING_KEY_NAME}); } } }
private void loadDefaultKey(String signingKeyFile, String signingKeyName) { BasicOAuthStoreConsumerKeyAndSecret key = null; if (!StringUtils.isBlank(signingKeyFile)) { try { LOG.info("Loading OAuth signing key from " + signingKeyFile); String privateKey = IOUtils.toString(ResourceLoader.open(signingKeyFile), "UTF-8"); privateKey = BasicOAuthStore.convertFromOpenSsl(privateKey); key = new BasicOAuthStoreConsumerKeyAndSecret(null, privateKey, KeyType.RSA_PRIVATE, signingKeyName, null); } catch (Throwable t) { LOG.log(Level.WARNING, "Couldn't load key file " + signingKeyFile, t); } } if (key != null) { store.setDefaultKey(key); } else { LOG.log(Level.WARNING, "Couldn't load OAuth signing key. To create a key, run:\n" + " openssl req -newkey rsa:1024 -days 365 -nodes -x509 -keyout testkey.pem \\\n" + " -out testkey.pem -subj '/CN=mytestkey'\n" + " openssl pkcs8 -in testkey.pem -out oauthkey.pem -topk8 -nocrypt -outform PEM\n" + '\n' + "Then edit shindig.properties and add these lines:\n" + OAUTH_SIGNING_KEY_FILE + "=<path-to-oauthkey.pem>\n" + OAUTH_SIGNING_KEY_NAME + "=mykey\n"); } }
private void loadDefaultKey(String signingKeyFile, String signingKeyName) { BasicOAuthStoreConsumerKeyAndSecret key = null; if (!StringUtils.isBlank(signingKeyFile)) { try { LOG.info("Loading OAuth signing key from " + signingKeyFile); String privateKey = IOUtils.toString(ResourceLoader.open(signingKeyFile), "UTF-8"); privateKey = BasicOAuthStore.convertFromOpenSsl(privateKey); key = new BasicOAuthStoreConsumerKeyAndSecret(null, privateKey, KeyType.RSA_PRIVATE, signingKeyName, null); } catch (Throwable t) { LOG.log(Level.WARNING, "Couldn't load key file " + signingKeyFile, t); } } if (key != null) { store.setDefaultKey(key); } else { LOG.log(Level.WARNING, "Couldn't load OAuth signing key. To create a key, run:\n" + " openssl req -newkey rsa:1024 -days 365 -nodes -x509 -keyout testkey.pem \\\n" + " -out testkey.pem -subj '/CN=mytestkey'\n" + " openssl pkcs8 -in testkey.pem -out oauthkey.pem -topk8 -nocrypt -outform PEM\n" + '\n' + "Then edit shindig.properties and add these lines:\n" + OAUTH_SIGNING_KEY_FILE + "=<path-to-oauthkey.pem>\n" + OAUTH_SIGNING_KEY_NAME + "=mykey\n"); } }
private static void addDefaultKey(BasicOAuthStore base) { BasicOAuthStoreConsumerKeyAndSecret defaultKey = new BasicOAuthStoreConsumerKeyAndSecret( "signedfetch", FakeOAuthServiceProvider.PRIVATE_KEY_TEXT, KeyType.RSA_PRIVATE, "foo", null); base.setDefaultKey(defaultKey); }
private static void addDefaultKey(BasicOAuthStore base) { BasicOAuthStoreConsumerKeyAndSecret defaultKey = new BasicOAuthStoreConsumerKeyAndSecret( "signedfetch", FakeOAuthServiceProvider.PRIVATE_KEY_TEXT, KeyType.RSA_PRIVATE, "foo", null); base.setDefaultKey(defaultKey); }
private static void addDefaultKey(BasicOAuthStore base) { BasicOAuthStoreConsumerKeyAndSecret defaultKey = new BasicOAuthStoreConsumerKeyAndSecret( "signedfetch", FakeOAuthServiceProvider.PRIVATE_KEY_TEXT, KeyType.RSA_PRIVATE, "foo", null); base.setDefaultKey(defaultKey); }
@Before public void setUp() throws Exception { backingStore = new BasicOAuthStore(); backingStore.setDefaultKey(new BasicOAuthStoreConsumerKeyAndSecret("key", "secret", KeyType.RSA_PRIVATE, "keyname", null)); backingStore.setDefaultCallbackUrl(DEFAULT_CALLBACK); store = new GadgetOAuthTokenStore(backingStore, new FakeGadgetSpecFactory()); socialToken = new FakeGadgetToken(); socialToken.setOwnerId("owner"); socialToken.setViewerId("viewer"); socialToken.setAppUrl(GADGET_URL); privateToken = new FakeGadgetToken(); privateToken.setOwnerId("owner"); privateToken.setViewerId("owner"); privateToken.setAppUrl(GADGET_URL); stateCrypter = new BasicBlobCrypter("abcdefghijklmnop".getBytes()); clientState = new OAuthClientState(stateCrypter); responseParams = new OAuthResponseParams(socialToken, null, stateCrypter); fetcherConfig = new OAuthFetcherConfig(stateCrypter, store, new FakeTimeSource(), null, false); }
