@Override public String sign(HttpRequest request, HttpParameters requestParams) throws OAuthMessageSignerException { try { String keyString = OAuth.percentEncode(getConsumerSecret()) + '&' + OAuth.percentEncode(getTokenSecret()); byte[] keyBytes = keyString.getBytes(OAuth.ENCODING); SecretKey key = new SecretKeySpec(keyBytes, MAC_NAME); Mac mac = Mac.getInstance(MAC_NAME); mac.init(key); String sbs = new SignatureBaseString(request, requestParams).generate(); OAuth.debugOut("SBS", sbs); byte[] text = sbs.getBytes(OAuth.ENCODING); return base64Encode(mac.doFinal(text)).trim(); } catch (GeneralSecurityException e) { throw new OAuthMessageSignerException(e); } catch (UnsupportedEncodingException e) { throw new OAuthMessageSignerException(e); } } }
@Override public String sign(HttpRequest request, HttpParameters requestParams) throws OAuthMessageSignerException { try { String keyString = OAuth.percentEncode(getConsumerSecret()) + '&' + OAuth.percentEncode(getTokenSecret()); byte[] keyBytes = keyString.getBytes(OAuth.ENCODING); SecretKey key = new SecretKeySpec(keyBytes, MAC_NAME); Mac mac = Mac.getInstance(MAC_NAME); mac.init(key); String sbs = new SignatureBaseString(request, requestParams).generate(); OAuth.debugOut("SBS", sbs); byte[] text = sbs.getBytes(OAuth.ENCODING); return base64Encode(mac.doFinal(text)).trim(); } catch (GeneralSecurityException e) { throw new OAuthMessageSignerException(e); } catch (UnsupportedEncodingException e) { throw new OAuthMessageSignerException(e); } } }
@Test public void shouldStartWithUppercaseHttpMethod() throws Exception { assertTrue(new SignatureBaseString(httpPostMock, EMPTY_PARAMS).generate().split("&")[0] .equals("POST")); assertTrue(new SignatureBaseString(httpGetMock, EMPTY_PARAMS).generate().split("&")[0] .equals("GET")); }
@Test public void shouldEncodeAndConcatenateAllSignatureParts() throws Exception { HttpRequest request = mock(HttpRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getRequestUrl()).thenReturn("http://example.com"); HttpParameters params = new HttpParameters(); params.put("a", "1"); SignatureBaseString sbs = new SignatureBaseString(request, params); //TODO: Is it correct that a trailing slash is always added to the //request URL authority if the path is empty? assertEquals("GET&http%3A%2F%2Fexample.com%2F&a%3D1", sbs.generate()); }
@Test public void shouldWorkWithBracketsInParameterName() throws Exception { HttpRequest request = mock(HttpRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getRequestUrl()).thenReturn("http://examplebrackets.com"); HttpParameters params = new HttpParameters(); params.put("a[]", "1", true); SignatureBaseString sbs = new SignatureBaseString(request, params); assertEquals("GET&http%3A%2F%2Fexamplebrackets.com%2F&a%255B%255D%3D1", sbs.generate()); }
@Test public void shouldNormalizeRequestUrl() throws Exception { // must include scheme and authority in lowercase letters, // plus non HTTP(S) port, plus path, // but must ignore query params and fragment when(httpGetMock.getRequestUrl()) .thenReturn("HTTP://www.Example.Com:123/test?q=1#fragment"); assertEquals("http://www.example.com:123/test", new SignatureBaseString(httpGetMock, OAUTH_PARAMS).normalizeRequestUrl()); // must exclude HTTP(S) default ports when(httpGetMock.getRequestUrl()).thenReturn("http://example.com:80"); assertEquals("http://example.com/", new SignatureBaseString(httpGetMock, EMPTY_PARAMS) .normalizeRequestUrl()); when(httpGetMock.getRequestUrl()).thenReturn("https://example.com:443"); assertEquals("https://example.com/", new SignatureBaseString(httpGetMock, EMPTY_PARAMS) .normalizeRequestUrl()); }
