com.google.gdata.client.http

Class AuthSubUtil

java.lang.Object

com.google.gdata.client.http.AuthSubUtil

public class AuthSubUtil
extends Object

Utility functions to support AuthSub (Account Authentication for Web Applications).

Constructor Summary

Constructors

Constructor and Description
AuthSubUtil()

Method Summary

Methods

Modifier and Type	Method and Description
static String	exchangeForSessionToken(String onetimeUseToken, PrivateKey key) Exchanges the one time use token returned in the URL for a session token.
static String	exchangeForSessionToken(String protocol, String domain, String onetimeUseToken, PrivateKey key) Exchanges the one time use token returned in the URL for a session token.
static String	formAuthorizationHeader(String token, PrivateKey key, URL requestUrl, String requestMethod) Forms the AuthSub authorization header.
static PrivateKey	getPrivateKeyFromKeystore(String keystore, String keystorePass, String keyAlias, String keyPass) Retrieves the private key from the specified keystore.
static String	getRequestUrl(String nextUrl, String scope, boolean secure, boolean session) Creates the request URL to be used to retrieve an AuthSub token.
static String	getRequestUrl(String hostedDomain, String nextUrl, String scope, boolean secure, boolean session) Creates the request URL to be used to retrieve an AuthSub token for hosted applications.
static String	getRequestUrl(String protocol, String domain, String nextUrl, String scope, boolean secure, boolean session) Creates the request URL to be used to retrieve an AuthSub token.
static String	getRequestUrl(String protocol, String domain, String hostedDomain, String nextUrl, String scope, boolean secure, boolean session) Creates the request URL for to be used to retrieve an AuthSub token for hosted applications.
static String	getTokenFromReply(String queryString) Parses and returns the AuthSub token returned by Google on a successful AuthSub login request.
static String	getTokenFromReply(URL url) Parses and returns the AuthSub token returned by Google on a successful AuthSub login request.
static Map<String,String>	getTokenInfo(String token, PrivateKey key) Retrieves information about the AuthSub token.
static Map<String,String>	getTokenInfo(String protocol, String domain, String token, PrivateKey key) Retrieves information about the AuthSub token.
static void	revokeToken(String token, PrivateKey key) Revokes the specified token.
static void	revokeToken(String protocol, String domain, String token, PrivateKey key) Revokes the specified token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthSubUtil

public AuthSubUtil()

Method Detail

getRequestUrl

public static String getRequestUrl(String nextUrl,
                   String scope,
                   boolean secure,
                   boolean session)

Creates the request URL to be used to retrieve an AuthSub token.

On success, the user will be redirected to the next URL with the AuthSub token appended to the URL. Use getTokenFromReply(String) to retrieve the token from the reply.

Parameters:

nextUrl - the URL to redirect to on successful token retrieval

scope - the scope of the requested AuthSub token

secure - true if the token will be used securely

session - true if the token will be exchanged for a session cookie

Returns:

the URL to be used to retrieve the AuthSub token

getRequestUrl

public static String getRequestUrl(String protocol,
                   String domain,
                   String nextUrl,
                   String scope,
                   boolean secure,
                   boolean session)

Creates the request URL to be used to retrieve an AuthSub token.

On success, the user will be redirected to the next URL with the AuthSub token appended to the URL. Use getTokenFromReply(String) to retrieve the token from the reply.

Parameters:

protocol - the protocol to use to communicate with the server

domain - the domain at which the authentication server exists

nextUrl - the URL to redirect to on successful token retrieval

scope - the scope of the requested AuthSub token

secure - true if the token will be used securely

session - true if the token will be exchanged for a session cookie

Returns:

the URL to be used to retrieve the AuthSub token

getRequestUrl

public static String getRequestUrl(String hostedDomain,
                   String nextUrl,
                   String scope,
                   boolean secure,
                   boolean session)

Creates the request URL to be used to retrieve an AuthSub token for hosted applications.

On success, the user will be redirected to the next URL with the AuthSub token appended to the URL. Use getTokenFromReply(String) to retrieve the token from the reply.

Parameters:

hostedDomain - hosted domain name, for example mydomain.example.com

nextUrl - the URL to redirect to on successful token retrieval

scope - the scope of the requested AuthSub token

secure - true if the token will be used securely

session - true if the token will be exchanged for a session cookie

Returns:

the URL to be used to retrieve the AuthSub token

getRequestUrl

public static String getRequestUrl(String protocol,
                   String domain,
                   String hostedDomain,
                   String nextUrl,
                   String scope,
                   boolean secure,
                   boolean session)

Creates the request URL for to be used to retrieve an AuthSub token for hosted applications.

On success, the user will be redirected to the next URL with the AuthSub token appended to the URL. Use getTokenFromReply(String) to retrieve the token from the reply.

Parameters:

protocol - the protocol to use to communicate with the server

domain - the domain at which the authentication server exists

hostedDomain - hosted domain name, for example mydomain.example.com

nextUrl - the URL to redirect to on successful token retrieval

scope - the scope of the requested AuthSub token

secure - true if the token will be used securely

session - true if the token will be exchanged for a session cookie

Returns:

the URL to be used to retrieve the AuthSub token

getTokenFromReply

public static String getTokenFromReply(URL url)

Parses and returns the AuthSub token returned by Google on a successful AuthSub login request. The token will be appended as a query parameter to the next URL specified while making the AuthSub request.

