mirror of https://github.com/apache/jclouds.git
Decomplicate OAuth a little.
This commit is contained in:
parent
cd8aeed16d
commit
35156560dc
|
@ -16,17 +16,18 @@
|
||||||
*/
|
*/
|
||||||
package org.jclouds.oauth.v2;
|
package org.jclouds.oauth.v2;
|
||||||
|
|
||||||
|
import static javax.ws.rs.core.MediaType.APPLICATION_JSON;
|
||||||
|
|
||||||
import java.io.Closeable;
|
import java.io.Closeable;
|
||||||
|
|
||||||
import javax.inject.Named;
|
import javax.inject.Named;
|
||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.POST;
|
import javax.ws.rs.POST;
|
||||||
import javax.ws.rs.core.MediaType;
|
|
||||||
|
|
||||||
|
import org.jclouds.oauth.v2.binders.OAuthTokenBinder;
|
||||||
import org.jclouds.oauth.v2.config.Authentication;
|
import org.jclouds.oauth.v2.config.Authentication;
|
||||||
import org.jclouds.oauth.v2.domain.Token;
|
import org.jclouds.oauth.v2.domain.Token;
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequest;
|
import org.jclouds.oauth.v2.domain.TokenRequest;
|
||||||
import org.jclouds.oauth.v2.handlers.OAuthTokenBinder;
|
|
||||||
import org.jclouds.rest.AuthorizationException;
|
import org.jclouds.rest.AuthorizationException;
|
||||||
import org.jclouds.rest.annotations.BinderParam;
|
import org.jclouds.rest.annotations.BinderParam;
|
||||||
import org.jclouds.rest.annotations.Endpoint;
|
import org.jclouds.rest.annotations.Endpoint;
|
||||||
|
@ -55,6 +56,6 @@ public interface OAuthApi extends Closeable {
|
||||||
*/
|
*/
|
||||||
@Named("authenticate")
|
@Named("authenticate")
|
||||||
@POST
|
@POST
|
||||||
@Consumes(MediaType.APPLICATION_JSON)
|
@Consumes(APPLICATION_JSON)
|
||||||
Token authenticate(@BinderParam(OAuthTokenBinder.class) TokenRequest tokenRequest) throws AuthorizationException;
|
Token authenticate(@BinderParam(OAuthTokenBinder.class) TokenRequest tokenRequest) throws AuthorizationException;
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,38 +14,34 @@
|
||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
package org.jclouds.oauth.v2.json;
|
package org.jclouds.oauth.v2.binders;
|
||||||
|
|
||||||
import static com.google.common.base.Charsets.UTF_8;
|
import static com.google.common.base.Charsets.UTF_8;
|
||||||
import static com.google.common.base.Joiner.on;
|
import static com.google.common.base.Joiner.on;
|
||||||
import static com.google.common.io.BaseEncoding.base64Url;
|
import static com.google.common.io.BaseEncoding.base64Url;
|
||||||
import static org.jclouds.io.Payloads.newUrlEncodedFormPayload;
|
import static org.jclouds.io.Payloads.newUrlEncodedFormPayload;
|
||||||
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import javax.inject.Inject;
|
import javax.inject.Inject;
|
||||||
|
|
||||||
import org.jclouds.http.HttpRequest;
|
import org.jclouds.http.HttpRequest;
|
||||||
import org.jclouds.io.Payload;
|
import org.jclouds.io.Payload;
|
||||||
import org.jclouds.json.Json;
|
import org.jclouds.json.Json;
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequest;
|
import org.jclouds.oauth.v2.domain.TokenRequest;
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequestFormat;
|
import org.jclouds.rest.Binder;
|
||||||
|
|
||||||
import com.google.common.base.Function;
|
import com.google.common.base.Function;
|
||||||
import com.google.common.collect.ImmutableMultimap;
|
import com.google.common.collect.ImmutableMultimap;
|
||||||
import com.google.common.collect.ImmutableSet;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Formats a token request into JWT format namely:
|
* Formats a token request into JWT format namely:
|
||||||
* - transforms the token request to json
|
* <ol>
|
||||||
* - creates the base64 header.claimset portions of the payload.
|
* <li>Transforms the token request to json.</li>
|
||||||
* - uses the provided signer function to create a signature
|
* <li>Creates the base64 header.claimset portions of the payload.</li>
|
||||||
* - creates the full url encoded payload as described in:
|
* <li>Uses the provided signer function to create a signature.</li>
|
||||||
* https://developers.google.com/accounts/docs/OAuth2ServiceAccount
|
* <li>Creates the full url encoded payload as described in: <a href="https://developers.google.com/accounts/docs/OAuth2ServiceAccount">OAuth2ServiceAccount</a></li>
|
||||||
* <p/>
|
* </ol>
|
||||||
*/
|
*/
|
||||||
public class JWTTokenRequestFormat implements TokenRequestFormat {
|
public final class OAuthTokenBinder implements Binder {
|
||||||
|
|
||||||
private static final String ASSERTION_FORM_PARAM = "assertion";
|
private static final String ASSERTION_FORM_PARAM = "assertion";
|
||||||
private static final String GRANT_TYPE_FORM_PARAM = "grant_type";
|
private static final String GRANT_TYPE_FORM_PARAM = "grant_type";
|
||||||
private static final String GRANT_TYPE_JWT_BEARER = "urn:ietf:params:oauth:grant-type:jwt-bearer";
|
private static final String GRANT_TYPE_JWT_BEARER = "urn:ietf:params:oauth:grant-type:jwt-bearer";
|
||||||
|
@ -53,13 +49,13 @@ public class JWTTokenRequestFormat implements TokenRequestFormat {
|
||||||
private final Function<byte[], byte[]> signer;
|
private final Function<byte[], byte[]> signer;
|
||||||
private final Json json;
|
private final Json json;
|
||||||
|
|
||||||
@Inject JWTTokenRequestFormat(Function<byte[], byte[]> signer, Json json) {
|
@Inject OAuthTokenBinder(Function<byte[], byte[]> signer, Json json) {
|
||||||
this.signer = signer;
|
this.signer = signer;
|
||||||
this.json = json;
|
this.json = json;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override public <R extends HttpRequest> R formatRequest(R request, TokenRequest tokenRequest) {
|
@Override public <R extends HttpRequest> R bindToRequest(R request, Object input) {
|
||||||
|
TokenRequest tokenRequest = (TokenRequest) input;
|
||||||
String encodedHeader = json.toJson(tokenRequest.header());
|
String encodedHeader = json.toJson(tokenRequest.header());
|
||||||
String encodedClaimSet = json.toJson(tokenRequest.claimSet());
