/** * Tests a call to an OAuth endpoint: GET /oauth/test_request using the RSA-SHA1 signature method, * which is the most secure one. This is a regular 3-legged OAuth call i.e. with an authenticated * access token for a user. */ public void testOAuthCallWithRsaSha1Signature() throws MalformedURLException { OAuthClientHelper och = new OAuthClientHelper(); och.setHttpMethod(HttpMethod.GET); och.setRequestUrl(new URL("https://cheetah.dhcp.pgdev.sap.corp/oauth/test_request")); och.setConsumerKey("1VMzOctCAidMaahS9yJU"); och.setConsumerPrivateKey(TEST_CONSUMER_PRIVATE_KEY); och.setToken("qlbjCFbiBewXcCSAgIB9"); och.setSignatureMethod(SignatureMethod.RSA_SHA1); // under normal circumstances, we would not set the timestamp and nonce, and just let the // library // use the current time and a generated uuid. However, we're comparing with a known good request och.setTimestamp(1307745674L); och.setNonce("oCaDVVBkIw"); String expectedAuthorizationHeader = "OAuth oauth_consumer_key=\"1VMzOctCAidMaahS9yJU\", oauth_nonce=\"oCaDVVBkIw\", oauth_signature_method=\"RSA-SHA1\", oauth_timestamp=\"1307745674\", oauth_version=\"1.0\", oauth_token=\"qlbjCFbiBewXcCSAgIB9\", oauth_signature=\"U2gpD7SZldInb6JorOkopdKBDlUG2xZikHf92MwKxFH%2FdXxr9J6LSsrg0G8HXPHXGgzm5%2BD7edjz2gl1yss4jtFBCb8AmMxp5VVyehzlZUm6A4rfpkrq9tH7Hdpc%2BLCnFC4c2vqAMzT%2BTf3r2Ki%2FrE9hwtu4Iireb1feN3V3ZQ7rZNRjdPc%2BJpDYSkoo9VTL2KSzUzZYDYJaSRLPoryburLRpam%2BMA3DCvFrCT6pKOXnS6II5H6Uyt%2FOR3GHPDWcb15zZijMKstxPaj8kvv6ziwVPcN1UVm8p12%2FKEQxlmohVwh1YR0lObT%2BKG790u47Em3Gk8Ot%2FDN4cg9ewJqb%2BA%3D%3D\""; assertEqualAuthorizationHeaders(expectedAuthorizationHeader, och.generateAuthorizationHeader()); }
/** * Tests a call to the two-legged OAuth endpoint: GET /oauth/test_consumer_request using the * RSA-SHA1 signature method. */ public void testTwoLeggedOAuthCallWithRsaSha1Signature() throws MalformedURLException { OAuthClientHelper och = new OAuthClientHelper(); och.setHttpMethod(HttpMethod.GET); och.setRequestUrl(new URL("https://cheetah.dhcp.pgdev.sap.corp/oauth/test_consumer_request")); och.setConsumerKey("1VMzOctCAidMaahS9yJU"); och.setConsumerPrivateKey(TEST_CONSUMER_PRIVATE_KEY); och.setTokenForTwoLeggedOAuth(); och.setSignatureMethod(SignatureMethod.RSA_SHA1); // under normal circumstances, we would not set the timestamp and nonce, and just let the // library // use the current time and a generated uuid. However, we're comparing with a known good request och.setTimestamp(1307748357L); och.setNonce("NtX9Gah3Bw"); String expectedAuthorizationHeader = "OAuth oauth_consumer_key=\"1VMzOctCAidMaahS9yJU\", oauth_nonce=\"NtX9Gah3Bw\", oauth_signature_method=\"RSA-SHA1\", oauth_timestamp=\"1307748357\", oauth_version=\"1.0\", oauth_token=\"\", oauth_signature=\"h%2FKJEkVh3GdY%2BLN7G6gQazi625uwKGkxzyN3dcQh4LzyS2z%2FBLCcLiWL5u9Xkk%2FwxvIwvE6FcvWmYlPHxzNUPxjNfXkIo6CgfF2wAqDf09JLPuMlZPAKaj8n%2BFOTiswuOH%2BsxkCatN2ziUKsMqniYWHLxgT3Q9DI1Fve6tdGOuJO0H3Lg%2BzAIC8oWSWw4q6VPPauCbslJaZTA6d6v2yg2oMxBoLCnJ9x1F2C2B9Fqb3w0lkzDm5Vxz%2B%2BWgswLSXpIBQpfoqzZpE5qohBpq%2FT9KGMM8Ewj2hvzf0NSZtMRPvqpE5A4AFBxMnHlIHKnFLTxRqjAn2qgm1MY6wJhDDuoQ%3D%3D\""; assertEqualAuthorizationHeaders(expectedAuthorizationHeader, och.generateAuthorizationHeader()); }