Search in sources :

Example 1 with RequestToken

use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.

the class RequestTokenRequest method postReqTokenRequest.

/**
     * POST method for creating a request for a Request Token
     * @param content representation for the resource
     * @return an HTTP response with content of the updated or created resource.
     */
@POST
@Consumes("application/x-www-form-urlencoded")
@Produces("application/x-www-form-urlencoded")
public Response postReqTokenRequest(@Context HttpContext hc, String content) {
    boolean sigIsOk = false;
    OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
    try {
        OAuthServerRequest request = new OAuthServerRequest(hc.getRequest());
        OAuthParameters params = new OAuthParameters();
        params.readRequest(request);
        String tok = params.getToken();
        if ((tok != null) && (!tok.contentEquals("")))
            throw new WebApplicationException(new Throwable(OAUTH_TOKEN + " MUST not be present."), BAD_REQUEST);
        String conskey = params.getConsumerKey();
        if (conskey == null) {
            throw new WebApplicationException(new Throwable("Consumer key is missing."), BAD_REQUEST);
        }
        String signatureMethod = params.getSignatureMethod();
        if (signatureMethod == null) {
            throw new WebApplicationException(new Throwable("Signature Method is missing."), BAD_REQUEST);
        }
        String callback = params.get(OAUTH_CALLBACK);
        if ((callback == null) || (callback.isEmpty())) {
            throw new WebApplicationException(new Throwable("Callback URL is missing."), BAD_REQUEST);
        }
        if (!callback.equals(OAUTH_OOB)) {
            try {
                URL url = new URL(callback);
            } catch (MalformedURLException me) {
                throw new WebApplicationException(new Throwable("Callback URL is not valid."), BAD_REQUEST);
            }
        }
        Map<String, String> searchMap = new HashMap<String, String>();
        searchMap.put(CONSUMER_KEY, conskey);
        List<Consumer> consumers = oauthResMgr.searchConsumers(searchMap);
        if ((consumers != null) && (!consumers.isEmpty())) {
            cons = consumers.get(0);
        }
        if (cons == null) {
            throw new WebApplicationException(new Throwable("Consumer key invalid or service not registered"), BAD_REQUEST);
        }
        String secret = null;
        if (signatureMethod.equalsIgnoreCase(RSA_SHA1.NAME)) {
            secret = cons.getConsRsakey();
        } else {
            secret = cons.getConsSecret();
        }
        OAuthSecrets secrets = new OAuthSecrets().consumerSecret(secret).tokenSecret("");
        try {
            sigIsOk = OAuthSignature.verify(request, params, secrets);
        } catch (OAuthSignatureException ex) {
            Logger.getLogger(RequestTokenRequest.class.getName()).log(Level.SEVERE, null, ex);
        }
        if (!sigIsOk)
            throw new WebApplicationException(new Throwable("Signature invalid."), BAD_REQUEST);
        // We're good to go.
        RequestToken rt = new RequestToken();
        rt.setConsumerId(cons);
        String baseUri = context.getBaseUri().toString();
        if (baseUri.endsWith("/")) {
            baseUri = baseUri.substring(0, baseUri.length() - 1);
        }
        URI loc = URI.create(baseUri + PathDefs.REQUEST_TOKENS_PATH + "/" + new UniqueRandomString().getString());
        rt.setReqtUri(loc.toString());
        rt.setReqtSecret(new UniqueRandomString().getString());
        // Same value for now
        rt.setReqtVal(loc.toString());
        // Set the callback URL
        rt.setCallback(callback);
        //oauthResMgr.createConsumer(null, cons);
        oauthResMgr.createRequestToken(null, rt);
        String resp = OAUTH_TOKEN + "=" + rt.getReqtVal() + "&" + OAUTH_TOKEN_SECRET + "=" + rt.getReqtSecret() + "&" + OAUTH_CALLBACK_CONFIRMED + "=true";
        return Response.created(loc).entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
    } catch (OAuthServiceException e) {
        Logger.getLogger(RequestTokenRequest.class.getName()).log(Level.SEVERE, null, e);
        throw new WebApplicationException(e);
    }
}
Also used : MalformedURLException(java.net.MalformedURLException) UniqueRandomString(com.sun.identity.oauth.service.util.UniqueRandomString) WebApplicationException(javax.ws.rs.WebApplicationException) HashMap(java.util.HashMap) UniqueRandomString(com.sun.identity.oauth.service.util.UniqueRandomString) URI(java.net.URI) URL(java.net.URL) OAuthServerRequest(com.sun.jersey.oauth.server.OAuthServerRequest) Consumer(com.sun.identity.oauth.service.models.Consumer) RequestToken(com.sun.identity.oauth.service.models.RequestToken) OAuthParameters(com.sun.jersey.oauth.signature.OAuthParameters) OAuthSignatureException(com.sun.jersey.oauth.signature.OAuthSignatureException) OAuthSecrets(com.sun.jersey.oauth.signature.OAuthSecrets) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces)

Example 2 with RequestToken

use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.

the class RequestTokenResource method deleteReqtoken.

