Search in sources :

Example 1 with OAuthException

use of net.oauth.OAuthException in project bigbluebutton by bigbluebutton.

the class HMAC_SHA1 method isValid.

@Override
public boolean isValid(String signature, String baseString) throws OAuthException {
    try {
        byte[] expected = computeSignature(baseString);
        byte[] actual = decodeBase64(signature);
        return Arrays.equals(expected, actual);
    } catch (GeneralSecurityException e) {
        throw new OAuthException(e);
    } catch (UnsupportedEncodingException e) {
        throw new OAuthException(e);
    }
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) OAuthException(net.oauth.OAuthException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 2 with OAuthException

use of net.oauth.OAuthException in project candlepin by candlepin.

the class OAuth method getPrincipal.

/**
 * Attempt to pull a principal off of an oauth signed message.
 *
 * @return the principal if it can be created, null otherwise
 */
public Principal getPrincipal(HttpRequest httpRequest) {
    Principal principal = null;
    I18n i18n = i18nProvider.get();
    try {
        if (AuthUtil.getHeader(httpRequest, "Authorization").contains("oauth")) {
            OAuthMessage requestMessage = new RestEasyOAuthMessage(httpRequest);
            OAuthAccessor accessor = this.getAccessor(requestMessage);
            // TODO: This is known to be memory intensive.
            VALIDATOR.validateMessage(requestMessage, accessor);
            // If we got here, it is a valid oauth message.
            // Figure out which kind of principal we should create, based on header
            log.debug("Using OAuth");
            if (!AuthUtil.getHeader(httpRequest, TrustedUserAuth.USER_HEADER).equals("")) {
                principal = userAuth.getPrincipal(httpRequest);
            } else if (!AuthUtil.getHeader(httpRequest, TrustedConsumerAuth.CONSUMER_HEADER).equals("")) {
                principal = consumerAuth.getPrincipal(httpRequest);
            } else {
                // The external system is acting on behalf of itself
                principal = systemAuth.getPrincipal(httpRequest);
            }
        }
    } catch (OAuthProblemException e) {
        log.debug("OAuth Problem", e);
        // status code of 200. make it 401 unauthorized instead.
        if (e.getProblem().equals("signature_invalid")) {
            throw new NotAuthorizedException(i18n.tr("Invalid OAuth unit or secret"));
        }
        Response.Status returnCode = Response.Status.fromStatusCode(e.getHttpStatusCode());
        String message = i18n.tr("OAuth problem encountered. Internal message is: {0}", e.getMessage());
        throw new CandlepinException(returnCode, message);
    } catch (OAuthException e) {
        log.debug("OAuth Error", e);
        String message = i18n.tr("OAuth error encountered. Internal message is: {0}", e.getMessage());
        throw new BadRequestException(message);
    } catch (URISyntaxException e) {
        throw new IseException(e.getMessage(), e);
    } catch (IOException e) {
        throw new IseException(e.getMessage(), e);
    }
    return principal;
}
Also used : CandlepinException(org.candlepin.common.exceptions.CandlepinException) RestEasyOAuthMessage(org.candlepin.common.resteasy.auth.RestEasyOAuthMessage) OAuthMessage(net.oauth.OAuthMessage) OAuthException(net.oauth.OAuthException) NotAuthorizedException(org.candlepin.common.exceptions.NotAuthorizedException) URISyntaxException(java.net.URISyntaxException) IOException(java.io.IOException) RestEasyOAuthMessage(org.candlepin.common.resteasy.auth.RestEasyOAuthMessage) OAuthAccessor(net.oauth.OAuthAccessor) OAuthProblemException(net.oauth.OAuthProblemException) IseException(org.candlepin.common.exceptions.IseException) BadRequestException(org.candlepin.common.exceptions.BadRequestException) I18n(org.xnap.commons.i18n.I18n)

Example 3 with OAuthException

use of net.oauth.OAuthException in project bigbluebutton by bigbluebutton.

the class OAuthSignatureMethod method newMethod.

