001/* 002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 * 019 * $Id$ 020 */ 021 022package org.nuxeo.ecm.platform.oauth.consumers; 023 024import org.apache.commons.logging.Log; 025import org.apache.commons.logging.LogFactory; 026import org.nuxeo.ecm.core.api.DocumentModel; 027 028import net.oauth.OAuth; 029import net.oauth.OAuthConsumer; 030import net.oauth.OAuthServiceProvider; 031import net.oauth.signature.RSA_SHA1; 032import net.oauth.signature.pem.PEMReader; 033 034/** 035 * Represents a application that uses OAuth to consume a Web Service from Nuxeo. This class holds informations such and 036 * keys and name for a consumer application. The simple mapping to DocumentModel is also provided to make storage in SQL 037 * Directory easier. 038 * 039 * @author tiry 040 */ 041public class NuxeoOAuthConsumer extends OAuthConsumer { 042 043 public static final String ALLOW_SIGNEDFETCH = "allowSignedFetch"; 044 045 public static final String SIGNEDFETCH_NONE = "none"; 046 047 public static final String SIGNEDFETCH_OPENSOCIAL_VIEWER = "opensocial:viewer"; 048 049 public static final String SIGNEDFETCH_OPENSOCIAL_OWNER = "opensocial:owner"; 050 051 public static final String SIGNEDFETCH_DEDICATED_USER = "nuxeo:user"; 052 053 public static final String SCHEMA = "oauthConsumer"; 054 055 protected static final Log log = LogFactory.getLog(NuxeoOAuthConsumer.class); 056 057 private static final long serialVersionUID = 1L; 058 059 protected String publicKey; 060 061 protected String description; 062 063 // public for tests 064 public String signedFetchSupport = SIGNEDFETCH_NONE; 065 066 protected String dedicatedLogin; 067 068 protected boolean enabled = true; 069 070 protected boolean allowBypassVerifier = false; 071 072 public static NuxeoOAuthConsumer createFromDirectoryEntry(DocumentModel entry, String keyType) 073 { 074 String callbackURL = (String) entry.getProperty(SCHEMA, "callbackURL"); 075 String consumerKey = (String) entry.getProperty(SCHEMA, "consumerKey"); 076 String consumerSecret = (String) entry.getProperty(SCHEMA, "consumerSecret"); 077 String rsaKey = (String) entry.getProperty(SCHEMA, "publicKey"); 078 079 NuxeoOAuthConsumer consumer = new NuxeoOAuthConsumer(callbackURL, consumerKey, consumerSecret, null); 080 081 if (OAuth.RSA_SHA1.equals(keyType)) { 082 if (rsaKey != null) { 083 if (rsaKey.contains(PEMReader.PUBLIC_X509_MARKER)) { 084 consumer.setProperty(RSA_SHA1.PUBLIC_KEY, rsaKey); 085 } else { 086 consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, rsaKey); 087 } 088 } 089 } 090 consumer.publicKey = rsaKey; 091 consumer.description = (String) entry.getProperty(SCHEMA, "description"); 092 consumer.signedFetchSupport = (String) entry.getProperty(SCHEMA, "signedFetchSupport"); 093 consumer.dedicatedLogin = (String) entry.getProperty(SCHEMA, "dedicatedLogin"); 094 095 Boolean enabledFlag = (Boolean) entry.getProperty(SCHEMA, "enabled"); 096 if (Boolean.FALSE.equals(enabledFlag)) { 097 consumer.enabled = false; 098 } 099 100 Boolean allowBypassVerifierFlag = (Boolean) entry.getProperty(SCHEMA, "allowBypassVerifier"); 101 if (Boolean.TRUE.equals(allowBypassVerifierFlag)) { 102 consumer.allowBypassVerifier = true; 103 } 104 105 return consumer; 106 } 107 108 public NuxeoOAuthConsumer(String callbackURL, String consumerKey, String consumerSecret, 109 OAuthServiceProvider serviceProvider) { 110 super(callbackURL, consumerKey, consumerSecret, serviceProvider); 111 } 112 113 protected DocumentModel asDocumentModel(DocumentModel entry) { 114 entry.setProperty(SCHEMA, "callbackURL", callbackURL); 115 entry.setProperty(SCHEMA, "consumerKey", consumerKey); 116 entry.setProperty(SCHEMA, "consumerSecret", consumerSecret); 117 118 entry.setProperty(SCHEMA, "publicKey", publicKey); 119 entry.setProperty(SCHEMA, "description", description); 120 entry.setProperty(SCHEMA, "signedFetchSupport", signedFetchSupport); 121 entry.setProperty(SCHEMA, "dedicatedLogin", dedicatedLogin); 122 entry.setProperty(SCHEMA, "enabled", Boolean.valueOf(enabled)); 123 entry.setProperty(SCHEMA, "allowBypassVerifier", Boolean.valueOf(allowBypassVerifier)); 124 return entry; 125 } 126 127 public String getCallbackURL() { 128 return callbackURL; 129 } 130 131 public String getConsumerKey() { 132 return consumerKey; 133 } 134 135 public String getConsumerSecret() { 136 return consumerSecret; 137 } 138 139 public String getPublicKey() { 140 return publicKey; 141 } 142 143 public boolean allowSignedFetch() { 144 if (signedFetchSupport == null || SIGNEDFETCH_NONE.equals(signedFetchSupport)) { 145 return false; 146 } 147 if (SIGNEDFETCH_DEDICATED_USER.equals(signedFetchSupport) && dedicatedLogin == null) { 148 return false; 149 } 150 return true; 151 } 152 153 public String getSignedFetchUser() { 154 if (!allowSignedFetch()) { 155 return null; 156 } 157 if (signedFetchSupport.startsWith(SIGNEDFETCH_DEDICATED_USER)) { 158 return dedicatedLogin; 159 } else { 160 return signedFetchSupport; 161 } 162 } 163 164 public String getDescription() { 165 return description; 166 } 167 168 public String getSecret(String type) { 169 if (type == null || OAuth.HMAC_SHA1.equals(type)) { 170 return consumerSecret; 171 } else if (OAuth.RSA_SHA1.equals(type)) { 172 return ""; 173 } else { 174 log.error("Unknown type of key :" + type); 175 return null; 176 } 177 } 178 179 public boolean allowBypassVerifier() { 180 return allowBypassVerifier; 181 } 182 183}