params) {
- String[] kvPairs = new String[params.size() * 2];
- int idx = 0;
- for (String key : params.keySet()) {
- kvPairs[idx] = key;
- kvPairs[idx + 1] = params.get(key);
- idx += 2;
- }
- return addQueryParameters(url, kvPairs);
- }
-
- public static String addQueryString(String url, String queryString) {
- String queryDelim = url.contains("?") ? "&" : "?";
- StringBuilder sb = new StringBuilder(url + queryDelim);
- sb.append(queryString);
- return sb.toString();
- }
-
- /**
- * Builds an OAuth header from the given list of header fields. All
- * parameters starting in 'oauth_*' will be percent encoded.
- *
- *
- * String authHeader = OAuth.prepareOAuthHeader("realm", "http://example.com", "oauth_token", "x%y");
- *
- *
- * which yields:
- *
- *
- * OAuth realm="http://example.com", oauth_token="x%25y"
- *
- *
- * @param kvPairs
- * the list of key/value pairs
- * @return a string eligible to be used as an OAuth HTTP Authorization
- * header.
- */
- public static String prepareOAuthHeader(String... kvPairs) {
- StringBuilder sb = new StringBuilder("OAuth ");
- for (int i = 0; i < kvPairs.length; i += 2) {
- if (i > 0) {
- sb.append(", ");
- }
- boolean isOAuthElem = kvPairs[i].startsWith("oauth_")
- || kvPairs[i].startsWith("x_oauth_");
- String value = isOAuthElem ? OAuth.percentEncode(kvPairs[i + 1]) : kvPairs[i + 1];
- sb.append(OAuth.percentEncode(kvPairs[i]) + "=\"" + value + "\"");
- }
- return sb.toString();
- }
-
- public static HttpParameters oauthHeaderToParamsMap(String oauthHeader) {
- HttpParameters params = new HttpParameters();
- if (oauthHeader == null || !oauthHeader.startsWith("OAuth ")) {
- return params;
- }
- oauthHeader = oauthHeader.substring("OAuth ".length());
- String[] elements = oauthHeader.split(",");
- for (String keyValuePair : elements) {
- String[] keyValue = keyValuePair.split("=");
- params.put(keyValue[0].trim(), keyValue[1].replace("\"", "").trim());
- }
- return params;
- }
-
- /**
- * Helper method to concatenate a parameter and its value to a pair that can
- * be used in an HTTP header. This method percent encodes both parts before
- * joining them.
- *
- * @param name
- * the OAuth parameter name, e.g. oauth_token
- * @param value
- * the OAuth parameter value, e.g. 'hello oauth'
- * @return a name/value pair, e.g. oauth_token="hello%20oauth"
- */
- public static String toHeaderElement(String name, String value) {
- return OAuth.percentEncode(name) + "=\"" + OAuth.percentEncode(value) + "\"";
- }
-
- public static void debugOut(String key, String value) {
- if (System.getProperty("debug") != null) {
- System.out.println("[SIGNPOST] " + key + ": " + value);
- }
- }
-}
Index: trunk/src/oauth/signpost/OAuthConsumer.java
===================================================================
--- trunk/src/oauth/signpost/OAuthConsumer.java (revision 16402)
+++ (revision )
@@ -1,193 +1,0 @@
-/* Copyright (c) 2009 Matthias Kaeppler
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package oauth.signpost;
-
-import java.io.Serializable;
-
-import oauth.signpost.exception.OAuthCommunicationException;
-import oauth.signpost.exception.OAuthExpectationFailedException;
-import oauth.signpost.exception.OAuthMessageSignerException;
-import oauth.signpost.http.HttpParameters;
-import oauth.signpost.http.HttpRequest;
-import oauth.signpost.signature.AuthorizationHeaderSigningStrategy;
-import oauth.signpost.signature.HmacSha1MessageSigner;
-import oauth.signpost.signature.OAuthMessageSigner;
-import oauth.signpost.signature.QueryStringSigningStrategy;
-import oauth.signpost.signature.SigningStrategy;
-
-/**
- *
- * Exposes a simple interface to sign HTTP requests using a given OAuth token
- * and secret. Refer to {@link OAuthProvider} how to retrieve a valid token and
- * token secret.
- *
- *
- * HTTP messages are signed as follows:
- *
- *
- *
- * // exchange the arguments with the actual token/secret pair
- * OAuthConsumer consumer = new DefaultOAuthConsumer("1234", "5678");
- *
- * URL url = new URL("http://example.com/protected.xml");
- * HttpURLConnection request = (HttpURLConnection) url.openConnection();
- *
- * consumer.sign(request);
- *
- * request.connect();
- *
- *
- *
- *
- *
- * @author Matthias Kaeppler
- */
-public interface OAuthConsumer extends Serializable {
-
- /**
- * Sets the message signer that should be used to generate the OAuth
- * signature.
- *
- * @param messageSigner
- * the signer
- * @see HmacSha1MessageSigner
- */
- public void setMessageSigner(OAuthMessageSigner messageSigner);
-
- /**
- * Allows you to add parameters (typically OAuth parameters such as
- * oauth_callback or oauth_verifier) which will go directly into the signer,
- * i.e. you don't have to put them into the request first. The consumer's
- * {@link SigningStrategy} will then take care of writing them to the
- * correct part of the request before it is sent. This is useful if you want
- * to pre-set custom OAuth parameters. Note that these parameters are
- * expected to already be percent encoded -- they will be simply merged
- * as-is. BE CAREFUL WITH THIS METHOD! Your service provider may decide
- * to ignore any non-standard OAuth params when computing the signature.
- *
- * @param additionalParameters
- * the parameters
- */
- public void setAdditionalParameters(HttpParameters additionalParameters);
-
- /**
- * Defines which strategy should be used to write a signature to an HTTP
- * request.
