You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@oltu.apache.org by si...@apache.org on 2010/07/09 18:08:20 UTC
svn commit: r962588 - in /incubator/amber/trunk/signature-api/src:
main/java/org/apache/amber/signature/
main/java/org/apache/amber/signature/beaninfo/
main/java/org/apache/amber/signature/credential/
main/java/org/apache/amber/signature/descriptors/ m...
Author: simonetripodi
Date: Fri Jul 9 16:08:19 2010
New Revision: 962588
URL: http://svn.apache.org/viewvc?rev=962588&view=rev
Log:
successfully integrated the API specifications in the concrete implementation
tests started working -YAHOOOOOO!!!
Added:
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/AbstractMethod.java (with props)
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/BasicKey.java (with props)
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/hmac/
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/hmac/HmacSha1Method.java (with props)
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/plaintext/
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/plaintext/PlaintextMethod.java (with props)
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/AbstractSimpleMethodTestCase.java
- copied, changed from r955627, incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/signers/AbstractMethodAlgorithmTestCase.java
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeOAuthRequest.java (with props)
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeToken.java (with props)
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/hmac/
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/hmac/HmacSha1MethodTestCase.java (with props)
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/plaintext/
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/plaintext/PlaintextMethodTestCase.java (with props)
Removed:
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/beaninfo/
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/credential/
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/descriptors/
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/message/
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/parameters/
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/AbstractKey.java
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/AbstractMethodAlgorithm.java
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/Key.java
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/SignatureException.java
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/SignatureMethod.java
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/SignatureMethodAlgorithm.java
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/SigningKey.java
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/VerifyingKey.java
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/hmac/
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/plaintext/
incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/signers/rsa/
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/signers/AbstractMethodAlgorithmTestCase.java
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/signers/hmac/
incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/signers/plaintext/
Added: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/AbstractMethod.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/AbstractMethod.java?rev=962588&view=auto
==============================================================================
--- incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/AbstractMethod.java (added)
+++ incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/AbstractMethod.java Fri Jul 9 16:08:19 2010
@@ -0,0 +1,328 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.amber.signature;
+
+import java.net.URL;
+import java.nio.charset.Charset;
+import java.util.ArrayList;
+import java.util.BitSet;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.amber.OAuthMessageParameter;
+import org.apache.amber.OAuthRequest;
+import org.apache.amber.OAuthRequestParameter;
+import org.apache.amber.OAuthToken;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.codec.net.URLCodec;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * Abstract implementation of OAuth signature method algorithm.
+ *
+ * @param <S> the {@link SigningKey} type.
+ * @param <V> the {@link VerifyingKey} type.
+ * @version $Id$
+ */
+public abstract class AbstractMethod implements SignatureMethod {
+
+ /**
+ * HTTP protocol name.
+ */
+ private static final String HTTP_PROTOCOL = "http";
+
+ /**
+ * HTTPS protocol name.
+ */
+ private static final String HTTPS_PROTOCOL = "https";
+
+ /**
+ * URL path separator.
+ */
+ private static final String PATH_SEPARATOR = "/";
+
+ /**
+ * URL scheme separator.
+ */
+ private static final String SCHEME_SEPARATOR = "://";
+
+ /**
+ * The default HTTP port ({@code 80}) constant.
+ */
+ private static final int DEFAULT_HTTP_PORT = 80;
+
+ /**
+ * The default HTTPS port ({@code 443}) constant.
+ */
+ private static final int DEFAULT_HTTPS_PORT = 443;
+
+ /**
+ * The empty string constant.
+ */
+ private static final String EMPTY = "";
+
+ /**
+ * The default {@code UTF-8} character encoding.
+ */
+ private static final Charset UTF_8 = Charset.forName("UTF-8");
+
+ /**
+ * The {@code RFC3986} unreserved chars.
+ */
+ private static final BitSet UNRESERVED_CHARS = new BitSet(256);
+
+ /**
+ * Static unreserved chars bit set initialization.