@Before public void setUp() throws Exception { backingStore = new BasicOAuthStore(); backingStore.setDefaultKey(new BasicOAuthStoreConsumerKeyAndSecret("key", "secret", KeyType.RSA_PRIVATE, "keyname", null)); backingStore.setDefaultCallbackUrl(DEFAULT_CALLBACK); store = new GadgetOAuthTokenStore(backingStore, new FakeGadgetSpecFactory()); socialToken = new FakeGadgetToken(); socialToken.setOwnerId("owner"); socialToken.setViewerId("viewer"); socialToken.setAppUrl(GADGET_URL); privateToken = new FakeGadgetToken(); privateToken.setOwnerId("owner"); privateToken.setViewerId("owner"); privateToken.setAppUrl(GADGET_URL); stateCrypter = new BasicBlobCrypter("abcdefghijklmnop".getBytes()); clientState = new OAuthClientState(stateCrypter); responseParams = new OAuthResponseParams(socialToken, null, stateCrypter); fetcherConfig = new OAuthFetcherConfig(stateCrypter, store, new FakeTimeSource(), null, false); }
@Before public void setUp() throws Exception { backingStore = new BasicOAuthStore(); backingStore.setDefaultKey(new BasicOAuthStoreConsumerKeyAndSecret("key", "secret", KeyType.RSA_PRIVATE, "keyname", null)); backingStore.setDefaultCallbackUrl(DEFAULT_CALLBACK); store = new GadgetOAuthTokenStore(backingStore, new FakeGadgetSpecFactory()); socialToken = new FakeGadgetToken(); socialToken.setOwnerId("owner"); socialToken.setViewerId("viewer"); socialToken.setAppUrl(GADGET_URL); privateToken = new FakeGadgetToken(); privateToken.setOwnerId("owner"); privateToken.setViewerId("owner"); privateToken.setAppUrl(GADGET_URL); stateCrypter = new BasicBlobCrypter("abcdefghijklmnop".getBytes()); clientState = new OAuthClientState(stateCrypter); responseParams = new OAuthResponseParams(socialToken, null, stateCrypter); fetcherConfig = new OAuthFetcherConfig(stateCrypter, store, new FakeTimeSource(), null, false); }
@Test public void testSignedFetch_unnamedConsumerKey() throws Exception { BasicOAuthStoreConsumerKeyAndSecret defaultKey = new BasicOAuthStoreConsumerKeyAndSecret( null, FakeOAuthServiceProvider.PRIVATE_KEY_TEXT, KeyType.RSA_PRIVATE, "foo", null); base.setDefaultKey(defaultKey); MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, "opensocial_viewer_id", "v")); assertTrue(contains(queryParams, "opensocial_app_id", "app")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "container.com")); assertTrue(contains(queryParams, "xoauth_signature_publickey", "foo")); assertTrue(contains(queryParams, "xoauth_public_key", "foo")); }
@Test public void testDefaultKey() throws Exception { FakeGadgetToken t = new FakeGadgetToken(); t.setAppUrl("http://localhost:8080/not-in-store.xml"); OAuthServiceProvider provider = new OAuthServiceProvider("req", "authorize", "access"); try { store.getConsumerKeyAndSecret(t, "", provider); fail(); } catch (GadgetException e) { // good } BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret( "somekey", "default", KeyType.RSA_PRIVATE, "keyname", null); store.setDefaultKey(cks); ConsumerInfo consumer = store.getConsumerKeyAndSecret(t, "", provider); assertEquals("somekey", consumer.getConsumer().consumerKey); assertNull(consumer.getConsumer().consumerSecret); assertEquals("RSA-SHA1", consumer.getConsumer().getProperty("oauth_signature_method")); assertEquals("default", consumer.getConsumer().getProperty(RSA_SHA1.PRIVATE_KEY)); assertEquals(provider, consumer.getConsumer().serviceProvider); assertEquals("keyname", consumer.getKeyName()); assertEquals("default callback", consumer.getCallbackUrl()); cks = new BasicOAuthStoreConsumerKeyAndSecret( "somekey", "default", KeyType.RSA_PRIVATE, "keyname", "callback"); store.setDefaultKey(cks); consumer = store.getConsumerKeyAndSecret(t, "", provider); assertEquals("callback", consumer.getCallbackUrl()); }