@Test public void shouldWorkWithMultipleParametersWithBracketsOfSameName() throws Exception { HttpRequest request = mock(HttpRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getRequestUrl()).thenReturn("http://examplemultiple.com"); HttpParameters params = new HttpParameters(); params.put("a[]", "1", true); params.put("a[]", "2", true); SignatureBaseString sbs = new SignatureBaseString(request, params); assertEquals("GET&http%3A%2F%2Fexamplemultiple.com%2F&a%255B%255D%3D1%26a%255B%255D%3D2", sbs.generate()); } }
@Test public void shouldConsistOf3NonEmptyPartsConcatenatedWithAmpersand() throws Exception { SignatureBaseString sbs = new SignatureBaseString(httpPostMock, OAUTH_PARAMS); String result = sbs.generate(); String[] parts = result.split("&"); assertEquals(3, parts.length); assertNotNull(parts[0]); assertNotNull(parts[1]); assertNotNull(parts[2]); }
params.put("realm", "www.example.com", true); params.put("oauth_signature", "12345", true); String result = new SignatureBaseString(httpGetMock, params).normalizeRequestParameters(); assertEquals("a=1", result); params.put("z", "t", true); String expected = "a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t"; result = new SignatureBaseString(httpGetMock, params).normalizeRequestParameters(); assertEquals(expected, result); params.put("a", "x y", true); expected = "a=x%20y&a=x%21y"; result = new SignatureBaseString(httpGetMock, params).normalizeRequestParameters(); assertEquals(expected, result); assertEquals("name=", new SignatureBaseString(httpGetMock, params) .normalizeRequestParameters()); params.putNull("name", null); assertEquals("name=", new SignatureBaseString(httpGetMock, params) .normalizeRequestParameters());
@Override public String sign(HttpRequest request, HttpParameters requestParams) throws OAuthMessageSignerException { try { Signature signer = Signature.getInstance("SHA256withRSA"); signer.initSign(signingPrivateKey); String sbs = new SignatureBaseString(request, requestParams).generate(); OAuth.debugOut("SBS", sbs); byte[] text = sbs.getBytes(OAuth.ENCODING); signer.update(text); return CryptUtil.byteArrayToString(signer.sign(), DataEncoding.BASE64); } catch (Exception e) { throw new OAuthMessageSignerException(e); } }
@Override public String sign(HttpRequest request, HttpParameters requestParams) throws OAuthMessageSignerException { try { String keyString = OAuth.percentEncode(getConsumerSecret()) + '&' + OAuth.percentEncode(getTokenSecret()); byte[] keyBytes = keyString.getBytes(OAuth.ENCODING); SecretKey key = new SecretKeySpec(keyBytes, MAC_NAME); Mac mac = Mac.getInstance(MAC_NAME); mac.init(key); String sbs = new SignatureBaseString(request, requestParams).generate(); OAuth.debugOut("SBS", sbs); byte[] text = sbs.getBytes(OAuth.ENCODING); return base64Encode(mac.doFinal(text)).trim(); } catch (GeneralSecurityException e) { throw new OAuthMessageSignerException(e); } catch (UnsupportedEncodingException e) { throw new OAuthMessageSignerException(e); } } }
@Override public String sign(HttpRequest request, HttpParameters requestParams) throws OAuthMessageSignerException { final OAuthRsaSigner signer = new OAuthRsaSigner(); final byte[] privateBytes = Base64.decodeBase64(getConsumerSecret()); final PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(privateBytes); try { signer.privateKey = KeyFactory.getInstance("RSA").generatePrivate(keySpec); final String signatureBaseString = new SignatureBaseString(request, requestParams).generate(); return signer.computeSignature(signatureBaseString); } catch (GeneralSecurityException e) { throw new OAuthMessageSignerException(e); } } }