@DELETE
@Consumes(MediaType.TEXT_PLAIN)
public Response deleteReqtoken() {
    OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
    try {
        String tokenuri = context.getAbsolutePath().toString();
        Map<String, String> searchMap = new HashMap<String, String>();
        searchMap.put(REQUEST_TOKEN_URI, tokenuri);
        List<RequestToken> reqTokens = oauthResMgr.searchRequestTokens(searchMap);
        RequestToken token = null;
        if ((reqTokens != null) && (!reqTokens.isEmpty())) {
            token = reqTokens.get(0);
        }
        if (token == null) {
            return Response.status(UNAUTHORIZED).build();
        }
        oauthResMgr.deleteRequestToken(token);
        return Response.ok().build();
    } catch (OAuthServiceException e) {
        Logger.getLogger(RequestTokenResource.class.getName()).log(Level.SEVERE, null, e);
        throw new WebApplicationException(e);
    }
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) HashMap(java.util.HashMap) RequestToken(com.sun.identity.oauth.service.models.RequestToken) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes)

Example 3 with RequestToken

use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.

the class AccessTokenRequest method postAccessTokenRequest.

/**
     * POST method for creating a request for Rquest Token
     * @param content representation for the resource
     * @return an HTTP response with content of the updated or created resource.
     */
@POST
@Consumes("application/x-www-form-urlencoded")
public Response postAccessTokenRequest(@Context HttpContext hc, @Context Request req, String content) {
    boolean sigIsOk = false;
    OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
    try {
        Consumer cons = null;
        OAuthServerRequest request = new OAuthServerRequest(hc.getRequest());
        OAuthParameters params = new OAuthParameters();
        params.readRequest(request);
        if (params.getToken() == null)
            throw new WebApplicationException(new Throwable(OAUTH_TOKEN + " MUST be present."), BAD_REQUEST);
        // Check the existence of oauth verifier
        String requestVerifier = params.get(OAUTH_VERIFIER);
        if ((requestVerifier == null) || (requestVerifier.isEmpty())) {
            throw new WebApplicationException(new Throwable(OAUTH_VERIFIER + " MUST be present."), BAD_REQUEST);
        }
        Map<String, String> searchMap = new HashMap<String, String>();
        searchMap.put(REQUEST_TOKEN_URI, params.getToken());
        List<RequestToken> reqTokens = oauthResMgr.searchRequestTokens(searchMap);
        RequestToken rt = null;
        if ((reqTokens != null) && (!reqTokens.isEmpty())) {
            rt = reqTokens.get(0);
        }
        if (rt == null) {
            throw new WebApplicationException(new Throwable("Token invalid."), BAD_REQUEST);
        }
        String conskey = params.getConsumerKey();
        if (conskey == null) {
            throw new WebApplicationException(new Throwable("Consumer key is missing."), BAD_REQUEST);
        }
        String signatureMethod = params.getSignatureMethod();
        if (signatureMethod == null) {
            throw new WebApplicationException(new Throwable("Signature Method is missing."), BAD_REQUEST);
        }
        // Check that the verifiers match
        String reqTokenVerifier = rt.getVerifier();
        if (!requestVerifier.equals(reqTokenVerifier)) {
            throw new WebApplicationException(new Throwable("The oauth_verifier parameter is not valid."), BAD_REQUEST);
        }
        cons = rt.getConsumerId();
        if (cons == null) {
            throw new WebApplicationException(new Throwable("Consumer key invalid or service not registered"), BAD_REQUEST);
        }
        String secret = null;
        if (signatureMethod.equalsIgnoreCase(RSA_SHA1.NAME)) {
            secret = cons.getConsRsakey();
        } else {
            secret = cons.getConsSecret();
        }
        OAuthSecrets secrets = new OAuthSecrets().consumerSecret(secret).tokenSecret(rt.getReqtSecret());
        try {
            sigIsOk = OAuthSignature.verify(request, params, secrets);
        } catch (OAuthSignatureException ex) {
            Logger.getLogger(AccessTokenRequest.class.getName()).log(Level.SEVERE, null, ex);
        }
        if (!sigIsOk) {
            throw new WebApplicationException(new Throwable("Signature invalid."), BAD_REQUEST);
        }
        // We're good to go.
        AccessToken newtok = new AccessToken();
        newtok.setAcctOnetime((short) 1);
        newtok.setAcctPpalid(rt.getReqtPpalid());
        String baseUri = context.getBaseUri().toString();
        if (baseUri.endsWith("/")) {
            baseUri = baseUri.substring(0, baseUri.length() - 1);
        }
        URI loc = URI.create(baseUri + PathDefs.ACCESS_TOKENS_PATH + "/" + new UniqueRandomString().getString());
        newtok.setAcctUri(loc.toString());
        newtok.setAcctSecret(new UniqueRandomString().getString());
        newtok.setConsumerId(rt.getConsumerId());
        // for now val = uri
        newtok.setAcctVal(newtok.getAcctUri());
        oauthResMgr.createAccessToken(null, newtok);
        oauthResMgr.deleteRequestToken(rt);
        // Preparing the response.
        String resp = OAUTH_TOKEN + "=" + newtok.getAcctVal() + "&" + OAUTH_TOKEN_SECRET + "=" + newtok.getAcctSecret();
        return Response.created(loc).entity(resp).type(MediaType.APPLICATION_FORM_URLENCODED).build();
    } catch (OAuthServiceException e) {
        Logger.getLogger(AccessTokenRequest.class.getName()).log(Level.SEVERE, null, e);
        // 500 error
        throw new WebApplicationException(e);
    }
}
Also used : UniqueRandomString(com.sun.identity.oauth.service.util.UniqueRandomString) WebApplicationException(javax.ws.rs.WebApplicationException) HashMap(java.util.HashMap) UniqueRandomString(com.sun.identity.oauth.service.util.UniqueRandomString) URI(java.net.URI) OAuthServerRequest(com.sun.jersey.oauth.server.OAuthServerRequest) Consumer(com.sun.identity.oauth.service.models.Consumer) RequestToken(com.sun.identity.oauth.service.models.RequestToken) AccessToken(com.sun.identity.oauth.service.models.AccessToken) OAuthParameters(com.sun.jersey.oauth.signature.OAuthParameters) OAuthSignatureException(com.sun.jersey.oauth.signature.OAuthSignatureException) OAuthSecrets(com.sun.jersey.oauth.signature.OAuthSecrets) POST(javax.ws.rs.POST) Consumes(javax.ws.rs.Consumes)

