Source code

001/*
002 * (C) Copyright 2006-2011 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     slacoin
018 */
019package org.nuxeo.ecm.automation.client.jaxrs.spi.auth;
020
021import java.security.MessageDigest;
022import java.security.NoSuchAlgorithmException;
023import java.util.Date;
024import java.util.HashMap;
025import java.util.Map;
026import java.util.Random;
027
028import javax.ws.rs.core.MultivaluedMap;
029
030import org.nuxeo.ecm.automation.client.jaxrs.spi.Connector;
031import org.nuxeo.ecm.automation.client.jaxrs.spi.Request;
032import org.nuxeo.ecm.automation.client.jaxrs.spi.RequestInterceptor;
033import org.nuxeo.ecm.automation.client.jaxrs.util.Base64;
034
035import com.sun.jersey.api.client.ClientHandlerException;
036import com.sun.jersey.api.client.ClientRequest;
037import com.sun.jersey.api.client.ClientResponse;
038
039/**
040 * @author matic
041 */
042public class PortalSSOAuthInterceptor extends RequestInterceptor {
043
044    protected final String secret;
045
046    protected final String username;
047
048    public PortalSSOAuthInterceptor(String secretKey, String userName) {
049        this.secret = secretKey;
050        this.username = userName;
051    }
052
053    @Override
054    public void processRequest(Request request, Connector connector) {
055        request.putAll(computeHeaders());
056    }
057
058    protected Map<String, String> computeHeaders() {
059        // compute token
060        long ts = new Date().getTime();
061        long random = new Random(ts).nextInt();
062
063        String clearToken = String.format("%d:%d:%s:%s", ts, random, secret, username);
064
065        byte[] hashedToken;
066
067        try {
068            hashedToken = MessageDigest.getInstance("MD5").digest(clearToken.getBytes());
069        } catch (NoSuchAlgorithmException e) {
070            throw new RuntimeException("Cannot compute token", e);
071        }
072
073        String base64HashedToken = Base64.encode(hashedToken);
074        Map<String, String> headers = new HashMap<String, String>();
075        headers.put("NX_TS", String.valueOf(ts));
076        headers.put("NX_RD", String.valueOf(random));
077        headers.put("NX_TOKEN", base64HashedToken);
078        headers.put("NX_USER", username);
079        return headers;
080    }
081
082    @Override
083    public ClientResponse handle(ClientRequest cr) throws ClientHandlerException {
084        Map<String, String> computedHeaders = computeHeaders();
085        MultivaluedMap<String, Object> headers = cr.getHeaders();
086        for (Map.Entry<String, String> entry : computedHeaders.entrySet()) {
087            headers.add(entry.getKey(), entry.getValue());
088        }
089        return getNext().handle(cr);
090    }
091}