Search in sources :

Example 11 with OAuthProblemException

use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.

the class ZimbraAuthProviderForOAuth method authToken.

@Override
protected AuthToken authToken(HttpServletRequest req, boolean isAdminReq) throws AuthProviderException, AuthTokenException {
    ZimbraLog.extensions.debug("authToken(HttpServletRequest req, boolean isAdminReq) is requested.");
    if (isAdminReq) {
        ZimbraLog.extensions.debug("isAdminReq:true");
        return null;
    }
    String origUrl = req.getHeader("X-Zimbra-Orig-Url");
    OAuthMessage oAuthMessage;
    if (StringUtil.isNullOrEmpty(origUrl)) {
        ZimbraLog.extensions.debug("request.getRequestURL(): " + req.getRequestURL());
        oAuthMessage = OAuthServlet.getMessage(req, null);
    } else {
        ZimbraLog.extensions.debug("X-Zimbra-Orig-Url: " + origUrl);
        oAuthMessage = OAuthServlet.getMessage(req, origUrl);
    }
    String accessToken;
    try {
        accessToken = oAuthMessage.getToken();
    } catch (IOException e) {
        ZimbraLog.extensions.debug("Error in getting OAuth token from request", e);
        throw AuthProviderException.FAILURE(e.getMessage());
    }
    if (accessToken == null) {
        ZimbraLog.extensions.debug("no need for further oauth processing");
        throw AuthProviderException.NO_AUTH_DATA();
    }
    Account account;
    try {
        account = Provisioning.getInstance().getAccountByForeignPrincipal("oAuthAccessToken:" + accessToken);
    } catch (ServiceException e) {
        ZimbraLog.extensions.warn("Error in getting account using OAuth access token", e);
        throw AuthProviderException.FAILURE(e.getMessage());
    }
    if (account == null) {
        throw AuthProviderException.FAILURE("Could not identify account corresponding to the OAuth request");
    }
    OAuthAccessor accessor = null;
    String[] accessors = account.getOAuthAccessor();
    for (String val : accessors) {
        if (val.startsWith(accessToken)) {
            try {
                accessor = new OAuthAccessorSerializer().deserialize(val.substring(accessToken.length() + 2));
            } catch (ServiceException e) {
                throw AuthProviderException.FAILURE("Error in deserializing OAuth accessor");
            }
            break;
        }
    }
    if (accessor == null)
        throw new AuthTokenException("invalid OAuth token");
    try {
        OAuthServiceProvider.VALIDATOR.validateMessage(oAuthMessage, accessor);
    } catch (OAuthProblemException e) {
        for (Map.Entry<String, Object> entry : e.getParameters().entrySet()) {
            ZimbraLog.extensions.debug(entry.getKey() + ":" + entry.getValue());
        }
        ZimbraLog.extensions.debug("Exception in validating OAuth token", e);
        throw new AuthTokenException("Exception in validating OAuth token", e);
    } catch (Exception e) {
        ZimbraLog.extensions.debug("Exception in validating OAuth token", e);
        throw new AuthTokenException("Exception in validating OAuth token", e);
    }
    return AuthProvider.getAuthToken(account);
}
Also used : OAuthAccessor(net.oauth.OAuthAccessor) OAuthProblemException(net.oauth.OAuthProblemException) Account(com.zimbra.cs.account.Account) OAuthMessage(net.oauth.OAuthMessage) ServiceException(com.zimbra.common.service.ServiceException) OAuthAccessorSerializer(com.zimbra.cs.account.oauth.OAuthAccessorSerializer) AuthTokenException(com.zimbra.cs.account.AuthTokenException) IOException(java.io.IOException) IOException(java.io.IOException) ServiceException(com.zimbra.common.service.ServiceException) OAuthProblemException(net.oauth.OAuthProblemException) AuthTokenException(com.zimbra.cs.account.AuthTokenException)

Example 12 with OAuthProblemException

use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.

the class OAuthRevAValidator method checkSingleParameters.

/** Throw an exception if any SINGLE_PARAMETERS occur repeatedly. */
protected void checkSingleParameters(OAuthMessage message) throws IOException, OAuthException {
    // Check for repeated oauth_ parameters:
    boolean repeated = false;
    Map<String, Collection<String>> nameToValues = new HashMap<String, Collection<String>>();
    for (Map.Entry<String, String> parameter : message.getParameters()) {
        String name = parameter.getKey();
        if (SINGLE_PARAMETERS.contains(name)) {
            Collection<String> values = nameToValues.get(name);
            if (values == null) {
                values = new ArrayList<String>();
                nameToValues.put(name, values);
            } else {
                repeated = true;
            }
            values.add(parameter.getValue());
        }
    }
    if (repeated) {
        Collection<OAuth.Parameter> rejected = new ArrayList<OAuth.Parameter>();
        for (Map.Entry<String, Collection<String>> p : nameToValues.entrySet()) {
            String name = p.getKey();
            Collection<String> values = p.getValue();
            if (values.size() > 1) {
                for (String value : values) {
                    rejected.add(new OAuth.Parameter(name, value));
                }
            }
        }
        OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.PARAMETER_REJECTED);
        problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_REJECTED, OAuth.formEncode(rejected));
        throw problem;
    }
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) OAuth(net.oauth.OAuth) OAuthProblemException(net.oauth.OAuthProblemException) Collection(java.util.Collection) HashMap(java.util.HashMap) Map(java.util.Map)

