Пример #1
0
        /**
         * Lookup information contained in the gadget spec.
         */
        private OAuthServiceProvider lookupSpecInfo(ISecurityToken securityToken, OAuthArguments arguments,
                                                    AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams)
        {
            GadgetSpec spec      = findSpec(securityToken, arguments, responseParams);
            OAuthSpec  oauthSpec = spec.getModulePrefs().getOAuthSpec();

            if (oauthSpec == null)
            {
                throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
                                                           "Failed to retrieve OAuth URLs, spec for gadget " +
                                                           securityToken.getAppUrl() + " does not contain OAuth element.");
            }
            OAuthService service = oauthSpec.getServices()[arguments.getServiceName()];

            if (service == null)
            {
                throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
                                                           "Failed to retrieve OAuth URLs, spec for gadget does not contain OAuth service " +
                                                           arguments.getServiceName() + ".  Known services: " +
                                                           String.Join(",", oauthSpec.getServices().Keys.AsEnumerable().ToArray()) + '.');
            }
            // In theory some one could specify different parameter locations for request token and
            // access token requests, but that's probably not useful.  We just use the request token
            // rules for everything.
            accessorBuilder.setParameterLocation(getStoreLocation(service.getRequestUrl().location, responseParams));
            accessorBuilder.setMethod(getStoreMethod(service.getRequestUrl().method, responseParams));
            OAuthServiceProvider provider = new OAuthServiceProvider(
                service.getRequestUrl().url.ToString(),
                service.getAuthorizationUrl().ToString(),
                service.getAccessUrl().url.ToString());

            return(provider);
        }
Пример #2
0
 /**
  * Store an access token for the given user/gadget/service/token name
  */
 public void storeTokenKeyAndSecret(ISecurityToken securityToken, OAuthStore.ConsumerInfo consumerInfo,
                                    OAuthArguments arguments, OAuthStore.TokenInfo tokenInfo, OAuthResponseParams responseParams)
 {
     try
     {
         store.setTokenInfo(securityToken, consumerInfo, arguments.getServiceName(),
                            arguments.getTokenName(), tokenInfo);
     }
     catch (GadgetException e)
     {
         throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                    "Unable to store access token", e);
     }
 }
Пример #3
0
 /**
  * Figure out the OAuth token that should be used with this request.  We check for this in three
  * places.  In order of priority:
  *
  * 1) From information we cached on the client.
  *    We encrypt the token and cache on the client for performance.
  *
  * 2) From information we have in our persistent state.
  *    We persist the token server-side so we can look it up if necessary.
  *
  * 3) From information the gadget developer tells us to use (a preapproved request token.)
  *    Gadgets can be initialized with preapproved request tokens.  If the user tells the service
  *    provider they want to add a gadget to a gadget container site, the service provider can
  *    create a preapproved request token for that site and pass it to the gadget as a user
  *    preference.
  * @throws GadgetException
  */
 private void lookupToken(ISecurityToken securityToken, OAuthStore.ConsumerInfo consumerInfo,
                          OAuthArguments arguments, OAuthClientState clientState, AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams)
 {
     if (clientState.getRequestToken() != null)
     {
         // We cached the request token on the client.
         accessorBuilder.setRequestToken(clientState.getRequestToken());
         accessorBuilder.setTokenSecret(clientState.getRequestTokenSecret());
     }
     else if (clientState.getAccessToken() != null)
     {
         // We cached the access token on the client
         accessorBuilder.setAccessToken(clientState.getAccessToken());
         accessorBuilder.setTokenSecret(clientState.getAccessTokenSecret());
         accessorBuilder.setSessionHandle(clientState.getSessionHandle());
         accessorBuilder.setTokenExpireMillis(clientState.getTokenExpireMillis());
     }
     else
     {
         // No useful client-side state, check persistent storage
         OAuthStore.TokenInfo tokenInfo;
         try
         {
             tokenInfo = store.getTokenInfo(securityToken, consumerInfo,
                                            arguments.getServiceName(), arguments.getTokenName());
         }
         catch (GadgetException e)
         {
             throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                        "Unable to retrieve access token", e);
         }
         if (tokenInfo != null && tokenInfo.getAccessToken() != null)
         {
             // We have an access token in persistent storage, use that.
             accessorBuilder.setAccessToken(tokenInfo.getAccessToken());
             accessorBuilder.setTokenSecret(tokenInfo.getTokenSecret());
             accessorBuilder.setSessionHandle(tokenInfo.getSessionHandle());
             accessorBuilder.setTokenExpireMillis(tokenInfo.getTokenExpireMillis());
         }
         else
         {
             // We don't have an access token yet, but the client sent us a (hopefully) preapproved
             // request token.
             accessorBuilder.setRequestToken(arguments.getRequestToken());
             accessorBuilder.setTokenSecret(arguments.getRequestTokenSecret());
         }
     }
 }
Пример #4
0
        /**
         * Retrieve an AccessorInfo and OAuthAccessor that are ready for signing OAuthMessages.  To do
         * this, we need to figure out:
         *
         * - what consumer key/secret to use for signing.
         * - if an access token should be used for the request, and if so what it is.   *
         * - the OAuth request/authorization/access URLs.
         * - what HTTP method to use for request token and access token requests
         * - where the OAuth parameters are located.
         *
         * Note that most of that work gets skipped for signed fetch, we just look up the consumer key
         * and secret for that.  Signed fetch always sticks the parameters in the query string.
         */
        public AccessorInfo getOAuthAccessor(ISecurityToken securityToken,
                                             OAuthArguments arguments, OAuthClientState clientState, OAuthResponseParams responseParams)
        {
            AccessorInfoBuilder accessorBuilder = new AccessorInfoBuilder();

