public List<HttpParameter> generateOAuthSignatureHttpParams( final String method, final String sign_url) { final long timestamp = System.currentTimeMillis() / 1000; final long nonce = timestamp + RAND.nextInt(); final List<HttpParameter> oauthHeaderParams = new ArrayList<HttpParameter>(5); oauthHeaderParams.add(new HttpParameter("oauth_consumer_key", consumerKey)); oauthHeaderParams.add(OAUTH_SIGNATURE_METHOD); oauthHeaderParams.add(new HttpParameter("oauth_timestamp", timestamp)); oauthHeaderParams.add(new HttpParameter("oauth_nonce", nonce)); oauthHeaderParams.add(new HttpParameter("oauth_version", "1.0")); if (oauthToken != null) { oauthHeaderParams.add(new HttpParameter("oauth_token", oauthToken.getToken())); } final List<HttpParameter> signatureBaseParams = new ArrayList<HttpParameter>(oauthHeaderParams.size()); signatureBaseParams.addAll(oauthHeaderParams); parseGetParameters(sign_url, signatureBaseParams); final StringBuffer base = new StringBuffer(method) .append("&") .append(HttpParameter.encode(constructRequestURL(sign_url))) .append("&"); base.append(HttpParameter.encode(normalizeRequestParameters(signatureBaseParams))); final String oauthBaseString = base.toString(); final String signature = generateSignature(oauthBaseString, oauthToken); oauthHeaderParams.add(new HttpParameter("oauth_signature", signature)); return oauthHeaderParams; }
/** * Computes RFC 2104-compliant HMAC signature. * * @param data the data to be signed * @param token the token * @return signature * @see <a href="http://oauth.net/core/1.0a/#rfc.section.9.2.1">OAuth Core - 9.2.1. Generating * Signature</a> */ /* package */ String generateSignature(final String data, final OAuthToken token) { byte[] byteHMAC = null; try { final Mac mac = Mac.getInstance(HMAC_SHA1); SecretKeySpec spec; if (null == token) { final String oauthSignature = HttpParameter.encode(consumerSecret) + "&"; spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1); } else { spec = token.getSecretKeySpec(); if (null == spec) { final String oauthSignature = HttpParameter.encode(consumerSecret) + "&" + HttpParameter.encode(token.getTokenSecret()); spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1); token.setSecretKeySpec(spec); } } mac.init(spec); byteHMAC = mac.doFinal(data.getBytes()); } catch (final InvalidKeyException ike) { logger.error("Failed initialize \"Message Authentication Code\" (MAC)", ike); throw new AssertionError(ike); } catch (final NoSuchAlgorithmException nsae) { logger.error("Failed to get HmacSHA1 \"Message Authentication Code\" (MAC)", nsae); throw new AssertionError(nsae); } return BASE64Encoder.encode(byteHMAC); }
public static String encodeParameters( final List<HttpParameter> httpParams, final String splitter, final boolean quot) { final StringBuffer buf = new StringBuffer(); for (final HttpParameter param : httpParams) { if (!param.isFile()) { if (buf.length() != 0) { if (quot) { buf.append("\""); } buf.append(splitter); } buf.append(HttpParameter.encode(param.getName())).append("="); if (quot) { buf.append("\""); } buf.append(HttpParameter.encode(param.getValue())); } } if (buf.length() != 0) { if (quot) { buf.append("\""); } } return buf.toString(); }
/* package */ String generateAuthorizationHeader( final String method, final String sign_url, HttpParameter[] params, final String nonce, final String timestamp, final OAuthToken otoken) { if (null == params) { params = new HttpParameter[0]; } final List<HttpParameter> oauthHeaderParams = new ArrayList<HttpParameter>(5); oauthHeaderParams.add(new HttpParameter("oauth_consumer_key", consumerKey)); oauthHeaderParams.add(OAUTH_SIGNATURE_METHOD); oauthHeaderParams.add(new HttpParameter("oauth_timestamp", timestamp)); oauthHeaderParams.add(new HttpParameter("oauth_nonce", nonce)); oauthHeaderParams.add(new HttpParameter("oauth_version", "1.0")); if (otoken != null) { oauthHeaderParams.add(new HttpParameter("oauth_token", otoken.getToken())); } final List<HttpParameter> signatureBaseParams = new ArrayList<HttpParameter>(oauthHeaderParams.size() + params.length); signatureBaseParams.addAll(oauthHeaderParams); if (!HttpParameter.containsFile(params)) { signatureBaseParams.addAll(toParamList(params)); } parseGetParameters(sign_url, signatureBaseParams); final StringBuffer base = new StringBuffer(method) .append("&") .append(HttpParameter.encode(constructRequestURL(sign_url))) .append("&"); base.append(HttpParameter.encode(normalizeRequestParameters(signatureBaseParams))); final String oauthBaseString = base.toString(); logger.debug("OAuth base string: ", oauthBaseString); final String signature = generateSignature(oauthBaseString, otoken); logger.debug("OAuth signature: ", signature); oauthHeaderParams.add(new HttpParameter("oauth_signature", signature)); // http://oauth.net/core/1.0/#rfc.section.9.1.1 if (realm != null) { oauthHeaderParams.add(new HttpParameter("realm", realm)); } return "OAuth " + encodeParameters(oauthHeaderParams, ",", true); }