/**
* Create response parameters.
*/
public OAuthResponseParams(ISecurityToken securityToken, sRequest originalRequest,
BlobCrypter stateCrypter)
{
this.securityToken = securityToken;
this.originalRequest = originalRequest;
newClientState = new OAuthClientState(stateCrypter);
}
/**
* Figure out the OAuth token that should be used with this request. We check for this in three
* places. In order of priority:
*
* 1) From information we cached on the client.
* We encrypt the token and cache on the client for performance.
*
* 2) From information we have in our persistent state.
* We persist the token server-side so we can look it up if necessary.
*
* 3) From information the gadget developer tells us to use (a preapproved request token.)
* Gadgets can be initialized with preapproved request tokens. If the user tells the service
* provider they want to add a gadget to a gadget container site, the service provider can
* create a preapproved request token for that site and pass it to the gadget as a user
* preference.
* @throws GadgetException
*/
private void lookupToken(ISecurityToken securityToken, OAuthStore.ConsumerInfo consumerInfo,
OAuthArguments arguments, OAuthClientState clientState, AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams)
{
if (clientState.getRequestToken() != null)
{
// We cached the request token on the client.
accessorBuilder.setRequestToken(clientState.getRequestToken());
accessorBuilder.setTokenSecret(clientState.getRequestTokenSecret());
}
else if (clientState.getAccessToken() != null)
{
// We cached the access token on the client
accessorBuilder.setAccessToken(clientState.getAccessToken());
accessorBuilder.setTokenSecret(clientState.getAccessTokenSecret());
accessorBuilder.setSessionHandle(clientState.getSessionHandle());
accessorBuilder.setTokenExpireMillis(clientState.getTokenExpireMillis());
}
else
{
// No useful client-side state, check persistent storage
OAuthStore.TokenInfo tokenInfo;
try
{
tokenInfo = store.getTokenInfo(securityToken, consumerInfo,
arguments.getServiceName(), arguments.getTokenName());
}
catch (GadgetException e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Unable to retrieve access token", e);
}
if (tokenInfo != null && tokenInfo.getAccessToken() != null)
{
// We have an access token in persistent storage, use that.
accessorBuilder.setAccessToken(tokenInfo.getAccessToken());
accessorBuilder.setTokenSecret(tokenInfo.getTokenSecret());
accessorBuilder.setSessionHandle(tokenInfo.getSessionHandle());
accessorBuilder.setTokenExpireMillis(tokenInfo.getTokenExpireMillis());
}
else
{
// We don't have an access token yet, but the client sent us a (hopefully) preapproved
// request token.
accessorBuilder.setRequestToken(arguments.getRequestToken());
accessorBuilder.setTokenSecret(arguments.getRequestTokenSecret());
}
}
}
/**
* Retrieve an AccessorInfo and OAuthAccessor that are ready for signing OAuthMessages. To do
* this, we need to figure out:
*
* - what consumer key/secret to use for signing.
* - if an access token should be used for the request, and if so what it is. *
* - the OAuth request/authorization/access URLs.
* - what HTTP method to use for request token and access token requests
* - where the OAuth parameters are located.
*
* Note that most of that work gets skipped for signed fetch, we just look up the consumer key
* and secret for that. Signed fetch always sticks the parameters in the query string.
*/
public AccessorInfo getOAuthAccessor(ISecurityToken securityToken,
OAuthArguments arguments, OAuthClientState clientState, OAuthResponseParams responseParams)
{
AccessorInfoBuilder accessorBuilder = new AccessorInfoBuilder();
// Does the gadget spec tell us any details about the service provider, like where to put the
// OAuth parameters and what methods to use for their URLs?
OAuthServiceProvider provider = null;
if (arguments.mayUseToken())
{
provider = lookupSpecInfo(securityToken, arguments, accessorBuilder, responseParams);
}
else
{
// This is plain old signed fetch.
accessorBuilder.setParameterLocation(AccessorInfo.OAuthParamLocation.URI_QUERY);
}
// What consumer key/secret should we use?
OAuthStore.ConsumerInfo consumer;
try
{
consumer = store.getConsumerKeyAndSecret(
securityToken, arguments.getServiceName(), provider);
accessorBuilder.setConsumer(consumer);
}
catch (GadgetException e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Unable to retrieve consumer key", e);
}
// Should we use the OAuth access token? We never do this unless the client allows it, and
// if owner == viewer.
if (arguments.mayUseToken() &&
securityToken.getOwnerId() != null &&
securityToken.getViewerId().Equals(securityToken.getOwnerId()))
{
lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams);
}
return(accessorBuilder.create(responseParams));
}
/**
* OAuth authenticated fetch.
*/
public sResponse fetch(sRequest request)
{
realRequest = request;
clientState = new OAuthClientState(
fetcherConfig.getStateCrypter(),
request.getOAuthArguments().getOrigClientState());
responseParams = new OAuthResponseParams(request.getSecurityToken(), request, fetcherConfig.getStateCrypter());
try
{
return(fetchNoThrow());
}
catch (Exception e)
{
// We log here to record the request/response pairs that created the failure.
responseParams.logDetailedWarning("OAuth fetch unexpected fatal error", e);
throw e;
}
}
/**
* Retrieve an AccessorInfo and OAuthAccessor that are ready for signing OAuthMessages. To do
* this, we need to figure out:
*
* - what consumer key/secret to use for signing.