/** The factory for signature methods. */
public static OAuthSignatureMethod newMethod(String name, OAuthAccessor accessor) throws OAuthException {
    try {
        Class methodClass = NAME_TO_CLASS.get(name);
        if (methodClass != null) {
            OAuthSignatureMethod method = (OAuthSignatureMethod) methodClass.newInstance();
            method.initialize(name, accessor);
            return method;
        }
        OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.SIGNATURE_METHOD_REJECTED);
        String acceptable = OAuth.percentEncode(NAME_TO_CLASS.keySet());
        if (acceptable.length() > 0) {
            problem.setParameter("oauth_acceptable_signature_methods", acceptable.toString());
        }
        throw problem;
    } catch (InstantiationException e) {
        throw new OAuthException(e);
    } catch (IllegalAccessException e) {
        throw new OAuthException(e);
    }
}
Also used : OAuthProblemException(net.oauth.OAuthProblemException) OAuthException(net.oauth.OAuthException)

Example 4 with OAuthException

use of net.oauth.OAuthException in project bigbluebutton by bigbluebutton.

the class RSA_SHA1 method initialize.

@Override
protected void initialize(String name, OAuthAccessor accessor) throws OAuthException {
    super.initialize(name, accessor);
    // The stream may not be markable so it can't be read again.
    try {
        Object privateKeyObject = accessor.consumer.getProperty(PRIVATE_KEY);
        if (privateKeyObject != null) {
            privateKey = loadPrivateKey(privateKeyObject);
        }
        Object publicKeyObject = accessor.consumer.getProperty(PUBLIC_KEY);
        if (publicKeyObject != null) {
            publicKey = loadPublicKey(publicKeyObject, false);
        } else {
            // public key was null. perhaps they gave us a X509 cert.
            Object certObject = accessor.consumer.getProperty(X509_CERTIFICATE);
            if (certObject != null) {
                publicKey = loadPublicKey(certObject, true);
            }
        }
    } catch (GeneralSecurityException e) {
        throw new OAuthException(e);
    } catch (IOException e) {
        throw new OAuthException(e);
    }
}
Also used : GeneralSecurityException(java.security.GeneralSecurityException) OAuthException(net.oauth.OAuthException) IOException(java.io.IOException)

Example 5 with OAuthException

use of net.oauth.OAuthException in project cxf by apache.

the class MD5SequenceGenerator method generate.

public String generate(byte[] input) throws OAuthException {
    if (input == null) {
        throw new OAuthException("You have to pass input to Token Generator");
    }
    try {
        MessageDigest algorithm = MessageDigest.getInstance("MD5");
        algorithm.reset();
        algorithm.update(input);
        byte[] messageDigest = algorithm.digest();
        StringBuilder hexString = new StringBuilder();
        for (int i = 0; i < messageDigest.length; i++) {
            hexString.append(Integer.toHexString(0xFF & messageDigest[i]));
        }
        return hexString.toString();
    } catch (NoSuchAlgorithmException e) {
        throw new OAuthException(e);
    }
}
Also used : OAuthException(net.oauth.OAuthException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) MessageDigest(java.security.MessageDigest)

Aggregations

OAuthException (net.oauth.OAuthException)7 IOException (java.io.IOException)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 GeneralSecurityException (java.security.GeneralSecurityException)2 OAuthMessage (net.oauth.OAuthMessage)2 OAuthProblemException (net.oauth.OAuthProblemException)2 ServiceException (com.zimbra.common.service.ServiceException)1 Account (com.zimbra.cs.account.Account)1 AuthToken (com.zimbra.cs.account.AuthToken)1 AuthTokenException (com.zimbra.cs.account.AuthTokenException)1 ZimbraAuthToken (com.zimbra.cs.account.ZimbraAuthToken)1 URISyntaxException (java.net.URISyntaxException)1 MessageDigest (java.security.MessageDigest)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Parameter (net.oauth.OAuth.Parameter)1 OAuthAccessor (net.oauth.OAuthAccessor)1 UriBuilder (org.apache.shindig.common.uri.UriBuilder)1 HttpRequest (org.apache.shindig.gadgets.http.HttpRequest)1 BadRequestException (org.candlepin.common.exceptions.BadRequestException)1 CandlepinException (org.candlepin.common.exceptions.CandlepinException)1