Xinwen Deng / aem-src

OAuthClientPostProcessor.java 7.32 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 
/*
 * Decompiled with CFR 0_118.
 * 
 * Could not load the following classes:
 *  com.adobe.granite.crypto.CryptoSupport
 *  com.adobe.granite.keystore.KeyStoreService
 *  javax.jcr.Session
 *  org.apache.felix.scr.annotations.Component
 *  org.apache.felix.scr.annotations.Reference
 *  org.apache.felix.scr.annotations.Service
 *  org.apache.jackrabbit.api.security.user.User
 *  org.apache.sling.api.SlingHttpServletRequest
 *  org.apache.sling.api.resource.Resource
 *  org.apache.sling.api.resource.ResourceResolver
 *  org.apache.sling.api.resource.ResourceResolverFactory
 *  org.apache.sling.servlets.post.Modification
 *  org.apache.sling.servlets.post.ModificationType
 *  org.apache.sling.servlets.post.SlingPostProcessor
 *  org.slf4j.Logger
 *  org.slf4j.LoggerFactory
 */
package com.adobe.granite.oauth.server.impl;

import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.keystore.KeyStoreService;
import com.adobe.granite.oauth.server.impl.helper.OAuth2Helper;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.jcr.Session;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceResolverFactory;
import org.apache.sling.servlets.post.Modification;
import org.apache.sling.servlets.post.ModificationType;
import org.apache.sling.servlets.post.SlingPostProcessor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/*
 * This class specifies class file version 49.0 but uses Java 6 signatures.  Assumed Java 6.
 */
@Component
@Service(value={SlingPostProcessor.class})
public class OAuthClientPostProcessor
implements SlingPostProcessor {
    private final Logger logger;
    @Reference
    private CryptoSupport cryptoSupport;
    @Reference
    KeyStoreService keyStoreService;
    @Reference
    ResourceResolverFactory resourceResolverFactory;

    public OAuthClientPostProcessor() {
        this.logger = LoggerFactory.getLogger(this.getClass());
    }

    /*
     * WARNING - Removed try catching itself - possible behaviour change.
     */
    public void process(SlingHttpServletRequest request, List<Modification> changes) throws Exception {
        ModificationType modificationType;
        Modification modification;
        if (changes.size() > 0 && ((modificationType = (modification = changes.get(0)).getType()) == ModificationType.CREATE || modificationType == ModificationType.DELETE)) {
            Resource resource = request.getResource();
            if (!resource.getPath().startsWith("/home")) {
                this.logger.debug("this resource is not meant to be process by the OAuthClientPostProcessor");
                return;
            }
            if (!resource.getPath().endsWith("/oauth") && !"oauth:client".equals(resource.getResourceType())) {
                this.logger.debug("this resource is not meant to be process by the OAuthClientPostProcessor");
                return;
            }
            if (modificationType == ModificationType.CREATE && resource.getPath().endsWith("/oauth") && "oauth:clients".equals(resource.getResourceType())) {
                String resourcePath = modification.getSource();
                String clientId = this.getClientIdFromPath(resourcePath);
                Resource oauthClient = resource.getChild(clientId);
                if (oauthClient != null && "oauth:client".equals(oauthClient.getResourceType())) {
                    ResourceResolver resourceResolver = null;
                    try {
                        resourceResolver = this.resourceResolverFactory.getServiceResourceResolver(null);
                        Session oauthServiceSession = (Session)resourceResolver.adaptTo(Session.class);
                        String intermediatePath = this.getIntermediatePath(clientId);
                        User oauthKeyUser = OAuth2Helper.createUser(oauthServiceSession, clientId, intermediatePath);
                        this.keyStoreService.createKeyStore(resourceResolver, clientId, "notasecret".toCharArray());
                        KeyPair keyPair = this.cryptoSupport.createKeyPair("RSA");
                        this.keyStoreService.addKeyStoreKeyPair(resourceResolver, clientId, keyPair, clientId);
                        String userId = request.getRemoteUser();
                        Set<String> paths = Collections.singleton(oauthKeyUser.getPath());
                        OAuth2Helper.addACLEntries(oauthServiceSession, request.getUserPrincipal(), paths, true);
                    }
                    finally {
                        if (resourceResolver != null && resourceResolver.isLive()) {
                            resourceResolver.close();
                        }
                    }
                }
            } else if (modificationType == ModificationType.DELETE && "oauth:client".equals(resource.getResourceType())) {
                ResourceResolver resourceResolver = null;
                try {
                    resourceResolver = this.resourceResolverFactory.getServiceResourceResolver(null);
                    Session oauthServiceSession = (Session)resourceResolver.adaptTo(Session.class);
                    String resourcePath = modification.getSource();
                    String clientID = this.getClientIdFromPath(resourcePath);
                    OAuth2Helper.deleteUser(oauthServiceSession, clientID);
                }
                finally {
                    if (resourceResolver != null) {
                        resourceResolver.close();
                    }
                }
            }
        }
    }

    private String getClientIdFromPath(String resourcePath) {
        if (resourcePath == null || resourcePath.length() == 0) {
            return null;
        }
        return resourcePath.substring(resourcePath.lastIndexOf("/") + 1);
    }

    private String getIntermediatePath(String clientId) {
        if (clientId == null || clientId.length() == 0) {
            return "";
        }
        return "oauth/" + clientId.substring(0, 4);
    }

    protected void bindCryptoSupport(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    protected void unbindCryptoSupport(CryptoSupport cryptoSupport) {
        if (this.cryptoSupport == cryptoSupport) {
            this.cryptoSupport = null;
        }
    }

    protected void bindKeyStoreService(KeyStoreService keyStoreService) {
        this.keyStoreService = keyStoreService;
    }

    protected void unbindKeyStoreService(KeyStoreService keyStoreService) {
        if (this.keyStoreService == keyStoreService) {
            this.keyStoreService = null;
        }
    }

    protected void bindResourceResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        this.resourceResolverFactory = resourceResolverFactory;
    }

    protected void unbindResourceResolverFactory(ResourceResolverFactory resourceResolverFactory) {
        if (this.resourceResolverFactory == resourceResolverFactory) {
            this.resourceResolverFactory = null;
        }
    }
}