Examples with Parameter - net.oauth.OAuth.Parameter

Example 1 with Parameter

use of net.oauth.OAuth.Parameter in project liferay-ide by liferay.

the class OAuthRequest method addSignatureParams.

/**
 * Add signature type to the message.
 */
private void addSignatureParams(List<Parameter> params) {
    if (accessorInfo.getConsumer().getConsumer().consumerKey == null) {
        params.add(new Parameter(OAuth.OAUTH_CONSUMER_KEY, realRequest.getSecurityToken().getDomain()));
    }
    if (accessorInfo.getConsumer().getKeyName() != null) {
        params.add(new Parameter(XOAUTH_PUBLIC_KEY_OLD, accessorInfo.getConsumer().getKeyName()));
        params.add(new Parameter(XOAUTH_PUBLIC_KEY_NEW, accessorInfo.getConsumer().getKeyName()));
    }
    params.add(new Parameter(OAuth.OAUTH_VERSION, OAuth.VERSION_1_0));
    params.add(new Parameter(OAuth.OAUTH_TIMESTAMP, Long.toString(fetcherConfig.getClock().currentTimeMillis() / 1000L)));
    // the oauth.net java code uses a clock to generate nonces, which causes nonce collisions
    // under heavy load.  A random nonce is more reliable.
    params.add(new Parameter(OAuth.OAUTH_NONCE, String.valueOf(Math.abs(Crypto.RAND.nextLong()))));
}

Also used : Parameter(net.oauth.OAuth.Parameter)

Example 2 with Parameter

use of net.oauth.OAuth.Parameter in project liferay-ide by liferay.

the class OAuthRequest method fetchRequestToken.

private void fetchRequestToken() throws OAuthRequestException, OAuthProtocolException {
    OAuthAccessor accessor = accessorInfo.getAccessor();
    HttpRequest request = createRequestTokenRequest(accessor);
    List<Parameter> requestTokenParams = Lists.newArrayList();
    addCallback(requestTokenParams);
    HttpRequest signed = sanitizeAndSign(request, requestTokenParams, true);
    OAuthMessage reply = sendOAuthMessage(signed);
    accessor.requestToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN);
    accessor.tokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET);
}

Also used : OAuthAccessor(net.oauth.OAuthAccessor) HttpRequest(org.apache.shindig.gadgets.http.HttpRequest) OAuthMessage(net.oauth.OAuthMessage) Parameter(net.oauth.OAuth.Parameter)

Example 3 with Parameter

use of net.oauth.OAuth.Parameter in project liferay-ide by liferay.

the class OAuthRequest method sanitizeAndSign.

/**
 * Start with an HttpRequest.
 * Throw if there are any attacks in the query.
 * Throw if there are any attacks in the post body.
 * Build up OAuth parameter list.
 * Sign it.
 * Add OAuth parameters to new request.
 * Send it.
 */
public HttpRequest sanitizeAndSign(HttpRequest base, List<Parameter> params, boolean tokenEndpoint) throws OAuthRequestException {
    if (params == null) {
        params = Lists.newArrayList();
    }
    UriBuilder target = new UriBuilder(base.getUri());
    String query = target.getQuery();
    target.setQuery(null);
    params.addAll(sanitize(OAuth.decodeForm(query)));
    switch(OAuthUtil.getSignatureType(tokenEndpoint, base.getHeader("Content-Type"))) {
        case URL_ONLY:
            break;
        case URL_AND_FORM_PARAMS:
            try {
                params.addAll(sanitize(OAuth.decodeForm(base.getPostBodyAsString())));
            } catch (IllegalArgumentException e) {
                // Occurs if OAuth.decodeForm finds an invalid URL to decode.
                throw new OAuthRequestException(OAuthError.INVALID_REQUEST, "Could not decode body", e);
            }
            break;
        case URL_AND_BODY_HASH:
            try {
                byte[] body = IOUtils.toByteArray(base.getPostBody());
                byte[] hash = DigestUtils.sha(body);
                String b64 = new String(Base64.encodeBase64(hash), Charsets.UTF_8.name());
                params.add(new Parameter(OAuthConstants.OAUTH_BODY_HASH, b64));
            } catch (IOException e) {
                throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Error taking body hash", e);
            }
            break;
    }
    // authParams are parameters prefixed with 'xoauth' 'oauth' or 'opensocial',
    // trusted parameters have ability to override these parameters.
    List<Parameter> authParams = Lists.newArrayList();
    addIdentityParams(authParams);
    addSignatureParams(authParams);
    overrideParameters(authParams);
    params.addAll(authParams);
    try {
        OAuthMessage signed = OAuthUtil.newRequestMessage(accessorInfo.getAccessor(), base.getMethod(), target.toString(), params);
        HttpRequest oauthHttpRequest = createHttpRequest(base, selectOAuthParams(signed));
        // Following 302s on OAuth responses is unlikely to be productive.
        oauthHttpRequest.setFollowRedirects(false);
        return oauthHttpRequest;
    } catch (OAuthException e) {
        throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Error signing message", e);
    }
}

