org.apache.abdera.ext.oauth.OAuthScheme.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.abdera.ext.oauth.OAuthScheme.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  The ASF licenses this file to You
 * under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.  For additional information regarding
 * copyright in this work, please see the NOTICE file in the top level
 * directory of this distribution.
 */
package org.apache.abdera.ext.oauth;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.Date;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;

import org.apache.abdera.protocol.client.AbderaClient;
import org.apache.abdera.protocol.client.util.MethodHelper;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.URIException;
import org.apache.commons.httpclient.auth.AuthScheme;
import org.apache.commons.httpclient.auth.AuthenticationException;
import org.apache.commons.httpclient.auth.RFC2617Scheme;
import org.apache.commons.httpclient.methods.DeleteMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.HeadMethod;
import org.apache.commons.httpclient.methods.OptionsMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.PutMethod;

/**
 * OAuth Scheme implementation for use with HTTP Commons AbderaClient
 * 
 * @see http://oauth.org
 * @see http://oauth.googlecode.com/svn/spec/branches/1.0/drafts/7/spec.html
 * @author David Calavera
 */
public class OAuthScheme extends RFC2617Scheme implements AuthScheme {

    private enum OAUTH_KEYS {
        OAUTH_CONSUMER_KEY, OAUTH_TOKEN, OAUTH_SIGNATURE_METHOD, OAUTH_TIMESTAMP, OAUTH_NONCE, OAUTH_VERSION, OAUTH_SIGNATURE;

        public String toLowerCase() {
            return this.toString().toLowerCase();
        }
    }

    private final int NONCE_LENGTH = 16;

    public static void register(AbderaClient abderaClient, boolean exclusive) {
        AbderaClient.registerScheme("OAuth", OAuthScheme.class);
        if (exclusive)
            ((AbderaClient) abderaClient).setAuthenticationSchemePriority("OAuth");
        else
            ((AbderaClient) abderaClient).setAuthenticationSchemeDefaults();
    }

    public String authenticate(Credentials credentials, String method, String uri) throws AuthenticationException {
        return authenticate(credentials, resolveMethod(method, uri));
    }

    public String authenticate(Credentials credentials, HttpMethod method) throws AuthenticationException {
        if (credentials instanceof OAuthCredentials) {

            OAuthCredentials oauthCredentials = (OAuthCredentials) credentials;
            String nonce = generateNonce();
            long timestamp = new Date().getTime() / 1000;

            String signature = generateSignature(oauthCredentials, method, nonce, timestamp);

            return "OAuth realm=\"" + oauthCredentials.getRealm() + "\", "
                    + OAUTH_KEYS.OAUTH_CONSUMER_KEY.toLowerCase() + "=\"" + oauthCredentials.getConsumerKey()
                    + "\", " + OAUTH_KEYS.OAUTH_TOKEN.toLowerCase() + "=\"" + oauthCredentials.getToken() + "\", "
                    + OAUTH_KEYS.OAUTH_SIGNATURE_METHOD.toLowerCase() + "=\""
                    + oauthCredentials.getSignatureMethod() + "\", " + OAUTH_KEYS.OAUTH_SIGNATURE.toLowerCase()
                    + "=\"" + signature + "\", " + OAUTH_KEYS.OAUTH_TIMESTAMP.toLowerCase() + "=\"" + timestamp
                    + "\", " + OAUTH_KEYS.OAUTH_NONCE.toLowerCase() + "=\"" + nonce + "\", "
                    + OAUTH_KEYS.OAUTH_VERSION.toLowerCase() + "=\"" + oauthCredentials.getVersion() + "\"";
        } else {
            return null;
        }
    }