- *
- * @param signingStrategy
- * the strategy
- * @see AuthorizationHeaderSigningStrategy
- * @see QueryStringSigningStrategy
- */
- public void setSigningStrategy(SigningStrategy signingStrategy);
-
- /**
- *
- * Causes the consumer to always include the oauth_token parameter to be
- * sent, even if blank. If you're seeing 401s during calls to
- * {@link OAuthProvider#retrieveRequestToken}, try setting this to true.
- *
- *
- * @param enable
- * true or false
- */
- public void setSendEmptyTokens(boolean enable);
-
- /**
- * Signs the given HTTP request by writing an OAuth signature (and other
- * required OAuth parameters) to it. Where these parameters are written
- * depends on the current {@link SigningStrategy}.
- *
- * @param request
- * the request to sign
- * @return the request object passed as an argument
- * @throws OAuthMessageSignerException
- * @throws OAuthExpectationFailedException
- * @throws OAuthCommunicationException
- */
- public HttpRequest sign(HttpRequest request) throws OAuthMessageSignerException,
- OAuthExpectationFailedException, OAuthCommunicationException;
-
- /**
- *
- * Signs the given HTTP request by writing an OAuth signature (and other
- * required OAuth parameters) to it. Where these parameters are written
- * depends on the current {@link SigningStrategy}.
- *
- * This method accepts HTTP library specific request objects; the consumer
- * implementation must ensure that only those request types are passed which
- * it supports.
- *
- * @param request
- * the request to sign
- * @return the request object passed as an argument
- * @throws OAuthMessageSignerException
- * @throws OAuthExpectationFailedException
- * @throws OAuthCommunicationException
- */
- public HttpRequest sign(Object request) throws OAuthMessageSignerException,
- OAuthExpectationFailedException, OAuthCommunicationException;
-
- /**
- *
- * "Signs" the given URL by appending all OAuth parameters to it which are
- * required for message signing. The assumed HTTP method is GET.
- * Essentially, this is equivalent to signing an HTTP GET request, but it
- * can be useful if your application requires clickable links to protected
- * resources, i.e. when your application does not have access to the actual
- * request that is being sent.
- *
- *
- * @param url
- * the input URL. May have query parameters.
- * @return the input URL, with all necessary OAuth parameters attached as a
- * query string. Existing query parameters are preserved.
- * @throws OAuthMessageSignerException
- * @throws OAuthExpectationFailedException
- * @throws OAuthCommunicationException
- */
- public String sign(String url) throws OAuthMessageSignerException,
- OAuthExpectationFailedException, OAuthCommunicationException;
-
- /**
- * Sets the OAuth token and token secret used for message signing.
- *
- * @param token
- * the token
- * @param tokenSecret
- * the token secret
- */
- public void setTokenWithSecret(String token, String tokenSecret);
-
- public String getToken();
-
- public String getTokenSecret();
-
- public String getConsumerKey();
-
- public String getConsumerSecret();
-
- /**
- * Returns all parameters collected from the HTTP request during message
- * signing (this means the return value may be NULL before a call to
- * {@link #sign}), plus all required OAuth parameters that were added
- * because the request didn't contain them beforehand. In other words, this
- * is the exact set of parameters that were used for creating the message
- * signature.
- *
- * @return the request parameters used for message signing
- */
- public HttpParameters getRequestParameters();
-}
Index: trunk/src/oauth/signpost/OAuthProvider.java
===================================================================
--- trunk/src/oauth/signpost/OAuthProvider.java (revision 16402)
+++ (revision )
@@ -1,244 +1,0 @@
-/*
- * Copyright (c) 2009 Matthias Kaeppler Licensed under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law
- * or agreed to in writing, software distributed under the License is
- * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-package oauth.signpost;
-
-import java.io.Serializable;
-import java.util.Map;
-
-import oauth.signpost.exception.OAuthCommunicationException;
-import oauth.signpost.exception.OAuthExpectationFailedException;
-import oauth.signpost.exception.OAuthMessageSignerException;
-import oauth.signpost.exception.OAuthNotAuthorizedException;
-import oauth.signpost.http.HttpParameters;
-
-/**
- *
- * Supplies an interface that can be used to retrieve request and access tokens
- * from an OAuth 1.0(a) service provider. A provider object requires an
- * {@link OAuthConsumer} to sign the token request message; after a token has
- * been retrieved, the consumer is automatically updated with the token and the
- * corresponding secret.
- *
- *
- * To initiate the token exchange, create a new provider instance and configure
- * it with the URLs the service provider exposes for requesting tokens and
- * resource authorization, e.g.:
- *
- *
- *
- * OAuthProvider provider = new DefaultOAuthProvider("http://twitter.com/oauth/request_token",
- * "http://twitter.com/oauth/access_token", "http://twitter.com/oauth/authorize");
- *
- *
- * Depending on the HTTP library you use, you may need a different provider
- * type, refer to the website documentation for how to do that.
- *
- *
- * To receive a request token which the user must authorize, you invoke it using
- * a consumer instance and a callback URL:
- *
- *
- *
- *
- * String url = provider.retrieveRequestToken(consumer, "http://www.example.com/callback");
- *
- *
- *
- *
- * That url must be opened in a Web browser, where the user can grant access to
- * the resources in question. If that succeeds, the service provider will
- * redirect to the callback URL and append the blessed request token.
- *
- *
- * That token must now be exchanged for an access token, as such:
- *
- *
- *
- *
- * provider.retrieveAccessToken(consumer, nullOrVerifierCode);
- *
- *
- *
- *
- * where nullOrVerifierCode is either null if your provided a callback URL in
- * the previous step, or the pin code issued by the service provider to the user
- * if the request was out-of-band (cf. {@link OAuth#OUT_OF_BAND}.
- *
- *
- * The consumer used during token handshakes is now ready for signing.
- *
- *
- * @see OAuthProviderListener
- */
-public interface OAuthProvider extends Serializable {
-
- /**
- * Queries the service provider for a request token.
- *
- * Pre-conditions: the given {@link OAuthConsumer} must have a valid
- * consumer key and consumer secret already set.
- *
- *
- * Post-conditions: the given {@link OAuthConsumer} will have an
- * unauthorized request token and token secret set.
- *
- *
- * @param consumer
- * the {@link OAuthConsumer} that should be used to sign the request
- * @param callbackUrl
- * Pass an actual URL if your app can receive callbacks and you want
- * to get informed about the result of the authorization process.
- * Pass {@link OAuth.OUT_OF_BAND} if the service provider implements
- * OAuth 1.0a and your app cannot receive callbacks. Pass null if the
- * service provider implements OAuth 1.0 and your app cannot receive
- * callbacks. Please note that some services (among them Twitter)
- * will fail authorization if you pass a callback URL but register
- * your application as a desktop app (which would only be able to
- * handle OOB requests).
- * @param customOAuthParams
- * you can pass custom OAuth parameters here which will go directly
- * into the signer, i.e. you don't have to put them into the request
- * first. This is useful for pre-setting OAuth params for signing.
- * Pass them sequentially in key/value order.
- * @return The URL to which the user must be sent in order to authorize the
- * consumer. It includes the unauthorized request token (and in the
- * case of OAuth 1.0, the callback URL -- 1.0a clients send along
- * with the token request).
- * @throws OAuthMessageSignerException
- * if signing the request failed
- * @throws OAuthNotAuthorizedException
- * if the service provider rejected the consumer
- * @throws OAuthExpectationFailedException
- * if required parameters were not correctly set by the consumer or
- * service provider
- * @throws OAuthCommunicationException
- * if server communication failed
- */
- public String retrieveRequestToken(OAuthConsumer consumer, String callbackUrl,
- String... customOAuthParams) throws OAuthMessageSignerException,
- OAuthNotAuthorizedException, OAuthExpectationFailedException,
- OAuthCommunicationException;
-
- /**
- * Queries the service provider for an access token.
- *
- * Pre-conditions: the given {@link OAuthConsumer} must have a valid
- * consumer key, consumer secret, authorized request token and token secret
- * already set.
- *
- *
- * Post-conditions: the given {@link OAuthConsumer} will have an
- * access token and token secret set.
- *
- *
- * @param consumer
- * the {@link OAuthConsumer} that should be used to sign the request
- * @param oauthVerifier
- * NOTE: Only applies to service providers implementing OAuth
- * 1.0a. Set to null if the service provider is still using OAuth
- * 1.0. The verification code issued by the service provider
- * after the the user has granted the consumer authorization. If the
- * callback method provided in the previous step was
- * {@link OAuth.OUT_OF_BAND}, then you must ask the user for this
- * value. If your app has received a callback, the verfication code
- * was passed as part of that request instead.
- * @param customOAuthParams
- * you can pass custom OAuth parameters here which will go directly
- * into the signer, i.e. you don't have to put them into the request
- * first. This is useful for pre-setting OAuth params for signing.
- * Pass them sequentially in key/value order.
- * @throws OAuthMessageSignerException
- * if signing the request failed
- * @throws OAuthNotAuthorizedException
- * if the service provider rejected the consumer
- * @throws OAuthExpectationFailedException
- * if required parameters were not correctly set by the consumer or
- * service provider
- * @throws OAuthCommunicationException
- * if server communication failed
- */
- public void retrieveAccessToken(OAuthConsumer consumer, String oauthVerifier,
- String... customOAuthParams) throws OAuthMessageSignerException,
- OAuthNotAuthorizedException, OAuthExpectationFailedException,
- OAuthCommunicationException;
-
- /**
- * Any additional non-OAuth parameters returned in the response body of a
- * token request can be obtained through this method. These parameters will
- * be preserved until the next token request is issued. The return value is
- * never null.
- */
- public HttpParameters getResponseParameters();
-
- /**
- * Subclasses must use this setter to preserve any non-OAuth query
- * parameters contained in the server response. It's the caller's
- * responsibility that any OAuth parameters be removed beforehand.
- *
- * @param parameters
- * the map of query parameters served by the service provider in the
- * token response
- */
- public void setResponseParameters(HttpParameters parameters);
-
- /**
- * Use this method to set custom HTTP headers to be used for the requests
- * which are sent to retrieve tokens. @deprecated THIS METHOD HAS BEEN
- * DEPRECATED. Use {@link OAuthProviderListener} to customize requests.
- *
- * @param header
- * The header name (e.g. 'WWW-Authenticate')
- * @param value
- * The header value (e.g. 'realm=www.example.com')
- */
- @Deprecated
- public void setRequestHeader(String header, String value);
-
- /**
- * @deprecated THIS METHOD HAS BEEN DEPRECATED. Use
- * {@link OAuthProviderListener} to customize requests.
- * @return all request headers set via {@link #setRequestHeader}
- */
- @Deprecated
- public Map getRequestHeaders();
-
- /**
- * @param isOAuth10aProvider
- * set to true if the service provider supports OAuth 1.0a. Note that
- * you need only call this method if you reconstruct a provider
- * object in between calls to retrieveRequestToken() and
- * retrieveAccessToken() (i.e. if the object state isn't preserved).
- * If instead those two methods are called on the same provider
- * instance, this flag will be deducted automatically based on the
- * server response during retrieveRequestToken(), so you can simply
- * ignore this method.
