001/*
002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 */
019package org.nuxeo.ecm.platform.oauth.keys;
020
021import java.util.UUID;
022
023import org.nuxeo.ecm.platform.oauth.consumers.NuxeoOAuthConsumer;
024import org.nuxeo.runtime.model.ComponentContext;
025import org.nuxeo.runtime.model.ComponentInstance;
026import org.nuxeo.runtime.model.DefaultComponent;
027
028/**
029 * Implements the {@link OAuthServerKeyManager} interface. Manages an extention point to configure RSA Key Pair.
030 * Shindig/Nuxeo HMAC shared secret is dynamically generated at startup time (and shared between Nuxeo OAUth Filter and
031 * Shindig directly in memory).
032 *
033 * @author tiry
034 */
035public class OAuthServerKeyManagerImpl extends DefaultComponent implements OAuthServerKeyManager {
036
037    protected ServerKeyDescriptor serverKeyDescriptor;
038
039    public static final String XP_SERVER_KEY = "serverKeyPair";
040
041    protected NuxeoOAuthConsumer consumer;
042
043    protected String internalKey;
044
045    protected String internalSecret;
046
047    @Override
048    public void activate(ComponentContext context) {
049        // generate the random secret used between Shindig and Nuxeo
050        internalKey = "nuxeo4shindig-" + UUID.randomUUID().toString();
051        internalSecret = UUID.randomUUID().toString();
052    }
053
054    @Override
055    public void registerContribution(Object contribution, String extensionPoint, ComponentInstance contributor) {
056
057        if (XP_SERVER_KEY.equals(extensionPoint)) {
058            serverKeyDescriptor = (ServerKeyDescriptor) contribution;
059        }
060    }
061
062    @Override
063    public void unregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor) {
064
065        if (XP_SERVER_KEY.equals(extensionPoint)) {
066            serverKeyDescriptor = null;
067        }
068    }
069
070    @Override
071    public String getPublicKeyCertificate() {
072        if (serverKeyDescriptor != null) {
073            return serverKeyDescriptor.externalPublicCertificate;
074        }
075        return null;
076    }
077
078    @Override
079    public String getBarePublicCertificate() {
080        return stripOpenSSL(getPublicKeyCertificate());
081    }
082
083    @Override
084    public String getPrivateKey() {
085        if (serverKeyDescriptor != null) {
086            return serverKeyDescriptor.externalPrivateKey;
087        }
088        return null;
089    }
090
091    @Override
092    public String getBarePrivateKey() {
093        return stripOpenSSL(getPrivateKey());
094    }
095
096    @Override
097    public String getKeyName() {
098        if (serverKeyDescriptor != null) {
099            return serverKeyDescriptor.externalPrivateKeyName;
100        }
101        return null;
102    }
103
104    protected String stripOpenSSL(String key) {
105        if (key == null) {
106            return null;
107        }
108        return key.replaceAll("-----[A-Z ]*-----", "").replace("\n", "");
109    }
110
111    @Override
112    public String getInternalKey() {
113        return internalKey;
114    }
115
116    @Override
117    public String getInternalSecret() {
118        return internalSecret;
119    }
120
121    @Override
122    public NuxeoOAuthConsumer getInternalConsumer() {
123        if (consumer == null) {
124            consumer = new InternalNuxeoOAuthConsumer(internalKey, internalSecret);
125        }
126        return consumer;
127    }
128
129    protected class InternalNuxeoOAuthConsumer extends NuxeoOAuthConsumer {
130
131        private static final long serialVersionUID = 1L;
132
133        public InternalNuxeoOAuthConsumer(String consumerKey, String consumerSecret) {
134            super(null, consumerKey, consumerSecret, null);
135            signedFetchSupport = NuxeoOAuthConsumer.SIGNEDFETCH_OPENSOCIAL_VIEWER;
136        }
137    }
138}