private static bool hasValidSignature(OAuthMessage message, String appUrl, String appId) { String sharedSecret = sampleContainerSharedSecrets[appId]; if (sharedSecret == null) { return false; } OAuthServiceProvider provider = new OAuthServiceProvider(null, null, null); OAuthConsumer consumer = new OAuthConsumer(null, appUrl, sharedSecret, provider); OAuthAccessor accessor = new OAuthAccessor(consumer); SimpleOAuthValidator validator = new SimpleOAuthValidator(); try { validator.validateMessage(message, accessor); } catch (OAuthException) { return false; } catch (IOException) { return false; } catch (UriFormatException) { return false; } return true; }
public OAuthConsumer(String callbackURL, String consumerKey, String consumerSecret, OAuthServiceProvider serviceProvider) { this.callbackURL = callbackURL; this.consumerKey = consumerKey; this.consumerSecret = consumerSecret; this.serviceProvider = serviceProvider; }
public OAuthConsumer(String callbackURL, String consumerKey, String consumerSecret, OAuthServiceProvider serviceProvider) { this.callbackURL = callbackURL; this.consumerKey = consumerKey; this.consumerSecret = consumerSecret; this.serviceProvider = serviceProvider; }
/** * Retrieve OAuth consumer to use for requests. The returned consumer is ready to use for signed * fetch requests. * * @param securityToken token for user/gadget making request. * @param serviceName gadget's nickname for the service being accessed. * @param provider OAuth service provider info to be inserted into the returned consumer. * * @throws GadgetException if no OAuth consumer can be found (e.g. no consumer key can be used.) */ public abstract ConsumerInfo getConsumerKeyAndSecret(ISecurityToken securityToken, String serviceName, OAuthServiceProvider provider);
public override ConsumerInfo getConsumerKeyAndSecret(ISecurityToken securityToken, String serviceName, OAuthServiceProvider provider) { ++consumerKeyLookupCount; BasicOAuthStoreConsumerIndex pk = new BasicOAuthStoreConsumerIndex(); pk.setGadgetUri(securityToken.getAppUrl()); pk.setServiceName(serviceName); BasicOAuthStoreConsumerKeyAndSecret cks = consumerInfos.ContainsKey(pk) ? consumerInfos[pk] : defaultKey; if (cks == null) { throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR, "No key for gadget " + securityToken.getAppUrl() + " and service " + serviceName); } OAuthConsumer consumer; if (cks.keyType == BasicOAuthStoreConsumerKeyAndSecret.KeyType.RSA_PRIVATE) { consumer = new OAuthConsumer(null, cks.ConsumerKey, null, provider); consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1); consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, cks.CertName); consumer.setProperty(RSA_SHA1.X509_CERTIFICATE_PASS, cks.CertPass); } else { consumer = new OAuthConsumer(null, cks.ConsumerKey, cks.ConsumerSecret, provider); consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1); } return new ConsumerInfo(consumer, cks.ConsumerKey); }
/** * Lookup information contained in the gadget spec. */ private OAuthServiceProvider lookupSpecInfo(ISecurityToken securityToken, OAuthArguments arguments, AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams) { GadgetSpec spec = findSpec(securityToken, arguments, responseParams); OAuthSpec oauthSpec = spec.getModulePrefs().getOAuthSpec(); if (oauthSpec == null) { throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "Failed to retrieve OAuth URLs, spec for gadget " + securityToken.getAppUrl() + " does not contain OAuth element."); } OAuthService service = oauthSpec.getServices()[arguments.getServiceName()]; if (service == null) { throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION, "Failed to retrieve OAuth URLs, spec for gadget does not contain OAuth service " + arguments.getServiceName() + ". Known services: " + String.Join(",",oauthSpec.getServices().Keys.AsEnumerable().ToArray()) + '.'); } // In theory some one could specify different parameter locations for request token and // access token requests, but that's probably not useful. We just use the request token // rules for everything. accessorBuilder.setParameterLocation(getStoreLocation(service.getRequestUrl().location, responseParams)); accessorBuilder.setMethod(getStoreMethod(service.getRequestUrl().method, responseParams)); OAuthServiceProvider provider = new OAuthServiceProvider( service.getRequestUrl().url.ToString(), service.getAuthorizationUrl().ToString(), service.getAccessUrl().url.ToString()); return provider; }