001/*
002 * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Nuxeo - initial API and implementation
016 *
017 * $Id$
018 */
019
020package org.nuxeo.ecm.platform.oauth.consumers;
021
022import org.apache.commons.logging.Log;
023import org.apache.commons.logging.LogFactory;
024import org.nuxeo.ecm.core.api.DocumentModel;
025
026import net.oauth.OAuth;
027import net.oauth.OAuthConsumer;
028import net.oauth.OAuthServiceProvider;
029import net.oauth.signature.RSA_SHA1;
030import net.oauth.signature.pem.PEMReader;
031
032/**
033 * Represents a application that uses OAuth to consume a Web Service from Nuxeo. This class holds informations such and
034 * keys and name for a consumer application. The simple mapping to DocumentModel is also provided to make storage in SQL
035 * Directory easier.
036 *
037 * @author tiry
038 */
039public class NuxeoOAuthConsumer extends OAuthConsumer {
040
041    public static final String ALLOW_SIGNEDFETCH = "allowSignedFetch";
042
043    public static final String SIGNEDFETCH_NONE = "none";
044
045    public static final String SIGNEDFETCH_OPENSOCIAL_VIEWER = "opensocial:viewer";
046
047    public static final String SIGNEDFETCH_OPENSOCIAL_OWNER = "opensocial:owner";
048
049    public static final String SIGNEDFETCH_DEDICATED_USER = "nuxeo:user";
050
051    public static final String SCHEMA = "oauthConsumer";
052
053    protected static final Log log = LogFactory.getLog(NuxeoOAuthConsumer.class);
054
055    private static final long serialVersionUID = 1L;
056
057    protected String publicKey;
058
059    protected String description;
060
061    protected String signedFetchSupport = SIGNEDFETCH_NONE;
062
063    protected String dedicatedLogin;
064
065    protected boolean enabled = true;
066
067    protected boolean allowBypassVerifier = false;
068
069    public static NuxeoOAuthConsumer createFromDirectoryEntry(DocumentModel entry, String keyType)
070            {
071        String callbackURL = (String) entry.getProperty(SCHEMA, "callbackURL");
072        String consumerKey = (String) entry.getProperty(SCHEMA, "consumerKey");
073        String consumerSecret = (String) entry.getProperty(SCHEMA, "consumerSecret");
074        String rsaKey = (String) entry.getProperty(SCHEMA, "publicKey");
075
076        NuxeoOAuthConsumer consumer = new NuxeoOAuthConsumer(callbackURL, consumerKey, consumerSecret, null);
077
078        if (OAuth.RSA_SHA1.equals(keyType)) {
079            if (rsaKey != null) {
080                if (rsaKey.contains(PEMReader.PUBLIC_X509_MARKER)) {
081                    consumer.setProperty(RSA_SHA1.PUBLIC_KEY, rsaKey);
082                } else {
083                    consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, rsaKey);
084                }
085            }
086        }
087        consumer.publicKey = rsaKey;
088        consumer.description = (String) entry.getProperty(SCHEMA, "description");
089        consumer.signedFetchSupport = (String) entry.getProperty(SCHEMA, "signedFetchSupport");
090        consumer.dedicatedLogin = (String) entry.getProperty(SCHEMA, "dedicatedLogin");
091
092        Boolean enabledFlag = (Boolean) entry.getProperty(SCHEMA, "enabled");
093        if (Boolean.FALSE.equals(enabledFlag)) {
094            consumer.enabled = false;
095        }
096
097        Boolean allowBypassVerifierFlag = (Boolean) entry.getProperty(SCHEMA, "allowBypassVerifier");
098        if (Boolean.TRUE.equals(allowBypassVerifierFlag)) {
099            consumer.allowBypassVerifier = true;
100        }
101
102        return consumer;
103    }
104
105    public NuxeoOAuthConsumer(String callbackURL, String consumerKey, String consumerSecret,
106            OAuthServiceProvider serviceProvider) {
107        super(callbackURL, consumerKey, consumerSecret, serviceProvider);
108    }
109
110    protected DocumentModel asDocumentModel(DocumentModel entry) {
111        entry.setProperty(SCHEMA, "callbackURL", callbackURL);
112        entry.setProperty(SCHEMA, "consumerKey", consumerKey);
113        entry.setProperty(SCHEMA, "consumerSecret", consumerSecret);
114
115        entry.setProperty(SCHEMA, "publicKey", publicKey);
116        entry.setProperty(SCHEMA, "description", description);
117        entry.setProperty(SCHEMA, "signedFetchSupport", signedFetchSupport);
118        entry.setProperty(SCHEMA, "dedicatedLogin", dedicatedLogin);
119        entry.setProperty(SCHEMA, "enabled", Boolean.valueOf(enabled));
120        entry.setProperty(SCHEMA, "allowBypassVerifier", Boolean.valueOf(allowBypassVerifier));
121        return entry;
122    }
123
124    public String getCallbackURL() {
125        return callbackURL;
126    }
127
128    public String getConsumerKey() {
129        return consumerKey;
130    }
131
132    public String getConsumerSecret() {
133        return consumerSecret;
134    }
135
136    public String getPublicKey() {
137        return publicKey;
138    }
139
140    public boolean allowSignedFetch() {
141        if (signedFetchSupport == null || SIGNEDFETCH_NONE.equals(signedFetchSupport)) {
142            return false;
143        }
144        if (SIGNEDFETCH_DEDICATED_USER.equals(signedFetchSupport) && dedicatedLogin == null) {
145            return false;
146        }
147        return true;
148    }
149
150    public String getSignedFetchUser() {
151        if (!allowSignedFetch()) {
152            return null;
153        }
154        if (signedFetchSupport.startsWith(SIGNEDFETCH_DEDICATED_USER)) {
155            return dedicatedLogin;
156        } else {
157            return signedFetchSupport;
158        }
159    }
160
161    public String getDescription() {
162        return description;
163    }
164
165    public String getSecret(String type) {
166        if (type == null || OAuth.HMAC_SHA1.equals(type)) {
167            return consumerSecret;
168        } else if (OAuth.RSA_SHA1.equals(type)) {
169            return "";
170        } else {
171            log.error("Unknown type of key :" + type);
172            return null;
173        }
174    }
175
176    public boolean allowBypassVerifier() {
177        return allowBypassVerifier;
178    }
179
180}