import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.math.BigInteger;
import java.net.*;
import java.security.MessageDigest;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.methods.GetMethod;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
* Servlet implementation class for Servlet: YahooBBAuthServlet
* Tested on Apache Tomcat/6.0.14 with JVM 1.6.0_02-b06.
*/
public class YahooBBAuthServlet extends javax.servlet.http.HttpServlet implements javax.servlet.Servlet {
static final long serialVersionUID = 1L;
/*
* @see javax.servlet.http.HttpServlet#HttpServlet()
*/
public YahooBBAuthServlet() {
super();
}
/*
* @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest request,
* HttpServletResponse response)
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html"); // Set the content type of the response
PrintWriter out=response.getWriter(); // PrintWriter to write text to the response
try {
//set your application id and secret
String appId = "";
String secret = "";
//change to your BBAuth handler
String uri = "/BBAuth/YahooBBAuthServlet";
/**
* The response querystring will include:
* appid=[application id]&
* token=[auth token]&
* appdata=[optional data]&
* ts=[request time (Unix timestamp)]&
* sig=[MD5(request URI including querystring with secret appended)
**/
//Hard coded parameters
//String token = "";
//String requestsig = "";
//String ts = "";
//String appdata = "";
//Get request parameters
String appdata = request.getParameter("appdata");
String ts = request.getParameter("ts");
String requestsig = request.getParameter("sig");
String token = request.getParameter("token");
MessageDigest digest = MessageDigest.getInstance("MD5");
String calcsig = uri + "?appid=" + appId + "&token=" + token + "&appdata=" + appdata + "&ts=" + ts + secret;
calcsig = new BigInteger(1, digest.digest((calcsig).getBytes())).toString(16);
//Verify that the signature sent by Yahoo! matches the calculated signture
if (!calcsig.equals(requestsig)) {
out.println("Signature mismatch:
");
out.println(requestsig);
out.println("
");
out.println(calcsig);
out.println("
");
out.close();
return;
}
// Get the current time. Needed to sign the request.
long time = System.currentTimeMillis() / 1000;
long requesttime = Long.parseLong(ts);
long clockSkew = Math.abs(time-requesttime);
//Make sure the server time is within 10 minutes (600 seconds) of Yahoo!'s servers
if (clockSkew >= 600) {
out.println("Invalid timestamp - clockSkew is " + clockSkew + " seconds, current time = " + time + ", ts =" + requesttime);
out.println("
");
out.close();
return;
}
/**
* Generate the portion of the URL that's used for signing.
* More information on BBAuth can be found here: http://developer.yahoo.com/auth/
*/
String authWS = "/WSLogin/V1/wspwtoken_login";
String sig = authWS + "?appid=" + URLEncoder.encode(appId, "UTF-8") + "&token=" + URLEncoder.encode(token, "UTF-8") + "&ts=" + time + secret;
String signature = new BigInteger(1, digest.digest((sig).getBytes())).toString(16);
String authURL = "https://api.login.yahoo.com" + authWS + "?appid=" + appId + "&token=" + token + "&ts=" + time + "&sig=" + signature;
//out.println(authURL);
//out.println("
");
HttpClient client = new HttpClient();
GetMethod method = new GetMethod(authURL);
InputStream rstream = null;
// Get the response body
rstream = method.getResponseBodyAsStream();
/**
* Retrieve the XML response to the auth request and get the wssid and
* cookie values.
*/
Document xmlresponse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(rstream);
String wssid = null;
String cookie = null;
String timeout = null;
// Check if token is in the response
NodeList wssidResponse = xmlresponse.getElementsByTagName("WSSID");
NodeList cookieResponse = xmlresponse.getElementsByTagName("Cookie");
NodeList timeoutResponse = xmlresponse.getElementsByTagName("Timeout");
Node wssidNode = wssidResponse.item(0);
Node cookieNode = cookieResponse.item(0);
Node timeoutNode = timeoutResponse.item(0);
if (wssidNode != null) {
out.println("BBauth authentication Successful");
out.println("
");
wssid = wssidNode.getTextContent();
cookie = cookieNode.getTextContent();
timeout = timeoutNode.getTextContent();
out.println("wssid = " + wssid);
out.println("
");
out.println("cookie = " + cookie);
out.println("
");
out.println("timeout = " + timeout);
} else {
/**
* Print the response error code and message
*
*
* 3000
* Invalid (missing) appid
*
*
*/
String code = xmlresponse.getElementsByTagName("ErrorCode").item(0).getTextContent();
String msg = xmlresponse.getElementsByTagName("ErrorDescription").item(0).getTextContent();
out.println("BBAuth request failed with error code " + code + ", " + msg);
out.println("
");
}
/**
* The web service session id (wssid) and Yahoo! cookie can now be used
* for calls to the SOAP or JSON-RPC endpoints.
* http://developer.yahoo.com/mail/docs/html/index.html
*/
} catch (Exception e) {
out.println(e.getMessage());
} finally {
out.close();
}
}
}