public void setTokenWithSecret(String token, String tokenSecret) { this.token = token; messageSigner.setTokenSecret(tokenSecret); }
public void setMessageSigner(OAuthMessageSigner messageSigner) { this.messageSigner = messageSigner; messageSigner.setConsumerSecret(consumerSecret); }
public String getTokenSecret() { return messageSigner.getTokenSecret(); }
@Test public void shouldStartWithUppercaseHttpMethod() throws Exception { assertTrue(new SignatureBaseString(httpPostMock, EMPTY_PARAMS).generate().split("&")[0] .equals("POST")); assertTrue(new SignatureBaseString(httpGetMock, EMPTY_PARAMS).generate().split("&")[0] .equals("GET")); }
public AbstractOAuthConsumer(String consumerKey, String consumerSecret) { this.consumerKey = consumerKey; this.consumerSecret = consumerSecret; setMessageSigner(new HmacSha1MessageSigner()); setSigningStrategy(new AuthorizationHeaderSigningStrategy()); }
@Test public void shouldComputeCorrectHmacSha1Signature() throws Exception { // based on the reference test case from // http://oauth.pbwiki.com/TestCases OAuthMessageSigner signer = new HmacSha1MessageSigner(); signer.setConsumerSecret(CONSUMER_SECRET); signer.setTokenSecret(TOKEN_SECRET); HttpRequest request = mock(HttpRequest.class); when(request.getRequestUrl()).thenReturn("http://photos.example.net/photos"); when(request.getMethod()).thenReturn("GET"); HttpParameters params = new HttpParameters(); params.putAll(OAUTH_PARAMS); params.put("file", "vacation.jpg"); params.put("size", "original"); assertEquals("tR3+Ty81lMeYAr/Fid0kMTYa/WM=", signer.sign(request, params)); }
@Test public void testDifferentSigningStrategies() throws Exception { SigningStrategy strategy = null; String signature = "123"; HttpParameters params = new HttpParameters(); params.put("realm", "http://x.com"); params.put("oauth_token", "abc"); params.put("x_oauth_custom_param", "cde"); params.put("should_not_appear", "nono"); strategy = new AuthorizationHeaderSigningStrategy(); assertEquals( "OAuth realm=\"http://x.com\", oauth_signature=\"123\", oauth_token=\"abc\", x_oauth_custom_param=\"cde\"", strategy.writeSignature(signature, httpGetMock, params)); assertEquals( "OAuth realm=\"http://x.com\", oauth_signature=\"123\", oauth_token=\"abc\", x_oauth_custom_param=\"cde\"", strategy.writeSignature(signature, httpGetMockWithQueryString, params)); strategy = new QueryStringSigningStrategy(); assertEquals( "http://www.example.com?oauth_signature=123&oauth_token=abc&x_oauth_custom_param=cde", strategy.writeSignature(signature, httpGetMock, params)); assertEquals( "http://www.example.com?foo=bar&oauth_signature=123&oauth_token=abc&x_oauth_custom_param=cde", strategy.writeSignature(signature, httpGetMockWithQueryString, params)); } }
@Test public void shouldCreateCorrectPlaintextSignature() throws Exception { OAuthMessageSigner signer = new PlainTextMessageSigner(); signer.setConsumerSecret(CONSUMER_SECRET); signer.setTokenSecret(TOKEN_SECRET); assertEquals(CONSUMER_SECRET + "&" + TOKEN_SECRET, signer.sign(httpGetMock, OAUTH_PARAMS)); }
@Override public String sign(HttpRequest request, HttpParameters requestParams) throws OAuthMessageSignerException { try { String keyString = OAuth.percentEncode(getConsumerSecret()) + '&' + OAuth.percentEncode(getTokenSecret()); byte[] keyBytes = keyString.getBytes(OAuth.ENCODING); SecretKey key = new SecretKeySpec(keyBytes, MAC_NAME); Mac mac = Mac.getInstance(MAC_NAME); mac.init(key); String sbs = new SignatureBaseString(request, requestParams).generate(); OAuth.debugOut("SBS", sbs); byte[] text = sbs.getBytes(OAuth.ENCODING); return base64Encode(mac.doFinal(text)).trim(); } catch (GeneralSecurityException e) { throw new OAuthMessageSignerException(e); } catch (UnsupportedEncodingException e) { throw new OAuthMessageSignerException(e); } } }
@Override public String sign(HttpRequest request, HttpParameters requestParams) throws OAuthMessageSignerException { try { String keyString = OAuth.percentEncode(getConsumerSecret()) + '&' + OAuth.percentEncode(getTokenSecret()); byte[] keyBytes = keyString.getBytes(OAuth.ENCODING); SecretKey key = new SecretKeySpec(keyBytes, MAC_NAME); Mac mac = Mac.getInstance(MAC_NAME); mac.init(key); String sbs = new SignatureBaseString(request, requestParams).generate(); OAuth.debugOut("SBS", sbs); byte[] text = sbs.getBytes(OAuth.ENCODING); return base64Encode(mac.doFinal(text)).trim(); } catch (GeneralSecurityException e) { throw new OAuthMessageSignerException(e); } catch (UnsupportedEncodingException e) { throw new OAuthMessageSignerException(e); } } }
@Test public void shouldComputeCorrectHmacSha256Signature() throws Exception { // based on the reference test case from // http://oauth.pbwiki.com/TestCases OAuthMessageSigner signer = new HmacSha256MessageSigner(); signer.setConsumerSecret(CONSUMER_SECRET); signer.setTokenSecret(TOKEN_SECRET); HttpRequest request = mock(HttpRequest.class); when(request.getRequestUrl()).thenReturn("http://photos.example.net/photos"); when(request.getMethod()).thenReturn("GET"); HttpParameters params = new HttpParameters(); params.putAll(OAUTH_PARAMS); params.put("file", "vacation.jpg"); params.put("size", "original"); assertEquals("0gCtTYQAxqCKhIE0sltgx7UgHkAs10vrpuYE7xpRBnE=", signer.sign(request, params)); } }
