OAuthValidator.java

package org.jboss.resteasy.auth.oauth;

import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
import net.oauth.OAuthProblemException;
import net.oauth.SimpleOAuthValidator;

import org.jboss.resteasy.auth.oauth.i18n.LogMessages;
import org.jboss.resteasy.auth.oauth.i18n.Messages;

import java.io.IOException;
import java.net.URISyntaxException;

/**
 * OAuth Validator implementation to check OAuth Messages
 * @author Stéphane Épardaud <stef@epardaud.fr>
 */
public class OAuthValidator extends SimpleOAuthValidator {

	private OAuthProvider provider;

	public OAuthValidator(OAuthProvider provider) {
		this.provider = provider;
	}

	/**
	 * @deprecated Overridden to deprecate it since we cannot hide it. at least make sure we won't use it
	 */
	@Override
	@Deprecated
	public void validateMessage(OAuthMessage message, OAuthAccessor accessor)
    throws OAuthException, IOException, URISyntaxException {
	   throw new RuntimeException(Messages.MESSAGES.doNotUseThisMethod());
	}

	/**
	 * Overridden to validate the timestamp and nonces last since they have side-effects of storing
	 * data about the message, so we have to make sure the message is valid before we do that. 
	 */
	public void validateMessage(OAuthMessage message, OAuthAccessor accessor, OAuthToken requestToken)
    throws OAuthException, IOException, URISyntaxException {
		checkSingleParameters(message);
        validateVersion(message);
        validateSignature(message, accessor);
        validateTimestampAndNonce(message, requestToken);
    }

    /**
     * Throw an exception if the timestamp is out of range or the nonce has been
     * validated previously.
     */
    protected void validateTimestampAndNonce(OAuthMessage message, OAuthToken token)
    throws IOException, OAuthProblemException {
        message.requireParameters(OAuth.OAUTH_TIMESTAMP, OAuth.OAUTH_NONCE);
        long timestamp = Long.parseLong(message.getParameter(OAuth.OAUTH_TIMESTAMP));
        long now = currentTimeMsec();
        validateTimestamp(message, now, token);
        validateNonce(message, timestamp, now);
    }

	/**
	 * Overridden to delegate timestamp validation to the provider
	 */
    protected void validateTimestamp(OAuthMessage message, long timestamp, OAuthToken token) throws IOException,
    OAuthProblemException {
    	// this is a consumer request with no token yet
    	if(token == null)
    		return;
		try {
			provider.checkTimestamp(token, timestamp);
		} catch (org.jboss.resteasy.auth.oauth.OAuthException e) {
		   LogMessages.LOGGER.error(Messages.MESSAGES.invalidTimestamp(), e);
			throw new OAuthProblemException(OAuth.Problems.TIMESTAMP_REFUSED);
		}
	}
}