@Test public void testSignedFetch_unnamedConsumerKey() throws Exception { BasicOAuthStoreConsumerKeyAndSecret defaultKey = new BasicOAuthStoreConsumerKeyAndSecret( null, FakeOAuthServiceProvider.PRIVATE_KEY_TEXT, KeyType.RSA_PRIVATE, "foo", null); base.setDefaultKey(defaultKey); MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, "opensocial_viewer_id", "v")); assertTrue(contains(queryParams, "opensocial_app_id", "app")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "container.com")); assertTrue(contains(queryParams, "xoauth_signature_publickey", "foo")); assertTrue(contains(queryParams, "xoauth_public_key", "foo")); }
@Test public void testDefaultKey() throws Exception { FakeGadgetToken t = new FakeGadgetToken(); t.setAppUrl("http://localhost:8080/not-in-store.xml"); OAuthServiceProvider provider = new OAuthServiceProvider("req", "authorize", "access"); try { store.getConsumerKeyAndSecret(t, "", provider); fail(); } catch (GadgetException e) { // good } BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret( "somekey", "default", KeyType.RSA_PRIVATE, "keyname", null); store.setDefaultKey(cks); ConsumerInfo consumer = store.getConsumerKeyAndSecret(t, "", provider); assertEquals("somekey", consumer.getConsumer().consumerKey); assertNull(consumer.getConsumer().consumerSecret); assertEquals("RSA-SHA1", consumer.getConsumer().getProperty("oauth_signature_method")); assertEquals("default", consumer.getConsumer().getProperty(RSA_SHA1.PRIVATE_KEY)); assertEquals(provider, consumer.getConsumer().serviceProvider); assertEquals("keyname", consumer.getKeyName()); assertEquals("default callback", consumer.getCallbackUrl()); cks = new BasicOAuthStoreConsumerKeyAndSecret( "somekey", "default", KeyType.RSA_PRIVATE, "keyname", "callback"); store.setDefaultKey(cks); consumer = store.getConsumerKeyAndSecret(t, "", provider); assertEquals("callback", consumer.getCallbackUrl()); }
@Test public void testSignedFetch_unnamedConsumerKey() throws Exception { BasicOAuthStoreConsumerKeyAndSecret defaultKey = new BasicOAuthStoreConsumerKeyAndSecret( null, FakeOAuthServiceProvider.PRIVATE_KEY_TEXT, KeyType.RSA_PRIVATE, "foo", null); base.setDefaultKey(defaultKey); MakeRequestClient client = makeSignedFetchClient("o", "v", "http://www.example.com/app"); HttpResponse resp = client.sendGet(FakeOAuthServiceProvider.RESOURCE_URL); List<Parameter> queryParams = OAuth.decodeForm(resp.getResponseAsString()); assertTrue(contains(queryParams, "opensocial_owner_id", "o")); assertTrue(contains(queryParams, "opensocial_viewer_id", "v")); assertTrue(contains(queryParams, "opensocial_app_id", "app")); assertTrue(contains(queryParams, OAuth.OAUTH_CONSUMER_KEY, "container.com")); assertTrue(contains(queryParams, "xoauth_signature_publickey", "foo")); assertTrue(contains(queryParams, "xoauth_public_key", "foo")); }
@Test public void testDefaultKey() throws Exception { FakeGadgetToken t = new FakeGadgetToken(); t.setAppUrl("http://localhost:8080/not-in-store.xml"); OAuthServiceProvider provider = new OAuthServiceProvider("req", "authorize", "access"); try { store.getConsumerKeyAndSecret(t, "", provider); fail(); } catch (GadgetException e) { // good } BasicOAuthStoreConsumerKeyAndSecret cks = new BasicOAuthStoreConsumerKeyAndSecret( "somekey", "default", KeyType.RSA_PRIVATE, "keyname", null); store.setDefaultKey(cks); ConsumerInfo consumer = store.getConsumerKeyAndSecret(t, "", provider); assertEquals("somekey", consumer.getConsumer().consumerKey); assertNull(consumer.getConsumer().consumerSecret); assertEquals("RSA-SHA1", consumer.getConsumer().getProperty("oauth_signature_method")); assertEquals("default", consumer.getConsumer().getProperty(RSA_SHA1.PRIVATE_KEY)); assertEquals(provider, consumer.getConsumer().serviceProvider); assertEquals("keyname", consumer.getKeyName()); assertEquals("default callback", consumer.getCallbackUrl()); cks = new BasicOAuthStoreConsumerKeyAndSecret( "somekey", "default", KeyType.RSA_PRIVATE, "keyname", "callback"); store.setDefaultKey(cks); consumer = store.getConsumerKeyAndSecret(t, "", provider); assertEquals("callback", consumer.getCallbackUrl()); }