Parameters:

url - the redirected-to next URL with the token

Returns:

the AuthSub token returned by Google

getTokenFromReply

public static String getTokenFromReply(String queryString)

Parses and returns the AuthSub token returned by Google on a successful AuthSub login request. The token will be appended as a query parameter to the "next" URL specified while making the AuthSub request.

Parameters:

queryString - the query portion of the redirected-to URL containing the token (as the server received it; i.e. what httpServletRequest.getQueryString() returns)

Returns:

the AuthSub token returned by Google; null if there is no token present in queryString. The token text will have been run through URLDecoder already, and will not need any additional decoding before use; however, the token string will not contain percent (%) characters and therefore additional url-decoding will do no harm.

getPrivateKeyFromKeystore

public static PrivateKey getPrivateKeyFromKeystore(String keystore,
                                   String keystorePass,
                                   String keyAlias,
                                   String keyPass)
                                            throws IOException,
                                                   GeneralSecurityException

Retrieves the private key from the specified keystore.

Parameters:

keystore - the path to the keystore file

keystorePass - the password that protects the keystore file

keyAlias - the alias under which the private key is stored

keyPass - the password protecting the private key

Returns:

the private key from the specified keystore

Throws:

GeneralSecurityException - if the keystore cannot be loaded

IOException - if the file cannot be accessed

exchangeForSessionToken

public static String exchangeForSessionToken(String onetimeUseToken,
                             PrivateKey key)
                                      throws IOException,
                                             GeneralSecurityException,
                                             AuthenticationException

Exchanges the one time use token returned in the URL for a session token.

If the key is non-null, the token will be used securely and the request to make the exchange will be signed.

Parameters:

onetimeUseToken - the one time use token sent by Google in the URL

key - the private key to sign the request

Returns:

the session token. null if the request failed

Throws:

IOException - if error in writing/reading the request

GeneralSecurityException - if error in signing the request

AuthenticationException - if one time use token is rejected

exchangeForSessionToken

public static String exchangeForSessionToken(String protocol,
                             String domain,
                             String onetimeUseToken,
                             PrivateKey key)
                                      throws IOException,
                                             GeneralSecurityException,
                                             AuthenticationException

Exchanges the one time use token returned in the URL for a session token.

If the key is non-null, the token will be used securely and the request to make the exchange will be signed.

Parameters:

protocol - the protocol to use to communicate with the server

domain - the domain at which the authentication server exists

onetimeUseToken - the one time use token sent by Google in the URL

key - the private key to sign the request

Returns:

the session token. null if the request failed

Throws:

IOException - if error in writing/reading the request

GeneralSecurityException - if error in signing the request

AuthenticationException - if one time use token is rejected

getTokenInfo

public static Map<String,String> getTokenInfo(String token,
                              PrivateKey key)
                                       throws IOException,
                                              GeneralSecurityException,
                                              AuthenticationException

Retrieves information about the AuthSub token.

If the key is non-null, the token will be used securely and the request to revoke the token will be signed.

Parameters:

token - the AuthSub token for which to receive information

key - the private key to sign the request

Returns:

the token information in the form of a Map from the name of the attribute to the value of the attribute.

Throws:

IOException - if error in writing/reading the request

GeneralSecurityException - if error in signing the request

AuthenticationException - if the token is rejected

getTokenInfo

public static Map<String,String> getTokenInfo(String protocol,
                              String domain,
                              String token,
                              PrivateKey key)
                                       throws IOException,
                                              GeneralSecurityException,
                                              AuthenticationException

Retrieves information about the AuthSub token.

If the key is non-null, the token will be used securely and the request to revoke the token will be signed.

Parameters:

protocol - the protocol to use to communicate with the server

domain - the domain at which the authentication server exists

token - the AuthSub token for which to receive information

key - the private key to sign the request

Returns:

the token information in the form of a Map from the name of the attribute to the value of the attribute.

Throws:

IOException - if error in writing/reading the request

GeneralSecurityException - if error in signing the request

AuthenticationException - if the token is rejected

revokeToken

public static void revokeToken(String token,
               PrivateKey key)
                        throws IOException,
                               GeneralSecurityException,
                               AuthenticationException

Revokes the specified token.

If the key is non-null, the token will be used securely and the request to revoke the token will be signed.

Parameters:

token - the AuthSub token to revoke

key - the private key to sign the request

Throws:

IOException - if error in writing/reading the request

GeneralSecurityException - if error in signing the request

AuthenticationException - if the token is rejected

revokeToken

public static void revokeToken(String protocol,
               String domain,
               String token,
               PrivateKey key)
                        throws IOException,
                               GeneralSecurityException,
                               AuthenticationException

Revokes the specified token.

If the key is non-null, the token will be used securely and the request to revoke the token will be signed.

Parameters:

protocol - the protocol to use to communicate with the server

domain - the domain at which the authentication server exists

token - the AuthSub token to revoke

key - the private key to sign the request

Throws:

IOException - if error in writing/reading the request

GeneralSecurityException - if error in signing the request

AuthenticationException - if the token is rejected

formAuthorizationHeader

public static String formAuthorizationHeader(String token,
                             PrivateKey key,
                             URL requestUrl,
                             String requestMethod)
                                      throws GeneralSecurityException

Forms the AuthSub authorization header.

If the key is null, the token will be used in insecure mode. If the key is non-null, the token will be used securely and the header will contain a signature.

Parameters:

token - the AuthSub token to use in the header

key - the private key used to sign the request

requestUrl - the URL of the request being issued

requestMethod - the HTTP method being used to issue the request

Returns:

the authorization header

Throws:

GeneralSecurityException - if error occurs while creating signature