oltu-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From st...@apache.org
Subject svn commit: r1479772 [2/2] - in /oltu/trunk: demos/ oauth-2.0/authzserver/src/main/java/org/apache/oltu/oauth2/as/request/ oauth-2.0/authzserver/src/main/java/org/apache/oltu/oauth2/as/validator/ oauth-2.0/authzserver/src/test/java/org/apache/oltu/oaut...
Date Tue, 07 May 2013 06:13:19 GMT
Added: oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/OauthMockRequestBuilder.java
URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/OauthMockRequestBuilder.java?rev=1479772&view=auto
==============================================================================
--- oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/OauthMockRequestBuilder.java
(added)
+++ oltu/trunk/oauth-2.0/authzserver/src/test/java/org/apache/oltu/oauth2/as/OauthMockRequestBuilder.java
Tue May  7 06:13:19 2013
@@ -0,0 +1,105 @@
+package org.apache.oltu.oauth2.as;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.oltu.oauth2.common.OAuth;
+
+import static org.easymock.EasyMock.createMock;
+import static org.easymock.EasyMock.expect;
+
+public class OauthMockRequestBuilder {
+
+    private HttpServletRequest request;
+
+    public OauthMockRequestBuilder() {
+        request = createMock(HttpServletRequest.class);
+    }
+
+    public OauthMockRequestBuilder expectOauthResponseType(String oauthResponseType) {
+        expect(request.getParameter(OAuth.OAUTH_RESPONSE_TYPE)).andStubReturn(oauthResponseType);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectRedirectUri(String redirectUri) {
+        expect(request.getParameter(OAuth.OAUTH_REDIRECT_URI)).andStubReturn(redirectUri);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectParam(String paramName, String paramValue) {
+        expect(request.getParameter(paramName)).andStubReturn(paramValue);
+
+        return this;
+    }
+
+    public HttpServletRequest build() {
+        return request;
+    }
+
+    public OauthMockRequestBuilder expectContentType(String contentType) {
+        expect(request.getContentType()).andStubReturn(contentType);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectHttpMethod(String method) {
+        expect(request.getMethod()).andStubReturn(method);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectClientId(String clientId) {
+        expect(request.getParameter(OAuth.OAUTH_CLIENT_ID)).andStubReturn(clientId);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectClientSecret(String secret) {
+        expect(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)).andStubReturn(secret);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectGrantType(String grantType) {
+        expect(request.getParameter(OAuth.OAUTH_GRANT_TYPE)).andStubReturn(grantType);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectBasicAuthHeader(String authorizationHeader) {
+        expect(request.getHeader(OAuth.HeaderType.AUTHORIZATION)).andStubReturn(authorizationHeader);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectAccessGrant(String accessGrant) {
+        expect(request.getParameter(OAuth.OAUTH_CODE)).andStubReturn(accessGrant);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectOauthUsername(String oauthUsername) {
+        expect(request.getParameter(OAuth.OAUTH_USERNAME)).andStubReturn(oauthUsername);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectOauthPassword(String secret) {
+        expect(request.getParameter(OAuth.OAUTH_PASSWORD)).andStubReturn(secret);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectOauthRefreshToken(String refreshToken) {
+        expect(request.getParameter(OAuth.OAUTH_REFRESH_TOKEN)).andStubReturn(refreshToken);
+
+        return this;
+    }
+
+    public OauthMockRequestBuilder expectScopes(String scopes) {
+        expect(request.getParameter(OAuth.OAUTH_SCOPE)).andStubReturn(scopes);
+
+        return this;
+    }
+}

Modified: oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java
URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java?rev=1479772&r1=1479771&r2=1479772&view=diff
==============================================================================
--- oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java
(original)
+++ oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/utils/OAuthUtils.java
Tue May  7 06:13:19 2013
@@ -42,6 +42,7 @@ import java.util.regex.Pattern;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.codec.binary.Base64;
 import org.apache.oltu.oauth2.common.OAuth;
 import org.apache.oltu.oauth2.common.error.OAuthError;
 import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
@@ -364,6 +365,40 @@ public final class OAuthUtils {
     // todo: implement method to decode header form (with no challenge)
 
     /**
+     * Decodes the Basic Authentication header into a username and password
+     *
+     * @param authenticationHeader {@link String} containing the encoded header value.
+     *                             e.g. "Basic dXNlcm5hbWU6cGFzc3dvcmQ="
+     * @return a {@link String[]} if the header could be decoded into a non null username
and password or null.
+     */
+    public static String[] decodeClientAuthenticationHeader(String authenticationHeader)
{
+        if (authenticationHeader == null || "".equals(authenticationHeader)) {
+            return null;
+        }
+        String[] tokens = authenticationHeader.split(" ");
+        if (tokens == null) {
+            return null;
+        }
+        if (tokens[0] != null && !"".equals(tokens[0])) {
+            String authType = tokens[0];
+            if (!authType.equalsIgnoreCase("basic")) {
+                return null;
+            }
+        }
+        if (tokens[1] != null && !"".equals(tokens[1])) {
+            String encodedCreds = tokens[1];
+            String decodedCreds = new String(Base64.decodeBase64(encodedCreds));
+            if (decodedCreds.contains(":") && decodedCreds.split(":").length == 2)
{
+                String[] creds = decodedCreds.split(":");
+                if (!OAuthUtils.isEmpty(creds[0]) && !OAuthUtils.isEmpty(creds[1]))
{
+                    return decodedCreds.split(":");
+                }
+            }
+        }
+        return null;
+    }
+
+    /**
      * Construct a WWW-Authenticate header
      */
     public static String encodeOAuthHeader(Map<String, Object> entries) {