|
String encodedClaimSet = json.toJson(tokenRequest.claimSet());
|
||||||
|
|
||||||
|
@ -72,18 +68,9 @@ public class JWTTokenRequestFormat implements TokenRequestFormat {
|
||||||
// the final assertion in base 64 encoded {header}.{claimSet}.{signature} format
|
// the final assertion in base 64 encoded {header}.{claimSet}.{signature} format
|
||||||
String assertion = on(".").join(encodedHeader, encodedClaimSet, encodedSignature);
|
String assertion = on(".").join(encodedHeader, encodedClaimSet, encodedSignature);
|
||||||
Payload payload = newUrlEncodedFormPayload(ImmutableMultimap.<String, String> builder()
|
Payload payload = newUrlEncodedFormPayload(ImmutableMultimap.<String, String> builder()
|
||||||
.put(GRANT_TYPE_FORM_PARAM, GRANT_TYPE_JWT_BEARER)
|
.put(GRANT_TYPE_FORM_PARAM, GRANT_TYPE_JWT_BEARER)
|
||||||
.put(ASSERTION_FORM_PARAM, assertion).build());
|
.put(ASSERTION_FORM_PARAM, assertion).build());
|
||||||
|
|
||||||
return (R) request.toBuilder().payload(payload).build();
|
return (R) request.toBuilder().payload(payload).build();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override public String type() {
|
|
||||||
return "JWT";
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override public Set<String> requiredClaims() {
|
|
||||||
// exp and ist (expiration and emission times) are assumed mandatory already
|
|
||||||
return ImmutableSet.of("iss", "scope", "aud");
|
|
||||||
}
|
|
||||||
}
|
}
|
|
@ -1,45 +0,0 @@
|
||||||
/*
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
||||||
* contributor license agreements. See the NOTICE file distributed with
|
|
||||||
* this work for additional information regarding copyright ownership.
|
|
||||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
||||||
* (the "License"); you may not use this file except in compliance with
|
|
||||||
* the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.jclouds.oauth.v2.domain;
|
|
||||||
|
|
||||||
import com.google.inject.ImplementedBy;
|
|
||||||
import org.jclouds.http.HttpRequest;
|
|
||||||
import org.jclouds.oauth.v2.json.JWTTokenRequestFormat;
|
|
||||||
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Transforms a TokenRequest into a specific format (e.g. JWT token)
|
|
||||||
*/
|
|
||||||
@ImplementedBy(JWTTokenRequestFormat.class)
|
|
||||||
public interface TokenRequestFormat {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Transforms the provided HttpRequest into a particular token request with a specific format.
|
|
||||||
*/
|
|
||||||
<R extends HttpRequest> R formatRequest(R httpRequest, TokenRequest tokenRequest);
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The name of the type of the token request, e.g., "JWT"
|
|
||||||
*/
|
|
||||||
String type();
|
|
||||||
|
|
||||||
/**
|
|
||||||
* The claims that must be present in the token request for it to be valid.
|
|
||||||
*/
|
|
||||||
Set<String> requiredClaims();
|
|
||||||
}
|
|
|
@ -16,26 +16,24 @@
|
||||||
*/
|
*/
|
||||||
package org.jclouds.oauth.v2.filters;
|
package org.jclouds.oauth.v2.filters;
|
||||||
|
|
||||||
import com.google.common.base.Supplier;
|
import static java.lang.String.format;
|
||||||
|
|
||||||
|
import javax.inject.Inject;
|
||||||
|
|
||||||
import org.jclouds.http.HttpException;
|
import org.jclouds.http.HttpException;
|
||||||
import org.jclouds.http.HttpRequest;
|
import org.jclouds.http.HttpRequest;
|
||||||
import org.jclouds.oauth.v2.domain.OAuthCredentials;
|
import org.jclouds.oauth.v2.domain.OAuthCredentials;
|
||||||
|
|
||||||
import javax.inject.Inject;
|
import com.google.common.base.Supplier;
|
||||||
import javax.inject.Singleton;
|
|
||||||
|
|
||||||
@Singleton
|
public final class BearerTokenAuthenticator implements OAuthAuthenticationFilter {
|
||||||
public class BearerTokenAuthenticator implements OAuthAuthenticationFilter {
|
|
||||||
private final Supplier<OAuthCredentials> creds;
|
private final Supplier<OAuthCredentials> creds;
|
||||||
|
|
||||||
@Inject
|
@Inject BearerTokenAuthenticator(Supplier<OAuthCredentials> creds) {
|
||||||
BearerTokenAuthenticator(final Supplier<OAuthCredentials> creds) {
|
|
||||||
this.creds = creds;
|
this.creds = creds;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override public HttpRequest filter(HttpRequest request) throws HttpException {
|
||||||
public HttpRequest filter(HttpRequest request) throws HttpException {
|
return request.toBuilder().addHeader("Authorization", format("%s %s", "Bearer ", creds.get().credential)).build();
|
||||||
return request.toBuilder().addHeader("Authorization", String.format("%s %s",
|
|
||||||
"Bearer ", creds.get().credential)).build();
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,47 +16,41 @@
|
||||||
*/
|
*/
|
||||||
package org.jclouds.oauth.v2.filters;
|
package org.jclouds.oauth.v2.filters;
|
||||||
|
|
||||||
import com.google.common.base.Function;
|
import static com.google.common.base.Preconditions.checkState;
|
||||||
import com.google.common.cache.LoadingCache;
|
|
||||||
|
import javax.inject.Inject;
|
||||||
|
|
||||||
import org.jclouds.http.HttpException;
|
import org.jclouds.http.HttpException;
|
||||||
import org.jclouds.http.HttpRequest;
|
import org.jclouds.http.HttpRequest;
|
||||||
import org.jclouds.oauth.v2.domain.Token;
|
import org.jclouds.oauth.v2.domain.Token;
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequest;
|
import org.jclouds.oauth.v2.domain.TokenRequest;
|
||||||
import org.jclouds.rest.internal.GeneratedHttpRequest;
|
import org.jclouds.rest.internal.GeneratedHttpRequest;
|
||||||
|
|
||||||
import javax.inject.Inject;
|
import com.google.common.base.Function;
|
||||||
import javax.inject.Singleton;
|
import com.google.common.cache.LoadingCache;
|
||||||
|
|
||||||
import static com.google.common.base.Preconditions.checkState;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* To be used by client applications to embed an OAuth authentication in their REST requests.
