View Javadoc
1   /*
2    * Copyright 2006-2019 the original author or authors.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
5    * the License. You may obtain a copy of the License at
6    * 
7    * https://www.apache.org/licenses/LICENSE-2.0
8    * 
9    * Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
10   * an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
11   * specific language governing permissions and limitations under the License.
12   */
13  package org.springframework.security.oauth.config;
14  
15  import java.io.IOException;
16  import java.io.InputStream;
17  import java.security.cert.Certificate;
18  import java.security.cert.CertificateException;
19  import java.security.cert.CertificateFactory;
20  
21  import org.apache.commons.logging.Log;
22  import org.apache.commons.logging.LogFactory;
23  import org.springframework.beans.factory.BeanCreationException;
24  import org.springframework.beans.factory.FactoryBean;
25  import org.springframework.context.ResourceLoaderAware;
26  import org.springframework.core.io.ResourceLoader;
27  import org.springframework.security.core.authority.AuthorityUtils;
28  import org.springframework.security.oauth.common.signature.RSAKeySecret;
29  import org.springframework.security.oauth.common.signature.SharedConsumerSecretImpl;
30  import org.springframework.security.oauth.common.signature.SignatureSecret;
31  import org.springframework.security.oauth.provider.BaseConsumerDetails;
32  import org.springframework.security.oauth.provider.ConsumerDetails;
33  
34  /**
35   * @author Dave Syer
36   * 
37   */
38  public class ConsumerDetailsFactoryBean implements FactoryBean<ConsumerDetails>, ResourceLoaderAware {
39  	
40  	private static final Log logger = LogFactory.getLog(ConsumerDetailsFactoryBean.class);
41  	private Object typeOfSecret;
42  	private BaseConsumerDetailsder/BaseConsumerDetails.html#BaseConsumerDetails">BaseConsumerDetails consumer = new BaseConsumerDetails();
43  	private String secret;
44  	private ResourceLoader resourceLoader;
45  	
46  	public void setResourceLoader(ResourceLoader resourceLoader) {
47  		this.resourceLoader = resourceLoader;
48  	}
49  	
50  	public void setSecret(String secret) {
51  		this.secret = secret;
52  	}
53  
54  	public void setConsumerKey(String consumerKey) {
55  		consumer.setConsumerKey(consumerKey);
56  	}
57  
58  	public void setConsumerName(String consumerName) {
59  		consumer.setConsumerName(consumerName);
60  	}
61  
62  	public void setSignatureSecret(SignatureSecret signatureSecret) {
63  		consumer.setSignatureSecret(signatureSecret);
64  	}
65  
66  	public void setAuthorities(String authorities) {
67  		consumer.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList(authorities));
68  	}
69  
70  	public void setResourceName(String resourceName) {
71  		consumer.setResourceName(resourceName);
72  	}
73  
74  	public void setResourceDescription(String resourceDescription) {
75  		consumer.setResourceDescription(resourceDescription);
76  	}
77  
78  	public void setRequiredToObtainAuthenticatedToken(boolean requiredToObtainAuthenticatedToken) {
79  		consumer.setRequiredToObtainAuthenticatedToken(requiredToObtainAuthenticatedToken);
80  	}
81  
82  	public void setTypeOfSecret(Object typeOfSecret) {
83  		this.typeOfSecret = typeOfSecret;
84  	}
85  
86  	public ConsumerDetails getObject() throws Exception {
87  		if ("rsa-cert".equals(typeOfSecret)) {
88  			InputStream inputStream = null;
89  			try {
90  				inputStream = resourceLoader.getResource(secret).getInputStream();
91  				Certificate cert = CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
92  				consumer.setSignatureSecret(new RSAKeySecret(cert.getPublicKey()));
93  			}
94  			catch (IOException e) {
95  				throw new BeanCreationException("RSA certificate not found at " + secret + ".",
96  						e);
97  			}
98  			catch (CertificateException e) {
99  				throw new BeanCreationException("Invalid RSA certificate at " + secret + ".", e);
100 			}
101 			catch (NullPointerException e) {
102 				throw new BeanCreationException("Could not load RSA certificate at " + secret + ".", e);
103 			}
104 			finally {
105 				try {
106 					if (inputStream != null) {
107 						inputStream.close();
108 					}
109 				} 
110 				catch (IOException e) {
111 					logger.warn("Cannot close open stream: ", e);
112 				}
113 			}
114 		}
115 		else {
116 			consumer.setSignatureSecret(new SharedConsumerSecretImpl(secret));
117 		}
118 		return consumer;
119 	}
120 
121 	public Class<?> getObjectType() {
122 		return BaseConsumerDetails.class;
123 	}
124 
125 	public boolean isSingleton() {
126 		return true;
127 	}
128 
129 }