001/*
002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 *
019 * $Id$
020 */
021
022package org.nuxeo.ecm.platform.oauth.consumers;
023
024import org.apache.commons.logging.Log;
025import org.apache.commons.logging.LogFactory;
026import org.nuxeo.ecm.core.api.DocumentModel;
027
028import net.oauth.OAuth;
029import net.oauth.OAuthConsumer;
030import net.oauth.OAuthServiceProvider;
031import net.oauth.signature.RSA_SHA1;
032import net.oauth.signature.pem.PEMReader;
033
034/**
035 * Represents a application that uses OAuth to consume a Web Service from Nuxeo. This class holds informations such and
036 * keys and name for a consumer application. The simple mapping to DocumentModel is also provided to make storage in SQL
037 * Directory easier.
038 *
039 * @author tiry
040 */
041public class NuxeoOAuthConsumer extends OAuthConsumer {
042
043    public static final String ALLOW_SIGNEDFETCH = "allowSignedFetch";
044
045    public static final String SIGNEDFETCH_NONE = "none";
046
047    public static final String SIGNEDFETCH_OPENSOCIAL_VIEWER = "opensocial:viewer";
048
049    public static final String SIGNEDFETCH_OPENSOCIAL_OWNER = "opensocial:owner";
050
051    public static final String SIGNEDFETCH_DEDICATED_USER = "nuxeo:user";
052
053    public static final String SCHEMA = "oauthConsumer";
054
055    protected static final Log log = LogFactory.getLog(NuxeoOAuthConsumer.class);
056
057    private static final long serialVersionUID = 1L;
058
059    protected String publicKey;
060
061    protected String description;
062
063    protected String signedFetchSupport = SIGNEDFETCH_NONE;
064
065    protected String dedicatedLogin;
066
067    protected boolean enabled = true;
068
069    protected boolean allowBypassVerifier = false;
070
071    public static NuxeoOAuthConsumer createFromDirectoryEntry(DocumentModel entry, String keyType)
072            {
073        String callbackURL = (String) entry.getProperty(SCHEMA, "callbackURL");
074        String consumerKey = (String) entry.getProperty(SCHEMA, "consumerKey");
075        String consumerSecret = (String) entry.getProperty(SCHEMA, "consumerSecret");
076        String rsaKey = (String) entry.getProperty(SCHEMA, "publicKey");
077
078        NuxeoOAuthConsumer consumer = new NuxeoOAuthConsumer(callbackURL, consumerKey, consumerSecret, null);
079
080        if (OAuth.RSA_SHA1.equals(keyType)) {
081            if (rsaKey != null) {
082                if (rsaKey.contains(PEMReader.PUBLIC_X509_MARKER)) {
083                    consumer.setProperty(RSA_SHA1.PUBLIC_KEY, rsaKey);
084                } else {
085                    consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, rsaKey);
086                }
087            }
088        }
089        consumer.publicKey = rsaKey;
090        consumer.description = (String) entry.getProperty(SCHEMA, "description");
091        consumer.signedFetchSupport = (String) entry.getProperty(SCHEMA, "signedFetchSupport");
092        consumer.dedicatedLogin = (String) entry.getProperty(SCHEMA, "dedicatedLogin");
093
094        Boolean enabledFlag = (Boolean) entry.getProperty(SCHEMA, "enabled");
095        if (Boolean.FALSE.equals(enabledFlag)) {
096            consumer.enabled = false;
097        }
098
099        Boolean allowBypassVerifierFlag = (Boolean) entry.getProperty(SCHEMA, "allowBypassVerifier");
100        if (Boolean.TRUE.equals(allowBypassVerifierFlag)) {
101            consumer.allowBypassVerifier = true;
102        }
103
104        return consumer;
105    }
106
107    public NuxeoOAuthConsumer(String callbackURL, String consumerKey, String consumerSecret,
108            OAuthServiceProvider serviceProvider) {
109        super(callbackURL, consumerKey, consumerSecret, serviceProvider);
110    }
111
112    protected DocumentModel asDocumentModel(DocumentModel entry) {
113        entry.setProperty(SCHEMA, "callbackURL", callbackURL);
114        entry.setProperty(SCHEMA, "consumerKey", consumerKey);
115        entry.setProperty(SCHEMA, "consumerSecret", consumerSecret);
116
117        entry.setProperty(SCHEMA, "publicKey", publicKey);
118        entry.setProperty(SCHEMA, "description", description);
119        entry.setProperty(SCHEMA, "signedFetchSupport", signedFetchSupport);
120        entry.setProperty(SCHEMA, "dedicatedLogin", dedicatedLogin);
121        entry.setProperty(SCHEMA, "enabled", Boolean.valueOf(enabled));
122        entry.setProperty(SCHEMA, "allowBypassVerifier", Boolean.valueOf(allowBypassVerifier));
123        return entry;
124    }
125
126    public String getCallbackURL() {
127        return callbackURL;
128    }
129
130    public String getConsumerKey() {
131        return consumerKey;
132    }
133
134    public String getConsumerSecret() {
135        return consumerSecret;
136    }
137
138    public String getPublicKey() {
139        return publicKey;
140    }
141
142    public boolean allowSignedFetch() {
143        if (signedFetchSupport == null || SIGNEDFETCH_NONE.equals(signedFetchSupport)) {
144            return false;
145        }
146        if (SIGNEDFETCH_DEDICATED_USER.equals(signedFetchSupport) && dedicatedLogin == null) {
147            return false;
148        }
149        return true;
150    }
151
152    public String getSignedFetchUser() {
153        if (!allowSignedFetch()) {
154            return null;
155        }
156        if (signedFetchSupport.startsWith(SIGNEDFETCH_DEDICATED_USER)) {
157            return dedicatedLogin;
158        } else {
159            return signedFetchSupport;
160        }
161    }
162
163    public String getDescription() {
164        return description;
165    }
166
167    public String getSecret(String type) {
168        if (type == null || OAuth.HMAC_SHA1.equals(type)) {
169            return consumerSecret;
170        } else if (OAuth.RSA_SHA1.equals(type)) {
171            return "";
172        } else {
173            log.error("Unknown type of key :" + type);
174            return null;
175        }
176    }
177
178    public boolean allowBypassVerifier() {
179        return allowBypassVerifier;
180    }
181
182}