Example 1 with OAuthSignatureMethod
use of org.springframework.security.oauth.common.signature.OAuthSignatureMethod in project spring-security-oauth by spring-projects.
the class CoreOAuthConsumerSupportTests method testLoadOAuthParameters.
/**
* loadOAuthParameters
*/
@Test
public void testLoadOAuthParameters() throws Exception {
URL url = new URL("https://myhost.com/somepath?with=some&query=params&too");
CoreOAuthConsumerSupport support = new CoreOAuthConsumerSupport() {
@Override
protected String getSignatureBaseString(Map<String, Set<CharSequence>> oauthParams, URL requestURL, String httpMethod) {
return "MYSIGBASESTRING";
}
};
OAuthSignatureMethodFactory sigFactory = mock(OAuthSignatureMethodFactory.class);
support.setSignatureFactory(sigFactory);
OAuthConsumerToken token = new OAuthConsumerToken();
OAuthSignatureMethod sigMethod = mock(OAuthSignatureMethod.class);
when(details.getConsumerKey()).thenReturn("my-consumer-key");
when(details.getSignatureMethod()).thenReturn(HMAC_SHA1SignatureMethod.SIGNATURE_NAME);
when(details.getSignatureMethod()).thenReturn(HMAC_SHA1SignatureMethod.SIGNATURE_NAME);
SharedConsumerSecret secret = new SharedConsumerSecretImpl("shh!!!");
when(details.getSharedSecret()).thenReturn(secret);
when(sigFactory.getSignatureMethod(HMAC_SHA1SignatureMethod.SIGNATURE_NAME, secret, null)).thenReturn(sigMethod);
when(sigMethod.sign("MYSIGBASESTRING")).thenReturn("MYSIGNATURE");
Map<String, Set<CharSequence>> params = support.loadOAuthParameters(details, url, token, "POST", null);
assertEquals("some", params.remove("with").iterator().next().toString());
assertEquals("params", params.remove("query").iterator().next().toString());
assertTrue(params.containsKey("too"));
assertTrue(params.remove("too").isEmpty());
assertNull(params.remove(OAuthConsumerParameter.oauth_token.toString()));
assertNotNull(params.remove(OAuthConsumerParameter.oauth_nonce.toString()).iterator().next());
assertEquals("my-consumer-key", params.remove(OAuthConsumerParameter.oauth_consumer_key.toString()).iterator().next());
assertEquals("MYSIGNATURE", params.remove(OAuthConsumerParameter.oauth_signature.toString()).iterator().next());
assertEquals("1.0", params.remove(OAuthConsumerParameter.oauth_version.toString()).iterator().next());
assertEquals(HMAC_SHA1SignatureMethod.SIGNATURE_NAME, params.remove(OAuthConsumerParameter.oauth_signature_method.toString()).iterator().next());
assertTrue(Long.parseLong(params.remove(OAuthConsumerParameter.oauth_timestamp.toString()).iterator().next().toString()) <= (System.currentTimeMillis() / 1000));
assertTrue(params.isEmpty());
}
Also used :
SharedConsumerSecretImpl(org.springframework.security.oauth.common.signature.SharedConsumerSecretImpl)
LinkedHashSet(java.util.LinkedHashSet)
Set(java.util.Set)
SharedConsumerSecret(org.springframework.security.oauth.common.signature.SharedConsumerSecret)
OAuthSignatureMethod(org.springframework.security.oauth.common.signature.OAuthSignatureMethod)
HashMap(java.util.HashMap)
Map(java.util.Map)
TreeMap(java.util.TreeMap)
URL(java.net.URL)
OAuthSignatureMethodFactory(org.springframework.security.oauth.common.signature.OAuthSignatureMethodFactory)
OAuthConsumerToken(org.springframework.security.oauth.consumer.OAuthConsumerToken)
Test(org.junit.Test)
Example 2 with OAuthSignatureMethod
use of org.springframework.security.oauth.common.signature.OAuthSignatureMethod in project spring-security-oauth by spring-projects.
the class OAuthProcessingFilterTests method testValidateSignature.
/**
* test validating the signature.
*/
@Test
public void testValidateSignature() throws Exception {
OAuthProviderProcessingFilter filter = new OAuthProviderProcessingFilter() {
@Override
protected void onValidSignature(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {
}
};
ConsumerDetails details = mock(ConsumerDetails.class);
SignatureSecret secret = mock(SignatureSecret.class);
OAuthProviderToken token = mock(OAuthProviderToken.class);
OAuthSignatureMethod sigMethod = mock(OAuthSignatureMethod.class);
ConsumerCredentials credentials = new ConsumerCredentials("id", "sig", "method", "base", "token");
when(details.getAuthorities()).thenReturn(new ArrayList<GrantedAuthority>());
when(details.getSignatureSecret()).thenReturn(secret);
filter.setTokenServices(tokenServices);
when(tokenServices.getToken("token")).thenReturn(token);
filter.setSignatureMethodFactory(signatureFactory);
when(token.getSecret()).thenReturn("shhh!!!");
when(signatureFactory.getSignatureMethod("method", secret, "shhh!!!")).thenReturn(sigMethod);
ConsumerAuthentication authentication = new ConsumerAuthentication(details, credentials);
filter.validateSignature(authentication);
verify(sigMethod).verify("base", "sig");
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SignatureSecret(org.springframework.security.oauth.common.signature.SignatureSecret)
OAuthProviderToken(org.springframework.security.oauth.provider.token.OAuthProviderToken)
ConsumerCredentials(org.springframework.security.oauth.provider.ConsumerCredentials)
FilterChain(javax.servlet.FilterChain)
GrantedAuthority(org.springframework.security.core.GrantedAuthority)
ConsumerAuthentication(org.springframework.security.oauth.provider.ConsumerAuthentication)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
OAuthSignatureMethod(org.springframework.security.oauth.common.signature.OAuthSignatureMethod)
ConsumerDetails(org.springframework.security.oauth.provider.ConsumerDetails)
Test(org.junit.Test)
Example 3 with OAuthSignatureMethod
use of org.springframework.security.oauth.common.signature.OAuthSignatureMethod in project spring-security-oauth by spring-projects.
the class CoreOAuthConsumerSupport method loadOAuthParameters.
