Example 1 with HttpRequest
use of org.apache.shindig.gadgets.http.HttpRequest in project liferay-ide by liferay.
the class OAuthRequest method fetchData.
/**
* Get honest-to-goodness user data.
*
* @throws OAuthProtocolException if the service provider returns an OAuth
* related error instead of user data.
*/
private HttpResponseBuilder fetchData() throws OAuthRequestException, OAuthProtocolException {
HttpResponseBuilder builder = null;
if (accessTokenData != null) {
// This is a request for access token data, return it.
builder = formatAccessTokenData();
} else {
HttpRequest signed = sanitizeAndSign(realRequest, null, false);
HttpResponse response = fetchFromServer(signed);
checkForProtocolProblem(response);
builder = new HttpResponseBuilder(response);
}
return builder;
}
Also used :
HttpRequest(org.apache.shindig.gadgets.http.HttpRequest)
HttpResponseBuilder(org.apache.shindig.gadgets.http.HttpResponseBuilder)
HttpResponse(org.apache.shindig.gadgets.http.HttpResponse)
Example 2 with HttpRequest
use of org.apache.shindig.gadgets.http.HttpRequest in project liferay-ide by liferay.
the class OAuthRequest method createRequestTokenRequest.
private HttpRequest createRequestTokenRequest(OAuthAccessor accessor) throws OAuthRequestException {
if (accessor.consumer.serviceProvider.requestTokenURL == null) {
throw new OAuthRequestException(OAuthError.BAD_OAUTH_TOKEN_URL, "request token");
}
HttpRequest request = new HttpRequest(Uri.parse(accessor.consumer.serviceProvider.requestTokenURL));
request.setMethod(accessorInfo.getHttpMethod().toString());
if (accessorInfo.getHttpMethod() == HttpMethod.POST) {
request.setHeader("Content-Type", OAuth.FORM_ENCODED);
}
return request;
}
Also used :
HttpRequest(org.apache.shindig.gadgets.http.HttpRequest)
Example 3 with HttpRequest
use of org.apache.shindig.gadgets.http.HttpRequest in project liferay-ide by liferay.
the class OAuthRequest method fetchRequestToken.
private void fetchRequestToken() throws OAuthRequestException, OAuthProtocolException {
OAuthAccessor accessor = accessorInfo.getAccessor();
HttpRequest request = createRequestTokenRequest(accessor);
List<Parameter> requestTokenParams = Lists.newArrayList();
addCallback(requestTokenParams);
HttpRequest signed = sanitizeAndSign(request, requestTokenParams, true);
OAuthMessage reply = sendOAuthMessage(signed);
accessor.requestToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN);
accessor.tokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET);
}
Also used :
OAuthAccessor(net.oauth.OAuthAccessor)
HttpRequest(org.apache.shindig.gadgets.http.HttpRequest)
OAuthMessage(net.oauth.OAuthMessage)
Parameter(net.oauth.OAuth.Parameter)
Example 4 with HttpRequest
use of org.apache.shindig.gadgets.http.HttpRequest in project liferay-ide by liferay.
the class OAuthRequest method sanitizeAndSign.
/**
* Start with an HttpRequest.
* Throw if there are any attacks in the query.
* Throw if there are any attacks in the post body.
* Build up OAuth parameter list.
* Sign it.
* Add OAuth parameters to new request.
* Send it.
*/
public HttpRequest sanitizeAndSign(HttpRequest base, List<Parameter> params, boolean tokenEndpoint) throws OAuthRequestException {
if (params == null) {
params = Lists.newArrayList();
}
UriBuilder target = new UriBuilder(base.getUri());
String query = target.getQuery();
target.setQuery(null);
params.addAll(sanitize(OAuth.decodeForm(query)));
switch(OAuthUtil.getSignatureType(tokenEndpoint, base.getHeader("Content-Type"))) {
case URL_ONLY:
break;
case URL_AND_FORM_PARAMS:
try {
params.addAll(sanitize(OAuth.decodeForm(base.getPostBodyAsString())));
} catch (IllegalArgumentException e) {
// Occurs if OAuth.decodeForm finds an invalid URL to decode.
throw new OAuthRequestException(OAuthError.INVALID_REQUEST, "Could not decode body", e);
}
break;
case URL_AND_BODY_HASH:
try {
byte[] body = IOUtils.toByteArray(base.getPostBody());
byte[] hash = DigestUtils.sha(body);
String b64 = new String(Base64.encodeBase64(hash), Charsets.UTF_8.name());
params.add(new Parameter(OAuthConstants.OAUTH_BODY_HASH, b64));
} catch (IOException e) {
throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Error taking body hash", e);
}
break;
}
// authParams are parameters prefixed with 'xoauth' 'oauth' or 'opensocial',
// trusted parameters have ability to override these parameters.
