001/* 002 * (C) Copyright 2010 Nuxeo SAS (http://nuxeo.com/) and contributors. 003 * 004 * All rights reserved. This program and the accompanying materials 005 * are made available under the terms of the GNU Lesser General Public License 006 * (LGPL) version 2.1 which accompanies this distribution, and is available at 007 * http://www.gnu.org/licenses/lgpl.html 008 * 009 * This library is distributed in the hope that it will be useful, 010 * but WITHOUT ANY WARRANTY; without even the implied warranty of 011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 012 * Lesser General Public License for more details. 013 * 014 * Contributors: 015 * Nuxeo - initial API and implementation 016 */ 017package org.nuxeo.ecm.platform.oauth.keys; 018 019import java.util.UUID; 020 021import org.nuxeo.ecm.platform.oauth.consumers.NuxeoOAuthConsumer; 022import org.nuxeo.runtime.model.ComponentContext; 023import org.nuxeo.runtime.model.ComponentInstance; 024import org.nuxeo.runtime.model.DefaultComponent; 025 026/** 027 * Implements the {@link OAuthServerKeyManager} interface. Manages an extention point to configure RSA Key Pair. 028 * Shindig/Nuxeo HMAC shared secret is dynamically generated at startup time (and shared between Nuxeo OAUth Filter and 029 * Shindig directly in memory). 030 * 031 * @author tiry 032 */ 033public class OAuthServerKeyManagerImpl extends DefaultComponent implements OAuthServerKeyManager { 034 035 protected ServerKeyDescriptor serverKeyDescriptor; 036 037 public static final String XP_SERVER_KEY = "serverKeyPair"; 038 039 protected NuxeoOAuthConsumer consumer; 040 041 protected String internalKey; 042 043 protected String internalSecret; 044 045 @Override 046 public void activate(ComponentContext context) { 047 // generate the random secret used between Shindig and Nuxeo 048 internalKey = "nuxeo4shindig-" + UUID.randomUUID().toString(); 049 internalSecret = UUID.randomUUID().toString(); 050 } 051 052 @Override 053 public void registerContribution(Object contribution, String extensionPoint, ComponentInstance contributor) { 054 055 if (XP_SERVER_KEY.equals(extensionPoint)) { 056 serverKeyDescriptor = (ServerKeyDescriptor) contribution; 057 } 058 } 059 060 @Override 061 public void unregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor) { 062 063 if (XP_SERVER_KEY.equals(extensionPoint)) { 064 serverKeyDescriptor = null; 065 } 066 } 067 068 @Override 069 public String getPublicKeyCertificate() { 070 if (serverKeyDescriptor != null) { 071 return serverKeyDescriptor.externalPublicCertificate; 072 } 073 return null; 074 } 075 076 @Override 077 public String getBarePublicCertificate() { 078 return stripOpenSSL(getPublicKeyCertificate()); 079 } 080 081 @Override 082 public String getPrivateKey() { 083 if (serverKeyDescriptor != null) { 084 return serverKeyDescriptor.externalPrivateKey; 085 } 086 return null; 087 } 088 089 @Override 090 public String getBarePrivateKey() { 091 return stripOpenSSL(getPrivateKey()); 092 } 093 094 @Override 095 public String getKeyName() { 096 if (serverKeyDescriptor != null) { 097 return serverKeyDescriptor.externalPrivateKeyName; 098 } 099 return null; 100 } 101 102 protected String stripOpenSSL(String key) { 103 if (key == null) { 104 return null; 105 } 106 return key.replaceAll("-----[A-Z ]*-----", "").replace("\n", ""); 107 } 108 109 @Override 110 public String getInternalKey() { 111 return internalKey; 112 } 113 114 @Override 115 public String getInternalSecret() { 116 return internalSecret; 117 } 118 119 @Override 120 public NuxeoOAuthConsumer getInternalConsumer() { 121 if (consumer == null) { 122 consumer = new InternalNuxeoOAuthConsumer(internalKey, internalSecret); 123 } 124 return consumer; 125 } 126 127 protected class InternalNuxeoOAuthConsumer extends NuxeoOAuthConsumer { 128 129 private static final long serialVersionUID = 1L; 130 131 public InternalNuxeoOAuthConsumer(String consumerKey, String consumerSecret) { 132 super(null, consumerKey, consumerSecret, null); 133 signedFetchSupport = NuxeoOAuthConsumer.SIGNEDFETCH_OPENSOCIAL_VIEWER; 134 } 135 } 136}