Example 4 with RequestToken

use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.

the class AuthorizationFactory method createAuthorization.

/**
     * GET method for obtaining user's consent
     * @param token OAuth token
     * @param cbk OAuth Callback URI
     * @param uid OAuth User Id
     * @return an HTTP form with content of the updated or created resource.
     */
@GET
@Consumes("application/xml")
public Response createAuthorization(@QueryParam(OAUTH_TOKEN) String token, // @QueryParam(OAUTH_CALLBACK) String cbk,
@QueryParam(OAUTH_ID) String uid) {
    if (token == null)
        throw new WebApplicationException(new Throwable("No OAuth token."));
    //    throw new WebApplicationException(new Throwable("No callback URI."));
    if (uid == null)
        throw new WebApplicationException(new Throwable("No User iD."));
    // From here, we're good to go.
    OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
    try {
        Map<String, String> searchMap = new HashMap<String, String>();
        searchMap.put(REQUEST_TOKEN_URI, token);
        List<RequestToken> reqTokens = oauthResMgr.searchRequestTokens(searchMap);
        RequestToken rt = null;
        if ((reqTokens != null) && (!reqTokens.isEmpty())) {
            rt = reqTokens.get(0);
        }
        if (rt == null)
            throw new WebApplicationException(new Throwable("Request token invalid."));
        rt.setReqtPpalid(uid);
        // generate a verfier for the token authorization
        String verifier = new UniqueRandomString().getString();
        rt.setVerifier(verifier);
        String cbk = rt.getCallback();
        oauthResMgr.updateRequestToken(rt);
        // Preparing the response.
        String resp = OAUTH_TOKEN + "=" + token + "&" + OAUTH_VERIFIER + "=" + verifier;
        if (cbk.equals(OAUTH_OOB)) {
            // No callback URL is provided by the consumer
            return Response.ok(resp, MediaType.TEXT_PLAIN).build();
        }
        // Sends the response based on the callback URL
        if (cbk.contains("?")) {
            resp = cbk + "&" + resp;
        } else {
            resp = cbk + "?" + resp;
        }
        URI respURI = new URI(resp);
        return Response.seeOther(respURI).build();
    } catch (URISyntaxException ex) {
        Logger.getLogger(AuthorizationFactory.class.getName()).log(Level.SEVERE, null, ex);
        return Response.serverError().build();
    } catch (Exception e) {
        Logger.getLogger(AuthorizationFactory.class.getName()).log(Level.SEVERE, null, e);
        throw new WebApplicationException(e);
    }
}
Also used : UniqueRandomString(com.sun.identity.oauth.service.util.UniqueRandomString) WebApplicationException(javax.ws.rs.WebApplicationException) HashMap(java.util.HashMap) UniqueRandomString(com.sun.identity.oauth.service.util.UniqueRandomString) URISyntaxException(java.net.URISyntaxException) URI(java.net.URI) URISyntaxException(java.net.URISyntaxException) WebApplicationException(javax.ws.rs.WebApplicationException) RequestToken(com.sun.identity.oauth.service.models.RequestToken) Consumes(javax.ws.rs.Consumes) GET(javax.ws.rs.GET)

