public void testRSASHA1() {
DummyRequest request =
new DummyRequest()
.requestMethod("GET")
.requestURL("http://photos.example.net/photos")
.parameterValue("file", "vacaction.jpg")
.parameterValue("size", "original");
OAuthParameters params =
new OAuthParameters()
.realm(REALM)
.consumerKey(CONSUMER_KEY)
.signatureMethod(RSA_SIGNATURE_METHOD)
.timestamp(RSA_TIMESTAMP)
.nonce(RSA_NONCE)
.version(VERSION);
OAuthSecrets secrets = new OAuthSecrets().consumerSecret(RSA_PRIVKEY);
// generate digital signature; ensure it matches the OAuth spec
String signature = null;
try {
signature = OAuthSignature.generate(request, params, secrets);
} catch (OAuthSignatureException se) {
fail(se.getMessage());
}
assertEquals(signature, RSA_SIGNATURE);
OAuthParameters saved = (OAuthParameters) params.clone();
try {
// sign the request; clear params; parse params from request; ensure they match original
OAuthSignature.sign(request, params, secrets);
} catch (OAuthSignatureException se) {
fail(se.getMessage());
}
// signing the request should not have modified the original parameters
assertTrue(params.equals(saved));
assertTrue(params.getSignature() == null);
params = new OAuthParameters();
params.readRequest(request);
assertEquals(params.getRealm(), REALM);
assertEquals(params.getConsumerKey(), CONSUMER_KEY);
// assertEquals(params.getToken(), ACCESS_TOKEN);
assertEquals(params.getSignatureMethod(), RSA_SIGNATURE_METHOD);
assertEquals(params.getTimestamp(), RSA_TIMESTAMP);
assertEquals(params.getNonce(), RSA_NONCE);
assertEquals(params.getVersion(), VERSION);
assertEquals(params.getSignature(), RSA_SIGNATURE);
// perform the same encoding as done by OAuthParameters.writeRequest
// to see if the encoded signature will match
assertEquals(
UriComponent.encode(params.getSignature(), UriComponent.Type.UNRESERVED),
RSA_SIGNATURE_ENCODED);
secrets = new OAuthSecrets().consumerSecret(RSA_CERTIFICATE);
try {
// verify signature using request that was just signed
assertTrue(OAuthSignature.verify(request, params, secrets));
} catch (OAuthSignatureException se) {
fail(se.getMessage());
}
}
/**
* Test a Twitter status update.
*
* <p>Specifically, this test includes some characters (spaces) in one of the parameters which
* were incorrectly encoded (as '+' instead of "%20") with the original encoding routine.
*/
public void testTwitterSig() {
final String TWITTERTEST_SIGNATURE = "yfrn/p/4Hnp+XcwUBVfW0cSgc+o=";
final String TWITTERTEST_SIGNATURE_ENC = "yfrn%2Fp%2F4Hnp%2BXcwUBVfW0cSgc%2Bo%3D";
DummyRequest request =
new DummyRequest()
.requestMethod("POST")
.requestURL("http://twitter.com/statuses/update.json")
.parameterValue("status", "Hello Twitter World");
OAuthParameters params =
new OAuthParameters()
.consumerKey(CONSUMER_KEY)
.token(ACCESS_TOKEN)
.signatureMethod(SIGNATURE_METHOD)
.timestamp(TIMESTAMP)
.nonce(NONCE)
.version(VERSION);
OAuthSecrets secrets =
new OAuthSecrets().consumerSecret("kd94hf93k423kf44").tokenSecret("pfkkdhi9sl3r4s00");
// generate digital signature; ensure it matches the OAuth spec
String signature = null;
try {
signature = OAuthSignature.generate(request, params, secrets);
} catch (OAuthSignatureException se) {
fail(se.getMessage());
}
assertEquals(signature, TWITTERTEST_SIGNATURE);
OAuthParameters saved = (OAuthParameters) params.clone();
try {
// sign the request; clear params; parse params from request;
// ensure they match original
OAuthSignature.sign(request, params, secrets);
} catch (OAuthSignatureException se) {
fail(se.getMessage());
}
// signing the request should not have modified the original parameters
assertTrue(params.equals(saved));
assertTrue(params.getSignature() == null);
params = new OAuthParameters();
params.readRequest(request);
assertEquals(params.getConsumerKey(), CONSUMER_KEY);
assertEquals(params.getToken(), ACCESS_TOKEN);
assertEquals(params.getSignatureMethod(), SIGNATURE_METHOD);
assertEquals(params.getTimestamp(), TIMESTAMP);
assertEquals(params.getNonce(), NONCE);
assertEquals(params.getVersion(), VERSION);
assertEquals(params.getSignature(), TWITTERTEST_SIGNATURE);
try {
// verify signature using request that was just signed
assertTrue(OAuthSignature.verify(request, params, secrets));
} catch (OAuthSignatureException se) {
fail(se.getMessage());
}
}
/** Perform the test. */
public void testHMACSHA1() {
DummyRequest request =
new DummyRequest()
.requestMethod("GET")
.requestURL("http://photos.example.net/photos")
.parameterValue("file", "vacation.jpg")
.parameterValue("size", "original");
OAuthParameters params =
new OAuthParameters()
.realm(REALM)
.consumerKey(CONSUMER_KEY)
.token(ACCESS_TOKEN)
.signatureMethod(SIGNATURE_METHOD)
.timestamp(TIMESTAMP)
.nonce(NONCE)
.version(VERSION);
OAuthSecrets secrets =
new OAuthSecrets().consumerSecret("kd94hf93k423kf44").tokenSecret("pfkkdhi9sl3r4s00");
// generate digital signature; ensure it matches the OAuth spec
String signature = null;
try {
signature = OAuthSignature.generate(request, params, secrets);
} catch (OAuthSignatureException se) {
fail(se.getMessage());
}
assertEquals(signature, SIGNATURE);
OAuthParameters saved = (OAuthParameters) params.clone();
try {
// sign the request; clear params; parse params from request; ensure they match original
OAuthSignature.sign(request, params, secrets);
} catch (OAuthSignatureException se) {
fail(se.getMessage());
}
// signing the request should not have modified the original parameters
assertTrue(params.equals(saved));
assertTrue(params.getSignature() == null);
params = new OAuthParameters();
params.readRequest(request);
assertEquals(params.getRealm(), REALM);
assertEquals(params.getConsumerKey(), CONSUMER_KEY);
assertEquals(params.getToken(), ACCESS_TOKEN);
assertEquals(params.getSignatureMethod(), SIGNATURE_METHOD);
assertEquals(params.getTimestamp(), TIMESTAMP);
assertEquals(params.getNonce(), NONCE);
assertEquals(params.getVersion(), VERSION);
assertEquals(params.getSignature(), SIGNATURE);
try {
// verify signature using request that was just signed
assertTrue(OAuthSignature.verify(request, params, secrets));
} catch (OAuthSignatureException se) {
fail(se.getMessage());
}
}