+ */
+ static {
+ for (byte b = 'A'; b <= 'Z'; b++) {
+ UNRESERVED_CHARS.set(b);
+ }
+ for (byte b = 'a'; b <= 'z'; b++) {
+ UNRESERVED_CHARS.set(b);
+ }
+ for (byte b = '0'; b <= '9'; b++) {
+ UNRESERVED_CHARS.set(b);
+ }
+
+ // special URL encoding chars
+ UNRESERVED_CHARS.set('-');
+ UNRESERVED_CHARS.set('.');
+ UNRESERVED_CHARS.set('_');
+ UNRESERVED_CHARS.set('~');
+ }
+
+ /**
+ * This class log.
+ */
+ private final Log log = LogFactory.getLog(this.getClass());
+
+ /**
+ * Return this class log.
+ *
+ * @return this class log.
+ */
+ protected Log getLog() {
+ return this.log;
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public final String calculate(SigningKey signingKey,
+ OAuthToken token,
+ OAuthRequest request) throws SignatureException {
+ if (signingKey == null) {
+ throw new IllegalArgumentException("parameter 'signingKey' must not be null");
+ }
+ if (request == null) {
+ throw new IllegalArgumentException("parameter 'request' must not be null");
+ }
+
+ String baseString = this.createBaseString(request);
+ String tokenSecret = extractTokenSecret(token);
+ return this.calculate(signingKey, tokenSecret, baseString);
+ }
+
+ /**
+ * Calculates the signature applying the method algorithm.
+ *
+ * @param signingKey the key has to be used to sign the request.
+ * @param tokenSecret the temporary/token credential.
+ * @param baseString the OAuth base string.
+ * @return the calculated signature.
+ * @throws SignatureException if any error occurs.
+ */
+ protected abstract String calculate(SigningKey signingKey, String tokenSecret, String baseString) throws SignatureException;
+
+ /**
+ * {@inheritDoc}
+ */
+ public final boolean verify(String signature,
+ VerifyingKey verifyingKey,
+ OAuthToken token,
+ OAuthRequest request) throws SignatureException {
+ if (signature == null) {
+ throw new IllegalArgumentException("parameter 'signature' must not be null");
+ }
+ if (verifyingKey == null) {
+ throw new IllegalArgumentException("parameter 'verifyingKey' must not be null");
+ }
+ if (request == null) {
+ throw new IllegalArgumentException("parameter 'request' must not be null");
+ }
+
+ String baseString = this.createBaseString(request);
+ String tokenSecret = extractTokenSecret(token);
+ return this.verify(signature, verifyingKey, tokenSecret, baseString);
+ }
+
+ /**
+ * Verifies the signature applying the method algorithm.
+ *
+ * @param signature the OAuth signature has to be verified.
+ * @param verifyingKey the key has to be used to verify the request.
+ * @param tokenSecret the temporary/token credential.
+ * @param baseString the OAuth base string.
+ * @return true if the signature is verified, false otherwise.
+ * @throws SignatureException if any error occurs.
+ */
+ protected abstract boolean verify(String signature, VerifyingKey verifyingKey, String tokenSecret, String baseString) throws SignatureException;
+
+ /**
+ * Calculates the OAuth base string.
+ *
+ * @param request
+ * @return the calculated OAuth base string.
+ * @throws SignatureException if any error occurs.
