com.dyuproject.oauth.sp
Class HashStore

java.lang.Object
  extended by com.dyuproject.oauth.sp.HashStore
All Implemented Interfaces:
ServiceToken.Store
Direct Known Subclasses:
ConcurrentMapHashStore, PropertiesHashStore

public abstract class HashStore
extends Object
implements ServiceToken.Store

The hashed tokens are generated and parsed using encryption and mac signatures.

Author:
David Yu
Date created:
Jun 8, 2009

Field Summary
static long DEFAULT_ACCESS_TIMEOUT
          the default access timeout (60*60*1000 or the defined property "hashstore.access_timeout")
static long DEFAULT_EXCHANGE_TIMEOUT
          the default exchange timeout (60*10*1000 or the defined property "hashstore.exchange_timeout")
static long DEFAULT_LOGIN_TIMEOUT
          the default login timeout (DEFAULT_EXCHANGE_TIMEOUT/2 or the defined property "hashstore.login_timeout")
static String DEFAULT_MAC_ALGORITHM
          the default mac algorithm ("HMACSHA1")
 
Constructor Summary
HashStore(String secretKey, String macSecretKey)
           
HashStore(String secretKey, String macSecretKey, String macAlgorithm, long accessTimeout, long exchangeTimeout, long loginTimeout)
           
 
Method Summary
 ServiceToken generateToken(String consumerKey, String consumerSecret, String id)
           
 ServiceToken getAccessToken(String consumerKey, String accessToken)
          Gets the access token to be verified by the caller; Returns null if the access token is invalid.
 String getAuthCallbackOrVerifier(String requestToken, String id)
          Gets the auth callback or verifier; This could either be the url with oauth_token and oauth_verifier params, or the verifier "oob".
protected abstract  String getConsumerSecret(String consumerKey)
           
 ServiceToken getRequestToken(String consumerKey, String requestToken)
          Gets the request token with secret to be verified by the caller; Returns null if the request token is invalid.
 ServiceToken newAccessToken(String consumerKey, String verifier, String requestToken)
          Generates a new access token that is basically exchanged from the given requestToken; Returns null if the requestToken is invalid.
 ServiceToken newAccessToken(String consumerKey, String verifier, String requestToken, ServiceToken verifiedRequestToken)
          Generates a new access token that is basically exchanged from the given requestToken; Returns null if the requestToken is invalid.
 ServiceToken newHybridRequestToken(String consumerKey, String id)
          Particularly useful for hybrid openid+oauth; The underlying implementation will loosen the validation/verification since openid authentication is being used.
 ServiceToken newRequestToken(String consumerKey, String callback)
          Generates a new request token to be used by the caller to write a response.
protected  String validateCallbackUrl(String callbackUrl)
           
static String validateUrl(String url)
          Returns null if the given url is invalid; This is a utility method.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_ACCESS_TIMEOUT

public static final long DEFAULT_ACCESS_TIMEOUT
the default access timeout (60*60*1000 or the defined property "hashstore.access_timeout")


DEFAULT_EXCHANGE_TIMEOUT

public static final long DEFAULT_EXCHANGE_TIMEOUT
the default exchange timeout (60*10*1000 or the defined property "hashstore.exchange_timeout")


DEFAULT_LOGIN_TIMEOUT

public static final long DEFAULT_LOGIN_TIMEOUT
the default login timeout (DEFAULT_EXCHANGE_TIMEOUT/2 or the defined property "hashstore.login_timeout")


DEFAULT_MAC_ALGORITHM

public static final String DEFAULT_MAC_ALGORITHM
the default mac algorithm ("HMACSHA1")

See Also:
Constant Field Values
Constructor Detail

HashStore

public HashStore(String secretKey,
                 String macSecretKey)

HashStore

public HashStore(String secretKey,
                 String macSecretKey,
                 String macAlgorithm,
                 long accessTimeout,
                 long exchangeTimeout,
                 long loginTimeout)
Method Detail

newRequestToken

public final ServiceToken newRequestToken(String consumerKey,
                                          String callback)
Description copied from interface: ServiceToken.Store
Generates a new request token to be used by the caller to write a response. The token should generally be bound or associated with the consumerKey and callback.

Specified by:
newRequestToken in interface ServiceToken.Store

getRequestToken

public final ServiceToken getRequestToken(String consumerKey,
                                          String requestToken)
Gets the request token with secret to be verified by the caller; Returns null if the request token is invalid. If the request token was obtained from newHybridRequestToken(String, String), the token will be identified and a different request token will be returned that is not associated with a secret key since we are relying on the security of the openid protocol.

Specified by:
getRequestToken in interface ServiceToken.Store

getAuthCallbackOrVerifier

public final String getAuthCallbackOrVerifier(String requestToken,
                                              String id)
Description copied from interface: ServiceToken.Store
Gets the auth callback or verifier; This could either be the url with oauth_token and oauth_verifier params, or the verifier "oob".

Specified by:
getAuthCallbackOrVerifier in interface ServiceToken.Store

newHybridRequestToken

public final ServiceToken newHybridRequestToken(String consumerKey,
                                                String id)
Description copied from interface: ServiceToken.Store
Particularly useful for hybrid openid+oauth; The underlying implementation will loosen the validation/verification since openid authentication is being used.

Specified by:
newHybridRequestToken in interface ServiceToken.Store

generateToken

public final ServiceToken generateToken(String consumerKey,
                                        String consumerSecret,
                                        String id)

newAccessToken

public final ServiceToken newAccessToken(String consumerKey,
                                         String verifier,
                                         String requestToken)
Description copied from interface: ServiceToken.Store
Generates a new access token that is basically exchanged from the given requestToken; Returns null if the requestToken is invalid.

Specified by:
newAccessToken in interface ServiceToken.Store

newAccessToken

public final ServiceToken newAccessToken(String consumerKey,
                                         String verifier,
                                         String requestToken,
                                         ServiceToken verifiedRequestToken)
Description copied from interface: ServiceToken.Store
Generates a new access token that is basically exchanged from the given requestToken; Returns null if the requestToken is invalid. The param verifiedRequestToken is the service token recently obtained from ServiceToken.Store.getRequestToken(String, String). That is to use the consumerSecret linked to the same consumerKey to avoid another lookup. This method is added for efficiency..

Specified by:
newAccessToken in interface ServiceToken.Store

getAccessToken

public final ServiceToken getAccessToken(String consumerKey,
                                         String accessToken)
Description copied from interface: ServiceToken.Store
Gets the access token to be verified by the caller; Returns null if the access token is invalid. This is the method that you will use for every subsequent oauth request from consumers who have already been authenticated. Even if the access token is valid, it could still return null due to an access token timeout.

Specified by:
getAccessToken in interface ServiceToken.Store

getConsumerSecret

protected abstract String getConsumerSecret(String consumerKey)

validateCallbackUrl

protected String validateCallbackUrl(String callbackUrl)

validateUrl

public static String validateUrl(String url)
Returns null if the given url is invalid; This is a utility method.



Copyright © 2008-2013. All Rights Reserved.