            // Does the gadget spec tell us any details about the service provider, like where to put the
            // OAuth parameters and what methods to use for their URLs?
            OAuthServiceProvider provider = null;

            if (arguments.mayUseToken())
            {
                provider = lookupSpecInfo(securityToken, arguments, accessorBuilder, responseParams);
            }
            else
            {
                // This is plain old signed fetch.
                accessorBuilder.setParameterLocation(AccessorInfo.OAuthParamLocation.URI_QUERY);
            }

            // What consumer key/secret should we use?
            OAuthStore.ConsumerInfo consumer;
            try
            {
                consumer = store.getConsumerKeyAndSecret(
                    securityToken, arguments.getServiceName(), provider);
                accessorBuilder.setConsumer(consumer);
            }
            catch (GadgetException e)
            {
                throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                           "Unable to retrieve consumer key", e);
            }


            // Should we use the OAuth access token?  We never do this unless the client allows it, and
            // if owner == viewer.
            if (arguments.mayUseToken() &&
                securityToken.getOwnerId() != null &&
                securityToken.getViewerId().Equals(securityToken.getOwnerId()))
            {
                lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams);
            }

            return(accessorBuilder.create(responseParams));
        }
Пример #5
0
 private GadgetSpec findSpec(ISecurityToken securityToken, OAuthArguments arguments, OAuthResponseParams responseParams)
 {
     try
     {
         return(specFactory.getGadgetSpec(new Uri(securityToken.getAppUrl()),
                                          arguments.getBypassSpecCache()));
     }
     catch (UriFormatException e)
     {
         throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                    "Could not fetch gadget spec, gadget URI invalid.", e);
     }
     catch (GadgetException e)
     {
         throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                    "Could not fetch gadget spec", e);
     }
 }
Пример #6
0
        /**
         * Retrieve an AccessorInfo and OAuthAccessor that are ready for signing OAuthMessages.  To do
         * this, we need to figure out:
         * 
         * - what consumer key/secret to use for signing.
         * - if an access token should be used for the request, and if so what it is.   *   
         * - the OAuth request/authorization/access URLs.
         * - what HTTP method to use for request token and access token requests
         * - where the OAuth parameters are located.
         * 
         * Note that most of that work gets skipped for signed fetch, we just look up the consumer key
         * and secret for that.  Signed fetch always sticks the parameters in the query string.
         */
        public AccessorInfo getOAuthAccessor(ISecurityToken securityToken,
                                             OAuthArguments arguments, OAuthClientState clientState, OAuthResponseParams responseParams)
        {
            AccessorInfoBuilder accessorBuilder = new AccessorInfoBuilder();

            // Does the gadget spec tell us any details about the service provider, like where to put the
            // OAuth parameters and what methods to use for their URLs?
            OAuthServiceProvider provider = null;
            if (arguments.mayUseToken())
            {
                provider = lookupSpecInfo(securityToken, arguments, accessorBuilder, responseParams);
            }
            else
            {
                // This is plain old signed fetch.
                accessorBuilder.setParameterLocation(AccessorInfo.OAuthParamLocation.URI_QUERY);
            }

