Package com.ibm.sbt.opensocial.domino.oauth

Source Code of com.ibm.sbt.opensocial.domino.oauth.InternalDominoOAuthStore

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
package com.ibm.sbt.opensocial.domino.oauth;

import java.util.Map;

import net.oauth.OAuth;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthServiceProvider;
import net.oauth.signature.RSA_SHA1;

import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.servlet.Authority;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.GadgetException.Code;
import org.apache.shindig.gadgets.oauth.BasicOAuthStore;
import org.apache.shindig.gadgets.oauth.BasicOAuthStoreTokenIndex;

import com.google.caja.util.Maps;
import com.ibm.sbt.opensocial.domino.container.ContainerExtPoint;
import com.ibm.sbt.opensocial.domino.container.ContainerExtPointException;
import com.ibm.sbt.opensocial.domino.container.ContainerExtPointManager;
import com.ibm.sbt.opensocial.domino.oauth.DominoOAuthClient.KeyType;

/**
* OAuth 1.0a store for OpenSocial gadgets on Domino.
*
*/
//TODO Right now every container is forced to let every gadget share OAuth tokens.  Some containers may not want that.  We should allow
//containers to specify that in their configuration and handle that here.
public class InternalDominoOAuthStore extends BasicOAuthStore {

  private ContainerExtPointManager extPointManager;
  private Authority authority;
  private String defaultCallbackUrl;
  private final Map<BasicOAuthStoreTokenIndex, TokenInfo> tokens;
 
  /**
   * Token store for the OpenSocial implementation.  This store just delegates to
   * the token stores for the individual containers.
   */
  public InternalDominoOAuthStore(ContainerExtPointManager extPointManager, Authority authority,
      String defaultCallbackUrl) {
    super();
    this.extPointManager = extPointManager;
    this.authority = authority;
    this.defaultCallbackUrl = defaultCallbackUrl;
    tokens = Maps.newHashMap();
  }

  @Override
  public ConsumerInfo getConsumerKeyAndSecret(SecurityToken securityToken,
      String serviceName, OAuthServiceProvider provider)
      throws GadgetException {
    if(securityToken.isAnonymous() || "@anonymous".equals(securityToken.getViewerId())) {
      throw new GadgetException(Code.INVALID_SECURITY_TOKEN, "Anonymous users cannot use OAuth in gadgets");
    }
    ContainerExtPoint extPoint = getContainerExtPoint(securityToken.getContainer());
    DominoOAuthStore store = null;
    try {
      store = extPoint.getContainerOAuthStore();
    } catch (ContainerExtPointException e) {
      throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR,
          "Exception thrown when getting the DominoOAuthStore for the container " + securityToken.getContainer());
    }
    if(store == null) {
      throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR,
          "No DominoOAuthStore provided for the container " + securityToken.getContainer());
    }
    DominoOAuthClient client = store.getClient(securityToken.getViewerId(), securityToken.getContainer(),
        serviceName, securityToken.getAppUrl());
    if(client == null) {
      throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR,
          "The Domino OAuth Store for container " + securityToken.getContainer() + " did not return client information for viewer: " +
      securityToken.getViewerId() + ", service: " + serviceName + " gadget: " + securityToken.getAppUrl());
    }
      OAuthConsumer consumer;
      final KeyType keyType = client.getKeyType();
      if (keyType == KeyType.RSA_PRIVATE) {
        consumer = new OAuthConsumer(null, client.getConsumerKey(), null, provider);
        // The oauth.net java code has lots of magic.  By setting this property here, code thousands
        // of lines away knows that the consumerSecret value in the consumer should be treated as
        // an RSA private key and not an HMAC key.
        consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);
        consumer.setProperty(RSA_SHA1.PRIVATE_KEY, client.getConsumerSecret());
      } else if  (keyType == KeyType.PLAINTEXT) {
        consumer = new OAuthConsumer(null, client.getConsumerKey(), client.getConsumerSecret(), provider);
        consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, "PLAINTEXT");
      } else {
        consumer = new OAuthConsumer(null, client.getConsumerKey(), client.getConsumerSecret(), provider);
        consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1);
      }
      String callback = createCallback(client.isForceCallbackOverHttps());

      return new ConsumerInfo(consumer, null, callback, false);
  }
 
  private String createCallback(boolean forceHttps) {
    String callback = defaultCallbackUrl;

      if (authority != null) {
        callback = callback.replace("%authority%", authority.getAuthority());
      }
      if(callback.contains("http")) {
        callback = callback.replace(":80", "");
      }
      if(callback.contains("https")) {
        callback = callback.replace(":443", "");
      }
      if(forceHttps) {
        if(!callback.contains("https")) {
          callback = callback.replace("http", "https");
        }
      }
      return callback;
  }
 
  private ContainerExtPoint getContainerExtPoint(String container) throws GadgetException {
    ContainerExtPoint extPoint = extPointManager.getExtPoint(container);
    if(extPoint == null) {
      throw new GadgetException(Code.OAUTH_STORAGE_ERROR,
          "No container extension point could be found for the container with the name " + container +
          ".");
    }
    return extPoint;
  }

  private BasicOAuthStoreTokenIndex makeBasicOAuthStoreTokenIndex(
      SecurityToken securityToken, String serviceName, String tokenName) {
    BasicOAuthStoreTokenIndex tokenKey = new BasicOAuthStoreTokenIndex();
    tokenKey.setGadgetUri("");
    tokenKey.setModuleId(securityToken.getModuleId());
    tokenKey.setServiceName(serviceName);
    tokenKey.setTokenName(tokenName);
    tokenKey.setUserId(securityToken.getViewerId());
    return tokenKey;
  }

  @Override
  public TokenInfo getTokenInfo(SecurityToken securityToken, ConsumerInfo consumerInfo,
      String serviceName, String tokenName) {
    BasicOAuthStoreTokenIndex tokenKey =
        makeBasicOAuthStoreTokenIndex(securityToken, serviceName, tokenName);
    return tokens.get(tokenKey);
  }
 
  @Override
  public void setTokenInfo(SecurityToken securityToken, ConsumerInfo consumerInfo,
      String serviceName, String tokenName, TokenInfo tokenInfo) {
    BasicOAuthStoreTokenIndex tokenKey =
        makeBasicOAuthStoreTokenIndex(securityToken, serviceName, tokenName);
    tokens.put(tokenKey, tokenInfo);
  }

  @Override
  public void removeToken(SecurityToken securityToken, ConsumerInfo consumerInfo,
      String serviceName, String tokenName) {
    BasicOAuthStoreTokenIndex tokenKey =
        makeBasicOAuthStoreTokenIndex(securityToken, serviceName, tokenName);
    tokens.remove(tokenKey);
 
}
TOP

Related Classes of com.ibm.sbt.opensocial.domino.oauth.InternalDominoOAuthStore

  • com.ibm.sbt.opensocial.domino.container.ContainerExtPoint
  • com.ibm.sbt.opensocial.domino.oauth.DominoOAuthClient.KeyType
  • net.oauth.OAuthConsumer
  • org.apache.shindig.gadgets.oauth.BasicOAuthStoreTokenIndex
  • org.apache.shindig.gadgets.GadgetException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.