public List<HttpParameter> generateOAuthSignatureHttpParams(
      final String method, final String sign_url) {
    final long timestamp = System.currentTimeMillis() / 1000;
    final long nonce = timestamp + RAND.nextInt();

    final List<HttpParameter> oauthHeaderParams = new ArrayList<HttpParameter>(5);
    oauthHeaderParams.add(new HttpParameter("oauth_consumer_key", consumerKey));
    oauthHeaderParams.add(OAUTH_SIGNATURE_METHOD);
    oauthHeaderParams.add(new HttpParameter("oauth_timestamp", timestamp));
    oauthHeaderParams.add(new HttpParameter("oauth_nonce", nonce));
    oauthHeaderParams.add(new HttpParameter("oauth_version", "1.0"));
    if (oauthToken != null) {
      oauthHeaderParams.add(new HttpParameter("oauth_token", oauthToken.getToken()));
    }

    final List<HttpParameter> signatureBaseParams =
        new ArrayList<HttpParameter>(oauthHeaderParams.size());
    signatureBaseParams.addAll(oauthHeaderParams);
    parseGetParameters(sign_url, signatureBaseParams);

    final StringBuffer base =
        new StringBuffer(method)
            .append("&")
            .append(HttpParameter.encode(constructRequestURL(sign_url)))
            .append("&");
    base.append(HttpParameter.encode(normalizeRequestParameters(signatureBaseParams)));

    final String oauthBaseString = base.toString();
    final String signature = generateSignature(oauthBaseString, oauthToken);

    oauthHeaderParams.add(new HttpParameter("oauth_signature", signature));

    return oauthHeaderParams;
  }
 /**
  * Computes RFC 2104-compliant HMAC signature.
  *
  * @param data the data to be signed
  * @param token the token
  * @return signature
  * @see <a href="http://oauth.net/core/1.0a/#rfc.section.9.2.1">OAuth Core - 9.2.1. Generating
  *     Signature</a>
  */
 /* package */ String generateSignature(final String data, final OAuthToken token) {
   byte[] byteHMAC = null;
   try {
     final Mac mac = Mac.getInstance(HMAC_SHA1);
     SecretKeySpec spec;
     if (null == token) {
       final String oauthSignature = HttpParameter.encode(consumerSecret) + "&";
       spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1);
     } else {
       spec = token.getSecretKeySpec();
       if (null == spec) {
         final String oauthSignature =
             HttpParameter.encode(consumerSecret)
                 + "&"
                 + HttpParameter.encode(token.getTokenSecret());
         spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1);
         token.setSecretKeySpec(spec);
       }
     }
     mac.init(spec);
     byteHMAC = mac.doFinal(data.getBytes());
   } catch (final InvalidKeyException ike) {
     logger.error("Failed initialize \"Message Authentication Code\" (MAC)", ike);
     throw new AssertionError(ike);
   } catch (final NoSuchAlgorithmException nsae) {
     logger.error("Failed to get HmacSHA1 \"Message Authentication Code\" (MAC)", nsae);
     throw new AssertionError(nsae);
   }
   return BASE64Encoder.encode(byteHMAC);
 }
 public static String encodeParameters(
     final List<HttpParameter> httpParams, final String splitter, final boolean quot) {
   final StringBuffer buf = new StringBuffer();
   for (final HttpParameter param : httpParams) {
     if (!param.isFile()) {
       if (buf.length() != 0) {
         if (quot) {
           buf.append("\"");
         }
         buf.append(splitter);
       }
       buf.append(HttpParameter.encode(param.getName())).append("=");
       if (quot) {
         buf.append("\"");
       }
       buf.append(HttpParameter.encode(param.getValue()));
     }
   }
   if (buf.length() != 0) {
     if (quot) {
       buf.append("\"");
     }
   }
   return buf.toString();
 }
  /* package */ String generateAuthorizationHeader(
      final String method,
      final String sign_url,
      HttpParameter[] params,
      final String nonce,
      final String timestamp,
      final OAuthToken otoken) {
    if (null == params) {
      params = new HttpParameter[0];
    }
    final List<HttpParameter> oauthHeaderParams = new ArrayList<HttpParameter>(5);
    oauthHeaderParams.add(new HttpParameter("oauth_consumer_key", consumerKey));
    oauthHeaderParams.add(OAUTH_SIGNATURE_METHOD);
    oauthHeaderParams.add(new HttpParameter("oauth_timestamp", timestamp));
    oauthHeaderParams.add(new HttpParameter("oauth_nonce", nonce));
    oauthHeaderParams.add(new HttpParameter("oauth_version", "1.0"));
    if (otoken != null) {
      oauthHeaderParams.add(new HttpParameter("oauth_token", otoken.getToken()));
    }
    final List<HttpParameter> signatureBaseParams =
        new ArrayList<HttpParameter>(oauthHeaderParams.size() + params.length);
    signatureBaseParams.addAll(oauthHeaderParams);
    if (!HttpParameter.containsFile(params)) {
      signatureBaseParams.addAll(toParamList(params));
    }
    parseGetParameters(sign_url, signatureBaseParams);
    final StringBuffer base =
        new StringBuffer(method)
            .append("&")
            .append(HttpParameter.encode(constructRequestURL(sign_url)))
            .append("&");
    base.append(HttpParameter.encode(normalizeRequestParameters(signatureBaseParams)));
    final String oauthBaseString = base.toString();
    logger.debug("OAuth base string: ", oauthBaseString);
    final String signature = generateSignature(oauthBaseString, otoken);
    logger.debug("OAuth signature: ", signature);

    oauthHeaderParams.add(new HttpParameter("oauth_signature", signature));

    // http://oauth.net/core/1.0/#rfc.section.9.1.1
    if (realm != null) {
      oauthHeaderParams.add(new HttpParameter("realm", realm));
    }
    return "OAuth " + encodeParameters(oauthHeaderParams, ",", true);
  }