|
* To be used by client applications to embed an OAuth authentication in their REST requests.
|
||||||
* <p/>
|
* <p/>
|
||||||
* TODO when we're able to use the OAuthAuthentication an this should be used automatically
|
* TODO when we're able to use the OAuthAuthentication an this should be used automatically
|
||||||
*/
|
*/
|
||||||
@Singleton
|
public final class OAuthAuthenticator implements OAuthAuthenticationFilter {
|
||||||
public class OAuthAuthenticator implements OAuthAuthenticationFilter {
|
|
||||||
|
|
||||||
private Function<GeneratedHttpRequest, TokenRequest> tokenRequestBuilder;
|
private Function<GeneratedHttpRequest, TokenRequest> tokenRequestBuilder;
|
||||||
private Function<TokenRequest, Token> tokenFetcher;
|
private Function<TokenRequest, Token> tokenFetcher;
|
||||||
|
|
||||||
@Inject
|
@Inject OAuthAuthenticator(Function<GeneratedHttpRequest, TokenRequest> tokenRequestBuilder,
|
||||||
OAuthAuthenticator(Function<GeneratedHttpRequest, TokenRequest> tokenRequestBuilder, LoadingCache<TokenRequest,
|
LoadingCache<TokenRequest, Token> tokenFetcher) {
|
||||||
Token> tokenFetcher) {
|
|
||||||
this.tokenRequestBuilder = tokenRequestBuilder;
|
this.tokenRequestBuilder = tokenRequestBuilder;
|
||||||
this.tokenFetcher = tokenFetcher;
|
this.tokenFetcher = tokenFetcher;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override public HttpRequest filter(HttpRequest request) throws HttpException {
|
||||||
public HttpRequest filter(HttpRequest request) throws HttpException {
|
|
||||||
checkState(request instanceof GeneratedHttpRequest, "request must be an instance of GeneratedHttpRequest");
|
checkState(request instanceof GeneratedHttpRequest, "request must be an instance of GeneratedHttpRequest");
|
||||||
GeneratedHttpRequest generatedHttpRequest = GeneratedHttpRequest.class.cast(request);
|
GeneratedHttpRequest generatedHttpRequest = GeneratedHttpRequest.class.cast(request);
|
||||||
TokenRequest tokenRequest = tokenRequestBuilder.apply(generatedHttpRequest);
|
TokenRequest tokenRequest = tokenRequestBuilder.apply(generatedHttpRequest);
|
||||||
Token token = tokenFetcher.apply(tokenRequest);
|
Token token = tokenFetcher.apply(tokenRequest);
|
||||||
return request.toBuilder().addHeader("Authorization", String.format("%s %s",
|
return request.toBuilder().addHeader("Authorization", String.format("%s %s",
|
||||||
token.tokenType(), token.accessToken())).build();
|
token.tokenType(), token.accessToken())).build();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,22 +24,21 @@ import static org.jclouds.oauth.v2.config.OAuthProperties.SIGNATURE_OR_MAC_ALGOR
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.LinkedHashMap;
|
import java.util.LinkedHashMap;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import javax.inject.Singleton;
|
|
||||||
|
|
||||||
import org.jclouds.Constants;
|
import org.jclouds.Constants;
|
||||||
import org.jclouds.oauth.v2.config.OAuthScopes;
|
import org.jclouds.oauth.v2.config.OAuthScopes;
|
||||||
import org.jclouds.oauth.v2.domain.ClaimSet;
|
import org.jclouds.oauth.v2.domain.ClaimSet;
|
||||||
import org.jclouds.oauth.v2.domain.Header;
|
import org.jclouds.oauth.v2.domain.Header;
|
||||||
import org.jclouds.oauth.v2.domain.OAuthCredentials;
|
import org.jclouds.oauth.v2.domain.OAuthCredentials;
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequest;
|
import org.jclouds.oauth.v2.domain.TokenRequest;
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequestFormat;
|
|
||||||
import org.jclouds.rest.internal.GeneratedHttpRequest;
|
import org.jclouds.rest.internal.GeneratedHttpRequest;
|
||||||
|
|
||||||
import com.google.common.base.Function;
|
import com.google.common.base.Function;
|
||||||
import com.google.common.base.Joiner;
|
import com.google.common.base.Joiner;
|
||||||
import com.google.common.base.Supplier;
|
import com.google.common.base.Supplier;
|
||||||
|
import com.google.common.collect.ImmutableList;
|
||||||
import com.google.common.reflect.Invokable;
|
import com.google.common.reflect.Invokable;
|
||||||
import com.google.inject.Inject;
|
import com.google.inject.Inject;
|
||||||
import com.google.inject.name.Named;
|
import com.google.inject.name.Named;
|
||||||
|
@ -51,50 +50,47 @@ import com.google.inject.name.Named;
|
||||||
* <p/>
|
* <p/>
|
||||||
* TODO scopes etc should come from the REST method and not from a global property
|
* TODO scopes etc should come from the REST method and not from a global property
|
||||||
*/
|
*/
|
||||||
@Singleton
|
public final class BuildTokenRequest implements Function<GeneratedHttpRequest, TokenRequest> {
|
||||||
public class BuildTokenRequest implements Function<GeneratedHttpRequest, TokenRequest> {
|
// exp and ist (expiration and emission times) are assumed mandatory already
|
||||||
|
private static final List<String> REQUIRED_CLAIMS = ImmutableList.of("iss", "scope", "aud");
|
||||||
|
|
||||||
private final String assertionTargetDescription;
|
private final String assertionTargetDescription;
|
||||||
private final String signatureAlgorithm;
|
private final String signatureAlgorithm;
|
||||||
private final TokenRequestFormat tokenRequestFormat;
|
|
||||||
private final Supplier<OAuthCredentials> credentialsSupplier;
|
private final Supplier<OAuthCredentials> credentialsSupplier;
|
||||||
private final long tokenDuration;
|
private final long tokenDuration;
|
||||||
|
|
||||||
@Inject(optional = true)
|
@Inject(optional = true)
|
