001/* 002 * (C) Copyright 2006-2008 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 * 017 * $Id$ 018 */ 019 020package org.nuxeo.ecm.platform.oauth.consumers; 021 022import org.apache.commons.logging.Log; 023import org.apache.commons.logging.LogFactory; 024import org.nuxeo.ecm.core.api.DocumentModel; 025 026import net.oauth.OAuth; 027import net.oauth.OAuthConsumer; 028import net.oauth.OAuthServiceProvider; 029import net.oauth.signature.RSA_SHA1; 030import net.oauth.signature.pem.PEMReader; 031 032/** 033 * Represents a application that uses OAuth to consume a Web Service from Nuxeo. This class holds informations such and 034 * keys and name for a consumer application. The simple mapping to DocumentModel is also provided to make storage in SQL 035 * Directory easier. 036 * 037 * @author tiry 038 */ 039public class NuxeoOAuthConsumer extends OAuthConsumer { 040 041 public static final String ALLOW_SIGNEDFETCH = "allowSignedFetch"; 042 043 public static final String SIGNEDFETCH_NONE = "none"; 044 045 public static final String SIGNEDFETCH_OPENSOCIAL_VIEWER = "opensocial:viewer"; 046 047 public static final String SIGNEDFETCH_OPENSOCIAL_OWNER = "opensocial:owner"; 048 049 public static final String SIGNEDFETCH_DEDICATED_USER = "nuxeo:user"; 050 051 public static final String SCHEMA = "oauthConsumer"; 052 053 protected static final Log log = LogFactory.getLog(NuxeoOAuthConsumer.class); 054 055 private static final long serialVersionUID = 1L; 056 057 protected String publicKey; 058 059 protected String description; 060 061 protected String signedFetchSupport = SIGNEDFETCH_NONE; 062 063 protected String dedicatedLogin; 064 065 protected boolean enabled = true; 066 067 protected boolean allowBypassVerifier = false; 068 069 public static NuxeoOAuthConsumer createFromDirectoryEntry(DocumentModel entry, String keyType) 070 { 071 String callbackURL = (String) entry.getProperty(SCHEMA, "callbackURL"); 072 String consumerKey = (String) entry.getProperty(SCHEMA, "consumerKey"); 073 String consumerSecret = (String) entry.getProperty(SCHEMA, "consumerSecret"); 074 String rsaKey = (String) entry.getProperty(SCHEMA, "publicKey"); 075 076 NuxeoOAuthConsumer consumer = new NuxeoOAuthConsumer(callbackURL, consumerKey, consumerSecret, null); 077 078 if (OAuth.RSA_SHA1.equals(keyType)) { 079 if (rsaKey != null) { 080 if (rsaKey.contains(PEMReader.PUBLIC_X509_MARKER)) { 081 consumer.setProperty(RSA_SHA1.PUBLIC_KEY, rsaKey); 082 } else { 083 consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, rsaKey); 084 } 085 } 086 } 087 consumer.publicKey = rsaKey; 088 consumer.description = (String) entry.getProperty(SCHEMA, "description"); 089 consumer.signedFetchSupport = (String) entry.getProperty(SCHEMA, "signedFetchSupport"); 090 consumer.dedicatedLogin = (String) entry.getProperty(SCHEMA, "dedicatedLogin"); 091 092 Boolean enabledFlag = (Boolean) entry.getProperty(SCHEMA, "enabled"); 093 if (Boolean.FALSE.equals(enabledFlag)) { 094 consumer.enabled = false; 095 } 096 097 Boolean allowBypassVerifierFlag = (Boolean) entry.getProperty(SCHEMA, "allowBypassVerifier"); 098 if (Boolean.TRUE.equals(allowBypassVerifierFlag)) { 099 consumer.allowBypassVerifier = true; 100 } 101 102 return consumer; 103 } 104 105 public NuxeoOAuthConsumer(String callbackURL, String consumerKey, String consumerSecret, 106 OAuthServiceProvider serviceProvider) { 107 super(callbackURL, consumerKey, consumerSecret, serviceProvider); 108 } 109 110 protected DocumentModel asDocumentModel(DocumentModel entry) { 111 entry.setProperty(SCHEMA, "callbackURL", callbackURL); 112 entry.setProperty(SCHEMA, "consumerKey", consumerKey); 113 entry.setProperty(SCHEMA, "consumerSecret", consumerSecret); 114 115 entry.setProperty(SCHEMA, "publicKey", publicKey); 116 entry.setProperty(SCHEMA, "description", description); 117 entry.setProperty(SCHEMA, "signedFetchSupport", signedFetchSupport); 118 entry.setProperty(SCHEMA, "dedicatedLogin", dedicatedLogin); 119 entry.setProperty(SCHEMA, "enabled", Boolean.valueOf(enabled)); 120 entry.setProperty(SCHEMA, "allowBypassVerifier", Boolean.valueOf(allowBypassVerifier)); 121 return entry; 122 } 123 124 public String getCallbackURL() { 125 return callbackURL; 126 } 127 128 public String getConsumerKey() { 129 return consumerKey; 130 } 131 132 public String getConsumerSecret() { 133 return consumerSecret; 134 } 135 136 public String getPublicKey() { 137 return publicKey; 138 } 139 140 public boolean allowSignedFetch() { 141 if (signedFetchSupport == null || SIGNEDFETCH_NONE.equals(signedFetchSupport)) { 142 return false; 143 } 144 if (SIGNEDFETCH_DEDICATED_USER.equals(signedFetchSupport) && dedicatedLogin == null) { 145 return false; 146 } 147 return true; 148 } 149 150 public String getSignedFetchUser() { 151 if (!allowSignedFetch()) { 152 return null; 153 } 154 if (signedFetchSupport.startsWith(SIGNEDFETCH_DEDICATED_USER)) { 155 return dedicatedLogin; 156 } else { 157 return signedFetchSupport; 158 } 159 } 160 161 public String getDescription() { 162 return description; 163 } 164 165 public String getSecret(String type) { 166 if (type == null || OAuth.HMAC_SHA1.equals(type)) { 167 return consumerSecret; 168 } else if (OAuth.RSA_SHA1.equals(type)) { 169 return ""; 170 } else { 171 log.error("Unknown type of key :" + type); 172 return null; 173 } 174 } 175 176 public boolean allowBypassVerifier() { 177 return allowBypassVerifier; 178 } 179 180}