public AbstractOAuthProvider(String requestTokenEndpointUrl, String accessTokenEndpointUrl, String authorizationWebsiteUrl) { this.requestTokenEndpointUrl = requestTokenEndpointUrl; this.accessTokenEndpointUrl = accessTokenEndpointUrl; this.authorizationWebsiteUrl = authorizationWebsiteUrl; this.responseParameters = new HttpParameters(); this.defaultHeaders = new HashMap<String, String>(); }
public static HttpParameters oauthHeaderToParamsMap(String oauthHeader) { HttpParameters params = new HttpParameters(); if (oauthHeader == null || !oauthHeader.startsWith("OAuth ")) { return params; } oauthHeader = oauthHeader.substring("OAuth ".length()); String[] elements = oauthHeader.split(","); for (String keyValuePair : elements) { String[] keyValue = keyValuePair.split("="); params.put(keyValue[0].trim(), keyValue[1].replace("\"", "").trim()); } return params; }
public HttpParameters getOAuthParameters() { HttpParameters oauthParams = new HttpParameters(); for (Entry<String, SortedSet<String>> param : this.entrySet()) { String key = param.getKey(); if (key.startsWith("oauth_") || key.startsWith("x_oauth_")) { oauthParams.put(key, param.getValue()); } } return oauthParams; } }
/** Parse a form-urlencoded document. */ public static HttpParameters decodeForm(String form) { HttpParameters params = new HttpParameters(); if (isEmpty(form)) { return params; } for (String nvp : form.split("\\&")) { int equals = nvp.indexOf('='); String name; String value; if (equals < 0) { name = percentDecode(nvp); value = null; } else { name = percentDecode(nvp.substring(0, equals)); value = percentDecode(nvp.substring(equals + 1)); } params.put(name, value); } return params; }
@Test public void shouldEncodeAndConcatenateAllSignatureParts() throws Exception { HttpRequest request = mock(HttpRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getRequestUrl()).thenReturn("http://example.com"); HttpParameters params = new HttpParameters(); params.put("a", "1"); SignatureBaseString sbs = new SignatureBaseString(request, params); //TODO: Is it correct that a trailing slash is always added to the //request URL authority if the path is empty? assertEquals("GET&http%3A%2F%2Fexample.com%2F&a%3D1", sbs.generate()); }
@Test public void shouldWorkWithBracketsInParameterName() throws Exception { HttpRequest request = mock(HttpRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getRequestUrl()).thenReturn("http://examplebrackets.com"); HttpParameters params = new HttpParameters(); params.put("a[]", "1", true); SignatureBaseString sbs = new SignatureBaseString(request, params); assertEquals("GET&http%3A%2F%2Fexamplebrackets.com%2F&a%255B%255D%3D1", sbs.generate()); }
@Test public void shouldWorkWithMultipleParametersWithBracketsOfSameName() throws Exception { HttpRequest request = mock(HttpRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getRequestUrl()).thenReturn("http://examplemultiple.com"); HttpParameters params = new HttpParameters(); params.put("a[]", "1", true); params.put("a[]", "2", true); SignatureBaseString sbs = new SignatureBaseString(request, params); assertEquals("GET&http%3A%2F%2Fexamplemultiple.com%2F&a%255B%255D%3D1%26a%255B%255D%3D2", sbs.generate()); } }
public synchronized void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier, String... customOAuthParams) throws OAuthMessageSignerException, OAuthNotAuthorizedException, OAuthExpectationFailedException, OAuthCommunicationException { if (consumer.getToken() == null || consumer.getTokenSecret() == null) { throw new OAuthExpectationFailedException( "Authorized request token or token secret not set. " + "Did you retrieve an authorized request token before?"); } HttpParameters params = new HttpParameters(); params.putAll(customOAuthParams, true); if (isOAuth10a && oauthVerifier != null) { params.put(OAuth.OAUTH_VERIFIER, oauthVerifier, true); } retrieveToken(consumer, accessTokenEndpointUrl, params); }