            // What consumer key/secret should we use?
            OAuthStore.ConsumerInfo consumer;
            try
            {
                consumer = store.getConsumerKeyAndSecret(
                    securityToken, arguments.getServiceName(), provider);
                accessorBuilder.setConsumer(consumer);
            }
            catch (GadgetException e)
            {
                throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                           "Unable to retrieve consumer key", e);
            }


            // Should we use the OAuth access token?  We never do this unless the client allows it, and
            // if owner == viewer.
            if (arguments.mayUseToken()
                && securityToken.getOwnerId() != null
                && securityToken.getViewerId().Equals(securityToken.getOwnerId()))
            {
                lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams);
            }

            return accessorBuilder.create(responseParams);
        }
Пример #7
0
 /// <summary>
 /// Copy constructor.
 /// </summary>
 ///
 public OAuthArguments(OAuthArguments orig)
 {
     signViewer         = false;
     signOwner          = false;
     bypassSpecCache    = false;
     origClientState    = null;
     requestTokenSecret = null;
     requestToken       = null;
     tokenName          = "";
     serviceName        = "";
     useToken           = UseToken.ALWAYS;
     useToken           = orig.useToken;
     serviceName        = orig.serviceName;
     tokenName          = orig.tokenName;
     requestToken       = orig.requestToken;
     requestTokenSecret = orig.requestTokenSecret;
     origClientState    = orig.origClientState;
     bypassSpecCache    = orig.bypassSpecCache;
     signOwner          = orig.signOwner;
     signViewer         = orig.signViewer;
 }
Пример #8
0
 /// <summary>
 /// Copy constructor.
 /// </summary>
 ///
 public OAuthArguments(OAuthArguments orig)
 {
     signViewer = false;
     signOwner = false;
     bypassSpecCache = false;
     origClientState = null;
     requestTokenSecret = null;
     requestToken = null;
     tokenName = "";
     serviceName = "";
     useToken = UseToken.ALWAYS;
     useToken = orig.useToken;
     serviceName = orig.serviceName;
     tokenName = orig.tokenName;
     requestToken = orig.requestToken;
     requestTokenSecret = orig.requestTokenSecret;
     origClientState = orig.origClientState;
     bypassSpecCache = orig.bypassSpecCache;
     signOwner = orig.signOwner;
     signViewer = orig.signViewer;
 }
Пример #9
0
 /// <summary>
 /// Clone an existing HttpRequest.
 /// </summary>
 ///
 public sRequest(sRequest srequest)
 {
     req = srequest.req;
     uri = srequest.uri;
     ignoreCache = srequest.ignoreCache;
     cacheTtl = srequest.cacheTtl;
     gadget = srequest.gadget;
     container = srequest.container;
     securityToken = srequest.securityToken;
     if (srequest.postBody != null)
     {
         postBody = new byte[srequest.postBody.Length];
         Array.Copy(srequest.postBody, postBody, srequest.postBody.Length);
     }
     if (srequest.oauthArguments != null)
     {
         oauthArguments = new OAuthArguments(srequest.oauthArguments);
     }
     authType = srequest.authType;
     rewriteMimeType = srequest.rewriteMimeType;
     followRedirects = srequest.followRedirects;
 }
Пример #10
0
 /// <param name="_oauthArguments">arguments for OAuth/signed fetched</param>
 public sRequest setOAuthArguments(OAuthArguments _oauthArguments)
 {
     oauthArguments = _oauthArguments;
     return this;
 }
Пример #11
0
        /**
         * Remove an access token for the given user/gadget/service/token name
         */
        public void removeToken(ISecurityToken securityToken, OAuthStore.ConsumerInfo consumerInfo, OAuthArguments arguments, OAuthResponseParams responseParams)
        {
            try
            {
                store.removeToken(securityToken, consumerInfo, arguments.getServiceName(),
                                  arguments.getTokenName());
            }
            catch (GadgetException e)
            {
                throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                           "Unable to remove access token", e);
            }

