Skip to content
This repository has been archived by the owner on Mar 25, 2019. It is now read-only.

seratch/signedrequest4j

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

183 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE.txt
LICENSE.txt
 
 
mvn_deploy_releases
mvn_deploy_releases
 
 
mvn_deploy_snapshots
mvn_deploy_snapshots
 
 
pom.xml
pom.xml
 
 
readme.markdown
readme.markdown
 
 

Repository files navigation

SignedRequest4J : A Java library supporting OAuth 1.0 signing and verifying

What's this?

SignedRequest4J is a Java library supporting OAuth 1.0 signing and verifying.

This library supports sending OAuth 1.0 signed HTTP requests and verifying the signature of requests.

With SignedRequest4J, it's so simple to execute 2-legged or 3-legged OAuth 1.0 signed HTTP requests.

2-legged OAuth

  Consumer                     Provider
     |                            |
     | consumer_key               |
     | [consumer_secret]          |
     |                            |
     | ---(HTTP)----------------> | <<Verify the signature>>
     | Authorization header       | Authorization header
     |                            | consumer_key
     |                            | [consumer_secret]
     |                            |
     | <----------------(HTTP)--- | <Valid>
     |                     200 OK |
     |                            |
     | <----------------(HTTP)--- | <Invalid>
     |           401 Unauthorized |
     |                            |

3-legged OAuth

  User          Consumer                     Provider
   |               |                            |
   | ------------> | token                      |
   |               | [token_secret]             |
   |               |                            |
   |               | consumer_key               |
   |               | [consumer_secret]          |
   |               |                            |
   |               | ---(HTTP)----------------> | <<Verify the signature>>
   |               | Authorization header       | Authorization header
   |               |                            | token
   |               |                            | [token_secret]
   |               |                            | consumer_key
   |               |                            | [consumer_secret]
   |               |                            |
   |               | <----------------(HTTP)--- | <Valid>
   |               |                     200 OK |
   |               |                            |
   |               | <----------------(HTTP)--- | <Invalid>
   |               |           401 Unauthorized |
   | <------------ |                            |
   |               |                            |

How to install

via Maven

<dependencies>
  <dependency>
    <groupId>com.github.seratch</groupId>
    <artifactId>signedrequest4j</artifactId>
    <version>2.14</version>
  </dependency>
</dependencies>

Snippets

See also: https://github.com/seratch/signedrequest4j/tree/master/src/test/java/com/github/seratch/signedrequest4j/snippet

2-legged OAuth instance

import com.github.seratch.signedrequest4j.*;

OAuthConsumer consumer = new OAuthConsumer("consumer_key", "consumer_secret");
SignedRequest twoLeggedOAuthRequest = SignedRequestFactory.create(consumer);

3-legged OAuth instance

OAuthConsumer consumer = new OAuthConsumer("consumer_key", "consumer_secret");
OAuthAccessToken accessToken = new OAuthAccessToken("token", "token_secret");
SignedRequest threeLeggedOAuthRequest = SignedRequestFactory.create(consumer, accessToken);

Signature with additional parameters

import java.util.HashMap;
import java.util.Map;

Map<String, Object> additionalParams = new HashMap<String, Object>();
additionalParams.put("xoauth_requestor_id", "[email protected]");

SignedRequest signedRequest2 = SignedRequestFactory.create(consumer, additionalParams);
SignedRequest signedRequest3 = SignedRequestFactory.create(consumer, accessToken, additionalParams);

Signature method HMAC-SHA1 (default)

SignedRequest signedRequest2 = SignedRequestFactory.create(consumer, SignatureMethod.HMAC_SHA1);

Signature method RSA-SHA1

SignedRequest signedRequest = SignedRequestFactory.create(consumer, SignatureMethod.RSA_SHA1);
signedRequest.setRsaPrivateKeyValue("-----BEGIN RSA PRIVATE KEY-----\n...");

Signature method PLAINTEXT

SignedRequest signedRequest = SignedRequestFactory.create(consumer, SignatureMethod.PLAINTEXT);

Getting the signature string

String Url = "http://example.com/";
HttpMethod method = HttpMethod.GET;
String nonce = "nonce_value";
long timestamp = 1272026745L;
String signature = signedRequest.getSignature(url, method, nonce, timestamp);
// -> "K7OrQ7UU+k94LnaezxFs4jBBekc="

Sending requests

GET

HttpResponse response = signedRequest.doGet("http://example.com/", "UTF-8");
response.getStatusCode(); // -> int
response.getHeaders();    // -> Map<String, String>
response.getBody();       // -> byte[]
response.getTextBody();   // -> String

POST

Map<String, Object> requestParameters = new HashMap<String, Object>();
requestParameters.put("something", "updated");
HttpResponse response = signedRequest.doPost("http://example.com/", requestParameters, "UTF-8");

or

byte[] body = "abc".getBytes();
String contentType = "text/plain";
RequestBody reuestBody = new RequestBody(body, contentType);
HttpResponse response = signedRequest.doPost("http://example.com/", reuestBody, "UTF-8");

Verifying the signature of the request

2-legged OAuth

String url = "http://localhost/test/";
String queryString = "foo=var";
String authorizationHeader = request.getHeader("Authorization");
OAuthConsumer consumer = new OAuthConsumer("key","secret");

boolean isValid = SignedRequestVerifier.verify(
                    url,
                    queryString,
                    authorizationHeader,
                    consumer,
                    HttpMethod.GET,
                    SignatureMethod.HMAC_SHA1);

or

String url = "http://localhost/test/";
String queryString = "foo=var";
String authorizationHeader = request.getHeader("Authorization");
OAuthConsumer consumer = new OAuthConsumer("key","secret");
Map<String, String> formParams = new HashMap<String, String>();
formParams.put("fizz", "buzz");

boolean isValid = SignedRequestVerifier.verifyPOST(
                    url,
                    queryString,
                    authorizationHeader,
                    consumer,
                    SignatureMethod.HMAC_SHA1,
                    formParams);

3-legged OAuth

String url = "http://localhost/test/";
String queryString = "foo=var";
String authorizationHeader = request.getHeader("Authorization");
OAuthConsumer consumer = new OAuthConsumer("key","secret");
OAuthAccessToken accessToken = new OAuthAccessToken("token", "token_secret");

boolean isValid = SignedRequestVerifier.verify(
                    url,
                    queryString,
                    authorizationHeader,
                    consumer,
                    accessToken,
                    HttpMethod.GET,
                    SignatureMethod.HMAC_SHA1);

or

String url = "http://localhost/test/";
String queryString = "foo=var";
String authorizationHeader = request.getHeader("Authorization");
OAuthConsumer consumer = new OAuthConsumer("key","secret");
OAuthAccessToken accessToken = new OAuthAccessToken("token", "token_secret");
Map<String, String> formParams = new HashMap<String, String>();
formParams.put("fizz", "buzz");

boolean isValid = SignedRequestVerifier.verifyPOST(
                    url,
                    queryString,
                    authorizationHeader,
                    consumer,
                    accessToken,
                    SignatureMethod.HMAC_SHA1,
                    formParams);

About

A Java library supporting OAuth 1.0 signing and verifying

oauth.net/core/1.0/#signing_process

Resources

Readme

License

Apache-2.0 license
Activity

Stars

4 stars

Watchers

6 watching

Forks

7 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages