Java tutorial
/** * Copyright 2008 Web Cohesion * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. **/ package net.oauth.signature; import static org.junit.Assert.assertEquals; import static org.mockito.Mockito.when; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; import java.util.Map; import javax.crypto.spec.SecretKeySpec; import javax.servlet.http.HttpServletRequest; import net.oauth.OAuthMessage; import net.oauth.server.OAuthServlet; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; import org.springframework.security.oauth.common.OAuthCodec; import org.springframework.security.oauth.common.signature.HMAC_SHA1SignatureMethod; import org.springframework.security.oauth.provider.filter.CoreOAuthProviderSupport; /** * @author Ryan Heaton * @author Dave Syer */ @RunWith(MockitoJUnitRunner.class) public class GoogleCodeCompatibilityTests { @Mock private HttpServletRequest request; /** * tests compatibilty with the google code HMAC_SHA1 signature. */ @Test public void testHMAC_SHA1_1() throws Exception { HMAC_SHA1 theirMethod = new HMAC_SHA1(); String baseString = "GET&http%3A%2F%2Flocalhost%3A8080%2Fgrailscrowd%2Foauth%2Frequest_token&oauth_consumer_key%3Dtonrconsumerkey%26oauth_nonce%3D1227967049787975000%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1227967049%26oauth_version%3D1.0"; theirMethod.setConsumerSecret("xxxxxx"); theirMethod.setTokenSecret(""); SecretKeySpec spec = new SecretKeySpec("xxxxxx&".getBytes("UTF-8"), HMAC_SHA1SignatureMethod.MAC_NAME); HMAC_SHA1SignatureMethod ourMethod = new HMAC_SHA1SignatureMethod(spec); String theirSignature = theirMethod.getSignature(baseString); String ourSignature = ourMethod.sign(baseString); assertEquals(theirSignature, ourSignature); } /** * tests compatibility of calculating the signature base string. */ @Test public void testCalculateSignatureBaseString() throws Exception { final String baseUrl = "http://www.springframework.org/schema/security/"; CoreOAuthProviderSupport support = new CoreOAuthProviderSupport() { @Override protected String getBaseUrl(HttpServletRequest request) { return baseUrl; } }; Map<String, String[]> parameterMap = new HashMap<String, String[]>(); parameterMap.put("a", new String[] { "value-a" }); parameterMap.put("b", new String[] { "value-b" }); parameterMap.put("c", new String[] { "value-c" }); parameterMap.put("param[1]", new String[] { "aaa", "bbb" }); when(request.getParameterNames()).thenReturn(Collections.enumeration(parameterMap.keySet())); for (Map.Entry<String, String[]> param : parameterMap.entrySet()) { when(request.getParameterValues(param.getKey())).thenReturn(param.getValue()); } String header = "OAuth realm=\"http://sp.example.com/\"," + " oauth_consumer_key=\"0685bd9184jfhq22\"," + " oauth_token=\"ad180jjd733klru7\"," + " oauth_signature_method=\"HMAC-SHA1\"," + " oauth_signature=\"wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D\"," + " oauth_timestamp=\"137131200\"," + " oauth_callback=\"" + OAuthCodec.oauthEncode("http://myhost.com/callback") + "\"," + " oauth_nonce=\"4572616e48616d6d65724c61686176\"," + " oauth_version=\"1.0\""; when(request.getHeaders("Authorization")).thenReturn(Collections.enumeration(Arrays.asList(header))); when(request.getMethod()).thenReturn("GET"); String ours = support.getSignatureBaseString(request); when(request.getHeaders("Authorization")).thenReturn(Collections.enumeration(Arrays.asList(header))); when(request.getParameterMap()).thenReturn(parameterMap); when(request.getHeaderNames()).thenReturn(null); OAuthMessage message = OAuthServlet.getMessage(request, baseUrl); String theirs = OAuthSignatureMethod.getBaseString(message); assertEquals(theirs, ours); } }