- */
- public void setOAuth10a(boolean isOAuth10aProvider);
-
- /**
- * @return true if the service provider supports OAuth 1.0a. Note that the
- * value returned here is only meaningful after you have already
- * performed the token handshake, otherwise there is no way to
- * determine what version of the OAuth protocol the service provider
- * implements.
- */
- public boolean isOAuth10a();
-
- public String getRequestTokenEndpointUrl();
-
- public String getAccessTokenEndpointUrl();
-
- public String getAuthorizationWebsiteUrl();
-
- public void setListener(OAuthProviderListener listener);
-
- public void removeListener(OAuthProviderListener listener);
-}
Index: trunk/src/oauth/signpost/OAuthProviderListener.java
===================================================================
--- trunk/src/oauth/signpost/OAuthProviderListener.java (revision 16402)
+++ (revision )
@@ -1,48 +1,0 @@
-package oauth.signpost;
-
-import oauth.signpost.http.HttpRequest;
-import oauth.signpost.http.HttpResponse;
-
-/**
- * Provides hooks into the token request handling procedure executed by
- * {@link OAuthProvider}.
- *
- * @author Matthias Kaeppler
- */
-public interface OAuthProviderListener {
-
- /**
- * Called after the request has been created and default headers added, but
- * before the request has been signed.
- *
- * @param request
- * the request to be sent
- * @throws Exception
- */
- void prepareRequest(HttpRequest request) throws Exception;
-
- /**
- * Called after the request has been signed, but before it's being sent.
- *
- * @param request
- * the request to be sent
- * @throws Exception
- */
- void prepareSubmission(HttpRequest request) throws Exception;
-
- /**
- * Called when the server response has been received. You can implement this
- * to manually handle the response data.
- *
- * @param request
- * the request that was sent
- * @param response
- * the response that was received
- * @return returning true means you have handled the response, and the
- * provider will return immediately. Return false to let the event
- * propagate and let the provider execute its default response
- * handling.
- * @throws Exception
- */
- boolean onResponseReceived(HttpRequest request, HttpResponse response) throws Exception;
-}
Index: trunk/src/oauth/signpost/basic/UrlStringRequestAdapter.java
===================================================================
--- trunk/src/oauth/signpost/basic/UrlStringRequestAdapter.java (revision 16402)
+++ (revision )
@@ -1,61 +1,0 @@
-package oauth.signpost.basic;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Collections;
-import java.util.Map;
-
-import oauth.signpost.http.HttpRequest;
-
-public class UrlStringRequestAdapter implements HttpRequest {
-
- private String url;
-
- public UrlStringRequestAdapter(String url) {
- this.url = url;
- }
-
- @Override
- public String getMethod() {
- return "GET";
- }
-
- @Override
- public String getRequestUrl() {
- return url;
- }
-
- @Override
- public void setRequestUrl(String url) {
- this.url = url;
- }
-
- @Override
- public void setHeader(String name, String value) {
- }
-
- @Override
- public String getHeader(String name) {
- return null;
- }
-
- @Override
- public Map getAllHeaders() {
- return Collections.emptyMap();
- }
-
- @Override
- public InputStream getMessagePayload() throws IOException {
- return null;
- }
-
- @Override
- public String getContentType() {
- return null;
- }
-
- @Override
- public Object unwrap() {
- return url;
- }
-}
Index: trunk/src/oauth/signpost/exception/OAuthCommunicationException.java
===================================================================
--- trunk/src/oauth/signpost/exception/OAuthCommunicationException.java (revision 16402)
+++ (revision )
@@ -1,35 +1,0 @@
-/* Copyright (c) 2009 Matthias Kaeppler
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package oauth.signpost.exception;
-
-@SuppressWarnings("serial")
-public class OAuthCommunicationException extends OAuthException {
-
- private String responseBody;
-
- public OAuthCommunicationException(Exception cause) {
- super("Communication with the service provider failed: "
- + cause.getLocalizedMessage(), cause);
- }
-
- public OAuthCommunicationException(String message, String responseBody) {
- super(message);
- this.responseBody = responseBody;
- }
-
- public String getResponseBody() {
- return responseBody;
- }
-}
Index: trunk/src/oauth/signpost/exception/OAuthException.java
===================================================================
--- trunk/src/oauth/signpost/exception/OAuthException.java (revision 16402)
+++ (revision )
@@ -1,17 +1,0 @@
-package oauth.signpost.exception;
-
-@SuppressWarnings("serial")
-public abstract class OAuthException extends Exception {
-
- public OAuthException(String message) {
- super(message);
- }
-
- public OAuthException(Throwable cause) {
- super(cause);
- }
-
- public OAuthException(String message, Throwable cause) {
- super(message, cause);
- }
-}
Index: trunk/src/oauth/signpost/exception/OAuthExpectationFailedException.java
===================================================================
--- trunk/src/oauth/signpost/exception/OAuthExpectationFailedException.java (revision 16402)
+++ (revision )
@@ -1,23 +1,0 @@
-/* Copyright (c) 2009 Matthias Kaeppler
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package oauth.signpost.exception;
-
-@SuppressWarnings("serial")
-public class OAuthExpectationFailedException extends OAuthException {
-
- public OAuthExpectationFailedException(String message) {
- super(message);
- }
-}
Index: trunk/src/oauth/signpost/exception/OAuthMessageSignerException.java
===================================================================
--- trunk/src/oauth/signpost/exception/OAuthMessageSignerException.java (revision 16402)
+++ (revision )
@@ -1,28 +1,0 @@
-/* Copyright (c) 2009 Matthias Kaeppler
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package oauth.signpost.exception;
-
-@SuppressWarnings("serial")
-public class OAuthMessageSignerException extends OAuthException {
-
- public OAuthMessageSignerException(String message) {
- super(message);
- }
-
- public OAuthMessageSignerException(Exception cause) {
- super(cause);
- }
-
-}
Index: trunk/src/oauth/signpost/exception/OAuthNotAuthorizedException.java
===================================================================
--- trunk/src/oauth/signpost/exception/OAuthNotAuthorizedException.java (revision 16402)
+++ (revision )
@@ -1,38 +1,0 @@
-/* Copyright (c) 2009 Matthias Kaeppler
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package oauth.signpost.exception;
-
-@SuppressWarnings("serial")
-public class OAuthNotAuthorizedException extends OAuthException {
-
- private static final String ERROR = "Authorization failed (server replied with a 401). "
- + "This can happen if the consumer key was not correct or "
- + "the signatures did not match.";
-
- private String responseBody;
-
- public OAuthNotAuthorizedException() {
- super(ERROR);
- }
-
- public OAuthNotAuthorizedException(String responseBody) {
- super(ERROR);
- this.responseBody = responseBody;
- }
-
- public String getResponseBody() {
- return responseBody;
- }
-}
Index: trunk/src/oauth/signpost/http/HttpParameters.java
===================================================================
--- trunk/src/oauth/signpost/http/HttpParameters.java (revision 16402)
+++ (revision )
@@ -1,316 +1,0 @@
-/* Copyright (c) 2008, 2009 Netflix, Matthias Kaeppler
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package oauth.signpost.http;
-
-import java.io.Serializable;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeMap;
-import java.util.TreeSet;
-
-import oauth.signpost.OAuth;
-
-/**
- * A multi-map of HTTP request parameters. Each key references a
- * {@link SortedSet} of parameters collected from the request during message
- * signing. Parameter values are sorted as per {@linkplain http://oauth.net/core/1.0a/#anchor13}.
- * Every key/value pair will be percent-encoded upon insertion.
- * This class has special semantics tailored to being useful for message signing;
- * it's not a general purpose collection class to handle request parameters.
- *
- * @author Matthias Kaeppler
- */
-@SuppressWarnings("serial")
-public class HttpParameters implements Map>, Serializable {
-
- private TreeMap> wrappedMap = new TreeMap<>();
-
- @Override
- public SortedSet put(String key, SortedSet value) {
- return wrappedMap.put(key, value);
- }
-
- public SortedSet put(String key, SortedSet values, boolean percentEncode) {
- if (percentEncode) {
- remove(key);
- for (String v : values) {
- put(key, v, true);
- }
- return get(key);
- } else {
- return wrappedMap.put(key, values);
- }
- }
-
- /**
- * Convenience method to add a single value for the parameter specified by
- * 'key'.
- *
- * @param key
- * the parameter name
- * @param value
- * the parameter value
- * @return the value
- */
- public String put(String key, String value) {
- return put(key, value, false);
- }
-
- /**
- * Convenience method to add a single value for the parameter specified by
- * 'key'.
- *
- * @param key
- * the parameter name
- * @param value
- * the parameter value
- * @param percentEncode
- * whether key and value should be percent encoded before being
- * inserted into the map
- * @return the value
- */
- public String put(String key, String value, boolean percentEncode) {
- // fix contributed by Bjorn Roche - key should be encoded before wrappedMap.get
- key = percentEncode ? OAuth.percentEncode(key) : key;
- SortedSet values = wrappedMap.get(key);
- if (values == null) {
- values = new TreeSet<>();
- wrappedMap.put( key, values);
- }
- if (value != null) {
- value = percentEncode ? OAuth.percentEncode(value) : value;
- values.add(value);
- }
-
- return value;
- }
-
- /**
- * Convenience method to allow for storing null values. {@link #put} doesn't
- * allow null values, because that would be ambiguous.
- *
- * @param key
- * the parameter name
- * @param nullString
- * can be anything, but probably... null?
- * @return null
- */
- public String putNull(String key, String nullString) {
- return put(key, nullString);
- }
-
- @Override
- public void putAll(Map> m) {
- wrappedMap.putAll(m);
- }
-
- public void putAll(Map> m, boolean percentEncode) {
- if (percentEncode) {
- for (String key : m.keySet()) {
- put(key, m.get(key), true);
- }
- } else {
- wrappedMap.putAll(m);
- }
- }
-
- public void putAll(String[] keyValuePairs, boolean percentEncode) {
- for (int i = 0; i < keyValuePairs.length - 1; i += 2) {
- this.put(keyValuePairs[i], keyValuePairs[i + 1], percentEncode);
- }
- }
-
- /**
- * Convenience method to merge a Map>.
- *
- * @param m
- * the map
- */
- public void putMap(Map> m) {
- for (String key : m.keySet()) {
- SortedSet vals = get(key);
- if (vals == null) {
- vals = new TreeSet<>();
- put(key, vals);
- }
- vals.addAll(m.get(key));
- }
- }
-
- @Override
- public SortedSet get(Object key) {
- return wrappedMap.get(key);
- }
-
- /**
- * Convenience method for {@link #getFirst(key, false)}.
- *
- * @param key
- * the parameter name (must be percent encoded if it contains unsafe
- * characters!)
- * @return the first value found for this parameter
- */
- public String getFirst(Object key) {
- return getFirst(key, false);
- }
-
- /**
- * Returns the first value from the set of all values for the given
- * parameter name. If the key passed to this method contains special
- * characters, you MUST first percent encode it using
- * {@link OAuth#percentEncode(String)}, otherwise the lookup will fail
- * (that's because upon storing values in this map, keys get
- * percent-encoded).
- *
- * @param key
- * the parameter name (must be percent encoded if it contains unsafe
- * characters!)
- * @param percentDecode
- * whether the value being retrieved should be percent decoded
- * @return the first value found for this parameter
- */
- public String getFirst(Object key, boolean percentDecode) {
- SortedSet values = wrappedMap.get(key);
- if (values == null || values.isEmpty()) {
- return null;
- }
- String value = values.first();
- return percentDecode ? OAuth.percentDecode(value) : value;
- }
-
- /**
- * Concatenates all values for the given key to a list of key/value pairs
- * suitable for use in a URL query string.
- *
- * @param key
- * the parameter name
- * @return the query string
- */
- public String getAsQueryString(Object key) {
- return getAsQueryString(key, true);
- }
-
- /**
- * Concatenates all values for the given key to a list of key/value pairs
- * suitable for use in a URL query string.
- *
- * @param key
- * the parameter name
- * @param percentEncode
- * whether key should be percent encoded before being
- * used with the map
- * @return the query string
- */
- public String getAsQueryString(Object key, boolean percentEncode) {
- // fix contributed by Stjepan Rajko - we need the percentEncode parameter
- // because some places (like SignatureBaseString.normalizeRequestParameters)
- // need to supply the parameter percent encoded
-
- StringBuilder sb = new StringBuilder();
- if(percentEncode)
- key = OAuth.percentEncode((String) key);
- Set values = wrappedMap.get(key);
- if (values == null) {
- return key + "=";
- }
- Iterator iter = values.iterator();
- while (iter.hasNext()) {
- sb.append(key + "=" + iter.next());
- if (iter.hasNext()) {
- sb.append("&");
- }
- }
- return sb.toString();
- }
-
- public String getAsHeaderElement(String key) {
- String value = getFirst(key);
- if (value == null) {
- return null;
- }
- return key + "=\"" + value + "\"";
- }
-
- @Override
- public boolean containsKey(Object key) {
- return wrappedMap.containsKey(key);
- }
-
- @Override
- public boolean containsValue(Object value) {
- for (Set values : wrappedMap.values()) {
- if (values.contains(value)) {
- return true;
- }
- }
- return false;
- }
-
- @Override
- public int size() {
- int count = 0;
- for (String key : wrappedMap.keySet()) {
- count += wrappedMap.get(key).size();
- }
- return count;
- }
-
- @Override
- public boolean isEmpty() {
- return wrappedMap.isEmpty();
- }
-
- @Override
- public void clear() {
- wrappedMap.clear();
- }
-
- @Override
- public SortedSet remove(Object key) {
- return wrappedMap.remove(key);
- }
-
- @Override
- public Set keySet() {
- return wrappedMap.keySet();
- }
-
- @Override
- public Collection> values() {
- return wrappedMap.values();
- }
-
- @Override
- public Set>> entrySet() {
- return wrappedMap.entrySet();
- }
-
- public HttpParameters getOAuthParameters() {
- HttpParameters oauthParams = new HttpParameters();
-
- for (Entry> param : this.entrySet()) {
- String key = param.getKey();
- if (key.startsWith("oauth_") || key.startsWith("x_oauth_")) {
- oauthParams.put(key, param.getValue());
- }
- }
-
- return oauthParams;
- }
-}
Index: trunk/src/oauth/signpost/http/HttpRequest.java
===================================================================
--- trunk/src/oauth/signpost/http/HttpRequest.java (revision 16402)
+++ (revision )
@@ -1,42 +1,0 @@
-package oauth.signpost.http;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Map;
-
-import oauth.signpost.OAuthConsumer;
-
-/**
- * A concise description of an HTTP request. Contains methods to access all
- * those parts of an HTTP request which Signpost needs to sign a message. If you
- * want to extend Signpost to sign a different kind of HTTP request than those
- * currently supported, you'll have to write an adapter which implements this
- * interface and a custom {@link OAuthConsumer} which performs the wrapping.
- *
- * @author Matthias Kaeppler
- */
-public interface HttpRequest {
-
- String getMethod();
-
- String getRequestUrl();
-
- void setRequestUrl(String url);
-
- void setHeader(String name, String value);
-
- String getHeader(String name);
-
- Map getAllHeaders();
-
- InputStream getMessagePayload() throws IOException;
-
- String getContentType();
-
- /**
- * Returns the wrapped request object, in case you must work directly on it.
- *
- * @return the wrapped request object
- */
- Object unwrap();
-}
Index: trunk/src/oauth/signpost/http/HttpResponse.java
===================================================================
--- trunk/src/oauth/signpost/http/HttpResponse.java (revision 16402)
+++ (revision )
@@ -1,21 +1,0 @@
-package oauth.signpost.http;
-
-import java.io.IOException;
-import java.io.InputStream;
-
-public interface HttpResponse {
-
- int getStatusCode() throws IOException;
-
- String getReasonPhrase() throws Exception;
-
- InputStream getContent() throws IOException;
-
- /**
- * Returns the underlying response object, in case you need to work on it
- * directly.
- *
- * @return the wrapped response object
- */
- Object unwrap();
-}
Index: trunk/src/oauth/signpost/signature/AuthorizationHeaderSigningStrategy.java
===================================================================
--- trunk/src/oauth/signpost/signature/AuthorizationHeaderSigningStrategy.java (revision 16402)
+++ (revision )
@@ -1,51 +1,0 @@
-package oauth.signpost.signature;
-
-import java.util.Iterator;
-
-import oauth.signpost.OAuth;
-import oauth.signpost.http.HttpParameters;
-import oauth.signpost.http.HttpRequest;
-
-/**
- * Writes to the HTTP Authorization header field.