Example 5 with RequestToken

use of com.sun.identity.oauth.service.models.RequestToken in project OpenAM by OpenRock.

the class NoBrowserAuthorization method NoBrowserAuthorization.

/**
     * GET method to authenticate & obtain user's consent.
     * This endpoint does not use callback and does not rely on
     * browser-based authorization but rather submits the credentials
     * to a predefined OpenSSO endpoint.
     *
     * @param username (@String) is the user name to authenticate at the OpenSSO
     * instance
     * @param password (@String) is the user's password
     * @param requestToken (@String) is the request token to authorize
     * @return 200 in case of success, 403 if authentications fails, 400 otherwise.
     */
@GET
public Response NoBrowserAuthorization(@QueryParam(USERNAME) String username, @QueryParam(PASSWORD) String password, @QueryParam(REQUEST_TOKEN) String requestToken) {
    if (username == null || password == null || requestToken == null) {
        throw new WebApplicationException(new Throwable("Request invalid."));
    }
    // authenticate the user and get the OpenSSO session token
    String tokenId = null;
    try {
        tokenId = OAuthServiceUtils.authenticate(username, password, false);
    } catch (OAuthServiceException oe) {
        Logger.getLogger(NoBrowserAuthorization.class.getName()).log(Level.SEVERE, null, oe);
        return Response.status(FORBIDDEN).build();
    }
    if (tokenId == null) {
        return Response.status(BAD_REQUEST).build();
    }
    // Based on the session token, get the UUID of the user
    String subject = null;
    try {
        subject = OAuthServiceUtils.getUUIDByTokenId(tokenId);
    } catch (OAuthServiceException oe) {
        Logger.getLogger(NoBrowserAuthorization.class.getName()).log(Level.SEVERE, null, oe);
        return Response.status(FORBIDDEN).build();
    }
    if (subject == null) {
        return Response.status(FORBIDDEN).build();
    }
    OAuthResourceManager oauthResMgr = OAuthResourceManager.getInstance();
    try {
        Map<String, String> searchMap = new HashMap<String, String>();
        searchMap.put(REQUEST_TOKEN_URI, requestToken);
        List<RequestToken> reqTokens = oauthResMgr.searchRequestTokens(searchMap);
        RequestToken rt = null;
        if ((reqTokens != null) && (!reqTokens.isEmpty())) {
            rt = reqTokens.get(0);
        }
        if (rt == null) {
            throw new WebApplicationException(new Throwable("Request token invalid."));
        }
        rt.setReqtPpalid(subject);
        oauthResMgr.updateRequestToken(rt);
        return Response.ok().build();
    } catch (OAuthServiceException e) {
        Logger.getLogger(NoBrowserAuthorization.class.getName()).log(Level.SEVERE, null, e);
        throw new WebApplicationException(e);
    }
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) HashMap(java.util.HashMap) RequestToken(com.sun.identity.oauth.service.models.RequestToken) GET(javax.ws.rs.GET)

Aggregations

RequestToken (com.sun.identity.oauth.service.models.RequestToken)7 HashMap (java.util.HashMap)5 WebApplicationException (javax.ws.rs.WebApplicationException)5 Consumes (javax.ws.rs.Consumes)4 Consumer (com.sun.identity.oauth.service.models.Consumer)3 UniqueRandomString (com.sun.identity.oauth.service.util.UniqueRandomString)3 URI (java.net.URI)3 OAuthServerRequest (com.sun.jersey.oauth.server.OAuthServerRequest)2 OAuthParameters (com.sun.jersey.oauth.signature.OAuthParameters)2 OAuthSecrets (com.sun.jersey.oauth.signature.OAuthSecrets)2 OAuthSignatureException (com.sun.jersey.oauth.signature.OAuthSignatureException)2 GET (javax.ws.rs.GET)2 POST (javax.ws.rs.POST)2 AccessToken (com.sun.identity.oauth.service.models.AccessToken)1 MalformedURLException (java.net.MalformedURLException)1 URISyntaxException (java.net.URISyntaxException)1 URL (java.net.URL)1 ParseException (java.text.ParseException)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1