public List<HttpParameter> generateOAuthSignatureHttpParams(
final String method, final String sign_url) {
final long timestamp = System.currentTimeMillis() / 1000;
final long nonce = timestamp + RAND.nextInt();
final List<HttpParameter> oauthHeaderParams = new ArrayList<HttpParameter>(5);
oauthHeaderParams.add(new HttpParameter("oauth_consumer_key", consumerKey));
oauthHeaderParams.add(OAUTH_SIGNATURE_METHOD);
oauthHeaderParams.add(new HttpParameter("oauth_timestamp", timestamp));
oauthHeaderParams.add(new HttpParameter("oauth_nonce", nonce));
oauthHeaderParams.add(new HttpParameter("oauth_version", "1.0"));
if (oauthToken != null) {
oauthHeaderParams.add(new HttpParameter("oauth_token", oauthToken.getToken()));
}
final List<HttpParameter> signatureBaseParams =
new ArrayList<HttpParameter>(oauthHeaderParams.size());
signatureBaseParams.addAll(oauthHeaderParams);
parseGetParameters(sign_url, signatureBaseParams);
final StringBuffer base =
new StringBuffer(method)
.append("&")
.append(HttpParameter.encode(constructRequestURL(sign_url)))
.append("&");
base.append(HttpParameter.encode(normalizeRequestParameters(signatureBaseParams)));
final String oauthBaseString = base.toString();
final String signature = generateSignature(oauthBaseString, oauthToken);
oauthHeaderParams.add(new HttpParameter("oauth_signature", signature));
return oauthHeaderParams;
}
/**
* Computes RFC 2104-compliant HMAC signature.
*
* @param data the data to be signed
* @param token the token
* @return signature
* @see <a href="http://oauth.net/core/1.0a/#rfc.section.9.2.1">OAuth Core - 9.2.1. Generating
* Signature</a>
*/
/* package */ String generateSignature(final String data, final OAuthToken token) {
byte[] byteHMAC = null;
try {
final Mac mac = Mac.getInstance(HMAC_SHA1);
SecretKeySpec spec;
if (null == token) {
final String oauthSignature = HttpParameter.encode(consumerSecret) + "&";
spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1);
} else {
spec = token.getSecretKeySpec();
if (null == spec) {
final String oauthSignature =
HttpParameter.encode(consumerSecret)
+ "&"
+ HttpParameter.encode(token.getTokenSecret());
spec = new SecretKeySpec(oauthSignature.getBytes(), HMAC_SHA1);
token.setSecretKeySpec(spec);
}
}
mac.init(spec);
byteHMAC = mac.doFinal(data.getBytes());
} catch (final InvalidKeyException ike) {
logger.error("Failed initialize \"Message Authentication Code\" (MAC)", ike);
throw new AssertionError(ike);
} catch (final NoSuchAlgorithmException nsae) {
logger.error("Failed to get HmacSHA1 \"Message Authentication Code\" (MAC)", nsae);
throw new AssertionError(nsae);
}
return BASE64Encoder.encode(byteHMAC);
}
public static String encodeParameters(
final List<HttpParameter> httpParams, final String splitter, final boolean quot) {
final StringBuffer buf = new StringBuffer();
for (final HttpParameter param : httpParams) {
if (!param.isFile()) {
if (buf.length() != 0) {
if (quot) {
buf.append("\"");
}
buf.append(splitter);
}
buf.append(HttpParameter.encode(param.getName())).append("=");
if (quot) {
buf.append("\"");
}
buf.append(HttpParameter.encode(param.getValue()));
}
}
if (buf.length() != 0) {
if (quot) {
buf.append("\"");
}
}
return buf.toString();
}
/* package */ String generateAuthorizationHeader(
final String method,
final String sign_url,
HttpParameter[] params,
final String nonce,
final String timestamp,
final OAuthToken otoken) {
if (null == params) {
params = new HttpParameter[0];
}
final List<HttpParameter> oauthHeaderParams = new ArrayList<HttpParameter>(5);
oauthHeaderParams.add(new HttpParameter("oauth_consumer_key", consumerKey));
oauthHeaderParams.add(OAUTH_SIGNATURE_METHOD);
oauthHeaderParams.add(new HttpParameter("oauth_timestamp", timestamp));
oauthHeaderParams.add(new HttpParameter("oauth_nonce", nonce));
oauthHeaderParams.add(new HttpParameter("oauth_version", "1.0"));
if (otoken != null) {
oauthHeaderParams.add(new HttpParameter("oauth_token", otoken.getToken()));
}
final List<HttpParameter> signatureBaseParams =
new ArrayList<HttpParameter>(oauthHeaderParams.size() + params.length);
signatureBaseParams.addAll(oauthHeaderParams);
if (!HttpParameter.containsFile(params)) {
signatureBaseParams.addAll(toParamList(params));
}
parseGetParameters(sign_url, signatureBaseParams);
final StringBuffer base =
new StringBuffer(method)
.append("&")
.append(HttpParameter.encode(constructRequestURL(sign_url)))
.append("&");
base.append(HttpParameter.encode(normalizeRequestParameters(signatureBaseParams)));
final String oauthBaseString = base.toString();
logger.debug("OAuth base string: ", oauthBaseString);
final String signature = generateSignature(oauthBaseString, otoken);
logger.debug("OAuth signature: ", signature);
oauthHeaderParams.add(new HttpParameter("oauth_signature", signature));
// http://oauth.net/core/1.0/#rfc.section.9.1.1
if (realm != null) {
oauthHeaderParams.add(new HttpParameter("realm", realm));
}
return "OAuth " + encodeParameters(oauthHeaderParams, ",", true);
}