Adding implementations of LtiVerifier & LtiSigner

Author: pfgray

src/main/java/org/imsglobal/aspect/LtiLaunchVerifier.java

@@ -11,6 +11,7 @@
 import org.aspectj.lang.annotation.Aspect;
 import org.imsglobal.basiclti.BasicLTIUtil;
 import org.imsglobal.basiclti.LtiVerificationResult;
+import org.imsglobal.basiclti.LtiVerifier;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -24,8 +25,11 @@ public class LtiLaunchVerifier {
 
     public LtiKeySecretService keyService;
 
-    public LtiLaunchVerifier(LtiKeySecretService ltiKeySecretService) {
-        this.keyService = ltiKeySecretService;
+    public LtiVerifier ltiVerifier;
+
+    public LtiLaunchVerifier(LtiKeySecretService keyService, LtiVerifier ltiVerifier) {
+        this.keyService = keyService;
+        this.ltiVerifier = ltiVerifier;
     }
 
     //@Around("@annotation(launch) && execution(* *(javax.servlet.http.HttpServletRequest+, org.imsglobal.basiclti.LtiVerificationResult, ..)) && args(request, result)")
@@ -42,7 +46,7 @@ public Object verifyLtiLaunch(ProceedingJoinPoint pjp, Lti launch) throws Throwa
         }
 
         String oauthSecret = keyService.getSecretForKey(request.getParameter("oauth_consumer_key"));
-        LtiVerificationResult ltiResult = BasicLTIUtil.validateMessage(request, request.getRequestURL().toString(), oauthSecret);
+        LtiVerificationResult ltiResult = ltiVerifier.verify(request, oauthSecret);//BasicLTIUtil.validateMessage(request, request.getRequestURL().toString(), oauthSecret);
 
         Boolean ltiVerificationResultExists = false;
         //This array will hold the arguments to the join point, so we can pass them along to the advised function.

src/main/java/org/imsglobal/basiclti/LtiLaunch.java

@@ -1,6 +1,7 @@
 package org.imsglobal.basiclti;
 
 import javax.servlet.http.HttpServletRequest;
+import java.util.Map;
 
 /**
  * Created by paul on 5/28/14.
@@ -27,6 +28,16 @@ public LtiLaunch(HttpServletRequest request) {
         this.toolConsumerInstanceGuid = request.getParameter("tool_consumer_instance_guid");
     }
 
+    public LtiLaunch(Map<String, String> parameters) {
+        this.user = new LtiUser(parameters);
+        this.version = parameters.get("lti_version");
+        this.messageType = parameters.get("lti_message_type");
+        this.resourceLinkId = parameters.get("resource_link_id");
+        this.contextId = parameters.get("context_id");
+        this.launchPresentationReturnUrl = parameters.get("launch_presentation_return_url");
+        this.toolConsumerInstanceGuid = parameters.get("tool_consumer_instance_guid");
+    }
+
     public LtiUser getUser() {
         return user;
     }

src/main/java/org/imsglobal/basiclti/LtiOauthSigner.java

@@ -1,13 +1,27 @@
 package org.imsglobal.basiclti;
 
+import net.oauth.OAuthAccessor;
+import net.oauth.OAuthConsumer;
+import net.oauth.OAuthException;
+import net.oauth.OAuthMessage;
 import oauth.signpost.commonshttp.CommonsHttpOAuthConsumer;
 import oauth.signpost.exception.OAuthCommunicationException;
 import oauth.signpost.exception.OAuthExpectationFailedException;
 import oauth.signpost.exception.OAuthMessageSignerException;
 import org.apache.http.HttpRequest;
 
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static org.imsglobal.basiclti.BasicLTIConstants.*;
+
 /**
- * Created by pgray on 8/23/14.
+ * This class <b>signs</b> LTI requests according to the Oauth 1.0 spec
+ * @author  Paul Gray
+ * @since   1.1
  */
 public class LtiOauthSigner implements LtiSigner {
 
@@ -22,4 +36,22 @@ public HttpRequest sign(HttpRequest request, String key, String secret) throws L
         return request;
     }
 
+    @Override
+    public Map<String, String> signParameters(Map<String, String> parameters, String key, String secret, String url, String method) throws LtiSigningException {
+        OAuthMessage oam = new OAuthMessage(method, url, parameters.entrySet());
+        OAuthConsumer cons = new OAuthConsumer(null, key, secret, null);
+        OAuthAccessor acc = new OAuthAccessor(cons);
+        try {
+            oam.addRequiredParameters(acc);
+
+            Map<String, String> signedParameters = new HashMap<>();
+            for(Map.Entry<String, String> param : oam.getParameters()){
+                signedParameters.put(param.getKey(), param.getValue());
+            }
+            return signedParameters;
+        } catch (OAuthException |IOException |URISyntaxException e) {
+            throw new LtiSigningException("Error signing LTI request.", e);
+        }
+    }
+
 }