        }
Пример #12
0
 private GadgetSpec findSpec(ISecurityToken securityToken, OAuthArguments arguments, OAuthResponseParams responseParams)
 {
     try
     {
         return specFactory.getGadgetSpec(new Uri(securityToken.getAppUrl()),
                                          arguments.getBypassSpecCache());
     }
     catch (UriFormatException e)
     {
         throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                    "Could not fetch gadget spec, gadget URI invalid.", e);
     }
     catch (GadgetException e)
     {
         throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                    "Could not fetch gadget spec", e);
     }
 }
Пример #13
0
 /**
  * Figure out the OAuth token that should be used with this request.  We check for this in three
  * places.  In order of priority:
  * 
  * 1) From information we cached on the client.
  *    We encrypt the token and cache on the client for performance.
  *    
  * 2) From information we have in our persistent state.
  *    We persist the token server-side so we can look it up if necessary.
  *    
  * 3) From information the gadget developer tells us to use (a preapproved request token.)
  *    Gadgets can be initialized with preapproved request tokens.  If the user tells the service
  *    provider they want to add a gadget to a gadget container site, the service provider can
  *    create a preapproved request token for that site and pass it to the gadget as a user
  *    preference.
  * @throws GadgetException 
  */
 private void lookupToken(ISecurityToken securityToken, OAuthStore.ConsumerInfo consumerInfo,
                          OAuthArguments arguments, OAuthClientState clientState, AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams)
 {
     if (clientState.getRequestToken() != null)
     {
         // We cached the request token on the client.
         accessorBuilder.setRequestToken(clientState.getRequestToken());
         accessorBuilder.setTokenSecret(clientState.getRequestTokenSecret());
     }
     else if (clientState.getAccessToken() != null)
     {
         // We cached the access token on the client
         accessorBuilder.setAccessToken(clientState.getAccessToken());
         accessorBuilder.setTokenSecret(clientState.getAccessTokenSecret());
         accessorBuilder.setSessionHandle(clientState.getSessionHandle());
         accessorBuilder.setTokenExpireMillis(clientState.getTokenExpireMillis());
     }
     else
     {
         // No useful client-side state, check persistent storage
         OAuthStore.TokenInfo tokenInfo;
         try
         {
             tokenInfo = store.getTokenInfo(securityToken, consumerInfo,
                                            arguments.getServiceName(), arguments.getTokenName());
         }
         catch (GadgetException e)
         {
             throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                        "Unable to retrieve access token", e);
         }
         if (tokenInfo != null && tokenInfo.getAccessToken() != null)
         {
             // We have an access token in persistent storage, use that.
             accessorBuilder.setAccessToken(tokenInfo.getAccessToken());
             accessorBuilder.setTokenSecret(tokenInfo.getTokenSecret());
             accessorBuilder.setSessionHandle(tokenInfo.getSessionHandle());
             accessorBuilder.setTokenExpireMillis(tokenInfo.getTokenExpireMillis());
         }
         else
         {
             // We don't have an access token yet, but the client sent us a (hopefully) preapproved
             // request token.
             accessorBuilder.setRequestToken(arguments.getRequestToken());
             accessorBuilder.setTokenSecret(arguments.getRequestTokenSecret());
         }
     }
 }
Пример #14
0
        /**
         * Lookup information contained in the gadget spec.
         */
        private OAuthServiceProvider lookupSpecInfo(ISecurityToken securityToken, OAuthArguments arguments,
                                                    AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams)
        {
            GadgetSpec spec = findSpec(securityToken, arguments, responseParams);
            OAuthSpec oauthSpec = spec.getModulePrefs().getOAuthSpec();
            if (oauthSpec == null)
            {
                throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
                                                           "Failed to retrieve OAuth URLs, spec for gadget " +
                                                           securityToken.getAppUrl() + " does not contain OAuth element.");
            }
            OAuthService service = oauthSpec.getServices()[arguments.getServiceName()];
            if (service == null)
            {
                throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
                                                           "Failed to retrieve OAuth URLs, spec for gadget does not contain OAuth service " +
                                                           arguments.getServiceName() + ".  Known services: " +
                                                           String.Join(",",oauthSpec.getServices().Keys.AsEnumerable().ToArray()) + '.');

            }
            // In theory some one could specify different parameter locations for request token and
            // access token requests, but that's probably not useful.  We just use the request token
            // rules for everything.
            accessorBuilder.setParameterLocation(getStoreLocation(service.getRequestUrl().location, responseParams));
            accessorBuilder.setMethod(getStoreMethod(service.getRequestUrl().method, responseParams));
            OAuthServiceProvider provider = new OAuthServiceProvider(
                service.getRequestUrl().url.ToString(),
                service.getAuthorizationUrl().ToString(),
                service.getAccessUrl().url.ToString());
            return provider;
        }