Changeset 6849 in josm for trunk/src/oauth


Ignore:
Timestamp:
2014-02-13T21:10:18+01:00 (6 years ago)
Author:
stoecker
Message:

see #9710 - update oauth library code

Location:
trunk/src/oauth/signpost
Files:
10 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/oauth/signpost/AbstractOAuthConsumer.java

    r4231 r6849  
    3434 * ABC for consumer implementations. If you're developing a custom consumer you
    3535 * will probably inherit from this class to save you a lot of work.
    36  * 
     36 *
    3737 * @author Matthias Kaeppler
    3838 */
     
    5555    // these are the params which will be passed to the message signer
    5656    private HttpParameters requestParameters;
    57 
     57   
    5858    private boolean sendEmptyTokens;
     59   
     60    final private Random random = new Random(System.nanoTime());
    5961
    6062    public AbstractOAuthConsumer(String consumerKey, String consumerSecret) {
     
    7880    }
    7981
    80     public HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException,
     82    public synchronized HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException,
    8183            OAuthExpectationFailedException, OAuthCommunicationException {
    8284        if (consumerKey == null) {
     
    109111
    110112        signingStrategy.writeSignature(signature, request, requestParameters);
    111         OAuth.debugOut("Auth header", request.getHeader("Authorization"));
    112113        OAuth.debugOut("Request URL", request.getRequestUrl());
    113114
     
    115116    }
    116117
    117     public HttpRequest sign(Object request) throws OAuthMessageSignerException,
     118    public synchronized HttpRequest sign(Object request) throws OAuthMessageSignerException,
    118119            OAuthExpectationFailedException, OAuthCommunicationException {
    119120        return sign(wrap(request));
    120121    }
    121122
    122     public String sign(String url) throws OAuthMessageSignerException,
     123    public synchronized String sign(String url) throws OAuthMessageSignerException,
    123124            OAuthExpectationFailedException, OAuthCommunicationException {
    124125        HttpRequest request = new UrlStringRequestAdapter(url);
     
    139140     * Adapts the given request object to a Signpost {@link HttpRequest}. How
    140141     * this is done depends on the consumer implementation.
    141      * 
     142     *
    142143     * @param request
    143144     *        the native HTTP request instance
     
    179180     * {@link #generateNonce()} or {@link #generateTimestamp()} instead.
    180181     * </p>
    181      * 
     182     *
    182183     * @param out
    183184     *        the request parameter which should be completed
     
    257258
    258259    protected String generateNonce() {
    259         return Long.toString(new Random().nextLong());
     260        return Long.toString(random.nextLong());
    260261    }
    261262}
  • trunk/src/oauth/signpost/AbstractOAuthProvider.java

    r4231 r6849  
    5858    }
    5959
    60     public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl)
    61             throws OAuthMessageSignerException, OAuthNotAuthorizedException,
    62             OAuthExpectationFailedException, OAuthCommunicationException {
     60    public synchronized String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl,
     61            String... customOAuthParams) throws OAuthMessageSignerException,
     62            OAuthNotAuthorizedException, OAuthExpectationFailedException,
     63            OAuthCommunicationException {
    6364
    6465        // invalidate current credentials, if any
     
    6768        // 1.0a expects the callback to be sent while getting the request token.
    6869        // 1.0 service providers would simply ignore this parameter.
    69         retrieveToken(consumer, requestTokenEndpointUrl, OAuth.OAUTH_CALLBACK, callbackUrl);
     70        HttpParameters params = new HttpParameters();
     71        params.putAll(customOAuthParams, true);
     72        params.put(OAuth.OAUTH_CALLBACK, callbackUrl, true);
     73
     74        retrieveToken(consumer, requestTokenEndpointUrl, params);
    7075
    7176        String callbackConfirmed = responseParameters.getFirst(OAuth.OAUTH_CALLBACK_CONFIRMED);
     
    8489    }
    8590
    86     public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier)
    87             throws OAuthMessageSignerException, OAuthNotAuthorizedException,
    88             OAuthExpectationFailedException, OAuthCommunicationException {
     91    public synchronized void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier,
     92            String... customOAuthParams) throws OAuthMessageSignerException,
     93            OAuthNotAuthorizedException, OAuthExpectationFailedException,
     94            OAuthCommunicationException {
    8995
    9096        if (consumer.getToken() == null || consumer.getTokenSecret() == null) {
     
    94100        }
    95101
     102        HttpParameters params = new HttpParameters();
     103        params.putAll(customOAuthParams, true);
     104
    96105        if (isOAuth10a && oauthVerifier != null) {
    97             retrieveToken(consumer, accessTokenEndpointUrl, OAuth.OAUTH_VERIFIER, oauthVerifier);
    98         } else {
    99             retrieveToken(consumer, accessTokenEndpointUrl);
    100         }
     106            params.put(OAuth.OAUTH_VERIFIER, oauthVerifier, true);
     107        }
     108        retrieveToken(consumer, accessTokenEndpointUrl, params);
    101109    }
    102110
     