||||||
@Named(ADDITIONAL_CLAIMS)
|
@Named(ADDITIONAL_CLAIMS)
|
||||||
protected Map<String, String> additionalClaims = Collections.emptyMap();
|
private Map<String, String> additionalClaims = Collections.emptyMap();
|
||||||
|
|
||||||
@Inject(optional = true)
|
@Inject(optional = true)
|
||||||
@Named(SCOPES)
|
@Named(SCOPES)
|
||||||
protected String globalScopes = null;
|
private String globalScopes = null;
|
||||||
|
|
||||||
// injectable so expect tests can override with a predictable value
|
// injectable so expect tests can override with a predictable value
|
||||||
@Inject(optional = true)
|
@Inject(optional = true)
|
||||||
protected Supplier<Long> timeSourceMillisSinceEpoch = new Supplier<Long>() {
|
private Supplier<Long> timeSourceMillisSinceEpoch = new Supplier<Long>() {
|
||||||
@Override
|
@Override
|
||||||
public Long get() {
|
public Long get() {
|
||||||
return System.currentTimeMillis();
|
return System.currentTimeMillis();
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
@Inject
|
@Inject BuildTokenRequest(@Named(AUDIENCE) String assertionTargetDescription,
|
||||||
public BuildTokenRequest(@Named(AUDIENCE) String assertionTargetDescription,
|
|
||||||
@Named(SIGNATURE_OR_MAC_ALGORITHM) String signatureAlgorithm,
|
@Named(SIGNATURE_OR_MAC_ALGORITHM) String signatureAlgorithm,
|
||||||
TokenRequestFormat tokenRequestFormat, Supplier<OAuthCredentials> credentialsSupplier,
|
Supplier<OAuthCredentials> credentialsSupplier,
|
||||||
@Named(Constants.PROPERTY_SESSION_INTERVAL) long tokenDuration) {
|
@Named(Constants.PROPERTY_SESSION_INTERVAL) long tokenDuration) {
|
||||||
this.assertionTargetDescription = assertionTargetDescription;
|
this.assertionTargetDescription = assertionTargetDescription;
|
||||||
this.signatureAlgorithm = signatureAlgorithm;
|
this.signatureAlgorithm = signatureAlgorithm;
|
||||||
this.tokenRequestFormat = tokenRequestFormat;
|
|
||||||
this.credentialsSupplier = credentialsSupplier;
|
this.credentialsSupplier = credentialsSupplier;
|
||||||
this.tokenDuration = tokenDuration;
|
this.tokenDuration = tokenDuration;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override public TokenRequest apply(GeneratedHttpRequest request) {
|
||||||
public TokenRequest apply(GeneratedHttpRequest request) {
|
|
||||||
long now = timeSourceMillisSinceEpoch.get() / 1000;
|
long now = timeSourceMillisSinceEpoch.get() / 1000;
|
||||||
|
|
||||||
// fetch the token
|
// fetch the token
|
||||||
Header header = Header.create(signatureAlgorithm, tokenRequestFormat.type());
|
Header header = Header.create(signatureAlgorithm, "JWT");
|
||||||
|
|
||||||
Map<String, String> claims = new LinkedHashMap<String, String>();
|
Map<String, String> claims = new LinkedHashMap<String, String>();
|
||||||
claims.put("iss", credentialsSupplier.get().identity);
|
claims.put("iss", credentialsSupplier.get().identity);
|
||||||
|
@ -102,7 +98,7 @@ public class BuildTokenRequest implements Function<GeneratedHttpRequest, TokenRe
|
||||||
claims.put("aud", assertionTargetDescription);
|
claims.put("aud", assertionTargetDescription);
|
||||||
claims.putAll(additionalClaims);
|
claims.putAll(additionalClaims);
|
||||||
|
|
||||||
checkState(claims.keySet().containsAll(tokenRequestFormat.requiredClaims()),
|
checkState(claims.keySet().containsAll(REQUIRED_CLAIMS),
|
||||||
"not all required claims were present");
|
"not all required claims were present");
|
||||||
|
|
||||||
ClaimSet claimSet = ClaimSet.create(now, now + tokenDuration, Collections.unmodifiableMap(claims));
|
ClaimSet claimSet = ClaimSet.create(now, now + tokenDuration, Collections.unmodifiableMap(claims));
|
||||||
|
@ -110,7 +106,7 @@ public class BuildTokenRequest implements Function<GeneratedHttpRequest, TokenRe
|
||||||
return TokenRequest.create(header, claimSet);
|
return TokenRequest.create(header, claimSet);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected String getOAuthScopes(GeneratedHttpRequest request) {
|
private String getOAuthScopes(GeneratedHttpRequest request) {
|
||||||
Invokable<?, ?> invokable = request.getInvocation().getInvokable();
|
Invokable<?, ?> invokable = request.getInvocation().getInvokable();
|
||||||
|
|
||||||
OAuthScopes classScopes = invokable.getOwnerType().getRawType().getAnnotation(OAuthScopes.class);
|
OAuthScopes classScopes = invokable.getOwnerType().getRawType().getAnnotation(OAuthScopes.class);
|
||||||
|
|
|
@ -16,26 +16,23 @@
|
||||||
*/
|
*/
|
||||||
package org.jclouds.oauth.v2.functions;
|
package org.jclouds.oauth.v2.functions;
|
||||||
|
|
||||||
import com.google.common.base.Function;
|
import javax.inject.Inject;
|
||||||
|
|
||||||
import org.jclouds.oauth.v2.OAuthApi;
|
import org.jclouds.oauth.v2.OAuthApi;
|
||||||
import org.jclouds.oauth.v2.domain.Token;
|
import org.jclouds.oauth.v2.domain.Token;
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequest;
|
import org.jclouds.oauth.v2.domain.TokenRequest;
|
||||||
|
|
||||||
import javax.inject.Inject;
|
import com.google.common.base.Function;
|
||||||
import javax.inject.Singleton;
|
|
||||||
|
|
||||||
@Singleton
|
public final class FetchToken implements Function<TokenRequest, Token> {
|
||||||
public class FetchToken implements Function<TokenRequest, Token> {
|
|
||||||
|
|
||||||
private OAuthApi oAuthApi;
|
private final OAuthApi oAuthApi;
|
||||||
|
|
||||||
@Inject
|
@Inject FetchToken(OAuthApi oAuthApi) {
|
||||||
public FetchToken(OAuthApi oAuthApi) {
|
|
||||||