src/main/java/org/imsglobal/basiclti/LtiOauthVerifier.java

@@ -0,0 +1,70 @@
+package org.imsglobal.basiclti;
+
+import net.oauth.*;
+import net.oauth.server.OAuthServlet;
+import net.oauth.signature.OAuthSignatureMethod;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.Arrays;
+import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+/**
+ * This class <b>verifies</b> LTI launches according to the Oauth 1.0 spec
+ * @author  Paul Gray
+ * @since   1.1
+ */
+public class LtiOauthVerifier implements LtiVerifier {
+
+    public static final String OAUTH_KEY_PARAMETER= "oauth_consumer_key";
+
+    private final static Logger logger = Logger.getLogger(LtiOauthVerifier.class.getName());
+
+    /**
+     * This method verifies the signed HttpServletRequest
+     * @param request the HttpServletRequest that will be verified
+     * @param secret the secret to verify the properties with
+     * @return the result of the verification, along with contextual
+     * information
+     * @throws LtiVerificationException
+     */
+    @Override
+    public LtiVerificationResult verify(HttpServletRequest request, String secret) throws LtiVerificationException {
+        OAuthMessage oam = OAuthServlet.getMessage(request, OAuthServlet.getRequestURL(request));
+        String oauth_consumer_key = null;
+        try {
+            oauth_consumer_key = oam.getConsumerKey();
+        } catch (Exception e) {
+            return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "Unable to find consumer key in message");
+        }
+
+        OAuthValidator oav = new SimpleOAuthValidator();
+        OAuthConsumer cons = new OAuthConsumer(null, oauth_consumer_key, secret, null);
+        OAuthAccessor acc = new OAuthAccessor(cons);
+
+        try {
+            oav.validateMessage(oam, acc);
+        } catch (Exception e) {
+            return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "Failed to validate: " + e.getLocalizedMessage());
+        }
+        return new LtiVerificationResult(true, new LtiLaunch(request));
+    }
+
+    @Override
+    public LtiVerificationResult verifyParameters(Map<String, String> parameters, String url, String method, String secret) throws LtiVerificationException {
+        OAuthMessage oam = new OAuthMessage(method, url, parameters.entrySet());
+        OAuthConsumer cons = new OAuthConsumer(null, parameters.get(OAUTH_KEY_PARAMETER), secret, null);
+        OAuthValidator oav = new SimpleOAuthValidator();
+        OAuthAccessor acc = new OAuthAccessor(cons);
+
+        try {
+            oav.validateMessage(oam, acc);
+        } catch (Exception e) {
+            return new LtiVerificationResult(false, LtiError.BAD_REQUEST, "Failed to validate: " + e.getLocalizedMessage() + ", Parameters: " + Arrays.toString(parameters.entrySet().toArray()));
+        }
+        return new LtiVerificationResult(true, new LtiLaunch(parameters));
+    }
+}

src/main/java/org/imsglobal/basiclti/LtiSigner.java

@@ -42,6 +42,6 @@ public interface LtiSigner {
      * @return a map of signed parameters (including the signature)
      * @throws LtiSigningException
      */
-    public HttpRequest signParameters(Map<String, String> parameters, String key, String secret) throws LtiSigningException;
+    public Map<String, String> signParameters(Map<String, String> parameters, String key, String secret, String url, String method) throws LtiSigningException;
 
 }

src/main/java/org/imsglobal/basiclti/LtiUser.java

@@ -3,6 +3,7 @@
 import javax.servlet.http.HttpServletRequest;
 import java.util.LinkedList;
 import java.util.List;
+import java.util.Map;
 
 /**
  * Created by paul on 5/28/14.
@@ -22,6 +23,16 @@ public LtiUser(HttpServletRequest request) {
         }
     }
 
+    public LtiUser(Map<String, String> parameters) {
+        this.id = parameters.get("user_id");
+        this.roles = new LinkedList<>();
+        if(parameters.get("roles") != null) {
+            for (String role : parameters.get("roles").split(",")) {
+                this.roles.add(role.trim());
+            }
+        }
+    }
+
     public String getId() {
         return id;
     }

src/main/java/org/imsglobal/basiclti/LtiVerifier.java

@@ -32,13 +32,15 @@ public interface LtiVerifier {
      * This method will verify a list of properties (mapped
      * by key & value).
      * @param parameters the parameters that will be verified. mapped by key & value
-     * @param secret the secret to verify the properties with
+     * @param url the url this request was made at
+     * @param method the method this url was requested with
+     * @param secret the secret to verify the propertihes with
      * @return an LtiVerificationResult which will
      * contain information about the request (whether or
      * not it is valid, and if it is valid, contextual
      * information about the request).
      * @throws LtiVerificationException
      */
-    public LtiVerificationResult verifyParameters(Map<String, String> parameters, String secret) throws LtiVerificationException;
+    public LtiVerificationResult verifyParameters(Map<String, String> parameters, String url, String method, String secret) throws LtiVerificationException;
 
 }