001/*
002 * (C) Copyright 2006-2008 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 *
019 * $Id$
020 */
021
022package org.nuxeo.ecm.platform.oauth.consumers;
023
024import org.apache.commons.logging.Log;
025import org.apache.commons.logging.LogFactory;
026import org.nuxeo.ecm.core.api.DocumentModel;
027
028import net.oauth.OAuth;
029import net.oauth.OAuthConsumer;
030import net.oauth.OAuthServiceProvider;
031import net.oauth.signature.RSA_SHA1;
032import net.oauth.signature.pem.PEMReader;
033
034/**
035 * Represents a application that uses OAuth to consume a Web Service from Nuxeo. This class holds informations such and
036 * keys and name for a consumer application. The simple mapping to DocumentModel is also provided to make storage in SQL
037 * Directory easier.
038 *
039 * @author tiry
040 */
041public class NuxeoOAuthConsumer extends OAuthConsumer {
042
043    public static final String ALLOW_SIGNEDFETCH = "allowSignedFetch";
044
045    public static final String SIGNEDFETCH_NONE = "none";
046
047    public static final String SIGNEDFETCH_OPENSOCIAL_VIEWER = "opensocial:viewer";
048
049    public static final String SIGNEDFETCH_OPENSOCIAL_OWNER = "opensocial:owner";
050
051    public static final String SIGNEDFETCH_DEDICATED_USER = "nuxeo:user";
052
053    public static final String SCHEMA = "oauthConsumer";
054
055    protected static final Log log = LogFactory.getLog(NuxeoOAuthConsumer.class);
056
057    private static final long serialVersionUID = 1L;
058
059    protected String publicKey;
060
061    protected String description;
062
063    // public for tests
064    public String signedFetchSupport = SIGNEDFETCH_NONE;
065
066    protected String dedicatedLogin;
067
068    protected boolean enabled = true;
069
070    protected boolean allowBypassVerifier = false;
071
072    public static NuxeoOAuthConsumer createFromDirectoryEntry(DocumentModel entry, String keyType)
073            {
074        String callbackURL = (String) entry.getProperty(SCHEMA, "callbackURL");
075        String consumerKey = (String) entry.getProperty(SCHEMA, "consumerKey");
076        String consumerSecret = (String) entry.getProperty(SCHEMA, "consumerSecret");
077        String rsaKey = (String) entry.getProperty(SCHEMA, "publicKey");
078
079        NuxeoOAuthConsumer consumer = new NuxeoOAuthConsumer(callbackURL, consumerKey, consumerSecret, null);
080
081        if (OAuth.RSA_SHA1.equals(keyType)) {
082            if (rsaKey != null) {
083                if (rsaKey.contains(PEMReader.PUBLIC_X509_MARKER)) {
084                    consumer.setProperty(RSA_SHA1.PUBLIC_KEY, rsaKey);
085                } else {
086                    consumer.setProperty(RSA_SHA1.X509_CERTIFICATE, rsaKey);
087                }
088            }
089        }
090        consumer.publicKey = rsaKey;
091        consumer.description = (String) entry.getProperty(SCHEMA, "description");
092        consumer.signedFetchSupport = (String) entry.getProperty(SCHEMA, "signedFetchSupport");
093        consumer.dedicatedLogin = (String) entry.getProperty(SCHEMA, "dedicatedLogin");
094
095        Boolean enabledFlag = (Boolean) entry.getProperty(SCHEMA, "enabled");
096        if (Boolean.FALSE.equals(enabledFlag)) {
097            consumer.enabled = false;
098        }
099
100        Boolean allowBypassVerifierFlag = (Boolean) entry.getProperty(SCHEMA, "allowBypassVerifier");
101        if (Boolean.TRUE.equals(allowBypassVerifierFlag)) {
102            consumer.allowBypassVerifier = true;
103        }
104
105        return consumer;
106    }
107
108    public NuxeoOAuthConsumer(String callbackURL, String consumerKey, String consumerSecret,
109            OAuthServiceProvider serviceProvider) {
110        super(callbackURL, consumerKey, consumerSecret, serviceProvider);
111    }
112
113    protected DocumentModel asDocumentModel(DocumentModel entry) {
114        entry.setProperty(SCHEMA, "callbackURL", callbackURL);
115        entry.setProperty(SCHEMA, "consumerKey", consumerKey);
116        entry.setProperty(SCHEMA, "consumerSecret", consumerSecret);
117
118        entry.setProperty(SCHEMA, "publicKey", publicKey);
119        entry.setProperty(SCHEMA, "description", description);
120        entry.setProperty(SCHEMA, "signedFetchSupport", signedFetchSupport);
121        entry.setProperty(SCHEMA, "dedicatedLogin", dedicatedLogin);
122        entry.setProperty(SCHEMA, "enabled", Boolean.valueOf(enabled));
123        entry.setProperty(SCHEMA, "allowBypassVerifier", Boolean.valueOf(allowBypassVerifier));
124        return entry;
125    }
126
127    public String getCallbackURL() {
128        return callbackURL;
129    }
130
131    public String getConsumerKey() {
132        return consumerKey;
133    }
134
135    public String getConsumerSecret() {
136        return consumerSecret;
137    }
138
139    public String getPublicKey() {
140        return publicKey;
141    }
142
143    public boolean allowSignedFetch() {
144        if (signedFetchSupport == null || SIGNEDFETCH_NONE.equals(signedFetchSupport)) {
145            return false;
146        }
147        if (SIGNEDFETCH_DEDICATED_USER.equals(signedFetchSupport) && dedicatedLogin == null) {
148            return false;
149        }
150        return true;
151    }
152
153    public String getSignedFetchUser() {
154        if (!allowSignedFetch()) {
155            return null;
156        }
157        if (signedFetchSupport.startsWith(SIGNEDFETCH_DEDICATED_USER)) {
158            return dedicatedLogin;
159        } else {
160            return signedFetchSupport;
161        }
162    }
163
164    public String getDescription() {
165        return description;
166    }
167
168    public String getSecret(String type) {
169        if (type == null || OAuth.HMAC_SHA1.equals(type)) {
170            return consumerSecret;
171        } else if (OAuth.RSA_SHA1.equals(type)) {
172            return "";
173        } else {
174            log.error("Unknown type of key :" + type);
175            return null;
176        }
177    }
178
179    public boolean allowBypassVerifier() {
180        return allowBypassVerifier;
181    }
182
183}