this.oAuthApi = oAuthApi;
|
this.oAuthApi = oAuthApi;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override public Token apply(TokenRequest input) {
|
||||||
public Token apply(TokenRequest input) {
|
|
||||||
return this.oAuthApi.authenticate(input);
|
return this.oAuthApi.authenticate(input);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,27 +16,6 @@
|
||||||
*/
|
*/
|
||||||
package org.jclouds.oauth.v2.functions;
|
package org.jclouds.oauth.v2.functions;
|
||||||
|
|
||||||
import com.google.common.annotations.VisibleForTesting;
|
|
||||||
import com.google.common.base.Charsets;
|
|
||||||
import com.google.common.base.Supplier;
|
|
||||||
import com.google.common.cache.CacheBuilder;
|
|
||||||
import com.google.common.cache.CacheLoader;
|
|
||||||
import com.google.common.cache.LoadingCache;
|
|
||||||
import com.google.common.io.ByteSource;
|
|
||||||
import com.google.common.util.concurrent.UncheckedExecutionException;
|
|
||||||
import org.jclouds.domain.Credentials;
|
|
||||||
import org.jclouds.location.Provider;
|
|
||||||
import org.jclouds.oauth.v2.domain.OAuthCredentials;
|
|
||||||
import org.jclouds.rest.AuthorizationException;
|
|
||||||
|
|
||||||
import javax.inject.Inject;
|
|
||||||
import javax.inject.Named;
|
|
||||||
import javax.inject.Singleton;
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.security.GeneralSecurityException;
|
|
||||||
import java.security.KeyFactory;
|
|
||||||
import java.security.PrivateKey;
|
|
||||||
|
|
||||||
import static com.google.common.base.Preconditions.checkArgument;
|
import static com.google.common.base.Preconditions.checkArgument;
|
||||||
import static com.google.common.base.Preconditions.checkNotNull;
|
import static com.google.common.base.Preconditions.checkNotNull;
|
||||||
import static com.google.common.base.Throwables.propagate;
|
import static com.google.common.base.Throwables.propagate;
|
||||||
|
@ -47,20 +26,42 @@ import static org.jclouds.oauth.v2.OAuthConstants.OAUTH_ALGORITHM_NAMES_TO_KEYFA
|
||||||
import static org.jclouds.oauth.v2.config.OAuthProperties.SIGNATURE_OR_MAC_ALGORITHM;
|
import static org.jclouds.oauth.v2.config.OAuthProperties.SIGNATURE_OR_MAC_ALGORITHM;
|
||||||
import static org.jclouds.util.Throwables2.getFirstThrowableOfType;
|
import static org.jclouds.util.Throwables2.getFirstThrowableOfType;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.security.GeneralSecurityException;
|
||||||
|
import java.security.KeyFactory;
|
||||||
|
import java.security.PrivateKey;
|
||||||
|
|
||||||
|
import javax.inject.Inject;
|
||||||
|
import javax.inject.Named;
|
||||||
|
import javax.inject.Singleton;
|
||||||
|
|
||||||
|
import org.jclouds.domain.Credentials;
|
||||||
|
import org.jclouds.location.Provider;
|
||||||
|
import org.jclouds.oauth.v2.domain.OAuthCredentials;
|
||||||
|
import org.jclouds.rest.AuthorizationException;
|
||||||
|
|
||||||
|
import com.google.common.annotations.VisibleForTesting;
|
||||||
|
import com.google.common.base.Charsets;
|
||||||
|
import com.google.common.base.Supplier;
|
||||||
|
import com.google.common.cache.CacheBuilder;
|
||||||
|
import com.google.common.cache.CacheLoader;
|
||||||
|
import com.google.common.cache.LoadingCache;
|
||||||
|
import com.google.common.io.ByteSource;
|
||||||
|
import com.google.common.util.concurrent.UncheckedExecutionException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Loads {@link OAuthCredentials} from a pem private key using the KeyFactory obtained from the JWT Algorithm
|
* Loads {@link OAuthCredentials} from a pem private key using the KeyFactory obtained from the JWT Algorithm
|
||||||
* Name<->KeyFactory name mapping in OAuthConstants. The pem pk algorithm must match the KeyFactory algorithm.
|
* Name<->KeyFactory name mapping in OAuthConstants. The pem pk algorithm must match the KeyFactory algorithm.
|
||||||
*
|
*
|
||||||
* @see org.jclouds.oauth.v2.OAuthConstants#OAUTH_ALGORITHM_NAMES_TO_KEYFACTORY_ALGORITHM_NAMES
|
* @see org.jclouds.oauth.v2.OAuthConstants#OAUTH_ALGORITHM_NAMES_TO_KEYFACTORY_ALGORITHM_NAMES
|
||||||
*/
|
*/
|
||||||
@Singleton
|
@Singleton // due to cache
|
||||||
public class OAuthCredentialsSupplier implements Supplier<OAuthCredentials> {
|
public final class OAuthCredentialsSupplier implements Supplier<OAuthCredentials> {
|
||||||
|
|
||||||
private final Supplier<Credentials> creds;
|
private final Supplier<Credentials> creds;
|
||||||
private final LoadingCache<Credentials, OAuthCredentials> keyCache;
|
private final LoadingCache<Credentials, OAuthCredentials> keyCache;
|
||||||
|
|
||||||
@Inject
|
@Inject OAuthCredentialsSupplier(@Provider Supplier<Credentials> creds, OAuthCredentialsForCredentials loader,
|
||||||
public OAuthCredentialsSupplier(@Provider Supplier<Credentials> creds, OAuthCredentialsForCredentials loader,
|
|
||||||
@Named(SIGNATURE_OR_MAC_ALGORITHM) String signatureOrMacAlgorithm) {
|
@Named(SIGNATURE_OR_MAC_ALGORITHM) String signatureOrMacAlgorithm) {
|
||||||
this.creds = creds;
|
this.creds = creds;
|
||||||
checkArgument(OAUTH_ALGORITHM_NAMES_TO_KEYFACTORY_ALGORITHM_NAMES.containsKey(signatureOrMacAlgorithm),
|
checkArgument(OAUTH_ALGORITHM_NAMES_TO_KEYFACTORY_ALGORITHM_NAMES.containsKey(signatureOrMacAlgorithm),
|
||||||
|
@ -74,17 +75,15 @@ public class OAuthCredentialsSupplier implements Supplier<OAuthCredentials> {
|
||||||
* so that the private key is only recalculated once.
|
* so that the private key is only recalculated once.