Also used : HttpRequest(org.apache.shindig.gadgets.http.HttpRequest) OAuthMessage(net.oauth.OAuthMessage) OAuthException(net.oauth.OAuthException) Parameter(net.oauth.OAuth.Parameter) IOException(java.io.IOException) UriBuilder(org.apache.shindig.common.uri.UriBuilder)

Example 4 with Parameter

use of net.oauth.OAuth.Parameter in project liferay-ide by liferay.

the class OAuthRequest method addIdentityParams.

/**
 * Add identity information, such as owner/viewer/gadget.
 */
private void addIdentityParams(List<Parameter> params) {
    // requests.
    if (!realRequest.getOAuthArguments().getSignOwner() && !realRequest.getOAuthArguments().getSignViewer()) {
        return;
    }
    String owner = realRequest.getSecurityToken().getOwnerId();
    if (owner != null && realRequest.getOAuthArguments().getSignOwner()) {
        params.add(new Parameter(OPENSOCIAL_OWNERID, owner));
    }
    String viewer = realRequest.getSecurityToken().getViewerId();
    if (viewer != null && realRequest.getOAuthArguments().getSignViewer()) {
        params.add(new Parameter(OPENSOCIAL_VIEWERID, viewer));
    }
    String app = realRequest.getSecurityToken().getAppId();
    if (app != null) {
        params.add(new Parameter(OPENSOCIAL_APPID, app));
    }
    String appUrl = realRequest.getSecurityToken().getAppUrl();
    if (appUrl != null) {
        params.add(new Parameter(OPENSOCIAL_APPURL, appUrl));
    }
    if (realRequest.getOAuthArguments().isProxiedContentRequest()) {
        params.add(new Parameter(OPENSOCIAL_PROXIED_CONTENT, "1"));
    }
}

Also used : Parameter(net.oauth.OAuth.Parameter)

Example 5 with Parameter

use of net.oauth.OAuth.Parameter in project liferay-ide by liferay.

the class OAuthRequest method overrideParameters.

/**
 * This gives a chance to override parameters by passing trusted parameters.
 */
private void overrideParameters(List<Parameter> authParams) throws OAuthRequestException {
    if (trustedParams == null) {
        return;
    }
    Map<String, String> paramMap = Maps.newLinkedHashMap();
    for (Parameter param : authParams) {
        paramMap.put(param.getKey(), param.getValue());
    }
    for (Parameter param : trustedParams) {
        if (!isContainerInjectedParameter(param.getKey())) {
            throw new OAuthRequestException(OAuthError.INVALID_TRUSTED_PARAMETER, param.getKey());
        }
        paramMap.put(param.getKey(), param.getValue());
    }
    authParams.clear();
    for (Entry<String, String> entry : paramMap.entrySet()) {
        authParams.add(new Parameter(entry.getKey(), entry.getValue()));
    }
}

Also used : Parameter(net.oauth.OAuth.Parameter)

Aggregations

Parameter (net.oauth.OAuth.Parameter)6 OAuthMessage (net.oauth.OAuthMessage)3 HttpRequest (org.apache.shindig.gadgets.http.HttpRequest)3 OAuthAccessor (net.oauth.OAuthAccessor)2 IOException (java.io.IOException)1 OAuthException (net.oauth.OAuthException)1 Uri (org.apache.shindig.common.uri.Uri)1 UriBuilder (org.apache.shindig.common.uri.UriBuilder)1