    126134     *        the URL at which the service provider serves the OAuth token that
    127135     *        is to be fetched
    128      * @param additionalParameters
    129      *        you can pass parameters here (typically OAuth parameters such as
    130      *        oauth_callback or oauth_verifier) which will go directly into the
    131      *        signer, i.e. you don't have to put them into the request first,
    132      *        just so the consumer pull them out again. Pass them sequentially
    133      *        in key/value order.
     136     * @param customOAuthParams
     137     *        you can pass custom OAuth parameters here (such as oauth_callback
     138     *        or oauth_verifier) which will go directly into the signer, i.e.
     139     *        you don't have to put them into the request first.
    134140     * @throws OAuthMessageSignerException
    135141     *         if signing the token request fails
     
    143149     */
    144150    protected void retrieveToken(OAuthConsumer consumer, String endpointUrl,
    145             String... additionalParameters) throws OAuthMessageSignerException,
     151            HttpParameters customOAuthParams) throws OAuthMessageSignerException,
    146152            OAuthCommunicationException, OAuthNotAuthorizedException,
    147153            OAuthExpectationFailedException {
     
    159165                request.setHeader(header, defaultHeaders.get(header));
    160166            }
    161             if (additionalParameters != null) {
    162                 HttpParameters httpParams = new HttpParameters();
    163                 httpParams.putAll(additionalParameters, true);
    164                 consumer.setAdditionalParameters(httpParams);
    165             }
    166 
     167            if (customOAuthParams != null && !customOAuthParams.isEmpty()) {
     168                consumer.setAdditionalParameters(customOAuthParams);
     169            }
     170           
    167171            if (this.listener != null) {
    168172                this.listener.prepareRequest(request);
     
    170174
    171175            consumer.sign(request);
    172 
     176           
    173177            if (this.listener != null) {
    174178                this.listener.prepareSubmission(request);
  • trunk/src/oauth/signpost/OAuth.java

    r4231 r6849  
    239239    }
    240240
     241    public static String addQueryString(String url, String queryString) {
     242        String queryDelim = url.contains("?") ? "&" : "?";
     243        StringBuilder sb = new StringBuilder(url + queryDelim);
     244        sb.append(queryString);
     245        return sb.toString();
     246    }
     247
    241248    /**
    242249     * Builds an OAuth header from the given list of header fields. All
     
    250257     *
    251258     * <pre>
    252      * OAuth realm="http://example.com", oauth_token="x%25y"
     259     * OAuth realm=&quot;http://example.com&quot;, oauth_token=&quot;x%25y&quot;
    253260     * </pre>
    254261     *
     
    264271                sb.append(", ");
    265272            }
    266             String value = kvPairs[i].startsWith("oauth_") ? OAuth
    267                 .percentEncode(kvPairs[i + 1]) : kvPairs[i + 1];
     273            boolean isOAuthElem = kvPairs[i].startsWith("oauth_")
     274                    || kvPairs[i].startsWith("x_oauth_");
     275            String value = isOAuthElem ? OAuth.percentEncode(kvPairs[i + 1]) : kvPairs[i + 1];
    268276            sb.append(OAuth.percentEncode(kvPairs[i]) + "=\"" + value + "\"");
    269277        }
  • trunk/src/oauth/signpost/OAuthConsumer.java

    r4231 r6849  
    7474     * i.e. you don't have to put them into the request first. The consumer's
    7575     * {@link SigningStrategy} will then take care of writing them to the
    76      * correct part of the request before it is sent. Note that these parameters
    77      * are expected to already be percent encoded -- they will be simply merged
    78      * as-is.
     76     * correct part of the request before it is sent. This is useful if you want
     77     * to pre-set custom OAuth parameters. Note that these parameters are
     78     * expected to already be percent encoded -- they will be simply merged
     79     * as-is. <b>BE CAREFUL WITH THIS METHOD! Your service provider may decide
     80     * to ignore any non-standard OAuth params when computing the signature.</b>
    7981     *
    8082     * @param additionalParameters
  • trunk/src/oauth/signpost/OAuthProvider.java

    r4231 r6849  
    108108     *        your application as a desktop app (which would only be able to
    109109     *        handle OOB requests).
     110     * @param customOAuthParams
     111     *        you can pass custom OAuth parameters here which will go directly
     112     *        into the signer, i.e. you don't have to put them into the request
     113     *        first. This is useful for pre-setting OAuth params for signing.
     114     *        Pass them sequentially in key/value order.
    110115     * @return The URL to which the user must be sent in order to authorize the
    111116     *         consumer. It includes the unauthorized request token (and in the
     