|
||||||
*/
|
*/
|
||||||
@VisibleForTesting
|
@VisibleForTesting
|
||||||
static class OAuthCredentialsForCredentials extends CacheLoader<Credentials, OAuthCredentials> {
|
static final class OAuthCredentialsForCredentials extends CacheLoader<Credentials, OAuthCredentials> {
|
||||||
private final String keyFactoryAlgorithm;
|
private final String keyFactoryAlgorithm;
|
||||||
|
|
||||||
@Inject
|
@Inject OAuthCredentialsForCredentials(@Named(SIGNATURE_OR_MAC_ALGORITHM) String signatureOrMacAlgorithm) {
|
||||||
public OAuthCredentialsForCredentials(@Named(SIGNATURE_OR_MAC_ALGORITHM) String signatureOrMacAlgorithm) {
|
|
||||||
this.keyFactoryAlgorithm = OAUTH_ALGORITHM_NAMES_TO_KEYFACTORY_ALGORITHM_NAMES.get(checkNotNull(
|
this.keyFactoryAlgorithm = OAUTH_ALGORITHM_NAMES_TO_KEYFACTORY_ALGORITHM_NAMES.get(checkNotNull(
|
||||||
signatureOrMacAlgorithm, "signatureOrMacAlgorithm"));
|
signatureOrMacAlgorithm, "signatureOrMacAlgorithm"));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override public OAuthCredentials load(Credentials in) {
|
||||||
public OAuthCredentials load(Credentials in) {
|
|
||||||
try {
|
try {
|
||||||
String identity = in.identity;
|
String identity = in.identity;
|
||||||
String privateKeyInPemFormat = in.credential;
|
String privateKeyInPemFormat = in.credential;
|
||||||
|
@ -108,18 +107,16 @@ public class OAuthCredentialsSupplier implements Supplier<OAuthCredentials> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override public OAuthCredentials get() {
|
||||||
public OAuthCredentials get() {
|
|
||||||
try {
|
try {
|
||||||
// loader always throws UncheckedExecutionException so no point in using get()
|
// loader always throws UncheckedExecutionException so no point in using get()
|
||||||
return keyCache.getUnchecked(checkNotNull(creds.get(), "credential supplier returned null"));
|
return keyCache.getUnchecked(checkNotNull(creds.get(), "credential supplier returned null"));
|
||||||
} catch (UncheckedExecutionException e) {
|
} catch (UncheckedExecutionException e) {
|
||||||
Throwable authorizationException = getFirstThrowableOfType(e, AuthorizationException.class);
|
AuthorizationException authorizationException = getFirstThrowableOfType(e, AuthorizationException.class);
|
||||||
if (authorizationException != null) {
|
if (authorizationException != null) {
|
||||||
throw (AuthorizationException) authorizationException;
|
throw authorizationException;
|
||||||
}
|
}
|
||||||
throw propagate(e);
|
throw e;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,40 +16,42 @@
|
||||||
*/
|
*/
|
||||||
package org.jclouds.oauth.v2.functions;
|
package org.jclouds.oauth.v2.functions;
|
||||||
|
|
||||||
import com.google.common.base.Function;
|
import static com.google.common.base.Preconditions.checkState;
|
||||||
import com.google.common.base.Supplier;
|
import static com.google.common.base.Throwables.propagate;
|
||||||
import com.google.common.base.Throwables;
|
import static java.lang.String.format;
|
||||||
import org.jclouds.oauth.v2.domain.OAuthCredentials;
|
import static org.jclouds.oauth.v2.OAuthConstants.NO_ALGORITHM;
|
||||||
|
import static org.jclouds.oauth.v2.OAuthConstants.OAUTH_ALGORITHM_NAMES_TO_SIGNATURE_ALGORITHM_NAMES;
|
||||||
|
import static org.jclouds.oauth.v2.config.OAuthProperties.SIGNATURE_OR_MAC_ALGORITHM;
|
||||||
|
|
||||||
import javax.annotation.PostConstruct;
|
|
||||||
import javax.crypto.Mac;
|
|
||||||
import javax.inject.Inject;
|
|
||||||
import javax.inject.Named;
|
|
||||||
import java.security.InvalidKeyException;
|
import java.security.InvalidKeyException;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
import java.security.Signature;
|
import java.security.Signature;
|
||||||
import java.security.SignatureException;
|
import java.security.SignatureException;
|
||||||
|
|
||||||
import static com.google.common.base.Preconditions.checkState;
|
import javax.annotation.PostConstruct;
|
||||||
import static java.lang.String.format;
|
import javax.crypto.Mac;
|
||||||
import static org.jclouds.oauth.v2.OAuthConstants.NO_ALGORITHM;
|
import javax.inject.Inject;
|
||||||
import static org.jclouds.oauth.v2.OAuthConstants.OAUTH_ALGORITHM_NAMES_TO_SIGNATURE_ALGORITHM_NAMES;
|
import javax.inject.Named;
|
||||||
import static org.jclouds.oauth.v2.config.OAuthProperties.SIGNATURE_OR_MAC_ALGORITHM;
|
|
||||||
|
import org.jclouds.oauth.v2.domain.OAuthCredentials;
|
||||||
|
|
||||||
|
import com.google.common.base.Function;
|
||||||
|
import com.google.common.base.Supplier;
|
||||||
|
import com.google.inject.Singleton;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Function that signs/produces mac's for OAuth tokens, provided a {@link Signature} or a {@link Mac} algorithm and
|
* Function that signs/produces mac's for OAuth tokens, provided a {@link Signature} or a {@link Mac} algorithm and
|
||||||
* {@link PrivateKey}
|
* {@link PrivateKey}
|
||||||
*/
|
*/
|
||||||
public class SignOrProduceMacForToken implements Function<byte[], byte[]> {
|
@Singleton // due to signatureOrMacFunction
|
||||||
|
public final class SignOrProduceMacForToken implements Function<byte[], byte[]> {
|
||||||
|
|
||||||
private final Supplier<OAuthCredentials> credentials;
|
private final Supplier<OAuthCredentials> credentials;
|
||||||
private final String signatureOrMacAlgorithm;
|
private final String signatureOrMacAlgorithm;
|
||||||
private Function<byte[], byte[]> signatureOrMacFunction;
|
private Function<byte[], byte[]> signatureOrMacFunction;
|
||||||
|
|
||||||
|
@Inject SignOrProduceMacForToken(@Named(SIGNATURE_OR_MAC_ALGORITHM) String signatureOrMacAlgorithm,
|
||||||
@Inject
|
|
||||||
public SignOrProduceMacForToken(@Named(SIGNATURE_OR_MAC_ALGORITHM) String signatureOrMacAlgorithm,
|
|
||||||
Supplier<OAuthCredentials> credentials) {
|
Supplier<OAuthCredentials> credentials) {
|
||||||
checkState(OAUTH_ALGORITHM_NAMES_TO_SIGNATURE_ALGORITHM_NAMES.containsKey(signatureOrMacAlgorithm),
