Examples with OAuthException net.oauth.OAuthException used on opensource projects

Example 6 with OAuthException

use of net.oauth.OAuthException in project liferay-ide by liferay.

the class OAuthRequest method sanitizeAndSign.

/**
 * Start with an HttpRequest.
 * Throw if there are any attacks in the query.
 * Throw if there are any attacks in the post body.
 * Build up OAuth parameter list.
 * Sign it.
 * Add OAuth parameters to new request.
 * Send it.
 */
public HttpRequest sanitizeAndSign(HttpRequest base, List<Parameter> params, boolean tokenEndpoint) throws OAuthRequestException {
    if (params == null) {
        params = Lists.newArrayList();
    }
    UriBuilder target = new UriBuilder(base.getUri());
    String query = target.getQuery();
    target.setQuery(null);
    params.addAll(sanitize(OAuth.decodeForm(query)));
    switch(OAuthUtil.getSignatureType(tokenEndpoint, base.getHeader("Content-Type"))) {
        case URL_ONLY:
            break;
        case URL_AND_FORM_PARAMS:
            try {
                params.addAll(sanitize(OAuth.decodeForm(base.getPostBodyAsString())));
            } catch (IllegalArgumentException e) {
                // Occurs if OAuth.decodeForm finds an invalid URL to decode.
                throw new OAuthRequestException(OAuthError.INVALID_REQUEST, "Could not decode body", e);
            }
            break;
        case URL_AND_BODY_HASH:
            try {
                byte[] body = IOUtils.toByteArray(base.getPostBody());
                byte[] hash = DigestUtils.sha(body);
                String b64 = new String(Base64.encodeBase64(hash), Charsets.UTF_8.name());
                params.add(new Parameter(OAuthConstants.OAUTH_BODY_HASH, b64));
            } catch (IOException e) {
                throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Error taking body hash", e);
            }
            break;
    }
    // authParams are parameters prefixed with 'xoauth' 'oauth' or 'opensocial',
    // trusted parameters have ability to override these parameters.
    List<Parameter> authParams = Lists.newArrayList();
    addIdentityParams(authParams);
    addSignatureParams(authParams);
    overrideParameters(authParams);
    params.addAll(authParams);
    try {
        OAuthMessage signed = OAuthUtil.newRequestMessage(accessorInfo.getAccessor(), base.getMethod(), target.toString(), params);
        HttpRequest oauthHttpRequest = createHttpRequest(base, selectOAuthParams(signed));
        // Following 302s on OAuth responses is unlikely to be productive.
        oauthHttpRequest.setFollowRedirects(false);
        return oauthHttpRequest;
    } catch (OAuthException e) {
        throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Error signing message", e);
    }
}

Example 7 with OAuthException

use of net.oauth.OAuthException in project zm-mailbox by Zimbra.

the class OAuthServiceProvider method markAsAuthorized.

/**
 * Mark OAuth consumer as authorized and update accessor properties.
 */
public static synchronized void markAsAuthorized(OAuthAccessor accessor, String userId, String zauthtoken) throws OAuthException {
    accessor.setProperty("user", userId);
    accessor.setProperty("authorized", Boolean.TRUE);
    accessor.setProperty("ZM_AUTH_TOKEN", zauthtoken);
    AuthToken zimbraAuthToken;
    try {
        zimbraAuthToken = ZimbraAuthToken.getAuthToken(zauthtoken);
        final Account account = zimbraAuthToken.getAccount();
        setAccountPropertiesForAccessor(account, accessor);
    } catch (AuthTokenException | UnsupportedEncodingException | ServiceException e) {
        throw new OAuthException(e);
    }
    accessor.consumer.setProperty("approved_on", Long.toString(System.currentTimeMillis()));
}