001/* 002 * Copyright (c) 2006-2011 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the Eclipse Public License v1.0 006 * which accompanies this distribution, and is available at 007 * http://www.eclipse.org/legal/epl-v10.html 008 * 009 * Contributors: 010 * slacoin 011 */ 012package org.nuxeo.ecm.automation.client.jaxrs.spi.auth; 013 014import java.security.MessageDigest; 015import java.security.NoSuchAlgorithmException; 016import java.util.Date; 017import java.util.HashMap; 018import java.util.Map; 019import java.util.Random; 020 021import javax.ws.rs.core.MultivaluedMap; 022 023import org.nuxeo.ecm.automation.client.jaxrs.spi.Connector; 024import org.nuxeo.ecm.automation.client.jaxrs.spi.Request; 025import org.nuxeo.ecm.automation.client.jaxrs.spi.RequestInterceptor; 026import org.nuxeo.ecm.automation.client.jaxrs.util.Base64; 027 028import com.sun.jersey.api.client.ClientHandlerException; 029import com.sun.jersey.api.client.ClientRequest; 030import com.sun.jersey.api.client.ClientResponse; 031 032/** 033 * @author matic 034 */ 035public class PortalSSOAuthInterceptor extends RequestInterceptor { 036 037 protected final String secret; 038 039 protected final String username; 040 041 public PortalSSOAuthInterceptor(String secretKey, String userName) { 042 this.secret = secretKey; 043 this.username = userName; 044 } 045 046 @Override 047 public void processRequest(Request request, Connector connector) { 048 request.putAll(computeHeaders()); 049 } 050 051 protected Map<String, String> computeHeaders() { 052 // compute token 053 long ts = new Date().getTime(); 054 long random = new Random(ts).nextInt(); 055 056 String clearToken = String.format("%d:%d:%s:%s", ts, random, secret, username); 057 058 byte[] hashedToken; 059 060 try { 061 hashedToken = MessageDigest.getInstance("MD5").digest(clearToken.getBytes()); 062 } catch (NoSuchAlgorithmException e) { 063 throw new RuntimeException("Cannot compute token", e); 064 } 065 066 String base64HashedToken = Base64.encode(hashedToken); 067 Map<String, String> headers = new HashMap<String, String>(); 068 headers.put("NX_TS", String.valueOf(ts)); 069 headers.put("NX_RD", String.valueOf(random)); 070 headers.put("NX_TOKEN", base64HashedToken); 071 headers.put("NX_USER", username); 072 return headers; 073 } 074 075 @Override 076 public ClientResponse handle(ClientRequest cr) throws ClientHandlerException { 077 Map<String, String> computedHeaders = computeHeaders(); 078 MultivaluedMap<String, Object> headers = cr.getHeaders(); 079 for (Map.Entry<String, String> entry : computedHeaders.entrySet()) { 080 headers.add(entry.getKey(), entry.getValue()); 081 } 082 return getNext().handle(cr); 083 } 084}