|
checkState(OAUTH_ALGORITHM_NAMES_TO_SIGNATURE_ALGORITHM_NAMES.containsKey(signatureOrMacAlgorithm),
|
||||||
format("the signature algorithm %s is not supported", signatureOrMacAlgorithm));
|
format("the signature algorithm %s is not supported", signatureOrMacAlgorithm));
|
||||||
|
@ -74,14 +76,13 @@ public class SignOrProduceMacForToken implements Function<byte[], byte[]> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override public byte[] apply(byte[] input) {
|
||||||
public byte[] apply(byte[] input) {
|
|
||||||
return signatureOrMacFunction.apply(input);
|
return signatureOrMacFunction.apply(input);
|
||||||
}
|
}
|
||||||
|
|
||||||
private static class MessageAuthenticationCodeGenerator implements Function<byte[], byte[]> {
|
private static class MessageAuthenticationCodeGenerator implements Function<byte[], byte[]> {
|
||||||
|
|
||||||
private Mac mac;
|
private final Mac mac;
|
||||||
|
|
||||||
private MessageAuthenticationCodeGenerator(String macAlgorithm, PrivateKey privateKey) throws
|
private MessageAuthenticationCodeGenerator(String macAlgorithm, PrivateKey privateKey) throws
|
||||||
NoSuchAlgorithmException, InvalidKeyException {
|
NoSuchAlgorithmException, InvalidKeyException {
|
||||||
|
@ -89,8 +90,7 @@ public class SignOrProduceMacForToken implements Function<byte[], byte[]> {
|
||||||
this.mac.init(privateKey);
|
this.mac.init(privateKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override public byte[] apply(byte[] input) {
|
||||||
public byte[] apply(byte[] input) {
|
|
||||||
this.mac.update(input);
|
this.mac.update(input);
|
||||||
return this.mac.doFinal();
|
return this.mac.doFinal();
|
||||||
}
|
}
|
||||||
|
@ -98,7 +98,7 @@ public class SignOrProduceMacForToken implements Function<byte[], byte[]> {
|
||||||
|
|
||||||
private static class SignatureGenerator implements Function<byte[], byte[]> {
|
private static class SignatureGenerator implements Function<byte[], byte[]> {
|
||||||
|
|
||||||
private Signature signature;
|
private final Signature signature;
|
||||||
|
|
||||||
private SignatureGenerator(String signatureAlgorithm, PrivateKey privateKey) throws NoSuchAlgorithmException,
|
private SignatureGenerator(String signatureAlgorithm, PrivateKey privateKey) throws NoSuchAlgorithmException,
|
||||||
InvalidKeyException {
|
InvalidKeyException {
|
||||||
|
@ -106,13 +106,12 @@ public class SignOrProduceMacForToken implements Function<byte[], byte[]> {
|
||||||
this.signature.initSign(privateKey);
|
this.signature.initSign(privateKey);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override public byte[] apply(byte[] input) {
|
||||||
public byte[] apply(byte[] input) {
|
|
||||||
try {
|
try {
|
||||||
signature.update(input);
|
signature.update(input);
|
||||||
return signature.sign();
|
return signature.sign();
|
||||||
} catch (SignatureException e) {
|
} catch (SignatureException e) {
|
||||||
throw Throwables.propagate(e);
|
throw propagate(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,6 +16,9 @@
|
||||||
*/
|
*/
|
||||||
package org.jclouds.oauth.v2.handlers;
|
package org.jclouds.oauth.v2.handlers;
|
||||||
|
|
||||||
|
import static javax.ws.rs.core.Response.Status;
|
||||||
|
import static org.jclouds.http.HttpUtils.closeClientButKeepContentStream;
|
||||||
|
|
||||||
import org.jclouds.http.HttpCommand;
|
import org.jclouds.http.HttpCommand;
|
||||||
import org.jclouds.http.HttpErrorHandler;
|
import org.jclouds.http.HttpErrorHandler;
|
||||||
import org.jclouds.http.HttpResponse;
|
import org.jclouds.http.HttpResponse;
|
||||||
|
@ -23,17 +26,8 @@ import org.jclouds.http.HttpResponseException;
|
||||||
import org.jclouds.rest.AuthorizationException;
|
import org.jclouds.rest.AuthorizationException;
|
||||||
import org.jclouds.rest.ResourceNotFoundException;
|
import org.jclouds.rest.ResourceNotFoundException;
|
||||||
|
|
||||||
import javax.inject.Singleton;
|
public final class OAuthErrorHandler implements HttpErrorHandler {
|
||||||
|
@Override public void handleError(HttpCommand command, HttpResponse response) {
|
||||||
import static javax.ws.rs.core.Response.Status;
|
|
||||||
import static org.jclouds.http.HttpUtils.closeClientButKeepContentStream;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* This will parse and set an appropriate exception on the command object.
|
|
||||||
*/
|
|
||||||
@Singleton
|
|
||||||
public class OAuthErrorHandler implements HttpErrorHandler {
|
|
||||||
public void handleError(HttpCommand command, HttpResponse response) {
|
|
||||||
// it is important to always read fully and close streams
|
// it is important to always read fully and close streams
|
||||||
byte[] data = closeClientButKeepContentStream(response);
|
byte[] data = closeClientButKeepContentStream(response);
|
||||||
String message = data != null ? new String(data) : null;
|
String message = data != null ? new String(data) : null;
|
||||||
|
|
|
@ -1,45 +0,0 @@
|
||||||
/*
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
||||||
* contributor license agreements. See the NOTICE file distributed with
|
|
||||||
* this work for additional information regarding copyright ownership.
|
|
||||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
||||||
* (the "License"); you may not use this file except in compliance with
|
|
||||||
* the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.jclouds.oauth.v2.handlers;
|
|
||||||
|
|
||||||
import org.jclouds.http.HttpRequest;
|
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequest;
|
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequestFormat;
|
|
||||||
import org.jclouds.rest.Binder;
|
|
||||||
|
|
||||||
import javax.inject.Inject;
|
|
||||||
import javax.inject.Singleton;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Generic implementation of a token binder. Uses a provided {@link TokenRequestFormat} to actually bind tokens to
|
|
||||||
* requests.