- *
- * @author Matthias Kaeppler
- */
-public class AuthorizationHeaderSigningStrategy implements SigningStrategy {
-
- private static final long serialVersionUID = 1L;
-
- @Override
- public String writeSignature(String signature, HttpRequest request,
- HttpParameters requestParameters) {
- StringBuilder sb = new StringBuilder();
-
- sb.append("OAuth ");
-
- // add the realm parameter, if any
- if (requestParameters.containsKey("realm")) {
- sb.append(requestParameters.getAsHeaderElement("realm"));
- sb.append(", ");
- }
-
- // add all (x_)oauth parameters
- HttpParameters oauthParams = requestParameters.getOAuthParameters();
- oauthParams.put(OAuth.OAUTH_SIGNATURE, signature, true);
-
- Iterator iter = oauthParams.keySet().iterator();
- while (iter.hasNext()) {
- String key = iter.next();
- sb.append(oauthParams.getAsHeaderElement(key));
- if (iter.hasNext()) {
- sb.append(", ");
- }
- }
-
- String header = sb.toString();
- OAuth.debugOut("Auth Header", header);
- request.setHeader(OAuth.HTTP_AUTHORIZATION_HEADER, header);
-
- return header;
- }
-
-}
Index: trunk/src/oauth/signpost/signature/HmacSha1MessageSigner.java
===================================================================
--- trunk/src/oauth/signpost/signature/HmacSha1MessageSigner.java (revision 16402)
+++ (revision )
@@ -1,62 +1,0 @@
-/* Copyright (c) 2009 Matthias Kaeppler
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package oauth.signpost.signature;
-
-import java.io.UnsupportedEncodingException;
-import java.security.GeneralSecurityException;
-
-import javax.crypto.Mac;
-import javax.crypto.SecretKey;
-import javax.crypto.spec.SecretKeySpec;
-
-import oauth.signpost.OAuth;
-import oauth.signpost.exception.OAuthMessageSignerException;
-import oauth.signpost.http.HttpRequest;
-import oauth.signpost.http.HttpParameters;
-
-@SuppressWarnings("serial")
-public class HmacSha1MessageSigner extends OAuthMessageSigner {
-
- private static final String MAC_NAME = "HmacSHA1";
-
- @Override
- public String getSignatureMethod() {
- return "HMAC-SHA1";
- }
-
- @Override
- public String sign(HttpRequest request, HttpParameters requestParams)
- throws OAuthMessageSignerException {
- try {
- String keyString = OAuth.percentEncode(getConsumerSecret()) + '&'
- + OAuth.percentEncode(getTokenSecret());
- byte[] keyBytes = keyString.getBytes(OAuth.ENCODING);
-
- SecretKey key = new SecretKeySpec(keyBytes, MAC_NAME);
- Mac mac = Mac.getInstance(MAC_NAME);
- mac.init(key);
-
- String sbs = new SignatureBaseString(request, requestParams).generate();
- OAuth.debugOut("SBS", sbs);
- byte[] text = sbs.getBytes(OAuth.ENCODING);
-
- return base64Encode(mac.doFinal(text)).trim();
- } catch (GeneralSecurityException e) {
- throw new OAuthMessageSignerException(e);
- } catch (UnsupportedEncodingException e) {
- throw new OAuthMessageSignerException(e);
- }
- }
-}
Index: trunk/src/oauth/signpost/signature/OAuthMessageSigner.java
===================================================================
--- trunk/src/oauth/signpost/signature/OAuthMessageSigner.java (revision 16402)
+++ (revision )
@@ -1,67 +1,0 @@
-/* Copyright (c) 2009 Matthias Kaeppler
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package oauth.signpost.signature;
-
-import java.io.IOException;
-import java.io.Serializable;
-import java.util.Base64;
-
-import oauth.signpost.exception.OAuthMessageSignerException;
-import oauth.signpost.http.HttpRequest;
-import oauth.signpost.http.HttpParameters;
-
-public abstract class OAuthMessageSigner implements Serializable {
-
- private static final long serialVersionUID = 4445779788786131202L;
-
- private String consumerSecret;
-
- private String tokenSecret;
-
-
- public abstract String sign(HttpRequest request, HttpParameters requestParameters)
- throws OAuthMessageSignerException;
-
- public abstract String getSignatureMethod();
-
- public String getConsumerSecret() {
- return consumerSecret;
- }
-
- public String getTokenSecret() {
- return tokenSecret;
- }
-
- public void setConsumerSecret(String consumerSecret) {
- this.consumerSecret = consumerSecret;
- }
-
- public void setTokenSecret(String tokenSecret) {
- this.tokenSecret = tokenSecret;
- }
-
- protected byte[] decodeBase64(String s) {
- return Base64.getDecoder().decode(s);
- }
-
- protected String base64Encode(byte[] b) {
- return Base64.getEncoder().encodeToString(b);
- }
-
- private void readObject(java.io.ObjectInputStream stream)
- throws IOException, ClassNotFoundException {
- stream.defaultReadObject();
- }
-}
Index: trunk/src/oauth/signpost/signature/QueryStringSigningStrategy.java
===================================================================
--- trunk/src/oauth/signpost/signature/QueryStringSigningStrategy.java (revision 16402)
+++ (revision )
@@ -1,50 +1,0 @@
-package oauth.signpost.signature;
-
-import java.util.Iterator;
-
-import oauth.signpost.OAuth;
-import oauth.signpost.http.HttpParameters;
-import oauth.signpost.http.HttpRequest;
-
-/**
- * Writes to a URL query string. Note that this currently ONLY works
- * when signing a URL directly, not with HTTP request objects. That's
- * because most HTTP request implementations do not allow the client to change
- * the URL once the request has been instantiated, so there is no way to append
- * parameters to it.
