Exemplo n.º 1
0
  public void testRSASHA1() {
    DummyRequest request =
        new DummyRequest()
            .requestMethod("GET")
            .requestURL("http://photos.example.net/photos")
            .parameterValue("file", "vacaction.jpg")
            .parameterValue("size", "original");

    OAuthParameters params =
        new OAuthParameters()
            .realm(REALM)
            .consumerKey(CONSUMER_KEY)
            .signatureMethod(RSA_SIGNATURE_METHOD)
            .timestamp(RSA_TIMESTAMP)
            .nonce(RSA_NONCE)
            .version(VERSION);

    OAuthSecrets secrets = new OAuthSecrets().consumerSecret(RSA_PRIVKEY);

    // generate digital signature; ensure it matches the OAuth spec
    String signature = null;

    try {
      signature = OAuthSignature.generate(request, params, secrets);
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }
    assertEquals(signature, RSA_SIGNATURE);

    OAuthParameters saved = (OAuthParameters) params.clone();

    try {
      // sign the request; clear params; parse params from request; ensure they match original
      OAuthSignature.sign(request, params, secrets);
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }

    // signing the request should not have modified the original parameters
    assertTrue(params.equals(saved));
    assertTrue(params.getSignature() == null);

    params = new OAuthParameters();
    params.readRequest(request);
    assertEquals(params.getRealm(), REALM);
    assertEquals(params.getConsumerKey(), CONSUMER_KEY);
    //        assertEquals(params.getToken(), ACCESS_TOKEN);
    assertEquals(params.getSignatureMethod(), RSA_SIGNATURE_METHOD);
    assertEquals(params.getTimestamp(), RSA_TIMESTAMP);
    assertEquals(params.getNonce(), RSA_NONCE);
    assertEquals(params.getVersion(), VERSION);
    assertEquals(params.getSignature(), RSA_SIGNATURE);

    // perform the same encoding as done by OAuthParameters.writeRequest
    // to see if the encoded signature will match
    assertEquals(
        UriComponent.encode(params.getSignature(), UriComponent.Type.UNRESERVED),
        RSA_SIGNATURE_ENCODED);

    secrets = new OAuthSecrets().consumerSecret(RSA_CERTIFICATE);
    try {
      // verify signature using request that was just signed
      assertTrue(OAuthSignature.verify(request, params, secrets));
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }
  }
Exemplo n.º 2
0
  /**
   * Test a Twitter status update.
   *
   * <p>Specifically, this test includes some characters (spaces) in one of the parameters which
   * were incorrectly encoded (as '+' instead of "%20") with the original encoding routine.
   */
  public void testTwitterSig() {
    final String TWITTERTEST_SIGNATURE = "yfrn/p/4Hnp+XcwUBVfW0cSgc+o=";
    final String TWITTERTEST_SIGNATURE_ENC = "yfrn%2Fp%2F4Hnp%2BXcwUBVfW0cSgc%2Bo%3D";

    DummyRequest request =
        new DummyRequest()
            .requestMethod("POST")
            .requestURL("http://twitter.com/statuses/update.json")
            .parameterValue("status", "Hello Twitter World");

    OAuthParameters params =
        new OAuthParameters()
            .consumerKey(CONSUMER_KEY)
            .token(ACCESS_TOKEN)
            .signatureMethod(SIGNATURE_METHOD)
            .timestamp(TIMESTAMP)
            .nonce(NONCE)
            .version(VERSION);

    OAuthSecrets secrets =
        new OAuthSecrets().consumerSecret("kd94hf93k423kf44").tokenSecret("pfkkdhi9sl3r4s00");

    // generate digital signature; ensure it matches the OAuth spec
    String signature = null;

    try {
      signature = OAuthSignature.generate(request, params, secrets);
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }

    assertEquals(signature, TWITTERTEST_SIGNATURE);

    OAuthParameters saved = (OAuthParameters) params.clone();

    try {
      // sign the request; clear params; parse params from request;
      // ensure they match original
      OAuthSignature.sign(request, params, secrets);
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }

    // signing the request should not have modified the original parameters
    assertTrue(params.equals(saved));
    assertTrue(params.getSignature() == null);

    params = new OAuthParameters();
    params.readRequest(request);
    assertEquals(params.getConsumerKey(), CONSUMER_KEY);
    assertEquals(params.getToken(), ACCESS_TOKEN);
    assertEquals(params.getSignatureMethod(), SIGNATURE_METHOD);
    assertEquals(params.getTimestamp(), TIMESTAMP);
    assertEquals(params.getNonce(), NONCE);
    assertEquals(params.getVersion(), VERSION);
    assertEquals(params.getSignature(), TWITTERTEST_SIGNATURE);

    try {
      // verify signature using request that was just signed
      assertTrue(OAuthSignature.verify(request, params, secrets));
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }
  }
Exemplo n.º 3
0
  /** Perform the test. */
  public void testHMACSHA1() {

    DummyRequest request =
        new DummyRequest()
            .requestMethod("GET")
            .requestURL("http://photos.example.net/photos")
            .parameterValue("file", "vacation.jpg")
            .parameterValue("size", "original");

    OAuthParameters params =
        new OAuthParameters()
            .realm(REALM)
            .consumerKey(CONSUMER_KEY)
            .token(ACCESS_TOKEN)
            .signatureMethod(SIGNATURE_METHOD)
            .timestamp(TIMESTAMP)
            .nonce(NONCE)
            .version(VERSION);

    OAuthSecrets secrets =
        new OAuthSecrets().consumerSecret("kd94hf93k423kf44").tokenSecret("pfkkdhi9sl3r4s00");

    // generate digital signature; ensure it matches the OAuth spec
    String signature = null;

    try {
      signature = OAuthSignature.generate(request, params, secrets);
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }

    assertEquals(signature, SIGNATURE);

    OAuthParameters saved = (OAuthParameters) params.clone();

    try {
      // sign the request; clear params; parse params from request; ensure they match original
      OAuthSignature.sign(request, params, secrets);
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }

    // signing the request should not have modified the original parameters
    assertTrue(params.equals(saved));
    assertTrue(params.getSignature() == null);

    params = new OAuthParameters();
    params.readRequest(request);
    assertEquals(params.getRealm(), REALM);
    assertEquals(params.getConsumerKey(), CONSUMER_KEY);
    assertEquals(params.getToken(), ACCESS_TOKEN);
    assertEquals(params.getSignatureMethod(), SIGNATURE_METHOD);
    assertEquals(params.getTimestamp(), TIMESTAMP);
    assertEquals(params.getNonce(), NONCE);
    assertEquals(params.getVersion(), VERSION);
    assertEquals(params.getSignature(), SIGNATURE);

    try {
      // verify signature using request that was just signed
      assertTrue(OAuthSignature.verify(request, params, secrets));
    } catch (OAuthSignatureException se) {
      fail(se.getMessage());
    }
  }