/**
   * POST: For an "update" action : update cart and show the cart page For a "checkout" action:
   * moves the cart items to a transaction and redirects to the products page with a success message
   */
  @Override
  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
      throws ServletException, IOException {
    try {
      Customer customer = getOrCreateCustomer(req, resp);
      String action = req.getParameter("action");

      if ("update".equals(action)) {
        Map<Long, Integer> productQuantityMap = new HashMap<Long, Integer>();
        for (Map.Entry<String, String[]> param : req.getParameterMap().entrySet()) {
          if (param.getKey().startsWith("product-")) {
            long productId = Long.parseLong(param.getKey().substring(8));
            int quantity = Integer.parseInt(param.getValue()[0]);
            productQuantityMap.put(productId, quantity);
          }
        }

        int cartItemCount =
            getStorefrontService(req).updateCart(customer.getId(), productQuantityMap);
        customer.setCartItemCount(cartItemCount);
        doGet(req, resp);
      } else if ("checkout".equals(action)) {
        // Move items from cart to transaction
        getStorefrontService(req).checkout(customer.getId());

        // Report success
        String itemDesc =
            (customer.getCartItemCount() != 1) ? customer.getCartItemCount() + " items" : "item";
        addMessage(
            req,
            MessageSeverity.SUCCESS,
            "Your transaction was successful.  Your "
                + itemDesc
                + " will be shipped soon.  Thank you for shopping with us!");

        // Forward to products page
        customer.setCartItemCount(0);
        resp.sendRedirect(
            "store-products?tenant="
                + UriComponent.encode(
                    getTenant(req).getAppInstance().getTenantName(), Type.QUERY_PARAM));
      }
    } catch (Exception e) {
      addErrorMessage(req, e);
      doGet(req, resp);
    }
  }
  public void testRSASHA1() {
    DummyRequest request =
        new DummyRequest()
            .requestMethod("GET")
            .requestURL("http://photos.example.net/photos")
            .parameterValue("file", "vacaction.jpg")
            .parameterValue("size", "original");

    OAuthParameters params =
        new OAuthParameters()
            .realm(REALM)
            .consumerKey(CONSUMER_KEY)
            .signatureMethod(RSA_SIGNATURE_METHOD)
            .timestamp(RSA_TIMESTAMP)
            .nonce(RSA_NONCE)
            .version(VERSION);

    OAuthSecrets secrets = new OAuthSecrets().consumerSecret(RSA_PRIVKEY);

    // generate digital signature; ensure it matches the OAuth spec
    String signature = null;

    try {
      signature = OAuthSignature.generate(request, params, secrets);
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }
    assertEquals(signature, RSA_SIGNATURE);

    OAuthParameters saved = (OAuthParameters) params.clone();

    try {
      // sign the request; clear params; parse params from request; ensure they match original
      OAuthSignature.sign(request, params, secrets);
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }

    // signing the request should not have modified the original parameters
    assertTrue(params.equals(saved));
    assertTrue(params.getSignature() == null);

    params = new OAuthParameters();
    params.readRequest(request);
    assertEquals(params.getRealm(), REALM);
    assertEquals(params.getConsumerKey(), CONSUMER_KEY);
    //        assertEquals(params.getToken(), ACCESS_TOKEN);
    assertEquals(params.getSignatureMethod(), RSA_SIGNATURE_METHOD);
    assertEquals(params.getTimestamp(), RSA_TIMESTAMP);
    assertEquals(params.getNonce(), RSA_NONCE);
    assertEquals(params.getVersion(), VERSION);
    assertEquals(params.getSignature(), RSA_SIGNATURE);

    // perform the same encoding as done by OAuthParameters.writeRequest
    // to see if the encoded signature will match
    assertEquals(
        UriComponent.encode(params.getSignature(), UriComponent.Type.UNRESERVED),
        RSA_SIGNATURE_ENCODED);

    secrets = new OAuthSecrets().consumerSecret(RSA_CERTIFICATE);
    try {
      // verify signature using request that was just signed
      assertTrue(OAuthSignature.verify(request, params, secrets));
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }
  }