Example 13 with OAuthProblemException

use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.

the class OAuthRevAValidator method validateVersion.

protected void validateVersion(OAuthMessage message) throws OAuthException, IOException {
    String versionString = message.getParameter(OAuth.OAUTH_VERSION);
    if (versionString != null) {
        double version = Double.parseDouble(versionString);
        if (version < minVersion || maxVersion < version) {
            OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.VERSION_REJECTED);
            problem.setParameter(OAuth.Problems.OAUTH_ACCEPTABLE_VERSIONS, minVersion + "-" + maxVersion);
            throw problem;
        }
    }
}
Also used : OAuthProblemException(net.oauth.OAuthProblemException)

Example 14 with OAuthProblemException

use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.

the class OAuthRevAValidator method validateVerifier.

protected void validateVerifier(OAuthMessage message, OAuthAccessor accessor) throws OAuthException, IOException {
    String verifier = message.getParameter(OAuth.OAUTH_VERIFIER);
    if (!StringUtil.equal(verifier, (String) accessor.getProperty(OAuth.OAUTH_VERIFIER))) {
        LOG.debug("verifier from request(" + verifier + ") and local memory(" + accessor.getProperty(OAuth.OAUTH_VERIFIER) + ") should be same.");
        OAuthProblemException problem = new OAuthProblemException("invalid_verifier");
        throw problem;
    }
}
Also used : OAuthProblemException(net.oauth.OAuthProblemException)

Example 15 with OAuthProblemException

use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.

the class OAuthServiceProvider method getConsumer.

public static synchronized OAuthConsumer getConsumer(String consumer_key) throws IOException, OAuthProblemException {
    String[] registeredConsumers;
    try {
        // TODO - need to lookup the domain first
        registeredConsumers = Provisioning.getInstance().getConfig().getMultiAttr(Provisioning.A_zimbraOAuthConsumerCredentials);
    } catch (ServiceException e) {
        throw new OAuthProblemException("token_rejected");
    }
    OAuthConsumer oAuthConsumer = null;
    for (String consumer : registeredConsumers) {
        String[] s = consumer.split(":");
        if (s.length >= 2 && s[0].equals(consumer_key)) {
            oAuthConsumer = new OAuthConsumer(null, consumer_key, s[1], null);
            oAuthConsumer.setProperty("key", consumer_key);
            oAuthConsumer.setProperty("app_name", s.length > 2 ? s[2] : "");
            break;
        }
    }
    if (oAuthConsumer == null) {
        throw new OAuthProblemException("token_rejected");
    }
    return oAuthConsumer;
}
Also used : OAuthProblemException(net.oauth.OAuthProblemException) ServiceException(com.zimbra.common.service.ServiceException) OAuthConsumer(net.oauth.OAuthConsumer)

Aggregations

OAuthProblemException (net.oauth.OAuthProblemException)23 OAuthMessage (net.oauth.OAuthMessage)8 IOException (java.io.IOException)6 HashMap (java.util.HashMap)4 ServletException (javax.servlet.ServletException)3 OAuthAccessor (net.oauth.OAuthAccessor)3 RequestToken (org.apache.cxf.rs.security.oauth.data.RequestToken)3 OAuthServiceException (org.apache.cxf.rs.security.oauth.provider.OAuthServiceException)3 ServiceException (com.zimbra.common.service.ServiceException)2 Account (com.zimbra.cs.account.Account)2 ArrayList (java.util.ArrayList)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 AccessToken (org.apache.cxf.rs.security.oauth.data.AccessToken)2 Client (org.apache.cxf.rs.security.oauth.data.Client)2 OAuthPermission (org.apache.cxf.rs.security.oauth.data.OAuthPermission)2 AuthToken (com.zimbra.cs.account.AuthToken)1 AuthTokenException (com.zimbra.cs.account.AuthTokenException)1 ZimbraAuthToken (com.zimbra.cs.account.ZimbraAuthToken)1 OAuthAccessorSerializer (com.zimbra.cs.account.oauth.OAuthAccessorSerializer)1 InputStream (java.io.InputStream)1