|
|
||||||
*/
|
|
||||||
@Singleton
|
|
||||||
public class OAuthTokenBinder implements Binder {
|
|
||||||
|
|
||||||
private final TokenRequestFormat tokenRequestFormat;
|
|
||||||
|
|
||||||
@Inject
|
|
||||||
OAuthTokenBinder(TokenRequestFormat tokenRequestFormat) {
|
|
||||||
this.tokenRequestFormat = tokenRequestFormat;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public <R extends HttpRequest> R bindToRequest(R request, Object input) {
|
|
||||||
return tokenRequestFormat.formatRequest(request, (TokenRequest) input);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
/*
|
|
||||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
||||||
* contributor license agreements. See the NOTICE file distributed with
|
|
||||||
* this work for additional information regarding copyright ownership.
|
|
||||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
|
||||||
* (the "License"); you may not use this file except in compliance with
|
|
||||||
* the License. You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package org.jclouds.oauth.v2.internal;
|
|
||||||
|
|
||||||
import com.google.gson.Gson;
|
|
||||||
import com.google.gson.TypeAdapter;
|
|
||||||
import com.google.gson.TypeAdapterFactory;
|
|
||||||
import com.google.gson.reflect.TypeToken;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Type adapter used to serialize all subtypes of a value. This can be used to force serialization for an {@link
|
|
||||||
* com.google.auto.value.AutoValue} generated class.
|
|
||||||
*/
|
|
||||||
public abstract class SubtypeAdapterFactory<T> extends TypeAdapter<T> implements TypeAdapterFactory {
|
|
||||||
private final Class<T> baseClass;
|
|
||||||
|
|
||||||
protected SubtypeAdapterFactory(Class<T> baseClass) {
|
|
||||||
this.baseClass = baseClass;
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Accepts duty for any subtype. When using AutoValue properly, this will be the generated form. */
|
|
||||||
@Override public <T> TypeAdapter<T> create(Gson gson, TypeToken<T> typeToken) {
|
|
||||||
if (!(baseClass.isAssignableFrom(typeToken.getRawType()))) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
return (TypeAdapter<T>) this;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -14,7 +14,7 @@
|
||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
package org.jclouds.oauth.v2.json;
|
package org.jclouds.oauth.v2.binders;
|
||||||
|
|
||||||
import static org.testng.Assert.assertNotNull;
|
import static org.testng.Assert.assertNotNull;
|
||||||
import static org.testng.Assert.assertSame;
|
import static org.testng.Assert.assertSame;
|
||||||
|
@ -29,7 +29,6 @@ import org.jclouds.oauth.v2.OAuthTestUtils;
|
||||||
import org.jclouds.oauth.v2.domain.ClaimSet;
|
import org.jclouds.oauth.v2.domain.ClaimSet;
|
||||||
import org.jclouds.oauth.v2.domain.Header;
|
import org.jclouds.oauth.v2.domain.Header;
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequest;
|
import org.jclouds.oauth.v2.domain.TokenRequest;
|
||||||
import org.jclouds.oauth.v2.domain.TokenRequestFormat;
|
|
||||||
import org.jclouds.util.Strings2;
|
import org.jclouds.util.Strings2;
|
||||||
import org.testng.annotations.Test;
|
import org.testng.annotations.Test;
|
||||||
|
|
||||||
|
@ -37,23 +36,23 @@ import com.google.common.base.Splitter;
|
||||||
import com.google.common.collect.ImmutableMap;
|
import com.google.common.collect.ImmutableMap;
|
||||||
import com.google.common.collect.Iterables;
|
import com.google.common.collect.Iterables;
|
||||||
|
|
||||||
@Test(groups = "unit")
|
@Test(groups = "unit", testName = "OAuthTokenBinderTest")
|
||||||
public class JWTTokenRequestFormatTest {
|
public class OAuthTokenBinderTest {
|
||||||
public static final String STRING_THAT_GENERATES_URL_UNSAFE_BASE64_ENCODING = "§1234567890'+±!\"#$%&/()" +
|
public static final String STRING_THAT_GENERATES_URL_UNSAFE_BASE64_ENCODING = "§1234567890'+±!\"#$%&/()" +
|
||||||
"=?*qwertyuiopº´WERTYUIOPªàsdfghjklç~ASDFGHJKLÇ^<zxcvbnm," +
|
"=?*qwertyuiopº´WERTYUIOPªàsdfghjklç~ASDFGHJKLÇ^<zxcvbnm," +
|
||||||
".->ZXCVBNM;:_@€";
|
".->ZXCVBNM;:_@€";
|
||||||
|
|
||||||
public void testPayloadIsUrlSafe() throws IOException {
|
public void testPayloadIsUrlSafe() throws IOException {
|
||||||
|
|
||||||
TokenRequestFormat tokenRequestFormat = ContextBuilder.newBuilder(new OAuthApiMetadata()).overrides
|
OAuthTokenBinder tokenRequestFormat = ContextBuilder.newBuilder(new OAuthApiMetadata()).overrides
|
||||||
(OAuthTestUtils.defaultProperties(null)).build().utils()
|
(OAuthTestUtils.defaultProperties(null)).build().utils()
|
||||||
.injector().getInstance(TokenRequestFormat.class);
|
.injector().getInstance(OAuthTokenBinder.class);
|
||||||
Header header = Header.create("a", "b");
|
Header header = Header.create("a", "b");
|
||||||
ClaimSet claimSet = ClaimSet.create(0, 0,
|
ClaimSet claimSet = ClaimSet.create(0, 0,
|
||||||
ImmutableMap.of("ist", STRING_THAT_GENERATES_URL_UNSAFE_BASE64_ENCODING));
|
ImmutableMap.of("ist", STRING_THAT_GENERATES_URL_UNSAFE_BASE64_ENCODING));
|
||||||
TokenRequest tokenRequest = TokenRequest.create(header, claimSet);
|
TokenRequest tokenRequest = TokenRequest.create(header, claimSet);
|
||||||
HttpRequest request = tokenRequestFormat.formatRequest(HttpRequest.builder().method("GET").endpoint
|
HttpRequest request = tokenRequestFormat.bindToRequest(
|
||||||
("http://localhost").build(), tokenRequest);
|
HttpRequest.builder().method("GET").endpoint("http://localhost").build(), tokenRequest);
|
||||||
|
|
||||||
assertNotNull(request.getPayload());
|
assertNotNull(request.getPayload());
|
||||||
|
|
Loading…
Reference in New Issue