MemoryOAuthDataProvider.java

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package demo.oauth.server.controllers;

import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;

import net.oauth.OAuth;
import net.oauth.OAuthProblemException;

import org.apache.cxf.jaxrs.impl.MetadataMap;
import org.apache.cxf.rs.security.oauth.data.AccessToken;
import org.apache.cxf.rs.security.oauth.data.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth.data.AuthorizationInput;
import org.apache.cxf.rs.security.oauth.data.Client;
import org.apache.cxf.rs.security.oauth.data.OAuthPermission;
import org.apache.cxf.rs.security.oauth.data.RequestToken;
import org.apache.cxf.rs.security.oauth.data.RequestTokenRegistration;
import org.apache.cxf.rs.security.oauth.data.Token;
import org.apache.cxf.rs.security.oauth.provider.MD5SequenceGenerator;
import org.apache.cxf.rs.security.oauth.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth.provider.OAuthServiceException;

public class MemoryOAuthDataProvider implements OAuthDataProvider {

    public static final String CALLBACK = "http://www.example.com/callback";
    public static final String APPLICATION_NAME = "Test Oauth 1.0 application";
    public static final String CLIENT_ID = "12345678";
    public static final String CLIENT_SECRET = "secret";

    private static final ConcurrentHashMap<String, OAuthPermission> AVAILABLE_PERMISSIONS =
        new ConcurrentHashMap<String, OAuthPermission>();

    static {
        AVAILABLE_PERMISSIONS
                .put("read_info", new OAuthPermission("read_info", "Read your personal information",
                                                      Collections.singletonList("ROLE_USER")));
        AVAILABLE_PERMISSIONS.put("modify_info",
                new OAuthPermission("modify_info", "Modify your personal information",
                                    Collections.singletonList("ROLE_ADMIN")));
    }

    protected ConcurrentHashMap<String, Client> clientAuthInfo = new ConcurrentHashMap<String, Client>();

    protected MetadataMap<String, String> userRegisteredClients = new MetadataMap<String, String>();

    protected MetadataMap<String, String> userAuthorizedClients = new MetadataMap<String, String>();

    protected ConcurrentHashMap<String, Token> oauthTokens = new ConcurrentHashMap<String, Token>();

    protected MD5SequenceGenerator tokenGenerator = new MD5SequenceGenerator();

    public MemoryOAuthDataProvider() {
        Client client = new Client(CLIENT_ID, CLIENT_SECRET, APPLICATION_NAME, CALLBACK);
        clientAuthInfo.put(CLIENT_ID, client);
    }

    private List<OAuthPermission> getPermissionsInfo(List<String> requestPermissions) {
        List<OAuthPermission> permissions = new ArrayList<>();
        for (String requestScope : requestPermissions) {
            OAuthPermission oAuthPermission = AVAILABLE_PERMISSIONS.get(requestScope);
            permissions.add(oAuthPermission);
        }

        return permissions;
    }

    public Client getClient(String consumerKey) {
        return clientAuthInfo.get(consumerKey);
    }

    public RequestToken createRequestToken(RequestTokenRegistration reg) throws OAuthServiceException {
        String token = generateToken();
        String tokenSecret = generateToken();

        RequestToken reqToken = new RequestToken(reg.getClient(), token, tokenSecret,
                                                 reg.getLifetime(), reg.getIssuedAt());
        reqToken.setScopes(getPermissionsInfo(reg.getScopes()));
        reqToken.setCallback(reg.getCallback());
        oauthTokens.put(token, reqToken);
        return reqToken;
    }

    public RequestToken getRequestToken(String tokenString) throws OAuthServiceException {

        Token token = oauthTokens.get(tokenString);
        if (token == null || (!RequestToken.class.isAssignableFrom(token.getClass()))) {
            throw new OAuthServiceException(new OAuthProblemException(OAuth.Problems.TOKEN_REJECTED));
        }
        return (RequestToken) token;
    }

    public String finalizeAuthorization(AuthorizationInput input) throws
            OAuthServiceException {
        RequestToken requestToken = input.getToken();
        requestToken.setVerifier(generateToken());
        return requestToken.getVerifier();
    }

    public AccessToken createAccessToken(AccessTokenRegistration reg) throws
        OAuthServiceException {

        RequestToken requestToken = reg.getRequestToken();

        Client client = requestToken.getClient();
        requestToken = getRequestToken(requestToken.getTokenKey());

        String accessTokenString = generateToken();
        String tokenSecretString = generateToken();

        AccessToken accessToken = new AccessToken(client, accessTokenString,
            tokenSecretString, 3600, System.currentTimeMillis() / 1000);

        accessToken.setScopes(requestToken.getScopes());

        synchronized (oauthTokens) {
            oauthTokens.remove(requestToken.getTokenKey());
            oauthTokens.put(accessTokenString, accessToken);
            synchronized (userAuthorizedClients) {
                userAuthorizedClients.add(client.getConsumerKey(), client.getConsumerKey());
            }
        }

        return accessToken;
    }

    public AccessToken getAccessToken(String accessToken) throws OAuthServiceException {
        return (AccessToken) oauthTokens.get(accessToken);
    }

    public void removeAllTokens(String consumerKey) {
        //TODO: implement
    }

    public void removeToken(Token t) {

        for (Token token : oauthTokens.values()) {
            Client authNInfo = token.getClient();
            if (t.getClient().getConsumerKey().equals(authNInfo.getConsumerKey())) {
                oauthTokens.remove(token.getTokenKey());
                break;
            }
        }

    }

    protected String generateToken() throws OAuthServiceException {
        String token;
        try {
            token = tokenGenerator.generate(UUID.randomUUID().toString().getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            throw new OAuthServiceException("Unable to create token ", e.getCause());
        }
        return token;
    }

    public void setClientAuthInfo(Map<String, Client> clientAuthInfo) {
        this.clientAuthInfo.putAll(clientAuthInfo);
    }
}