001/* 002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id$ 020 */ 021 022package org.nuxeo.ecm.platform.oauth.consumers; 023 024import org.apache.commons.logging.Log; 025import org.apache.commons.logging.LogFactory; 026import org.nuxeo.ecm.core.api.DocumentModel; 027 028import net.oauth.OAuth; 029import net.oauth.OAuthConsumer; 030import net.oauth.OAuthServiceProvider; 031import net.oauth.signature.RSA_SHA1; 032import net.oauth.signature.pem.PEMReader; 033 034/** 035 * Represents a application that uses OAuth to consume a Web Service from Nuxeo. This class holds informations such and 036 * keys and name for a consumer application. The simple mapping to DocumentModel is also provided to make storage in SQL 037 * Directory easier. 038 * 039 * @author tiry 040 */ 041public class NuxeoOAuthConsumer extends OAuthConsumer { 042 043 public static final String ALLOW_SIGNEDFETCH = "allowSignedFetch"; 044 045 public static final String SIGNEDFETCH_NONE = "none"; 046 047 public static final String SIGNEDFETCH_OPENSOCIAL_VIEWER = "opensocial:viewer"; 048 049 public static final String SIGNEDFETCH_OPENSOCIAL_OWNER = "opensocial:owner"; 050 051 public static final String SIGNEDFETCH_DEDICATED_USER = "nuxeo:user"; 052 053 public static final String SCHEMA = "oauthConsumer"; 054 055 protected static final Log log = LogFactory.getLog(NuxeoOAuthConsumer.class); 056 057 private static final long serialVersionUID = 1L; 058 059 protected String publicKey; 060 061 protected String description; 062 063 protected String signedFetchSupport = SIGNEDFETCH_NONE; 064 065 protected String dedicatedLogin; 066 067 protected boolean enabled = true; 068 069 protected boolean allowBypassVerifier = false; 070 071 public static NuxeoOAuthConsumer createFromDirectoryEntry(DocumentModel entry, String keyType) 072 { 073 String callbackURL = (String) entry.getProperty(SCHEMA, "callbackURL"); 074 String consumerKey = (String) entry.getProperty(SCHEMA, "consumerKey"); 075 String consumerSecret = (String) entry.getProperty(SCHEMA, "consumerSecret"); 076 String rsaKey = (String) entry.getProperty(SCHEMA, "publicKey"); 077 078 NuxeoOAuthConsumer consumer = new NuxeoOAuthConsumer(callbackURL, consumerKey, consumerSecret, null); 079 080 if (OAuth.RSA_SHA1.equals(keyType)) { 081 if (rsaKey != null) { 082 if (rsaKey.contains(PEMReader.PUBLIC_X509_MARKER)) { 083 consumer.setProperty(RSA_SHA1.PUBLIC_KEY, rsaKey); 084 } else { 085 consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, rsaKey); 086 } 087 } 088 } 089 consumer.publicKey = rsaKey; 090 consumer.description = (String) entry.getProperty(SCHEMA, "description"); 091 consumer.signedFetchSupport = (String) entry.getProperty(SCHEMA, "signedFetchSupport"); 092 consumer.dedicatedLogin = (String) entry.getProperty(SCHEMA, "dedicatedLogin"); 093 094 Boolean enabledFlag = (Boolean) entry.getProperty(SCHEMA, "enabled"); 095 if (Boolean.FALSE.equals(enabledFlag)) { 096 consumer.enabled = false; 097 } 098 099 Boolean allowBypassVerifierFlag = (Boolean) entry.getProperty(SCHEMA, "allowBypassVerifier"); 100 if (Boolean.TRUE.equals(allowBypassVerifierFlag)) { 101 consumer.allowBypassVerifier = true; 102 } 103 104 return consumer; 105 } 106 107 public NuxeoOAuthConsumer(String callbackURL, String consumerKey, String consumerSecret, 108 OAuthServiceProvider serviceProvider) { 109 super(callbackURL, consumerKey, consumerSecret, serviceProvider); 110 } 111 112 protected DocumentModel asDocumentModel(DocumentModel entry) { 113 entry.setProperty(SCHEMA, "callbackURL", callbackURL); 114 entry.setProperty(SCHEMA, "consumerKey", consumerKey); 115 entry.setProperty(SCHEMA, "consumerSecret", consumerSecret); 116 117 entry.setProperty(SCHEMA, "publicKey", publicKey); 118 entry.setProperty(SCHEMA, "description", description); 119 entry.setProperty(SCHEMA, "signedFetchSupport", signedFetchSupport); 120 entry.setProperty(SCHEMA, "dedicatedLogin", dedicatedLogin); 121 entry.setProperty(SCHEMA, "enabled", Boolean.valueOf(enabled)); 122 entry.setProperty(SCHEMA, "allowBypassVerifier", Boolean.valueOf(allowBypassVerifier)); 123 return entry; 124 } 125 126 public String getCallbackURL() { 127 return callbackURL; 128 } 129 130 public String getConsumerKey() { 131 return consumerKey; 132 } 133 134 public String getConsumerSecret() { 135 return consumerSecret; 136 } 137 138 public String getPublicKey() { 139 return publicKey; 140 } 141 142 public boolean allowSignedFetch() { 143 if (signedFetchSupport == null || SIGNEDFETCH_NONE.equals(signedFetchSupport)) { 144 return false; 145 } 146 if (SIGNEDFETCH_DEDICATED_USER.equals(signedFetchSupport) && dedicatedLogin == null) { 147 return false; 148 } 149 return true; 150 } 151 152 public String getSignedFetchUser() { 153 if (!allowSignedFetch()) { 154 return null; 155 } 156 if (signedFetchSupport.startsWith(SIGNEDFETCH_DEDICATED_USER)) { 157 return dedicatedLogin; 158 } else { 159 return signedFetchSupport; 160 } 161 } 162 163 public String getDescription() { 164 return description; 165 } 166 167 public String getSecret(String type) { 168 if (type == null || OAuth.HMAC_SHA1.equals(type)) { 169 return consumerSecret; 170 } else if (OAuth.RSA_SHA1.equals(type)) { 171 return ""; 172 } else { 173 log.error("Unknown type of key :" + type); 174 return null; 175 } 176 } 177 178 public boolean allowBypassVerifier() { 179 return allowBypassVerifier; 180 } 181 182}