core/src/main/java/net/oauth/SimpleOAuthValidator.java - platform/external/oauth - Git at Google

 /*
  * Copyright 2008 Google, Inc.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package net.oauth;

 import java.io.IOException;
 import java.net.URISyntaxException;

 import net.oauth.signature.OAuthSignatureMethod;

 /**
  * A simple OAuthValidator, which checks the version, whether the timestamp
  * is close to now and the signature is valid. Each check may be overridden.
  *
  * @author Dirk Balfanz
  * @author John Kristian
  * @hide
  */
 public class SimpleOAuthValidator implements OAuthValidator {

     // default window for timestamps is 5 minutes
     public static final long DEFAULT_TIMESTAMP_WINDOW = 5 * 60 * 1000L;

     /**
      * Construct a validator that rejects messages more than five minutes out
      * of date, or with a OAuth version other than 1.0, or with an invalid
      * signature.
      */
     public SimpleOAuthValidator() {
         this(DEFAULT_TIMESTAMP_WINDOW, Double.parseDouble(OAuth.VERSION_1_0));
     }

     /**
      * Public constructor.
      *
      * @param timestampWindowSec
      *            specifies, in seconds, the windows (into the past and
      *            into the future) in which we'll accept timestamps.
      * @param maxVersion
      *            the maximum acceptable oauth_version
      */
     public SimpleOAuthValidator(long timestampWindowMsec, double maxVersion) {
         this.timestampWindow = timestampWindowMsec;
         this.maxVersion = maxVersion;
     }

     protected final double minVersion = 1.0;
     protected final double maxVersion;
     protected final long timestampWindow;

     /** {@inherit}
      * @throws URISyntaxException */
     public void validateMessage(OAuthMessage message, OAuthAccessor accessor)
     throws OAuthException, IOException, URISyntaxException {
         validateVersion(message);
         validateTimestampAndNonce(message);
         validateSignature(message, accessor);
     }

     protected void validateVersion(OAuthMessage message)
     throws OAuthException, IOException {
         String versionString = message.getParameter(OAuth.OAUTH_VERSION);
         if (versionString != null) {
             double version = Double.parseDouble(versionString);
             if (version < minVersion || maxVersion < version) {
                 OAuthProblemException problem = new OAuthProblemException("version_rejected");
                 problem.setParameter("oauth_acceptable_versions", minVersion + "-" + maxVersion);
                 throw problem;
             }
         }
     }

     /** This implementation doesn't check the nonce value. */
     protected void validateTimestampAndNonce(OAuthMessage message)
     throws IOException, OAuthProblemException {
         message.requireParameters(OAuth.OAUTH_TIMESTAMP, OAuth.OAUTH_NONCE);
         long timestamp = Long.parseLong(message.getParameter(OAuth.OAUTH_TIMESTAMP)) * 1000L;
         long now = currentTimeMsec();
         long min = now - timestampWindow;
         long max = now + timestampWindow;
         if (timestamp < min || max < timestamp) {
             OAuthProblemException problem = new OAuthProblemException("timestamp_refused");
             problem.setParameter("oauth_acceptable_timestamps", min + "-" + max);
             throw problem;
         }
     }

     protected void validateSignature(OAuthMessage message, OAuthAccessor accessor)
     throws OAuthException, IOException, URISyntaxException {
         message.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
                 OAuth.OAUTH_SIGNATURE_METHOD, OAuth.OAUTH_SIGNATURE);
         OAuthSignatureMethod.newSigner(message, accessor).validate(message);
     }

     protected long currentTimeMsec() {
         return System.currentTimeMillis();
     }

 }
	/*
	* Copyright 2008 Google, Inc.
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package net.oauth;

	import java.io.IOException;
	import java.net.URISyntaxException;

	import net.oauth.signature.OAuthSignatureMethod;

	/**
	* A simple OAuthValidator, which checks the version, whether the timestamp
	* is close to now and the signature is valid. Each check may be overridden.
	*
	* @author Dirk Balfanz
	* @author John Kristian
	* @hide
	*/
	public class SimpleOAuthValidator implements OAuthValidator {

	// default window for timestamps is 5 minutes
	public static final long DEFAULT_TIMESTAMP_WINDOW = 5 * 60 * 1000L;

	/**
	* Construct a validator that rejects messages more than five minutes out
	* of date, or with a OAuth version other than 1.0, or with an invalid
	* signature.
	*/
	public SimpleOAuthValidator() {
	this(DEFAULT_TIMESTAMP_WINDOW, Double.parseDouble(OAuth.VERSION_1_0));
	}

	/**
	* Public constructor.
	*
	* @param timestampWindowSec
	* specifies, in seconds, the windows (into the past and
	* into the future) in which we'll accept timestamps.
	* @param maxVersion
	* the maximum acceptable oauth_version
	*/
	public SimpleOAuthValidator(long timestampWindowMsec, double maxVersion) {
	this.timestampWindow = timestampWindowMsec;
	this.maxVersion = maxVersion;
	}

	protected final double minVersion = 1.0;
	protected final double maxVersion;
	protected final long timestampWindow;

	/** {@inherit}
	* @throws URISyntaxException */
	public void validateMessage(OAuthMessage message, OAuthAccessor accessor)
	throws OAuthException, IOException, URISyntaxException {
	validateVersion(message);
	validateTimestampAndNonce(message);
	validateSignature(message, accessor);
	}

	protected void validateVersion(OAuthMessage message)
	throws OAuthException, IOException {
	String versionString = message.getParameter(OAuth.OAUTH_VERSION);
	if (versionString != null) {
	double version = Double.parseDouble(versionString);
	if (version < minVersion \|\| maxVersion < version) {
	OAuthProblemException problem = new OAuthProblemException("version_rejected");
	problem.setParameter("oauth_acceptable_versions", minVersion + "-" + maxVersion);
	throw problem;
	}
	}
	}

	/** This implementation doesn't check the nonce value. */
	protected void validateTimestampAndNonce(OAuthMessage message)
	throws IOException, OAuthProblemException {
	message.requireParameters(OAuth.OAUTH_TIMESTAMP, OAuth.OAUTH_NONCE);
	long timestamp = Long.parseLong(message.getParameter(OAuth.OAUTH_TIMESTAMP)) * 1000L;
	long now = currentTimeMsec();
	long min = now - timestampWindow;
	long max = now + timestampWindow;
	if (timestamp < min \|\| max < timestamp) {
	OAuthProblemException problem = new OAuthProblemException("timestamp_refused");
	problem.setParameter("oauth_acceptable_timestamps", min + "-" + max);
	throw problem;
	}
	}

	protected void validateSignature(OAuthMessage message, OAuthAccessor accessor)
	throws OAuthException, IOException, URISyntaxException {
	message.requireParameters(OAuth.OAUTH_CONSUMER_KEY,
	OAuth.OAUTH_SIGNATURE_METHOD, OAuth.OAUTH_SIGNATURE);
	OAuthSignatureMethod.newSigner(message, accessor).validate(message);
	}

	protected long currentTimeMsec() {
	return System.currentTimeMillis();
	}

	}