Modified: oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/validators/AbstractValidator.java
URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/validators/AbstractValidator.java?rev=1479772&r1=1479771&r2=1479772&view=diff
==============================================================================
--- oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/validators/AbstractValidator.java
(original)
+++ oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/validators/AbstractValidator.java
Tue May  7 06:13:19 2013
@@ -38,13 +38,12 @@ import org.apache.oltu.oauth2.common.uti
  *
  *
  */
-//todo add client secret in header, sect 2.1
 public abstract class AbstractValidator<T extends HttpServletRequest> implements OAuthValidator<T>
{
 
     protected List<String> requiredParams = new ArrayList<String>();
     protected Map<String, String[]> optionalParams = new HashMap<String, String[]>();
     protected List<String> notAllowedParams = new ArrayList<String>();
-
+    protected boolean enforceClientAuthentication;
 
     @Override
     public void validateMethod(T request) throws OAuthProblemException {
@@ -64,7 +63,7 @@ public abstract class AbstractValidator<
 
     @Override
     public void validateRequiredParameters(T request) throws OAuthProblemException {
-        Set<String> missingParameters = new HashSet<String>();
+        final Set<String> missingParameters = new HashSet<String>();
         for (String requiredParam : requiredParams) {
             String val = request.getParameter(requiredParam);
             if (OAuthUtils.isEmpty(val)) {
@@ -78,11 +77,10 @@ public abstract class AbstractValidator<
 
     @Override
     public void validateOptionalParameters(T request) throws OAuthProblemException {
-
-        Set<String> missingParameters = new HashSet<String>();
+        final Set<String> missingParameters = new HashSet<String>();
 
         for (Map.Entry<String, String[]> requiredParam : optionalParams.entrySet())
{
-            String paramName = requiredParam.getKey();
+            final String paramName = requiredParam.getKey();
             String val = request.getParameter(paramName);
             if (!OAuthUtils.isEmpty(val)) {
                 String[] dependentParams = requiredParam.getValue();
@@ -117,11 +115,36 @@ public abstract class AbstractValidator<
     }
 
     @Override
+    public void validateClientAuthenticationCredentials(T request) throws OAuthProblemException
{
+        if (enforceClientAuthentication) {
+            Set<String> missingParameters = new HashSet<String>();
+            String clientAuthHeader = request.getHeader(OAuth.HeaderType.AUTHORIZATION);
+            String[] clientCreds = OAuthUtils.decodeClientAuthenticationHeader(clientAuthHeader);
+
+            // Only fallback to params if the auth header is not correct. Don't allow a mix
of auth header vs params
+            if (clientCreds == null || OAuthUtils.isEmpty(clientCreds[0]) || OAuthUtils.isEmpty(clientCreds[1]))
{
+
+                if (OAuthUtils.isEmpty(request.getParameter(OAuth.OAUTH_CLIENT_ID))) {
+                    missingParameters.add(OAuth.OAUTH_CLIENT_ID);
+                }
+                if (OAuthUtils.isEmpty(request.getParameter(OAuth.OAUTH_CLIENT_SECRET)))
{
+                    missingParameters.add(OAuth.OAUTH_CLIENT_SECRET);
+                }
+            }
+
+            if (!missingParameters.isEmpty()) {
+                throw OAuthUtils.handleMissingParameters(missingParameters);
+            }
+        }
+    }
+
+    @Override
     public void performAllValidations(T request) throws OAuthProblemException {
         this.validateContentType(request);
         this.validateMethod(request);
         this.validateRequiredParameters(request);
         this.validateOptionalParameters(request);
         this.validateNotAllowedParameters(request);
+        this.validateClientAuthenticationCredentials(request);
     }
 }

Modified: oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/validators/OAuthValidator.java
URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/validators/OAuthValidator.java?rev=1479772&r1=1479771&r2=1479772&view=diff
==============================================================================
--- oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/validators/OAuthValidator.java
(original)
+++ oltu/trunk/oauth-2.0/common/src/main/java/org/apache/oltu/oauth2/common/validators/OAuthValidator.java
Tue May  7 06:13:19 2013
@@ -42,6 +42,8 @@ public interface OAuthValidator<T extend
 
     public void validateNotAllowedParameters(T request) throws OAuthProblemException;
 
+    public void validateClientAuthenticationCredentials(T request) throws OAuthProblemException;
+
     public void performAllValidations(T request) throws OAuthProblemException;
 
