use of net.oauth.OAuthException in project liferay-ide by liferay.
the class OAuthRequest method sanitizeAndSign.
/**
* Start with an HttpRequest.
* Throw if there are any attacks in the query.
* Throw if there are any attacks in the post body.
* Build up OAuth parameter list.
* Sign it.
* Add OAuth parameters to new request.
* Send it.
*/
public HttpRequest sanitizeAndSign(HttpRequest base, List<Parameter> params, boolean tokenEndpoint) throws OAuthRequestException {
if (params == null) {
params = Lists.newArrayList();
}
UriBuilder target = new UriBuilder(base.getUri());
String query = target.getQuery();
target.setQuery(null);
params.addAll(sanitize(OAuth.decodeForm(query)));
switch(OAuthUtil.getSignatureType(tokenEndpoint, base.getHeader("Content-Type"))) {
case URL_ONLY:
break;
case URL_AND_FORM_PARAMS:
try {
params.addAll(sanitize(OAuth.decodeForm(base.getPostBodyAsString())));
} catch (IllegalArgumentException e) {
// Occurs if OAuth.decodeForm finds an invalid URL to decode.
throw new OAuthRequestException(OAuthError.INVALID_REQUEST, "Could not decode body", e);
}
break;
case URL_AND_BODY_HASH:
try {
byte[] body = IOUtils.toByteArray(base.getPostBody());
byte[] hash = DigestUtils.sha(body);
String b64 = new String(Base64.encodeBase64(hash), Charsets.UTF_8.name());
params.add(new Parameter(OAuthConstants.OAUTH_BODY_HASH, b64));
} catch (IOException e) {
throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Error taking body hash", e);
}
break;
}
// authParams are parameters prefixed with 'xoauth' 'oauth' or 'opensocial',
// trusted parameters have ability to override these parameters.
List<Parameter> authParams = Lists.newArrayList();
addIdentityParams(authParams);
addSignatureParams(authParams);
overrideParameters(authParams);
params.addAll(authParams);
try {
OAuthMessage signed = OAuthUtil.newRequestMessage(accessorInfo.getAccessor(), base.getMethod(), target.toString(), params);
HttpRequest oauthHttpRequest = createHttpRequest(base, selectOAuthParams(signed));
// Following 302s on OAuth responses is unlikely to be productive.
oauthHttpRequest.setFollowRedirects(false);
return oauthHttpRequest;
} catch (OAuthException e) {
throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Error signing message", e);
}
}
use of net.oauth.OAuthException in project zm-mailbox by Zimbra.
the class OAuthServiceProvider method markAsAuthorized.
/**
* Mark OAuth consumer as authorized and update accessor properties.
*/
public static synchronized void markAsAuthorized(OAuthAccessor accessor, String userId, String zauthtoken) throws OAuthException {
accessor.setProperty("user", userId);
accessor.setProperty("authorized", Boolean.TRUE);
accessor.setProperty("ZM_AUTH_TOKEN", zauthtoken);
AuthToken zimbraAuthToken;
try {
zimbraAuthToken = ZimbraAuthToken.getAuthToken(zauthtoken);
final Account account = zimbraAuthToken.getAccount();
setAccountPropertiesForAccessor(account, accessor);
} catch (AuthTokenException | UnsupportedEncodingException | ServiceException e) {
throw new OAuthException(e);
}
accessor.consumer.setProperty("approved_on", Long.toString(System.currentTimeMillis()));
}
Aggregations