@Test public void shouldNormalizeRequestUrl() throws Exception { // must include scheme and authority in lowercase letters, // plus non HTTP(S) port, plus path, // but must ignore query params and fragment when(httpGetMock.getRequestUrl()) .thenReturn("HTTP://www.Example.Com:123/test?q=1#fragment"); assertEquals("http://www.example.com:123/test", new SignatureBaseString(httpGetMock, OAUTH_PARAMS).normalizeRequestUrl()); // must exclude HTTP(S) default ports when(httpGetMock.getRequestUrl()).thenReturn("http://example.com:80"); assertEquals("http://example.com/", new SignatureBaseString(httpGetMock, EMPTY_PARAMS) .normalizeRequestUrl()); when(httpGetMock.getRequestUrl()).thenReturn("https://example.com:443"); assertEquals("https://example.com/", new SignatureBaseString(httpGetMock, EMPTY_PARAMS) .normalizeRequestUrl()); }
/** * Builds the signature base string from the data this instance was * configured with. * * @return the signature base string * @throws OAuthMessageSignerException */ public String generate() throws OAuthMessageSignerException { try { String normalizedUrl = normalizeRequestUrl(); String normalizedParams = normalizeRequestParameters(); return request.getMethod() + '&' + OAuth.percentEncode(normalizedUrl) + '&' + OAuth.percentEncode(normalizedParams); } catch (Exception e) { throw new OAuthMessageSignerException(e); } }
public synchronized HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException, OAuthExpectationFailedException, OAuthCommunicationException { if (consumerKey == null) { throw new OAuthExpectationFailedException("consumer key not set"); } if (consumerSecret == null) { throw new OAuthExpectationFailedException("consumer secret not set"); } requestParameters = new HttpParameters(); try { if (additionalParameters != null) { requestParameters.putAll(additionalParameters, false); } collectHeaderParameters(request, requestParameters); collectQueryParameters(request, requestParameters); collectBodyParameters(request, requestParameters); // add any OAuth params that haven't already been set completeOAuthParameters(requestParameters); requestParameters.remove(OAuth.OAUTH_SIGNATURE); } catch (IOException e) { throw new OAuthCommunicationException(e); } String signature = messageSigner.sign(request, requestParameters); OAuth.debugOut("signature", signature); signingStrategy.writeSignature(signature, request, requestParameters); OAuth.debugOut("Request URL", request.getRequestUrl()); return request; }
@Override public String sign(HttpRequest request, HttpParameters requestParams) throws OAuthMessageSignerException { return OAuth.percentEncode(getConsumerSecret()) + '&' + OAuth.percentEncode(getTokenSecret()); } }
public synchronized String sign(String url) throws OAuthMessageSignerException, OAuthExpectationFailedException, OAuthCommunicationException { HttpRequest request = new UrlStringRequestAdapter(url); // switch to URL signing SigningStrategy oldStrategy = this.signingStrategy; this.signingStrategy = new QueryStringSigningStrategy(); sign(request); // revert to old strategy this.signingStrategy = oldStrategy; return request.getRequestUrl(); }
@Test public void shouldConsistOf3NonEmptyPartsConcatenatedWithAmpersand() throws Exception { SignatureBaseString sbs = new SignatureBaseString(httpPostMock, OAUTH_PARAMS); String result = sbs.generate(); String[] parts = result.split("&"); assertEquals(3, parts.length); assertNotNull(parts[0]); assertNotNull(parts[1]); assertNotNull(parts[2]); }
@Test public void shouldEncodeAndConcatenateAllSignatureParts() throws Exception { HttpRequest request = mock(HttpRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getRequestUrl()).thenReturn("http://example.com"); HttpParameters params = new HttpParameters(); params.put("a", "1"); SignatureBaseString sbs = new SignatureBaseString(request, params); //TODO: Is it correct that a trailing slash is always added to the //request URL authority if the path is empty? assertEquals("GET&http%3A%2F%2Fexample.com%2F&a%3D1", sbs.generate()); }
@Test public void shouldWorkWithBracketsInParameterName() throws Exception { HttpRequest request = mock(HttpRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getRequestUrl()).thenReturn("http://examplebrackets.com"); HttpParameters params = new HttpParameters(); params.put("a[]", "1", true); SignatureBaseString sbs = new SignatureBaseString(request, params); assertEquals("GET&http%3A%2F%2Fexamplebrackets.com%2F&a%255B%255D%3D1", sbs.generate()); }
@Test public void shouldWorkWithMultipleParametersWithBracketsOfSameName() throws Exception { HttpRequest request = mock(HttpRequest.class); when(request.getMethod()).thenReturn("GET"); when(request.getRequestUrl()).thenReturn("http://examplemultiple.com"); HttpParameters params = new HttpParameters(); params.put("a[]", "1", true); params.put("a[]", "2", true); SignatureBaseString sbs = new SignatureBaseString(request, params); assertEquals("GET&http%3A%2F%2Fexamplemultiple.com%2F&a%255B%255D%3D1%26a%255B%255D%3D2", sbs.generate()); } }