 }

Modified: oltu/trunk/oauth-2.0/common/src/test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java
URL: http://svn.apache.org/viewvc/oltu/trunk/oauth-2.0/common/src/test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java?rev=1479772&r1=1479771&r2=1479772&view=diff
==============================================================================
--- oltu/trunk/oauth-2.0/common/src/test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java
(original)
+++ oltu/trunk/oauth-2.0/common/src/test/java/org/apache/oltu/oauth2/common/utils/OAuthUtilsTest.java
Tue May  7 06:13:19 2013
@@ -28,6 +28,7 @@ import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.commons.codec.binary.Base64;
 import org.apache.oltu.oauth2.common.OAuth;
 import org.apache.oltu.oauth2.common.error.OAuthError;
 import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
@@ -35,6 +36,9 @@ import org.apache.oltu.oauth2.common.uti
 import org.junit.Assert;
 import org.junit.Test;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
 /**
  *
  *
@@ -49,7 +53,7 @@ public class OAuthUtilsTest {
 
 
         String format = OAuthUtils.format(parameters.entrySet(), "UTF-8");
-        Assert.assertEquals("movie=Kiler&director=Machulski", format);
+        assertEquals("movie=Kiler&director=Machulski", format);
     }
 
     @Test
@@ -57,15 +61,15 @@ public class OAuthUtilsTest {
         String sampleTest = "It is raining again today";
 
         InputStream is = new ByteArrayInputStream(sampleTest.getBytes("UTF-8"));
-        Assert.assertEquals(sampleTest, OAuthUtils.saveStreamAsString(is));
+        assertEquals(sampleTest, OAuthUtils.saveStreamAsString(is));
     }
 
     @Test
     public void testHandleOAuthProblemException() throws Exception {
         OAuthProblemException exception = OAuthUtils.handleOAuthProblemException("missing
parameter");
 
-        Assert.assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, exception.getError());
-        Assert.assertEquals("missing parameter", exception.getDescription());
+        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST, exception.getError());
+        assertEquals("missing parameter", exception.getDescription());
     }
 
     @Test
@@ -124,23 +128,23 @@ public class OAuthUtilsTest {
 
     @Test
     public void testEncodeOAuthHeader() throws Exception {
-    	Map<String, Object> parameters = new HashMap<String, Object>();
-    	parameters.put("realm", "example");
-    	
-    	///rfc6750#section-3
-    	String header = OAuthUtils.encodeOAuthHeader(parameters);
-        Assert.assertEquals("Bearer realm=\"example\"", header);
+        Map<String, Object> parameters = new HashMap<String, Object>();
+        parameters.put("realm", "example");
+
+        ///rfc6750#section-3
+        String header = OAuthUtils.encodeOAuthHeader(parameters);
+        assertEquals("Bearer realm=\"example\"", header);
 
     }
-    
+
     @Test
     public void testEncodeAuthorizationBearerHeader() throws Exception {
-    	Map<String, Object> parameters = new HashMap<String, Object>();
-    	parameters.put("accessToken", "mF_9.B5f-4.1JqM");
-    	
-    	//rfc6749#section-7.1
-    	String header = OAuthUtils.encodeAuthorizationBearerHeader(parameters);
-        Assert.assertEquals("Bearer mF_9.B5f-4.1JqM", header);
+        Map<String, Object> parameters = new HashMap<String, Object>();
+        parameters.put("accessToken", "mF_9.B5f-4.1JqM");
+
+        //rfc6749#section-7.1
+        String header = OAuthUtils.encodeAuthorizationBearerHeader(parameters);
+        assertEquals("Bearer mF_9.B5f-4.1JqM", header);
 
     }
 
@@ -193,4 +197,28 @@ public class OAuthUtilsTest {
     public void testHasContentType() throws Exception {
 
     }
+
+    @Test
+    public void testDecodeValidClientAuthnHeader() throws Exception {
+        String header = "clientId:secret";
+        String encodedHeader = "Basic " + new String(Base64.encodeBase64(header.getBytes()));
+        String[] credentials = OAuthUtils.decodeClientAuthenticationHeader(encodedHeader);
+        assertEquals("clientId", credentials[0]);
+        assertEquals("secret", credentials[1]);
+    }
+
+    @Test
+    public void testDecodeInvalidClientAuthnHeader() throws Exception {
+        assertNull(OAuthUtils.decodeClientAuthenticationHeader(null));
+
+        String header = ":secret";
+        String encodedHeader = "Basic " + new String(Base64.encodeBase64(header.getBytes()));
+        assertNull(OAuthUtils.decodeClientAuthenticationHeader(encodedHeader));
+
+        String header2 = "clientId:";
+        String encodedHeader2 = "Basic " + new String(Base64.encodeBase64(header2.getBytes()));
+        assertNull(OAuthUtils.decodeClientAuthenticationHeader(encodedHeader2));
+
+        assertNull(OAuthUtils.decodeClientAuthenticationHeader("Authorization dXNlcm5hbWU6cGFzc3dvcmQ="));
+    }
 }



Mime
View raw message