Changeset 6849 in josm
- Timestamp:
- 2014-02-13T21:10:18+01:00 (11 years ago)
- Location:
- trunk/src/oauth/signpost
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/oauth/signpost/AbstractOAuthConsumer.java
r4231 r6849 34 34 * ABC for consumer implementations. If you're developing a custom consumer you 35 35 * will probably inherit from this class to save you a lot of work. 36 * 36 * 37 37 * @author Matthias Kaeppler 38 38 */ … … 55 55 // these are the params which will be passed to the message signer 56 56 private HttpParameters requestParameters; 57 57 58 58 private boolean sendEmptyTokens; 59 60 final private Random random = new Random(System.nanoTime()); 59 61 60 62 public AbstractOAuthConsumer(String consumerKey, String consumerSecret) { … … 78 80 } 79 81 80 public HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException,82 public synchronized HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException, 81 83 OAuthExpectationFailedException, OAuthCommunicationException { 82 84 if (consumerKey == null) { … … 109 111 110 112 signingStrategy.writeSignature(signature, request, requestParameters); 111 OAuth.debugOut("Auth header", request.getHeader("Authorization"));112 113 OAuth.debugOut("Request URL", request.getRequestUrl()); 113 114 … … 115 116 } 116 117 117 public HttpRequest sign(Object request) throws OAuthMessageSignerException,118 public synchronized HttpRequest sign(Object request) throws OAuthMessageSignerException, 118 119 OAuthExpectationFailedException, OAuthCommunicationException { 119 120 return sign(wrap(request)); 120 121 } 121 122 122 public String sign(String url) throws OAuthMessageSignerException,123 public synchronized String sign(String url) throws OAuthMessageSignerException, 123 124 OAuthExpectationFailedException, OAuthCommunicationException { 124 125 HttpRequest request = new UrlStringRequestAdapter(url); … … 139 140 * Adapts the given request object to a Signpost {@link HttpRequest}. How 140 141 * this is done depends on the consumer implementation. 141 * 142 * 142 143 * @param request 143 144 * the native HTTP request instance … … 179 180 * {@link #generateNonce()} or {@link #generateTimestamp()} instead. 180 181 * </p> 181 * 182 * 182 183 * @param out 183 184 * the request parameter which should be completed … … 257 258 258 259 protected String generateNonce() { 259 return Long.toString( new Random().nextLong());260 return Long.toString(random.nextLong()); 260 261 } 261 262 } -
trunk/src/oauth/signpost/AbstractOAuthProvider.java
r4231 r6849 58 58 } 59 59 60 public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl) 61 throws OAuthMessageSignerException, OAuthNotAuthorizedException, 62 OAuthExpectationFailedException, OAuthCommunicationException { 60 public synchronized String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl, 61 String... customOAuthParams) throws OAuthMessageSignerException, 62 OAuthNotAuthorizedException, OAuthExpectationFailedException, 63 OAuthCommunicationException { 63 64 64 65 // invalidate current credentials, if any … … 67 68 // 1.0a expects the callback to be sent while getting the request token. 68 69 // 1.0 service providers would simply ignore this parameter. 69 retrieveToken(consumer, requestTokenEndpointUrl, OAuth.OAUTH_CALLBACK, callbackUrl); 70 HttpParameters params = new HttpParameters(); 71 params.putAll(customOAuthParams, true); 72 params.put(OAuth.OAUTH_CALLBACK, callbackUrl, true); 73 74 retrieveToken(consumer, requestTokenEndpointUrl, params); 70 75 71 76 String callbackConfirmed = responseParameters.getFirst(OAuth.OAUTH_CALLBACK_CONFIRMED); … … 84 89 } 85 90 86 public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier) 87 throws OAuthMessageSignerException, OAuthNotAuthorizedException, 88 OAuthExpectationFailedException, OAuthCommunicationException { 91 public synchronized void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier, 92 String... customOAuthParams) throws OAuthMessageSignerException, 93 OAuthNotAuthorizedException, OAuthExpectationFailedException, 94 OAuthCommunicationException { 89 95 90 96 if (consumer.getToken() == null || consumer.getTokenSecret() == null) { … … 94 100 } 95 101 102 HttpParameters params = new HttpParameters(); 103 params.putAll(customOAuthParams, true); 104 96 105 if (isOAuth10a && oauthVerifier != null) { 97 retrieveToken(consumer, accessTokenEndpointUrl, OAuth.OAUTH_VERIFIER, oauthVerifier); 98 } else { 99 retrieveToken(consumer, accessTokenEndpointUrl); 100 } 106 params.put(OAuth.OAUTH_VERIFIER, oauthVerifier, true); 107 } 108 retrieveToken(consumer, accessTokenEndpointUrl, params); 101 109 } 102 110 … … 126 134 * the URL at which the service provider serves the OAuth token that 127 135 * is to be fetched 128 * @param additionalParameters 129 * you can pass parameters here (typically OAuth parameters such as 130 * oauth_callback or oauth_verifier) which will go directly into the 131 * signer, i.e. you don't have to put them into the request first, 132 * just so the consumer pull them out again. Pass them sequentially 133 * in key/value order. 