    private HttpMethod resolveMethod(String method, String uri) throws AuthenticationException {
        if (method.equalsIgnoreCase("get")) {
            return new GetMethod(uri);
        } else if (method.equalsIgnoreCase("post")) {
            return new PostMethod(uri);
        } else if (method.equalsIgnoreCase("put")) {
            return new PutMethod(uri);
        } else if (method.equalsIgnoreCase("delete")) {
            return new DeleteMethod(uri);
        } else if (method.equalsIgnoreCase("head")) {
            return new HeadMethod(uri);
        } else if (method.equalsIgnoreCase("options")) {
            return new OptionsMethod(uri);
        } else {
            // throw new AuthenticationException("unsupported http method : " + method);
            return new MethodHelper.ExtensionMethod(method, uri);
        }
    }

    private String generateSignature(OAuthCredentials credentials, HttpMethod method, String nonce, long timestamp)
            throws AuthenticationException {
        try {
            String baseString = method.getName().toUpperCase() + method.getURI().toString()
                    + OAUTH_KEYS.OAUTH_CONSUMER_KEY.toLowerCase() + "=" + credentials.getConsumerKey()
                    + OAUTH_KEYS.OAUTH_TOKEN.toLowerCase() + "=" + credentials.getToken()
                    + OAUTH_KEYS.OAUTH_SIGNATURE_METHOD.toLowerCase() + "=" + credentials.getSignatureMethod()
                    + OAUTH_KEYS.OAUTH_TIMESTAMP.toLowerCase() + "=" + timestamp
                    + OAUTH_KEYS.OAUTH_NONCE.toLowerCase() + "=" + nonce + OAUTH_KEYS.OAUTH_VERSION.toLowerCase()
                    + "=" + credentials.getVersion();
            return sign(credentials.getSignatureMethod(), URLEncoder.encode(baseString, "UTF-8"),
                    credentials.getCert());
        } catch (URIException e) {
            throw new AuthenticationException(e.getMessage(), e);
        } catch (UnsupportedEncodingException e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private String generateNonce() throws AuthenticationException {
        try {
            SecureRandom sr = SecureRandom.getInstance("SHA1PRNG");
            byte[] temp = new byte[NONCE_LENGTH];
            sr.nextBytes(temp);
            String n = new String(Hex.encodeHex(temp));
            return n;
        } catch (Exception e) {
            throw new AuthenticationException(e.getMessage(), e);
        }
    }

    private String sign(String method, String baseString, Certificate cert) throws AuthenticationException {
        if (method.equalsIgnoreCase("HMAC-MD5") || method.equalsIgnoreCase("HMAC-SHA1")) {
            try {
                String[] tokens = method.split("-");
                String methodName = tokens[0].substring(0, 1).toUpperCase() + tokens[0].substring(1).toLowerCase()
                        + tokens[1];
                KeyGenerator kg = KeyGenerator.getInstance(methodName);

                Mac mac = Mac.getInstance(kg.getAlgorithm());
                mac.init(kg.generateKey());
                byte[] result = mac.doFinal(baseString.getBytes());

                return new String(Base64.encodeBase64(result));
            } catch (Exception e) {
                throw new AuthenticationException(e.getMessage(), e);
            }
        } else if (method.equalsIgnoreCase("md5")) {
            return new String(Base64.encodeBase64(DigestUtils.md5(baseString)));
        } else if (method.equalsIgnoreCase("sha1")) {
            return new String(Base64.encodeBase64(DigestUtils.sha(baseString)));
        } else if (method.equalsIgnoreCase("RSA-SHA1")) {
            if (cert == null) {
                throw new AuthenticationException("a cert is mandatory to use SHA1 with RSA");
            }
            try {
                Cipher cipher = Cipher.getInstance("SHA1withRSA");
                cipher.init(Cipher.ENCRYPT_MODE, cert);
                byte[] result = cipher.doFinal(baseString.getBytes());
                return new String(Base64.encodeBase64(result));
            } catch (Exception e) {
                throw new AuthenticationException(e.getMessage(), e);
            }
        } else {
            throw new AuthenticationException("unsupported algorithm method: " + method);
        }
    }

    public String getSchemeName() {
        return "OAuth";
    }

    public boolean isComplete() {
        return true;
    }

    public boolean isConnectionBased() {
        return true;
    }

}