001/*
002 * (C) Copyright 2010 Nuxeo SAS (http://nuxeo.com/) and contributors.
003 *
004 * All rights reserved. This program and the accompanying materials
005 * are made available under the terms of the GNU Lesser General Public License
006 * (LGPL) version 2.1 which accompanies this distribution, and is available at
007 * http://www.gnu.org/licenses/lgpl.html
008 *
009 * This library is distributed in the hope that it will be useful,
010 * but WITHOUT ANY WARRANTY; without even the implied warranty of
011 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
012 * Lesser General Public License for more details.
013 *
014 * Contributors:
015 *     Nuxeo - initial API and implementation
016 */
017package org.nuxeo.ecm.platform.oauth.keys;
018
019import java.util.UUID;
020
021import org.nuxeo.ecm.platform.oauth.consumers.NuxeoOAuthConsumer;
022import org.nuxeo.runtime.model.ComponentContext;
023import org.nuxeo.runtime.model.ComponentInstance;
024import org.nuxeo.runtime.model.DefaultComponent;
025
026/**
027 * Implements the {@link OAuthServerKeyManager} interface. Manages an extention point to configure RSA Key Pair.
028 * Shindig/Nuxeo HMAC shared secret is dynamically generated at startup time (and shared between Nuxeo OAUth Filter and
029 * Shindig directly in memory).
030 *
031 * @author tiry
032 */
033public class OAuthServerKeyManagerImpl extends DefaultComponent implements OAuthServerKeyManager {
034
035    protected ServerKeyDescriptor serverKeyDescriptor;
036
037    public static final String XP_SERVER_KEY = "serverKeyPair";
038
039    protected NuxeoOAuthConsumer consumer;
040
041    protected String internalKey;
042
043    protected String internalSecret;
044
045    @Override
046    public void activate(ComponentContext context) {
047        // generate the random secret used between Shindig and Nuxeo
048        internalKey = "nuxeo4shindig-" + UUID.randomUUID().toString();
049        internalSecret = UUID.randomUUID().toString();
050    }
051
052    @Override
053    public void registerContribution(Object contribution, String extensionPoint, ComponentInstance contributor) {
054
055        if (XP_SERVER_KEY.equals(extensionPoint)) {
056            serverKeyDescriptor = (ServerKeyDescriptor) contribution;
057        }
058    }
059
060    @Override
061    public void unregisterContribution(Object contribution, String extensionPoint, ComponentInstance contributor) {
062
063        if (XP_SERVER_KEY.equals(extensionPoint)) {
064            serverKeyDescriptor = null;
065        }
066    }
067
068    @Override
069    public String getPublicKeyCertificate() {
070        if (serverKeyDescriptor != null) {
071            return serverKeyDescriptor.externalPublicCertificate;
072        }
073        return null;
074    }
075
076    @Override
077    public String getBarePublicCertificate() {
078        return stripOpenSSL(getPublicKeyCertificate());
079    }
080
081    @Override
082    public String getPrivateKey() {
083        if (serverKeyDescriptor != null) {
084            return serverKeyDescriptor.externalPrivateKey;
085        }
086        return null;
087    }
088
089    @Override
090    public String getBarePrivateKey() {
091        return stripOpenSSL(getPrivateKey());
092    }
093
094    @Override
095    public String getKeyName() {
096        if (serverKeyDescriptor != null) {
097            return serverKeyDescriptor.externalPrivateKeyName;
098        }
099        return null;
100    }
101
102    protected String stripOpenSSL(String key) {
103        if (key == null) {
104            return null;
105        }
106        return key.replaceAll("-----[A-Z ]*-----", "").replace("\n", "");
107    }
108
109    @Override
110    public String getInternalKey() {
111        return internalKey;
112    }
113
114    @Override
115    public String getInternalSecret() {
116        return internalSecret;
117    }
118
119    @Override
120    public NuxeoOAuthConsumer getInternalConsumer() {
121        if (consumer == null) {
122            consumer = new InternalNuxeoOAuthConsumer(internalKey, internalSecret);
123        }
124        return consumer;
125    }
126
127    protected class InternalNuxeoOAuthConsumer extends NuxeoOAuthConsumer {
128
129        private static final long serialVersionUID = 1L;
130
131        public InternalNuxeoOAuthConsumer(String consumerKey, String consumerSecret) {
132            super(null, consumerKey, consumerSecret, null);
133            signedFetchSupport = NuxeoOAuthConsumer.SIGNEDFETCH_OPENSOCIAL_VIEWER;
134        }
135    }
136}