136 * @param customOAuthParams 137 * you can pass custom OAuth parameters here (such as oauth_callback 138 * or oauth_verifier) which will go directly into the signer, i.e. 139 * you don't have to put them into the request first. 134 140 * @throws OAuthMessageSignerException 135 141 * if signing the token request fails … … 143 149 */ 144 150 protected void retrieveToken(OAuthConsumer consumer, String endpointUrl, 145 String... additionalParameters) throws OAuthMessageSignerException,151 HttpParameters customOAuthParams) throws OAuthMessageSignerException, 146 152 OAuthCommunicationException, OAuthNotAuthorizedException, 147 153 OAuthExpectationFailedException { … … 159 165 request.setHeader(header, defaultHeaders.get(header)); 160 166 } 161 if (additionalParameters != null) { 162 HttpParameters httpParams = new HttpParameters(); 163 httpParams.putAll(additionalParameters, true); 164 consumer.setAdditionalParameters(httpParams); 165 } 166 167 if (customOAuthParams != null && !customOAuthParams.isEmpty()) { 168 consumer.setAdditionalParameters(customOAuthParams); 169 } 170 167 171 if (this.listener != null) { 168 172 this.listener.prepareRequest(request); … … 170 174 171 175 consumer.sign(request); 172 176 173 177 if (this.listener != null) { 174 178 this.listener.prepareSubmission(request); -
trunk/src/oauth/signpost/OAuth.java
r4231 r6849 239 239 } 240 240 241 public static String addQueryString(String url, String queryString) { 242 String queryDelim = url.contains("?") ? "&" : "?"; 243 StringBuilder sb = new StringBuilder(url + queryDelim); 244 sb.append(queryString); 245 return sb.toString(); 246 } 247 241 248 /** 242 249 * Builds an OAuth header from the given list of header fields. All … … 250 257 * 251 258 * <pre> 252 * OAuth realm= "http://example.com", oauth_token="x%25y"259 * OAuth realm="http://example.com", oauth_token="x%25y" 253 260 * </pre> 254 261 * … … 264 271 sb.append(", "); 265 272 } 266 String value = kvPairs[i].startsWith("oauth_") ? OAuth 267 .percentEncode(kvPairs[i + 1]) : kvPairs[i + 1]; 273 boolean isOAuthElem = kvPairs[i].startsWith("oauth_") 274 || kvPairs[i].startsWith("x_oauth_"); 275 String value = isOAuthElem ? OAuth.percentEncode(kvPairs[i + 1]) : kvPairs[i + 1]; 268 276 sb.append(OAuth.percentEncode(kvPairs[i]) + "=\"" + value + "\""); 269 277 } -
trunk/src/oauth/signpost/OAuthConsumer.java
r4231 r6849 74 74 * i.e. you don't have to put them into the request first. The consumer's 75 75 * {@link SigningStrategy} will then take care of writing them to the 76 * correct part of the request before it is sent. Note that these parameters 77 * are expected to already be percent encoded -- they will be simply merged 78 * as-is. 76 * correct part of the request before it is sent. This is useful if you want 77 * to pre-set custom OAuth parameters. Note that these parameters are 78 * expected to already be percent encoded -- they will be simply merged 79 * as-is. <b>BE CAREFUL WITH THIS METHOD! Your service provider may decide 80 * to ignore any non-standard OAuth params when computing the signature.</b> 79 81 * 80 82 * @param additionalParameters -
trunk/src/oauth/signpost/OAuthProvider.java