public synchronized String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl, String... customOAuthParams) throws OAuthMessageSignerException, OAuthNotAuthorizedException, OAuthExpectationFailedException, OAuthCommunicationException { // invalidate current credentials, if any consumer.setTokenWithSecret(null, null); // 1.0a expects the callback to be sent while getting the request token. // 1.0 service providers would simply ignore this parameter. HttpParameters params = new HttpParameters(); params.putAll(customOAuthParams, true); params.put(OAuth.OAUTH_CALLBACK, callbackUrl, true); retrieveToken(consumer, requestTokenEndpointUrl, params); String callbackConfirmed = responseParameters.getFirst(OAuth.OAUTH_CALLBACK_CONFIRMED); responseParameters.remove(OAuth.OAUTH_CALLBACK_CONFIRMED); isOAuth10a = Boolean.TRUE.toString().equals(callbackConfirmed); // 1.0 service providers expect the callback as part of the auth URL, // Do not send when 1.0a. if (isOAuth10a) { return OAuth.addQueryParameters(authorizationWebsiteUrl, OAuth.OAUTH_TOKEN, consumer.getToken()); } else { return OAuth.addQueryParameters(authorizationWebsiteUrl, OAuth.OAUTH_TOKEN, consumer.getToken(), OAuth.OAUTH_CALLBACK, callbackUrl); } }
@Test public void testGetOAuthParameters() { HttpParameters params = new HttpParameters(); params.put("a", "5"); params.put("oauth_token", "1"); params.put("x_oauth_token", "1"); HttpParameters oauthParams = params.getOAuthParameters(); assertFalse(oauthParams.containsKey("a")); assertTrue(oauthParams.containsKey("oauth_token")); assertTrue(oauthParams.containsKey("x_oauth_token")); } }
@Test public void shouldComputeCorrectHmacSha1Signature() throws Exception { // based on the reference test case from // http://oauth.pbwiki.com/TestCases OAuthMessageSigner signer = new HmacSha1MessageSigner(); signer.setConsumerSecret(CONSUMER_SECRET); signer.setTokenSecret(TOKEN_SECRET); HttpRequest request = mock(HttpRequest.class); when(request.getRequestUrl()).thenReturn("http://photos.example.net/photos"); when(request.getMethod()).thenReturn("GET"); HttpParameters params = new HttpParameters(); params.putAll(OAUTH_PARAMS); params.put("file", "vacation.jpg"); params.put("size", "original"); assertEquals("tR3+Ty81lMeYAr/Fid0kMTYa/WM=", signer.sign(request, params)); }
@Test public void shouldHonorManuallySetSigningParameters() throws Exception { // mock a request that has custom query, body, and header params set HttpRequest request = mock(HttpRequest.class); when(request.getRequestUrl()).thenReturn("http://example.com?a=1"); OAuthMessageSigner signer = mock(HmacSha1MessageSigner.class); consumer.setMessageSigner(signer); HttpParameters params = new HttpParameters(); params.put("oauth_callback", "http://mycallback"); consumer.setAdditionalParameters(params); consumer.sign(request); // verify that all custom params are properly read and passed to the // message signer ArgumentMatcher<HttpParameters> hasParameters = new ArgumentMatcher<HttpParameters>() { public boolean matches(Object argument) { HttpParameters params = (HttpParameters) argument; assertEquals("http://mycallback", params.getFirst("oauth_callback")); assertEquals("1", params.getFirst("a")); return true; } }; verify(signer).sign(same(request), argThat(hasParameters)); }
@Test public void shouldComputeCorrectHmacSha256Signature() throws Exception { // based on the reference test case from // http://oauth.pbwiki.com/TestCases OAuthMessageSigner signer = new HmacSha256MessageSigner(); signer.setConsumerSecret(CONSUMER_SECRET); signer.setTokenSecret(TOKEN_SECRET); HttpRequest request = mock(HttpRequest.class); when(request.getRequestUrl()).thenReturn("http://photos.example.net/photos"); when(request.getMethod()).thenReturn("GET"); HttpParameters params = new HttpParameters(); params.putAll(OAUTH_PARAMS); params.put("file", "vacation.jpg"); params.put("size", "original"); assertEquals("0gCtTYQAxqCKhIE0sltgx7UgHkAs10vrpuYE7xpRBnE=", signer.sign(request, params)); } }