/**
* Loads the OAuth parameters for the given resource at the given URL and the given token. These parameters include
* any query parameters on the URL since they are included in the signature. The oauth parameters are NOT encoded.
*
* @param details The resource details.
* @param requestURL The request URL.
* @param requestToken The request token.
* @param httpMethod The http method.
* @param additionalParameters Additional oauth parameters (outside of the core oauth spec).
* @return The parameters.
*/
protected Map<String, Set<CharSequence>> loadOAuthParameters(ProtectedResourceDetails details, URL requestURL, OAuthConsumerToken requestToken, String httpMethod, Map<String, String> additionalParameters) {
Map<String, Set<CharSequence>> oauthParams = new TreeMap<String, Set<CharSequence>>();
if (additionalParameters != null) {
for (Map.Entry<String, String> additionalParam : additionalParameters.entrySet()) {
Set<CharSequence> values = oauthParams.get(additionalParam.getKey());
if (values == null) {
values = new HashSet<CharSequence>();
oauthParams.put(additionalParam.getKey(), values);
}
if (additionalParam.getValue() != null) {
values.add(additionalParam.getValue());
}
}
}
String query = requestURL.getQuery();
if (query != null) {
StringTokenizer queryTokenizer = new StringTokenizer(query, "&");
while (queryTokenizer.hasMoreElements()) {
String token = (String) queryTokenizer.nextElement();
CharSequence value = null;
int equalsIndex = token.indexOf('=');
if (equalsIndex < 0) {
token = urlDecode(token);
} else {
value = new QueryParameterValue(urlDecode(token.substring(equalsIndex + 1)));
token = urlDecode(token.substring(0, equalsIndex));
}
Set<CharSequence> values = oauthParams.get(token);
if (values == null) {
values = new HashSet<CharSequence>();
oauthParams.put(token, values);
}
if (value != null) {
values.add(value);
}
}
}
String tokenSecret = requestToken == null ? null : requestToken.getSecret();
String nonce = getNonceFactory().generateNonce();
oauthParams.put(OAuthConsumerParameter.oauth_consumer_key.toString(), Collections.singleton((CharSequence) details.getConsumerKey()));
if ((requestToken != null) && (requestToken.getValue() != null)) {
oauthParams.put(OAuthConsumerParameter.oauth_token.toString(), Collections.singleton((CharSequence) requestToken.getValue()));
}
oauthParams.put(OAuthConsumerParameter.oauth_nonce.toString(), Collections.singleton((CharSequence) nonce));
oauthParams.put(OAuthConsumerParameter.oauth_signature_method.toString(), Collections.singleton((CharSequence) details.getSignatureMethod()));
oauthParams.put(OAuthConsumerParameter.oauth_timestamp.toString(), Collections.singleton((CharSequence) String.valueOf(System.currentTimeMillis() / 1000)));
oauthParams.put(OAuthConsumerParameter.oauth_version.toString(), Collections.singleton((CharSequence) "1.0"));
String signatureBaseString = getSignatureBaseString(oauthParams, requestURL, httpMethod);
OAuthSignatureMethod signatureMethod;
try {
signatureMethod = getSignatureFactory().getSignatureMethod(details.getSignatureMethod(), details.getSharedSecret(), tokenSecret);
} catch (UnsupportedSignatureMethodException e) {
throw new OAuthRequestFailedException(e.getMessage(), e);
}
String signature = signatureMethod.sign(signatureBaseString);
oauthParams.put(OAuthConsumerParameter.oauth_signature.toString(), Collections.singleton((CharSequence) signature));
return oauthParams;
}
Also used :
OAuthRequestFailedException(org.springframework.security.oauth.consumer.OAuthRequestFailedException)
UnsupportedSignatureMethodException(org.springframework.security.oauth.common.signature.UnsupportedSignatureMethodException)
OAuthSignatureMethod(org.springframework.security.oauth.common.signature.OAuthSignatureMethod)
Aggregations
OAuthSignatureMethod (org.springframework.security.oauth.common.signature.OAuthSignatureMethod)3
Test (org.junit.Test)2
URL (java.net.URL)1
HashMap (java.util.HashMap)1
LinkedHashSet (java.util.LinkedHashSet)1
Map (java.util.Map)1
Set (java.util.Set)1
TreeMap (java.util.TreeMap)1
FilterChain (javax.servlet.FilterChain)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
GrantedAuthority (org.springframework.security.core.GrantedAuthority)1
OAuthSignatureMethodFactory (org.springframework.security.oauth.common.signature.OAuthSignatureMethodFactory)1
SharedConsumerSecret (org.springframework.security.oauth.common.signature.SharedConsumerSecret)1
SharedConsumerSecretImpl (org.springframework.security.oauth.common.signature.SharedConsumerSecretImpl)1
SignatureSecret (org.springframework.security.oauth.common.signature.SignatureSecret)1
UnsupportedSignatureMethodException (org.springframework.security.oauth.common.signature.UnsupportedSignatureMethodException)1
OAuthConsumerToken (org.springframework.security.oauth.consumer.OAuthConsumerToken)1
OAuthRequestFailedException (org.springframework.security.oauth.consumer.OAuthRequestFailedException)1
ConsumerAuthentication (org.springframework.security.oauth.provider.ConsumerAuthentication)1