r4231 r6849 108 108 * your application as a desktop app (which would only be able to 109 109 * handle OOB requests). 110 * @param customOAuthParams 111 * you can pass custom OAuth parameters here which will go directly 112 * into the signer, i.e. you don't have to put them into the request 113 * first. This is useful for pre-setting OAuth params for signing. 114 * Pass them sequentially in key/value order. 110 115 * @return The URL to which the user must be sent in order to authorize the 111 116 * consumer. It includes the unauthorized request token (and in the … … 122 127 * if server communication failed 123 128 */ 124 public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl) 125 throws OAuthMessageSignerException, OAuthNotAuthorizedException, 126 OAuthExpectationFailedException, OAuthCommunicationException; 129 public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl, 130 String... customOAuthParams) throws OAuthMessageSignerException, 131 OAuthNotAuthorizedException, OAuthExpectationFailedException, 132 OAuthCommunicationException; 127 133 128 134 /** … … 149 155 * value. If your app has received a callback, the verfication code 150 156 * was passed as part of that request instead. 157 * @param customOAuthParams 158 * you can pass custom OAuth parameters here which will go directly 159 * into the signer, i.e. you don't have to put them into the request 160 * first. This is useful for pre-setting OAuth params for signing. 161 * Pass them sequentially in key/value order. 151 162 * @throws OAuthMessageSignerException 152 163 * if signing the request failed … … 159 170 * if server communication failed 160 171 */ 161 public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier) 162 throws OAuthMessageSignerException, OAuthNotAuthorizedException, 163 OAuthExpectationFailedException, OAuthCommunicationException; 172 public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier, 173 String... customOAuthParams) throws OAuthMessageSignerException, 174 OAuthNotAuthorizedException, OAuthExpectationFailedException, 175 OAuthCommunicationException; 164 176 165 177 /** -
trunk/src/oauth/signpost/basic/HttpURLConnectionResponseAdapter.java
r4231 r6849 16 16 17 17 public InputStream getContent() throws IOException { 18 return connection.getInputStream(); 18 try { 19 return connection.getInputStream(); 20 } catch (IOException e) { 21 return connection.getErrorStream(); 22 } 19 23 } 20 24 -
trunk/src/oauth/signpost/http/HttpParameters.java
r4231 r6849 87 87 */ 88 88 public String put(String key, String value, boolean percentEncode) { 89 SortedSet<String> values = wrappedMap.get(key); 90 if (values == null) { 91 values = new TreeSet<String>(); 92 wrappedMap.put(percentEncode ? OAuth.percentEncode(key) : key, values); 93 } 94 if (value != null) { 95 value = percentEncode ? OAuth.percentEncode(value) : value; 96 values.add(value); 97 } 98 99 return value; 100 } 89 // fix contributed by Bjorn Roche - key should be encoded before wrappedMap.get 90 key = percentEncode ? OAuth.percentEncode(key) : key; 91 SortedSet<String> values = wrappedMap.get(key); 92 if (values == null) { 93 values = new TreeSet<String>(); 94 wrappedMap.put( key, values); 95 } 96 if (value != null) { 97 value = percentEncode ? OAuth.percentEncode(value) : value; 98 values.add(value); 99 } 100 101 return value; 102 } 101 103 102 104 /** … … 200 202 */ 201 203 public String getAsQueryString(Object key) { 204 return getAsQueryString(key, true); 205 } 206 207 /** 208 * Concatenates all values for the given key to a list of key/value pairs 209 * suitable for use in a URL query string. 210 * 211 * @param key 212 * the parameter name 213 * @param percentEncode 214 * whether key should be percent encoded before being 215 * used with the map 216 * @return the query string 217 */ 218 public String getAsQueryString(Object key, boolean percentEncode) { 219 // fix contributed by Stjepan Rajko - we need the percentEncode parameter 220 // because some places (like SignatureBaseString.normalizeRequestParameters) 221 // need to supply the parameter percent encoded 222 202 223 StringBuilder sb = new StringBuilder(); 203 key = OAuth.percentEncode((String) key); 224 if(percentEncode) 225 key = OAuth.percentEncode((String) key); 204 226 Set<String> values = wrappedMap.get(key); 205 227 if (values == null) { … … 215 237 return sb.toString(); 216 238 } 217 239 218 240 public String getAsHeaderElement(String key) { 219 241 String value = getFirst(key); … … 265 287 } 266 288 267 public Set< java.util.Map.Entry<String, SortedSet<String>>> entrySet() {289 public Set<Entry<String, SortedSet<String>>> entrySet() { 268 290 return wrappedMap.entrySet(); 269 291 } 292 293 public HttpParameters getOAuthParameters() { 294 HttpParameters oauthParams = new HttpParameters(); 295 296 for (Entry<String, SortedSet<String>> param : this.entrySet()) { 297 String key = param.getKey(); 298 if (key.startsWith("oauth_") || key.startsWith("x_oauth_")) { 299 oauthParams.put(key, param.getValue()); 300 } 301 } 302 303 return oauthParams; 304 } 270 305 } -
