use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.
the class ZimbraAuthProviderForOAuth method authToken.
@Override
protected AuthToken authToken(HttpServletRequest req, boolean isAdminReq) throws AuthProviderException, AuthTokenException {
ZimbraLog.extensions.debug("authToken(HttpServletRequest req, boolean isAdminReq) is requested.");
if (isAdminReq) {
ZimbraLog.extensions.debug("isAdminReq:true");
return null;
}
String origUrl = req.getHeader("X-Zimbra-Orig-Url");
OAuthMessage oAuthMessage;
if (StringUtil.isNullOrEmpty(origUrl)) {
ZimbraLog.extensions.debug("request.getRequestURL(): " + req.getRequestURL());
oAuthMessage = OAuthServlet.getMessage(req, null);
} else {
ZimbraLog.extensions.debug("X-Zimbra-Orig-Url: " + origUrl);
oAuthMessage = OAuthServlet.getMessage(req, origUrl);
}
String accessToken;
try {
accessToken = oAuthMessage.getToken();
} catch (IOException e) {
ZimbraLog.extensions.debug("Error in getting OAuth token from request", e);
throw AuthProviderException.FAILURE(e.getMessage());
}
if (accessToken == null) {
ZimbraLog.extensions.debug("no need for further oauth processing");
throw AuthProviderException.NO_AUTH_DATA();
}
Account account;
try {
account = Provisioning.getInstance().getAccountByForeignPrincipal("oAuthAccessToken:" + accessToken);
} catch (ServiceException e) {
ZimbraLog.extensions.warn("Error in getting account using OAuth access token", e);
throw AuthProviderException.FAILURE(e.getMessage());
}
if (account == null) {
throw AuthProviderException.FAILURE("Could not identify account corresponding to the OAuth request");
}
OAuthAccessor accessor = null;
String[] accessors = account.getOAuthAccessor();
for (String val : accessors) {
if (val.startsWith(accessToken)) {
try {
accessor = new OAuthAccessorSerializer().deserialize(val.substring(accessToken.length() + 2));
} catch (ServiceException e) {
throw AuthProviderException.FAILURE("Error in deserializing OAuth accessor");
}
break;
}
}
if (accessor == null)
throw new AuthTokenException("invalid OAuth token");
try {
OAuthServiceProvider.VALIDATOR.validateMessage(oAuthMessage, accessor);
} catch (OAuthProblemException e) {
for (Map.Entry<String, Object> entry : e.getParameters().entrySet()) {
ZimbraLog.extensions.debug(entry.getKey() + ":" + entry.getValue());
}
ZimbraLog.extensions.debug("Exception in validating OAuth token", e);
throw new AuthTokenException("Exception in validating OAuth token", e);
} catch (Exception e) {
ZimbraLog.extensions.debug("Exception in validating OAuth token", e);
throw new AuthTokenException("Exception in validating OAuth token", e);
}
return AuthProvider.getAuthToken(account);
}
use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.
the class OAuthRevAValidator method checkSingleParameters.
/** Throw an exception if any SINGLE_PARAMETERS occur repeatedly. */
protected void checkSingleParameters(OAuthMessage message) throws IOException, OAuthException {
// Check for repeated oauth_ parameters:
boolean repeated = false;
Map<String, Collection<String>> nameToValues = new HashMap<String, Collection<String>>();
for (Map.Entry<String, String> parameter : message.getParameters()) {
String name = parameter.getKey();
if (SINGLE_PARAMETERS.contains(name)) {
Collection<String> values = nameToValues.get(name);
if (values == null) {
values = new ArrayList<String>();
nameToValues.put(name, values);
} else {
repeated = true;
}
values.add(parameter.getValue());
}
}
if (repeated) {
Collection<OAuth.Parameter> rejected = new ArrayList<OAuth.Parameter>();
for (Map.Entry<String, Collection<String>> p : nameToValues.entrySet()) {
String name = p.getKey();
Collection<String> values = p.getValue();
if (values.size() > 1) {
for (String value : values) {
rejected.add(new OAuth.Parameter(name, value));
}
}
}
OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.PARAMETER_REJECTED);
problem.setParameter(OAuth.Problems.OAUTH_PARAMETERS_REJECTED, OAuth.formEncode(rejected));
throw problem;
}
}
use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.
the class OAuthRevAValidator method validateVersion.
protected void validateVersion(OAuthMessage message) throws OAuthException, IOException {
String versionString = message.getParameter(OAuth.OAUTH_VERSION);
if (versionString != null) {
double version = Double.parseDouble(versionString);
if (version < minVersion || maxVersion < version) {
OAuthProblemException problem = new OAuthProblemException(OAuth.Problems.VERSION_REJECTED);
problem.setParameter(OAuth.Problems.OAUTH_ACCEPTABLE_VERSIONS, minVersion + "-" + maxVersion);
throw problem;
}
}
}
use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.
the class OAuthRevAValidator method validateVerifier.
protected void validateVerifier(OAuthMessage message, OAuthAccessor accessor) throws OAuthException, IOException {
String verifier = message.getParameter(OAuth.OAUTH_VERIFIER);
if (!StringUtil.equal(verifier, (String) accessor.getProperty(OAuth.OAUTH_VERIFIER))) {
LOG.debug("verifier from request(" + verifier + ") and local memory(" + accessor.getProperty(OAuth.OAUTH_VERIFIER) + ") should be same.");
OAuthProblemException problem = new OAuthProblemException("invalid_verifier");
throw problem;
}
}
use of net.oauth.OAuthProblemException in project zm-mailbox by Zimbra.
the class OAuthServiceProvider method getConsumer.
public static synchronized OAuthConsumer getConsumer(String consumer_key) throws IOException, OAuthProblemException {
String[] registeredConsumers;
try {
// TODO - need to lookup the domain first
registeredConsumers = Provisioning.getInstance().getConfig().getMultiAttr(Provisioning.A_zimbraOAuthConsumerCredentials);
} catch (ServiceException e) {
throw new OAuthProblemException("token_rejected");
}
OAuthConsumer oAuthConsumer = null;
for (String consumer : registeredConsumers) {
String[] s = consumer.split(":");
if (s.length >= 2 && s[0].equals(consumer_key)) {
oAuthConsumer = new OAuthConsumer(null, consumer_key, s[1], null);
oAuthConsumer.setProperty("key", consumer_key);
oAuthConsumer.setProperty("app_name", s.length > 2 ? s[2] : "");
break;
}
}
if (oAuthConsumer == null) {
throw new OAuthProblemException("token_rejected");
}
return oAuthConsumer;
}
Aggregations