private static bool hasValidSignature(OAuthMessage message, String appUrl, String appId)
{
String sharedSecret = sampleContainerSharedSecrets[appId];
if (sharedSecret == null)
{
return false;
}
OAuthServiceProvider provider = new OAuthServiceProvider(null, null, null);
OAuthConsumer consumer = new OAuthConsumer(null, appUrl, sharedSecret, provider);
OAuthAccessor accessor = new OAuthAccessor(consumer);
SimpleOAuthValidator validator = new SimpleOAuthValidator();
try
{
validator.validateMessage(message, accessor);
}
catch (OAuthException)
{
return false;
}
catch (IOException)
{
return false;
}
catch (UriFormatException)
{
return false;
}
return true;
}
public OAuthConsumer(String callbackURL, String consumerKey,
String consumerSecret, OAuthServiceProvider serviceProvider)
{
this.callbackURL = callbackURL;
this.consumerKey = consumerKey;
this.consumerSecret = consumerSecret;
this.serviceProvider = serviceProvider;
}
public OAuthConsumer(String callbackURL, String consumerKey,
String consumerSecret, OAuthServiceProvider serviceProvider)
{
this.callbackURL = callbackURL;
this.consumerKey = consumerKey;
this.consumerSecret = consumerSecret;
this.serviceProvider = serviceProvider;
}
/**
* Retrieve OAuth consumer to use for requests. The returned consumer is ready to use for signed
* fetch requests.
*
* @param securityToken token for user/gadget making request.
* @param serviceName gadget's nickname for the service being accessed.
* @param provider OAuth service provider info to be inserted into the returned consumer.
*
* @throws GadgetException if no OAuth consumer can be found (e.g. no consumer key can be used.)
*/
public abstract ConsumerInfo getConsumerKeyAndSecret(ISecurityToken securityToken, String serviceName,
OAuthServiceProvider provider);
public override ConsumerInfo getConsumerKeyAndSecret(ISecurityToken securityToken, String serviceName, OAuthServiceProvider provider)
{
++consumerKeyLookupCount;
BasicOAuthStoreConsumerIndex pk = new BasicOAuthStoreConsumerIndex();
pk.setGadgetUri(securityToken.getAppUrl());
pk.setServiceName(serviceName);
BasicOAuthStoreConsumerKeyAndSecret cks = consumerInfos.ContainsKey(pk) ? consumerInfos[pk] : defaultKey;
if (cks == null)
{
throw new GadgetException(GadgetException.Code.INTERNAL_SERVER_ERROR,
"No key for gadget " + securityToken.getAppUrl() + " and service " + serviceName);
}
OAuthConsumer consumer;
if (cks.keyType == BasicOAuthStoreConsumerKeyAndSecret.KeyType.RSA_PRIVATE)
{
consumer = new OAuthConsumer(null, cks.ConsumerKey, null, provider);
consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);
consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, cks.CertName);
consumer.setProperty(RSA_SHA1.X509_CERTIFICATE_PASS, cks.CertPass);
}
else
{
consumer = new OAuthConsumer(null, cks.ConsumerKey, cks.ConsumerSecret, provider);
consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1);
}
return new ConsumerInfo(consumer, cks.ConsumerKey);
}
/**
* Lookup information contained in the gadget spec.
*/
private OAuthServiceProvider lookupSpecInfo(ISecurityToken securityToken, OAuthArguments arguments,
AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams)
{
GadgetSpec spec = findSpec(securityToken, arguments, responseParams);
OAuthSpec oauthSpec = spec.getModulePrefs().getOAuthSpec();
if (oauthSpec == null)
{
throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
"Failed to retrieve OAuth URLs, spec for gadget " +
securityToken.getAppUrl() + " does not contain OAuth element.");
}
OAuthService service = oauthSpec.getServices()[arguments.getServiceName()];
if (service == null)
{
throw responseParams.oauthRequestException(OAuthError.BAD_OAUTH_CONFIGURATION,
"Failed to retrieve OAuth URLs, spec for gadget does not contain OAuth service " +
arguments.getServiceName() + ". Known services: " +
String.Join(",",oauthSpec.getServices().Keys.AsEnumerable().ToArray()) + '.');
}
// In theory some one could specify different parameter locations for request token and
// access token requests, but that's probably not useful. We just use the request token
// rules for everything.
accessorBuilder.setParameterLocation(getStoreLocation(service.getRequestUrl().location, responseParams));
accessorBuilder.setMethod(getStoreMethod(service.getRequestUrl().method, responseParams));
OAuthServiceProvider provider = new OAuthServiceProvider(
service.getRequestUrl().url.ToString(),
service.getAuthorizationUrl().ToString(),
service.getAccessUrl().url.ToString());
return provider;
}