    122127     *         if server communication failed
    123128     */
    124     public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl)
    125             throws OAuthMessageSignerException, OAuthNotAuthorizedException,
    126             OAuthExpectationFailedException, OAuthCommunicationException;
     129    public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl,
     130            String... customOAuthParams) throws OAuthMessageSignerException,
     131            OAuthNotAuthorizedException, OAuthExpectationFailedException,
     132            OAuthCommunicationException;
    127133
    128134    /**
     
    149155     *        value. If your app has received a callback, the verfication code
    150156     *        was passed as part of that request instead.
     157     * @param customOAuthParams
     158     *        you can pass custom OAuth parameters here which will go directly
     159     *        into the signer, i.e. you don't have to put them into the request
     160     *        first. This is useful for pre-setting OAuth params for signing.
     161     *        Pass them sequentially in key/value order.
    151162     * @throws OAuthMessageSignerException
    152163     *         if signing the request failed
     
    159170     *         if server communication failed
    160171     */
    161     public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier)
    162             throws OAuthMessageSignerException, OAuthNotAuthorizedException,
    163             OAuthExpectationFailedException, OAuthCommunicationException;
     172    public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier,
     173            String... customOAuthParams) throws OAuthMessageSignerException,
     174            OAuthNotAuthorizedException, OAuthExpectationFailedException,
     175            OAuthCommunicationException;
    164176
    165177    /**
  • trunk/src/oauth/signpost/basic/HttpURLConnectionResponseAdapter.java

    r4231 r6849  
    1616
    1717    public InputStream getContent() throws IOException {
    18         return connection.getInputStream();
     18        try {
     19            return connection.getInputStream();
     20        } catch (IOException e) {
     21            return connection.getErrorStream();
     22        }
    1923    }
    2024
  • trunk/src/oauth/signpost/http/HttpParameters.java

    r4231 r6849  
    8787     */
    8888    public String put(String key, String value, boolean percentEncode) {
    89         SortedSet<String> values = wrappedMap.get(key);
    90         if (values == null) {
    91             values = new TreeSet<String>();
    92             wrappedMap.put(percentEncode ? OAuth.percentEncode(key) : key, values);
    93         }
    94         if (value != null) {
    95             value = percentEncode ? OAuth.percentEncode(value) : value;
    96             values.add(value);
    97         }
    98 
    99         return value;
    100     }
     89         // fix contributed by Bjorn Roche - key should be encoded before wrappedMap.get
     90         key = percentEncode ? OAuth.percentEncode(key) : key;
     91         SortedSet<String> values = wrappedMap.get(key);
     92         if (values == null) {
     93             values = new TreeSet<String>();
     94             wrappedMap.put( key, values);
     95         }
     96         if (value != null) {
     97             value = percentEncode ? OAuth.percentEncode(value) : value;
     98             values.add(value);
     99         }
     100
     101         return value;
     102     }
    101103
    102104    /**
     
    200202     */
    201203    public String getAsQueryString(Object key) {
     204        return getAsQueryString(key, true);
     205    }
     206
     207    /**
     208     * Concatenates all values for the given key to a list of key/value pairs
     209     * suitable for use in a URL query string.
     210     *
     211     * @param key
     212     *        the parameter name
     213     * @param percentEncode
     214     *        whether key should be percent encoded before being
     215     *        used with the map
     216     * @return the query string
     217     */
     218     public String getAsQueryString(Object key, boolean percentEncode) {
     219        // fix contributed by Stjepan Rajko - we need the percentEncode parameter
     220        // because some places (like SignatureBaseString.normalizeRequestParameters)
     221        // need to supply the parameter percent encoded
     222
    202223        StringBuilder sb = new StringBuilder();
    203         key = OAuth.percentEncode((String) key);
     224        if(percentEncode)
     225                key = OAuth.percentEncode((String) key);
    204226        Set<String> values = wrappedMap.get(key);
    205227        if (values == null) {
     
    215237        return sb.toString();
    216238    }
    217 
     239   
    218240    public String getAsHeaderElement(String key) {
    219241        String value = getFirst(key);
     
    265287    }
    266288
    267     public Set<java.util.Map.Entry<String, SortedSet<String>>> entrySet() {
     289    public Set<Entry<String, SortedSet<String>>> entrySet() {
    268290        return wrappedMap.entrySet();
    269291    }
     292
     293    public HttpParameters getOAuthParameters() {
     294        HttpParameters oauthParams = new HttpParameters();
     295
     296        for (Entry<String, SortedSet<String>> param : this.entrySet()) {
     297            String key = param.getKey();
     298            if (key.startsWith("oauth_") || key.startsWith("x_oauth_")) {
     299                oauthParams.put(key, param.getValue());
     300            }
     301        }
     302
     303        return oauthParams;
     304    }
    270305}
  • trunk/src/oauth/signpost/signature/AuthorizationHeaderSigningStrategy.java

    r4231 r6849  
    11package oauth.signpost.signature;
     2
     3import java.util.Iterator;
    24
    35import oauth.signpost.OAuth;
     
