@Test public void shouldIncludeOAuthAndQueryAndBodyParams() throws Exception { // mock a request that has custom query, body, and header params set HttpRequest request = mock(HttpRequest.class); when(request.getRequestUrl()).thenReturn("http://example.com?a=1+1"); ByteArrayInputStream body = new ByteArrayInputStream("b=2+2".getBytes()); when(request.getMessagePayload()).thenReturn(body); when(request.getContentType()).thenReturn( "application/x-www-form-urlencoded; charset=ISO-8859-1"); when(request.getHeader("Authorization")).thenReturn( "OAuth realm=\"http%3A%2F%2Fexample.com\", oauth_token=\"12%25345\", oauth_signature=\"1234\""); OAuthMessageSigner signer = mock(HmacSha1MessageSigner.class); consumer.setMessageSigner(signer); consumer.sign(request); // verify that all custom params are properly read and passed to the // message signer ArgumentMatcher<HttpParameters> hasAllParameters = new ArgumentMatcher<HttpParameters>() { public boolean matches(Object argument) { HttpParameters params = (HttpParameters) argument; assertEquals("1 1", params.getFirst("a", true)); assertEquals("2 2", params.getFirst("b", true)); assertEquals("http://example.com", params.getFirst("realm", true)); assertEquals("12%345", params.getFirst("oauth_token", true)); // signature should be dropped, not valid to pre-set assertNull(params.getFirst("oauth_signature")); return true; } }; verify(signer).sign(same(request), argThat(hasAllParameters)); }
@Test public void shouldComputeCorrectHmacSha1Signature() throws Exception { // based on the reference test case from // http://oauth.pbwiki.com/TestCases OAuthMessageSigner signer = new HmacSha1MessageSigner(); signer.setConsumerSecret(CONSUMER_SECRET); signer.setTokenSecret(TOKEN_SECRET); HttpRequest request = mock(HttpRequest.class); when(request.getRequestUrl()).thenReturn("http://photos.example.net/photos"); when(request.getMethod()).thenReturn("GET"); HttpParameters params = new HttpParameters(); params.putAll(OAUTH_PARAMS); params.put("file", "vacation.jpg"); params.put("size", "original"); assertEquals("tR3+Ty81lMeYAr/Fid0kMTYa/WM=", signer.sign(request, params)); }
@Test public void shouldComputeCorrectHmacSha256Signature() throws Exception { // based on the reference test case from // http://oauth.pbwiki.com/TestCases OAuthMessageSigner signer = new HmacSha256MessageSigner(); signer.setConsumerSecret(CONSUMER_SECRET); signer.setTokenSecret(TOKEN_SECRET); HttpRequest request = mock(HttpRequest.class); when(request.getRequestUrl()).thenReturn("http://photos.example.net/photos"); when(request.getMethod()).thenReturn("GET"); HttpParameters params = new HttpParameters(); params.putAll(OAUTH_PARAMS); params.put("file", "vacation.jpg"); params.put("size", "original"); assertEquals("0gCtTYQAxqCKhIE0sltgx7UgHkAs10vrpuYE7xpRBnE=", signer.sign(request, params)); } }
@Test public void shouldHonorManuallySetSigningParameters() throws Exception { // mock a request that has custom query, body, and header params set HttpRequest request = mock(HttpRequest.class); when(request.getRequestUrl()).thenReturn("http://example.com?a=1"); OAuthMessageSigner signer = mock(HmacSha1MessageSigner.class); consumer.setMessageSigner(signer); HttpParameters params = new HttpParameters(); params.put("oauth_callback", "http://mycallback"); consumer.setAdditionalParameters(params); consumer.sign(request); // verify that all custom params are properly read and passed to the // message signer ArgumentMatcher<HttpParameters> hasParameters = new ArgumentMatcher<HttpParameters>() { public boolean matches(Object argument) { HttpParameters params = (HttpParameters) argument; assertEquals("http://mycallback", params.getFirst("oauth_callback")); assertEquals("1", params.getFirst("a")); return true; } }; verify(signer).sign(same(request), argThat(hasParameters)); }
@Test public void shouldCreateCorrectPlaintextSignature() throws Exception { OAuthMessageSigner signer = new PlainTextMessageSigner(); signer.setConsumerSecret(CONSUMER_SECRET); signer.setTokenSecret(TOKEN_SECRET); assertEquals(CONSUMER_SECRET + "&" + TOKEN_SECRET, signer.sign(httpGetMock, OAUTH_PARAMS)); }
public synchronized HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException, OAuthExpectationFailedException, OAuthCommunicationException { if (consumerKey == null) { throw new OAuthExpectationFailedException("consumer key not set"); } if (consumerSecret == null) { throw new OAuthExpectationFailedException("consumer secret not set"); } requestParameters = new HttpParameters(); try { if (additionalParameters != null) { requestParameters.putAll(additionalParameters, false); } collectHeaderParameters(request, requestParameters); collectQueryParameters(request, requestParameters); collectBodyParameters(request, requestParameters); // add any OAuth params that haven't already been set completeOAuthParameters(requestParameters); requestParameters.remove(OAuth.OAUTH_SIGNATURE); } catch (IOException e) { throw new OAuthCommunicationException(e); } String signature = messageSigner.sign(request, requestParameters); OAuth.debugOut("signature", signature); signingStrategy.writeSignature(signature, request, requestParameters); OAuth.debugOut("Request URL", request.getRequestUrl()); return request; }
public synchronized HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException, OAuthExpectationFailedException, OAuthCommunicationException { if (consumerKey == null) { throw new OAuthExpectationFailedException("consumer key not set"); } if (consumerSecret == null) { throw new OAuthExpectationFailedException("consumer secret not set"); } requestParameters = new HttpParameters(); try { if (additionalParameters != null) { requestParameters.putAll(additionalParameters, false); } collectHeaderParameters(request, requestParameters); collectQueryParameters(request, requestParameters); collectBodyParameters(request, requestParameters); // add any OAuth params that haven't already been set completeOAuthParameters(requestParameters); requestParameters.remove(OAuth.OAUTH_SIGNATURE); } catch (IOException e) { throw new OAuthCommunicationException(e); } String signature = messageSigner.sign(request, requestParameters); OAuth.debugOut("signature", signature); signingStrategy.writeSignature(signature, request, requestParameters); OAuth.debugOut("Request URL", request.getRequestUrl()); return request; }