- *
- * @author Matthias Kaeppler
- */
-public class QueryStringSigningStrategy implements SigningStrategy {
-
- private static final long serialVersionUID = 1L;
-
- @Override
- public String writeSignature(String signature, HttpRequest request,
- HttpParameters requestParameters) {
-
- // add all (x_)oauth parameters
- HttpParameters oauthParams = requestParameters.getOAuthParameters();
- oauthParams.put(OAuth.OAUTH_SIGNATURE, signature, true);
-
- Iterator iter = oauthParams.keySet().iterator();
-
- // add the first query parameter (we always have at least the signature)
- String firstKey = iter.next();
- StringBuilder sb = new StringBuilder(OAuth.addQueryString(request.getRequestUrl(),
- oauthParams.getAsQueryString(firstKey)));
-
- while (iter.hasNext()) {
- sb.append("&");
- String key = iter.next();
- sb.append(oauthParams.getAsQueryString(key));
- }
-
- String signedUrl = sb.toString();
-
- request.setRequestUrl(signedUrl);
-
- return signedUrl;
- }
-
-}
Index: trunk/src/oauth/signpost/signature/SignatureBaseString.java
===================================================================
--- trunk/src/oauth/signpost/signature/SignatureBaseString.java (revision 16402)
+++ (revision )
@@ -1,119 +1,0 @@
-/*
- * Copyright (c) 2009 Matthias Kaeppler Licensed under the Apache License,
- * Version 2.0 (the "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- * http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law
- * or agreed to in writing, software distributed under the License is
- * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-package oauth.signpost.signature;
-
-import java.io.IOException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Iterator;
-
-import oauth.signpost.OAuth;
-import oauth.signpost.exception.OAuthMessageSignerException;
-import oauth.signpost.http.HttpRequest;
-import oauth.signpost.http.HttpParameters;
-
-public class SignatureBaseString {
-
- private HttpRequest request;
-
- private HttpParameters requestParameters;
-
- /**
- * Constructs a new SBS instance that will operate on the given request
- * object and parameter set.
- *
- * @param request
- * the HTTP request
- * @param requestParameters
- * the set of request parameters from the Authorization header, query
- * string and form body
- */
- public SignatureBaseString(HttpRequest request, HttpParameters requestParameters) {
- this.request = request;
- this.requestParameters = requestParameters;
- }
-
- /**
- * Builds the signature base string from the data this instance was
- * configured with.
- *
- * @return the signature base string
- * @throws OAuthMessageSignerException
- */
- public String generate() throws OAuthMessageSignerException {
-
- try {
- String normalizedUrl = normalizeRequestUrl();
- String normalizedParams = normalizeRequestParameters();
-
- return request.getMethod() + '&' + OAuth.percentEncode(normalizedUrl) + '&'
- + OAuth.percentEncode(normalizedParams);
- } catch (Exception e) {
- throw new OAuthMessageSignerException(e);
- }
- }
-
- public String normalizeRequestUrl() throws URISyntaxException {
- URI uri = new URI(request.getRequestUrl());
- String scheme = uri.getScheme().toLowerCase();
- String authority = uri.getAuthority().toLowerCase();
- boolean dropPort = (scheme.equals("http") && uri.getPort() == 80)
- || (scheme.equals("https") && uri.getPort() == 443);
- if (dropPort) {
- // find the last : in the authority
- int index = authority.lastIndexOf(":");
- if (index >= 0) {
- authority = authority.substring(0, index);
- }
- }
- String path = uri.getRawPath();
- if (path == null || path.length() <= 0) {
- path = "/"; // conforms to RFC 2616 section 3.2.2
- }
- // we know that there is no query and no fragment here.
- return scheme + "://" + authority + path;
- }
-
- /**
- * Normalizes the set of request parameters this instance was configured
- * with, as per OAuth spec section 9.1.1.
- *
- * @param parameters
- * the set of request parameters
- * @return the normalized params string
- * @throws IOException
- */
- public String normalizeRequestParameters() throws IOException {
- if (requestParameters == null) {
- return "";
- }
-
- StringBuilder sb = new StringBuilder();
- Iterator iter = requestParameters.keySet().iterator();
-
- for (int i = 0; iter.hasNext(); i++) {
- String param = iter.next();
-
- if (OAuth.OAUTH_SIGNATURE.equals(param) || "realm".equals(param)) {
- continue;
- }
-
- if (i > 0) {
- sb.append("&");
- }
-
- // fix contributed by Stjepan Rajko
- // since param should already be encoded, we supply false for percentEncode
- sb.append(requestParameters.getAsQueryString(param, false));
- }
- return sb.toString();
- }
-}
Index: trunk/src/oauth/signpost/signature/SigningStrategy.java
===================================================================
--- trunk/src/oauth/signpost/signature/SigningStrategy.java (revision 16402)
+++ (revision )
@@ -1,37 +1,0 @@
-package oauth.signpost.signature;
-
-import java.io.Serializable;
-
-import oauth.signpost.http.HttpRequest;
-import oauth.signpost.http.HttpParameters;
-
-/**
- *
- * Defines how an OAuth signature string is written to a request.
- *
- *
- * Unlike {@link OAuthMessageSigner}, which is concerned with how to
- * generate a signature, this class is concered with where to write it
- * (e.g. HTTP header or query string).
- *
- *
- * @author Matthias Kaeppler
- */
-public interface SigningStrategy extends Serializable {
-
- /**
- * Writes an OAuth signature and all remaining required parameters to an
- * HTTP message.
- *
- * @param signature
- * the signature to write
- * @param request
- * the request to sign
- * @param requestParameters
- * the request parameters
- * @return whatever has been written to the request, e.g. an Authorization
- * header field
- */
- String writeSignature(String signature, HttpRequest request, HttpParameters requestParameters);
-
-}