List<Parameter> authParams = Lists.newArrayList();
addIdentityParams(authParams);
addSignatureParams(authParams);
overrideParameters(authParams);
params.addAll(authParams);
try {
OAuthMessage signed = OAuthUtil.newRequestMessage(accessorInfo.getAccessor(), base.getMethod(), target.toString(), params);
HttpRequest oauthHttpRequest = createHttpRequest(base, selectOAuthParams(signed));
// Following 302s on OAuth responses is unlikely to be productive.
oauthHttpRequest.setFollowRedirects(false);
return oauthHttpRequest;
} catch (OAuthException e) {
throw new OAuthRequestException(OAuthError.UNKNOWN_PROBLEM, "Error signing message", e);
}
}
Also used :
HttpRequest(org.apache.shindig.gadgets.http.HttpRequest)
OAuthMessage(net.oauth.OAuthMessage)
OAuthException(net.oauth.OAuthException)
Parameter(net.oauth.OAuth.Parameter)
IOException(java.io.IOException)
UriBuilder(org.apache.shindig.common.uri.UriBuilder)
Example 5 with HttpRequest
use of org.apache.shindig.gadgets.http.HttpRequest in project liferay-ide by liferay.
the class OAuthRequest method exchangeRequestToken.
/**
* Implements section 6.3 of the OAuth spec.
*/
private void exchangeRequestToken() throws OAuthRequestException, OAuthProtocolException {
if (accessorInfo.getAccessor().accessToken != null) {
// session extension per
// http://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html
accessorInfo.getAccessor().requestToken = accessorInfo.getAccessor().accessToken;
accessorInfo.getAccessor().accessToken = null;
}
OAuthAccessor accessor = accessorInfo.getAccessor();
if (accessor.consumer.serviceProvider.accessTokenURL == null) {
throw new OAuthRequestException(OAuthError.BAD_OAUTH_TOKEN_URL, "access token");
}
Uri accessTokenUri = Uri.parse(accessor.consumer.serviceProvider.accessTokenURL);
HttpRequest request = new HttpRequest(accessTokenUri);
request.setMethod(accessorInfo.getHttpMethod().toString());
if (accessorInfo.getHttpMethod() == HttpMethod.POST) {
request.setHeader("Content-Type", OAuth.FORM_ENCODED);
}
List<Parameter> msgParams = Lists.newArrayList();
msgParams.add(new Parameter(OAuth.OAUTH_TOKEN, accessor.requestToken));
if (accessorInfo.getSessionHandle() != null) {
msgParams.add(new Parameter(OAuthConstants.OAUTH_SESSION_HANDLE, accessorInfo.getSessionHandle()));
}
String receivedCallback = realRequest.getOAuthArguments().getReceivedCallbackUrl();
if (!StringUtils.isBlank(receivedCallback)) {
try {
Uri parsed = Uri.parse(receivedCallback);
String verifier = parsed.getQueryParameter(OAuth.OAUTH_VERIFIER);
if (verifier != null) {
msgParams.add(new Parameter(OAuth.OAUTH_VERIFIER, verifier));
}
} catch (IllegalArgumentException e) {
throw new OAuthRequestException(OAuthError.INVALID_REQUEST, "Invalid received callback URL: " + receivedCallback, e);
}
}
HttpRequest signed = sanitizeAndSign(request, msgParams, true);
OAuthMessage reply = sendOAuthMessage(signed);
accessor.accessToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN);
accessor.tokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET);
accessorInfo.setSessionHandle(OAuthUtil.getParameter(reply, OAuthConstants.OAUTH_SESSION_HANDLE));
accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN);
if (OAuthUtil.getParameter(reply, OAuthConstants.OAUTH_EXPIRES_IN) != null) {
try {
int expireSecs = Integer.parseInt(OAuthUtil.getParameter(reply, OAuthConstants.OAUTH_EXPIRES_IN));
long expireMillis = fetcherConfig.getClock().currentTimeMillis() + expireSecs * 1000L;
accessorInfo.setTokenExpireMillis(expireMillis);
} catch (NumberFormatException e) {
// Hrm. Bogus server. We can safely ignore this, we'll just wait for the server to
// tell us when the access token has expired.
responseParams.logDetailedWarning("server returned bogus expiration");
}
}
// future.
if (accessTokenUri.equals(realRequest.getUri())) {
accessTokenData = Maps.newHashMap();
for (Entry<String, String> param : OAuthUtil.getParameters(reply)) {
if (!param.getKey().startsWith("oauth")) {
accessTokenData.put(param.getKey(), param.getValue());
}
}
}
}
Also used :
HttpRequest(org.apache.shindig.gadgets.http.HttpRequest)
OAuthMessage(net.oauth.OAuthMessage)
Uri(org.apache.shindig.common.uri.Uri)
OAuthAccessor(net.oauth.OAuthAccessor)
Parameter(net.oauth.OAuth.Parameter)
Aggregations
HttpRequest (org.apache.shindig.gadgets.http.HttpRequest)6
Parameter (net.oauth.OAuth.Parameter)3
OAuthMessage (net.oauth.OAuthMessage)3
OAuthAccessor (net.oauth.OAuthAccessor)2
IOException (java.io.IOException)1
OAuthException (net.oauth.OAuthException)1
Uri (org.apache.shindig.common.uri.Uri)1
UriBuilder (org.apache.shindig.common.uri.UriBuilder)1
HttpResponse (org.apache.shindig.gadgets.http.HttpResponse)1
HttpResponseBuilder (org.apache.shindig.gadgets.http.HttpResponseBuilder)1
OAuthParamLocation (org.apache.shindig.gadgets.oauth.AccessorInfo.OAuthParamLocation)1
