-
Notifications
You must be signed in to change notification settings - Fork 48
Expand file tree
/
Copy pathLtiOauthVerifier.java
More file actions
97 lines (85 loc) · 4.03 KB
/
LtiOauthVerifier.java
File metadata and controls
97 lines (85 loc) · 4.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
package org.imsglobal.lti.launch;
import net.oauth.*;
import net.oauth.server.OAuthServlet;
import javax.servlet.http.HttpServletRequest;
import java.util.*;
import java.util.logging.Logger;
/**
* This class <b>verifies</b> LTI launches according to the Oauth 1.0 spec
* @author Paul Gray
* @since 1.1
*/
public class LtiOauthVerifier implements LtiVerifier {
public static final String OAUTH_KEY_PARAMETER = "oauth_consumer_key";
private final static Logger logger = Logger.getLogger(LtiOauthVerifier.class.getName());
/**
* This method verifies the signed HttpServletRequest
* @param request the HttpServletRequest that will be verified
* @param secret the secret to verify the properties with
* @return the result of the verification, along with contextual
* information
* @throws LtiVerificationException
*/
@Override
public LtiVerificationResult verify(HttpServletRequest request, String secret) throws LtiVerificationException {
OAuthMessage oam = OAuthServlet.getMessage(request, OAuthServlet.getRequestURL(request));
String oauth_consumer_key = null;
try {
oauth_consumer_key = oam.getConsumerKey();
} catch (Exception e) {
return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "Unable to find consumer key in message");
}
OAuthValidator oav = new SimpleOAuthValidator();
OAuthConsumer cons = new OAuthConsumer(null, oauth_consumer_key, secret, null);
OAuthAccessor acc = new OAuthAccessor(cons);
try {
oav.validateMessage(oam, acc);
} catch (Exception e) {
return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "Failed to validate: " + e.getLocalizedMessage());
}
return new LtiVerificationResult(true, new LtiLaunch(request));
}
/**
* This method will verify a collection of parameters
* @param parameters the parameters that will be verified. mapped by key & value
* @param url the url this request was made at
* @param method the method this url was requested with
* @param secret the secret to verify the propertihes with
* @return
* @throws LtiVerificationException
*/
@Override
public LtiVerificationResult verifyParameters(Map<String, String> parameters, String url, String method, String secret) throws LtiVerificationException {
return verifyParameters(parameters.entrySet(), url, method, secret);
}
@Override
public LtiVerificationResult verifyParameters(Collection<? extends Map.Entry<String, String>> parameters, String url, String method, String secret) throws LtiVerificationException {
OAuthMessage oam = new OAuthMessage(method, url, parameters);
String key = getKey(parameters, OAUTH_KEY_PARAMETER);
if(key == null) {
return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "No key found in LTI request with parameters: " + Arrays.toString(parameters.toArray()));
} else {
OAuthConsumer cons = new OAuthConsumer(null, key, secret, null);
OAuthValidator oav = new SimpleOAuthValidator();
OAuthAccessor acc = new OAuthAccessor(cons);
try {
oav.validateMessage(oam, acc);
} catch (Exception e) {
return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "Failed to validate: " + e.getLocalizedMessage() + ", Parameters: " + Arrays.toString(parameters.toArray()));
}
return new LtiVerificationResult(true, new LtiLaunch(parameters));
}
}
/**
* Given a collection of parameters, return the first value for the given key.
* returns null if no entry is found with the given key.
*/
public static String getKey(Collection<? extends Map.Entry> parameters, String parameterName) {
for(Map.Entry<String, String> entry: parameters) {
if(entry.getKey().equals(parameterName)) {
return entry.getValue();
}
}
return null;
}
}