PageRenderTime 47ms CodeModel.GetById 21ms RepoModel.GetById 1ms app.codeStats 0ms

/app/com/atlassian/connect/play/java/oauth/OAuthRequestValidator.java

https://bitbucket.org/awei/ac-play-java
Java | 110 lines | 83 code | 13 blank | 14 comment | 5 complexity | d9cc37f80ac739f5aa10d96b6c15ba62 MD5 | raw file
Possible License(s): Apache-2.0 
    

  1. package com.atlassian.connect.play.java.oauth;
    2. 

  2. 

  3. import com.atlassian.connect.play.java.BaseUrl;
    4. 

  4. import com.atlassian.connect.play.java.PublicKeyStore;
    5. 

  5. import com.atlassian.connect.play.java.util.Utils;
    6. 

  6. import com.atlassian.fugue.Option;
    7. 

  7. import com.google.common.collect.ImmutableMultimap;
    8. 

  8. import com.google.common.collect.Iterables;
    9. 

  9. import com.google.common.collect.Multimap;
    10. 

  10. import net.oauth.*;
    11. 

  11. import net.oauth.signature.RSA_SHA1;
    12. 

  12. import play.Logger;
    13. 

  13. 

  14. import java.io.IOException;
    15. 

  15. import java.net.URISyntaxException;
    16. 

  16. import java.util.Collection;
    17. 

  17. 

  18. import static com.atlassian.connect.play.java.util.Utils.LOGGER;
    19. 

  19. import static com.google.common.base.Preconditions.checkNotNull;
    20. 

  20. import static com.google.common.base.Preconditions.checkState;
    21. 

  21. import static java.lang.String.format;
    22. 

  22. 

  23. final class OAuthRequestValidator<R>
    24. 

  24. {
    25. 

  25.     private final RequestHelper<R> requestHelper;
    26. 

  26.     private final PublicKeyStore publicKeyStore;
    27. 

  27.     private final BaseUrl baseUrl;
    28. 

  28. 

  29.     /**
    30. 

  30.      * @param requestHelper the helper to extract information from the given type of request.
    31. 

  31.      * @param publicKeyStore the store to the public key, used to check the OAuth signature.
    32. 

  32.      * @param baseUrl the base URL of the remote app, this should return the same URL as the one found in the
    33. 

  33.      * {@code atlassian-remote-app.xml} descriptor.
    34. 

  34.      */
    35. 

  35.     public OAuthRequestValidator(RequestHelper<R> requestHelper, PublicKeyStore publicKeyStore, BaseUrl baseUrl)
    36. 

  36.     {
    37. 

  37.         this.requestHelper = checkNotNull(requestHelper);
    38. 

  38.         this.publicKeyStore = checkNotNull(publicKeyStore);
    39. 

  39.         this.baseUrl = checkNotNull(baseUrl);
    40. 

  40.     }
    41. 

  41. 

  42.     /**
    43. 

  43.      * Validate the given request as an OAuth request. This method will return normally if the request is valid, it will
    44. 

  44.      * throw an exception otherwise.
    45. 

  45.      *
    46. 

  46.      * @param request the request to validate
    47. 

  47.      * @return the OAuth consumer key set in the request.
    48. 

  48.      * @throws InvalidOAuthRequestException if the request is invalid.
    49. 

  49.      */
    50. 

  50.     public String validate(R request)
    51. 

  51.     {
    52. 

  52.         final Multimap<String, String> parameters = getParameters(request);
    53. 

  53. 

  54.         final String consumerKey = getConsumerKey(parameters);
    55. 

  55. 

  56.         final OAuthMessage message = new OAuthMessage(
    57. 

  57.                 requestHelper.getHttpMethod(request),
    58. 

  58.                 requestHelper.getUrl(request, baseUrl),
    59. 

  59.                 parameters.entries());
    60. 

  60.         try
    61. 

  61.         {
    62. 

  62.             final OAuthConsumer host = new OAuthConsumer(null, consumerKey, null, null);
    63. 

  63.             final String publicKey = publicKeyStore.getPublicKey(consumerKey);
    64. 

  64.             if (publicKey == null)
    65. 

  65.             {
    66. 

  66.                 throw new UnknownAcHostException(consumerKey);
    67. 

  67.             }
    68. 

  68. 

  69.             host.setProperty(RSA_SHA1.PUBLIC_KEY, publicKey);
    70. 

  70.             message.validateMessage(new OAuthAccessor(host), new SimpleOAuthValidator());
    71. 

  71. 

  72.             return consumerKey;
    73. 

  73.         }
    74. 

  74.         catch (OAuthProblemException e)
    75. 

  75.         {
    76. 

  76.             LOGGER.warn("The request is not a valid OAuth request", e);
    77. 

  77.             throw new UnauthorisedOAuthRequestException(format("Validation failed: \nproblem: %s\nparameters: %s\n", e.getProblem(), e.getParameters()), e);
    78. 

  78.         }
    79. 

  79.         catch (OAuthException | IOException | URISyntaxException e)
    80. 

  80.         {
    81. 

  81.             LOGGER.error("An error happened validating the OAuth request.", e);
    82. 

  82.             throw new RuntimeException(e);
    83. 

  83.         }
    84. 

  84.     }
    85. 

  85. 

  86.     private Multimap<String, String> getParameters(R request)
    87. 

  87.     {
    88. 

  88.         final ImmutableMultimap.Builder<String, String> parameters =
    89. 

  89.                 ImmutableMultimap.<String, String>builder().putAll(requestHelper.getParameters(request));
    90. 

  90. 

  91.         final Option<String> authorization = requestHelper.getHeader(request, "Authorization");
    92. 

  92.         if (authorization.isDefined())
    93. 

  93.         {
    94. 

  94.             for (OAuth.Parameter param : OAuthMessage.decodeAuthorization(authorization.get()))
    95. 

  95.             {
    96. 

  96.                 parameters.put(param.getKey(), param.getValue());
    97. 

  97.             }
    98. 

  98.         }
    99. 

  99.         return parameters.build();
    100. 

  100.     }
    101. 

  101. 

  102.     private String getConsumerKey(Multimap<String, String> parameters)
    103. 

  103.     {
    104. 

  104.         final Collection<String> consumerKeys = parameters.get("oauth_consumer_key");
    105. 

  105.         checkState(consumerKeys.size() == 1, "There should be only one value for the consumer key");
    106. 

  106.         String consumerKey = Iterables.getFirst(consumerKeys, null);
    107. 

  107.         LOGGER.debug("Found consumer key '" + consumerKey + "'.");
    108. 

  108.         return consumerKey;
    109. 

  109.     }
    110. 

  110. }
    111. 

  111.