    1921
    2022        sb.append("OAuth ");
     23
     24        // add the realm parameter, if any
    2125        if (requestParameters.containsKey("realm")) {
    2226            sb.append(requestParameters.getAsHeaderElement("realm"));
    2327            sb.append(", ");
    2428        }
    25         if (requestParameters.containsKey(OAuth.OAUTH_TOKEN)) {
    26             sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_TOKEN));
    27             sb.append(", ");
     29
     30        // add all (x_)oauth parameters
     31        HttpParameters oauthParams = requestParameters.getOAuthParameters();
     32        oauthParams.put(OAuth.OAUTH_SIGNATURE, signature, true);
     33
     34        Iterator<String> iter = oauthParams.keySet().iterator();
     35        while (iter.hasNext()) {
     36            String key = iter.next();
     37            sb.append(oauthParams.getAsHeaderElement(key));
     38            if (iter.hasNext()) {
     39                sb.append(", ");
     40            }
    2841        }
    29         if (requestParameters.containsKey(OAuth.OAUTH_CALLBACK)) {
    30             sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_CALLBACK));
    31             sb.append(", ");
    32         }
    33         if (requestParameters.containsKey(OAuth.OAUTH_VERIFIER)) {
    34             sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_VERIFIER));
    35             sb.append(", ");
    36         }
    37         sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_CONSUMER_KEY));
    38         sb.append(", ");
    39         sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_VERSION));
    40         sb.append(", ");
    41         sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_SIGNATURE_METHOD));
    42         sb.append(", ");
    43         sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_TIMESTAMP));
    44         sb.append(", ");
    45         sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_NONCE));
    46         sb.append(", ");
    47         sb.append(OAuth.toHeaderElement(OAuth.OAUTH_SIGNATURE, signature));
    4842
    4943        String header = sb.toString();
     44        OAuth.debugOut("Auth Header", header);
    5045        request.setHeader(OAuth.HTTP_AUTHORIZATION_HEADER, header);
    5146
  • trunk/src/oauth/signpost/signature/QueryStringSigningStrategy.java

    r4231 r6849  
    11package oauth.signpost.signature;
     2
     3import java.util.Iterator;
    24
    35import oauth.signpost.OAuth;
     
    2123            HttpParameters requestParameters) {
    2224
    23         // add the signature
    24         StringBuilder sb = new StringBuilder(OAuth.addQueryParameters(request.getRequestUrl(),
    25             OAuth.OAUTH_SIGNATURE, signature));
     25        // add all (x_)oauth parameters
     26        HttpParameters oauthParams = requestParameters.getOAuthParameters();
     27        oauthParams.put(OAuth.OAUTH_SIGNATURE, signature, true);
    2628
    27         // add the optional OAuth parameters
    28         if (requestParameters.containsKey(OAuth.OAUTH_TOKEN)) {
     29        Iterator<String> iter = oauthParams.keySet().iterator();
     30
     31        // add the first query parameter (we always have at least the signature)
     32        String firstKey = iter.next();
     33        StringBuilder sb = new StringBuilder(OAuth.addQueryString(request.getRequestUrl(),
     34            oauthParams.getAsQueryString(firstKey)));
     35
     36        while (iter.hasNext()) {
    2937            sb.append("&");
    30             sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_TOKEN));
     38            String key = iter.next();
     39            sb.append(oauthParams.getAsQueryString(key));
    3140        }
    32         if (requestParameters.containsKey(OAuth.OAUTH_CALLBACK)) {
    33             sb.append("&");
    34             sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_CALLBACK));
    35         }
    36         if (requestParameters.containsKey(OAuth.OAUTH_VERIFIER)) {
    37             sb.append("&");
    38             sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_VERIFIER));
    39         }
    40 
    41         // add the remaining OAuth params
    42         sb.append("&");
    43         sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_CONSUMER_KEY));
    44         sb.append("&");
    45         sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_VERSION));
    46         sb.append("&");
    47         sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_SIGNATURE_METHOD));
    48         sb.append("&");
    49         sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_TIMESTAMP));
    50         sb.append("&");
    51         sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_NONCE));
    5241
    5342        String signedUrl = sb.toString();
  • trunk/src/oauth/signpost/signature/SignatureBaseString.java

    r4231 r6849  
    111111            }
    112112
    113             sb.append(requestParameters.getAsQueryString(param));
     113            // fix contributed by Stjepan Rajko
     114            // since param should already be encoded, we supply false for percentEncode
     115            sb.append(requestParameters.getAsQueryString(param, false)); 
    114116        }
    115117        return sb.toString();
Note: See TracChangeset for help on using the changeset viewer.