trunk/src/oauth/signpost/signature/AuthorizationHeaderSigningStrategy.java
r4231 r6849 1 1 package oauth.signpost.signature; 2 3 import java.util.Iterator; 2 4 3 5 import oauth.signpost.OAuth; … … 19 21 20 22 sb.append("OAuth "); 23 24 // add the realm parameter, if any 21 25 if (requestParameters.containsKey("realm")) { 22 26 sb.append(requestParameters.getAsHeaderElement("realm")); 23 27 sb.append(", "); 24 28 } 25 if (requestParameters.containsKey(OAuth.OAUTH_TOKEN)) { 26 sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_TOKEN)); 27 sb.append(", "); 29 30 // add all (x_)oauth parameters 31 HttpParameters oauthParams = requestParameters.getOAuthParameters(); 32 oauthParams.put(OAuth.OAUTH_SIGNATURE, signature, true); 33 34 Iterator<String> iter = oauthParams.keySet().iterator(); 35 while (iter.hasNext()) { 36 String key = iter.next(); 37 sb.append(oauthParams.getAsHeaderElement(key)); 38 if (iter.hasNext()) { 39 sb.append(", "); 40 } 28 41 } 29 if (requestParameters.containsKey(OAuth.OAUTH_CALLBACK)) {30 sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_CALLBACK));31 sb.append(", ");32 }33 if (requestParameters.containsKey(OAuth.OAUTH_VERIFIER)) {34 sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_VERIFIER));35 sb.append(", ");36 }37 sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_CONSUMER_KEY));38 sb.append(", ");39 sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_VERSION));40 sb.append(", ");41 sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_SIGNATURE_METHOD));42 sb.append(", ");43 sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_TIMESTAMP));44 sb.append(", ");45 sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_NONCE));46 sb.append(", ");47 sb.append(OAuth.toHeaderElement(OAuth.OAUTH_SIGNATURE, signature));48 42 49 43 String header = sb.toString(); 44 OAuth.debugOut("Auth Header", header); 50 45 request.setHeader(OAuth.HTTP_AUTHORIZATION_HEADER, header); 51 46 -
trunk/src/oauth/signpost/signature/QueryStringSigningStrategy.java
r4231 r6849 1 1 package oauth.signpost.signature; 2 3 import java.util.Iterator; 2 4 3 5 import oauth.signpost.OAuth; … … 21 23 HttpParameters requestParameters) { 22 24 23 // add the signature24 StringBuilder sb = new StringBuilder(OAuth.addQueryParameters(request.getRequestUrl(),25 OAuth.OAUTH_SIGNATURE, signature));25 // add all (x_)oauth parameters 26 HttpParameters oauthParams = requestParameters.getOAuthParameters(); 27 oauthParams.put(OAuth.OAUTH_SIGNATURE, signature, true); 26 28 27 // add the optional OAuth parameters 28 if (requestParameters.containsKey(OAuth.OAUTH_TOKEN)) { 29 Iterator<String> iter = oauthParams.keySet().iterator(); 30 31 // add the first query parameter (we always have at least the signature) 32 String firstKey = iter.next(); 33 StringBuilder sb = new StringBuilder(OAuth.addQueryString(request.getRequestUrl(), 34 oauthParams.getAsQueryString(firstKey))); 35 36 while (iter.hasNext()) { 29 37 sb.append("&"); 30 sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_TOKEN)); 38 String key = iter.next(); 39 sb.append(oauthParams.getAsQueryString(key)); 31 40 } 32 if (requestParameters.containsKey(OAuth.OAUTH_CALLBACK)) {33 sb.append("&");34 sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_CALLBACK));35 }36 if (requestParameters.containsKey(OAuth.OAUTH_VERIFIER)) {37 sb.append("&");38 sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_VERIFIER));39 }40 41 // add the remaining OAuth params42 sb.append("&");43 sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_CONSUMER_KEY));44 sb.append("&");45 sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_VERSION));46 sb.append("&");47 sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_SIGNATURE_METHOD));48 sb.append("&");49 sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_TIMESTAMP));50 sb.append("&");51 sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_NONCE));52 41 53 42 String signedUrl = sb.toString(); -
trunk/src/oauth/signpost/signature/SignatureBaseString.java
r4231 r6849 111 111 } 112 112 113 sb.append(requestParameters.getAsQueryString(param)); 113 // fix contributed by Stjepan Rajko 114 // since param should already be encoded, we supply false for percentEncode 115 sb.append(requestParameters.getAsQueryString(param, false)); 114 116 } 115 117 return sb.toString();
Note:
See TracChangeset
for help on using the changeset viewer.