* - if an access token should be used for the request, and if so what it is. *
* - the OAuth request/authorization/access URLs.
* - what HTTP method to use for request token and access token requests
* - where the OAuth parameters are located.
*
* Note that most of that work gets skipped for signed fetch, we just look up the consumer key
* and secret for that. Signed fetch always sticks the parameters in the query string.
*/
public AccessorInfo getOAuthAccessor(ISecurityToken securityToken,
OAuthArguments arguments, OAuthClientState clientState, OAuthResponseParams responseParams)
{
AccessorInfoBuilder accessorBuilder = new AccessorInfoBuilder();
// Does the gadget spec tell us any details about the service provider, like where to put the
// OAuth parameters and what methods to use for their URLs?
OAuthServiceProvider provider = null;
if (arguments.mayUseToken())
{
provider = lookupSpecInfo(securityToken, arguments, accessorBuilder, responseParams);
}
else
{
// This is plain old signed fetch.
accessorBuilder.setParameterLocation(AccessorInfo.OAuthParamLocation.URI_QUERY);
}
// What consumer key/secret should we use?
OAuthStore.ConsumerInfo consumer;
try
{
consumer = store.getConsumerKeyAndSecret(
securityToken, arguments.getServiceName(), provider);
accessorBuilder.setConsumer(consumer);
}
catch (GadgetException e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Unable to retrieve consumer key", e);
}
// Should we use the OAuth access token? We never do this unless the client allows it, and
// if owner == viewer.
if (arguments.mayUseToken()
&& securityToken.getOwnerId() != null
&& securityToken.getViewerId().Equals(securityToken.getOwnerId()))
{
lookupToken(securityToken, consumer, arguments, clientState, accessorBuilder, responseParams);
}
return accessorBuilder.create(responseParams);
}
/**
* OAuth authenticated fetch.
*/
public sResponse fetch(sRequest request)
{
realRequest = request;
clientState = new OAuthClientState(
fetcherConfig.getStateCrypter(),
request.getOAuthArguments().getOrigClientState());
responseParams = new OAuthResponseParams(request.getSecurityToken(), request, fetcherConfig.getStateCrypter());
try
{
return fetchNoThrow();
}
catch (Exception e)
{
// We log here to record the request/response pairs that created the failure.
responseParams.logDetailedWarning("OAuth fetch unexpected fatal error", e);
throw e;
}
}
/**
* Create response parameters.
*/
public OAuthResponseParams(ISecurityToken securityToken, sRequest originalRequest,
BlobCrypter stateCrypter)
{
this.securityToken = securityToken;
this.originalRequest = originalRequest;
newClientState = new OAuthClientState(stateCrypter);
}
/**
* Figure out the OAuth token that should be used with this request. We check for this in three
* places. In order of priority:
*
* 1) From information we cached on the client.
* We encrypt the token and cache on the client for performance.
*
* 2) From information we have in our persistent state.
* We persist the token server-side so we can look it up if necessary.
*
* 3) From information the gadget developer tells us to use (a preapproved request token.)
* Gadgets can be initialized with preapproved request tokens. If the user tells the service
* provider they want to add a gadget to a gadget container site, the service provider can
* create a preapproved request token for that site and pass it to the gadget as a user
* preference.
* @throws GadgetException
*/
private void lookupToken(ISecurityToken securityToken, OAuthStore.ConsumerInfo consumerInfo,
OAuthArguments arguments, OAuthClientState clientState, AccessorInfoBuilder accessorBuilder, OAuthResponseParams responseParams)
{
if (clientState.getRequestToken() != null)
{
// We cached the request token on the client.
accessorBuilder.setRequestToken(clientState.getRequestToken());
accessorBuilder.setTokenSecret(clientState.getRequestTokenSecret());
}
else if (clientState.getAccessToken() != null)
{
// We cached the access token on the client
accessorBuilder.setAccessToken(clientState.getAccessToken());
accessorBuilder.setTokenSecret(clientState.getAccessTokenSecret());
accessorBuilder.setSessionHandle(clientState.getSessionHandle());
accessorBuilder.setTokenExpireMillis(clientState.getTokenExpireMillis());
}
else
{
// No useful client-side state, check persistent storage
OAuthStore.TokenInfo tokenInfo;
try
{
tokenInfo = store.getTokenInfo(securityToken, consumerInfo,
arguments.getServiceName(), arguments.getTokenName());
}
catch (GadgetException e)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"Unable to retrieve access token", e);
}
if (tokenInfo != null && tokenInfo.getAccessToken() != null)
{
// We have an access token in persistent storage, use that.
accessorBuilder.setAccessToken(tokenInfo.getAccessToken());
accessorBuilder.setTokenSecret(tokenInfo.getTokenSecret());
accessorBuilder.setSessionHandle(tokenInfo.getSessionHandle());
accessorBuilder.setTokenExpireMillis(tokenInfo.getTokenExpireMillis());
}
else
{
// We don't have an access token yet, but the client sent us a (hopefully) preapproved
// request token.
accessorBuilder.setRequestToken(arguments.getRequestToken());
accessorBuilder.setTokenSecret(arguments.getRequestTokenSecret());
}
}
}