@Test public void testBasicBehavior() { HttpParameters params = new HttpParameters(); assertTrue(params.isEmpty());
HttpParameters params = new HttpParameters(); params.put("a", "1"); ((AbstractOAuthProvider) provider).setResponseParameters(params);
public static HttpParameters oauthHeaderToParamsMap(String oauthHeader) { HttpParameters params = new HttpParameters(); if (oauthHeader == null || !oauthHeader.startsWith("OAuth ")) { return params; } oauthHeader = oauthHeader.substring("OAuth ".length()); String[] elements = oauthHeader.split(","); for (String keyValuePair : elements) { String[] keyValue = keyValuePair.split("="); params.put(keyValue[0].trim(), keyValue[1].replace("\"", "").trim()); } return params; }
public synchronized HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException, OAuthExpectationFailedException, OAuthCommunicationException { if (consumerKey == null) { throw new OAuthExpectationFailedException("consumer key not set"); } if (consumerSecret == null) { throw new OAuthExpectationFailedException("consumer secret not set"); } requestParameters = new HttpParameters(); try { if (additionalParameters != null) { requestParameters.putAll(additionalParameters, false); } collectHeaderParameters(request, requestParameters); collectQueryParameters(request, requestParameters); collectBodyParameters(request, requestParameters); // add any OAuth params that haven't already been set completeOAuthParameters(requestParameters); requestParameters.remove(OAuth.OAUTH_SIGNATURE); } catch (IOException e) { throw new OAuthCommunicationException(e); } String signature = messageSigner.sign(request, requestParameters); OAuth.debugOut("signature", signature); signingStrategy.writeSignature(signature, request, requestParameters); OAuth.debugOut("Request URL", request.getRequestUrl()); return request; }
public HttpParameters getOAuthParameters() { HttpParameters oauthParams = new HttpParameters(); for (Entry<String, SortedSet<String>> param : this.entrySet()) { String key = param.getKey(); if (key.startsWith("oauth_") || key.startsWith("x_oauth_")) { oauthParams.put(key, param.getValue()); } } return oauthParams; } }
HttpParameters params = new HttpParameters(); params.put("a", "1", true); params.put("realm", "www.example.com", true); params = new HttpParameters(); params.put("a", "1", true); params.put("c", "hi there", true); params = new HttpParameters(); params.put("a", "x!y", true); params.put("a", "x y", true); assertEquals(expected, result); params = new HttpParameters(); params.put("name", "", true); assertEquals("name=", new SignatureBaseString(httpGetMock, params)
@Test public void testDifferentSigningStrategies() throws Exception { SigningStrategy strategy = null; String signature = "123"; HttpParameters params = new HttpParameters(); params.put("realm", "http://x.com"); params.put("oauth_token", "abc"); params.put("x_oauth_custom_param", "cde"); params.put("should_not_appear", "nono"); strategy = new AuthorizationHeaderSigningStrategy(); assertEquals( "OAuth realm=\"http://x.com\", oauth_signature=\"123\", oauth_token=\"abc\", x_oauth_custom_param=\"cde\"", strategy.writeSignature(signature, httpGetMock, params)); assertEquals( "OAuth realm=\"http://x.com\", oauth_signature=\"123\", oauth_token=\"abc\", x_oauth_custom_param=\"cde\"", strategy.writeSignature(signature, httpGetMockWithQueryString, params)); strategy = new QueryStringSigningStrategy(); assertEquals( "http://www.example.com?oauth_signature=123&oauth_token=abc&x_oauth_custom_param=cde", strategy.writeSignature(signature, httpGetMock, params)); assertEquals( "http://www.example.com?foo=bar&oauth_signature=123&oauth_token=abc&x_oauth_custom_param=cde", strategy.writeSignature(signature, httpGetMockWithQueryString, params)); } }