+ */
+ private String createBaseString(OAuthRequest request) throws SignatureException {
+ // the HTTP method
+ String method = request.getHTTPMethod().name();
+
+ // the normalized request URL
+ URL url = request.getRequestURL();
+ String scheme = url.getProtocol().toLowerCase();
+ String authority = url.getAuthority().toLowerCase();
+
+ int port = url.getPort();
+ if ((HTTP_PROTOCOL.equals(scheme) && DEFAULT_HTTP_PORT == port)
+ || (HTTPS_PROTOCOL.equals(scheme) && DEFAULT_HTTPS_PORT == port)) {
+ int index = authority.lastIndexOf(':');
+ if (index >= 0) {
+ authority = authority.substring(0, index);
+ }
+ }
+
+ String path = url.getPath();
+ if (path == null || path.length() <= 0) {
+ path = PATH_SEPARATOR; // conforms to RFC 2616 section 3.2.2
+ }
+
+ String requestUrl = new StringBuilder(scheme)
+ .append(SCHEME_SEPARATOR)
+ .append(authority)
+ .append(path)
+ .toString();
+
+ // parameters normalization
+ int normalizedParametersSize = request.getOAuthMessageParameters().size()
+ + request.getOAuthRequestParameters().size();
+ List<OAuthRequestParameter> normalizedParameters = new ArrayList<OAuthRequestParameter>(normalizedParametersSize);
+
+ for (OAuthMessageParameter parameter : request.getOAuthMessageParameters()) {
+ if (parameter.getKey().isIncludeInSignature()) {
+ encodeAndAddParameter(parameter.getKey().getLabel(), parameter.getValue(), normalizedParameters);
+ }
+ }
+
+ for (OAuthRequestParameter parameter : request.getOAuthRequestParameters()) {
+ if (request.getOAuthMessageParameters().contains(parameter)) {
+ throw new SignatureException("Request parameter "
+ + parameter
+ + " can't override an OAuth message one");
+ }
+ encodeAndAddParameter(parameter.getKey(), parameter.getValue(), normalizedParameters);
+ }
+
+ // now serialize the normalized parameters
+ StringBuilder normalizedParametersBuffer = new StringBuilder();
+ for (int i = 0; i < normalizedParameters.size(); i++) {
+ if (i > 0) {
+ normalizedParametersBuffer.append('&');
+ }
+
+ OAuthRequestParameter parameter = normalizedParameters.get(i);
+ normalizedParametersBuffer.append(parameter.getKey());
+ normalizedParametersBuffer.append('=');
+ normalizedParametersBuffer.append(parameter.getValue());
+ }
+
+ return new StringBuilder(method)
+ .append('&')
+ .append(percentEncode(requestUrl))
+ .append('&')
+ .append(percentEncode(normalizedParametersBuffer.toString()))
+ .toString();
+ }
+
+ private static final String extractTokenSecret(OAuthToken token) {
+ if (token == null) {
+ return EMPTY;
+ }
+ return token.getTokenSecret();
+ }
+
+ /**
+ * Applies the percent encoding algorithm to the input text.
+ *
+ * @param text the text has to be encoded.
+ * @return the encoded string.
+ */
+ protected static String percentEncode(String text) {
+ return new String(URLCodec.encodeUrl(UNRESERVED_CHARS, toUTF8Bytes(text)), UTF_8);
+ }
+
+ /**
+ * Converts the input text in a sequence of UTF-8 bytes.
+ *
+ * @param text the text has to be converted.
+ * @return the UTF-8 bytes sequence.
+ */
+ protected static byte[] toUTF8Bytes(String text) {
+ return text.getBytes(UTF_8);
+ }
+
+ /**
+ * Encodes a bytes sequence applying the Base64 algorithm without chuncking
+ * the output string.
+ *
+ * @param sequence the bytes sequence has to be encoded.
+ * @return the Base64 encoded string.
+ */
+ protected static String base64Encode(byte[] sequence) {
+ return new String(Base64.encodeBase64(sequence, false));
+ }
+
+ /**
+ * Decodes an input text to a bytes sequence applying the Base64 algorithm.
+ *
+ * @param text the text has to be encoded.
+ * @return the decoded bytes sequence;
+ */
+ protected static byte[] decodeBase64(String text) {
+ return Base64.decodeBase64(text);
+ }
+
+ /**
+ * Add the input parameter in the list, encoding the parameter name/value
+ * first, then putting it in the list in the right position
+ *
+ * @param parameter the input parameter.
+ * @param parametersList the list where add the parameter.
+ */
+ private static void encodeAndAddParameter(String name, String value, List<OAuthRequestParameter> parametersList) {
+ OAuthRequestParameter parameter = new OAuthRequestParameter(percentEncode(name), percentEncode(value));
+ int paramIndex = Collections.binarySearch(parametersList, parameter);
+ if (paramIndex < 0) {
+ paramIndex = -paramIndex - 1;
+ }
+ parametersList.add(paramIndex, parameter);
+ }
+
+}
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/AbstractMethod.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/AbstractMethod.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/AbstractMethod.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/BasicKey.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/BasicKey.java?rev=962588&view=auto
==============================================================================
--- incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/BasicKey.java (added)
+++ incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/BasicKey.java Fri Jul 9 16:08:19 2010
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.amber.signature;
+
+/**
+ *
+ *
+ * @version $Id$
+ */
+public final class BasicKey implements SigningKey, VerifyingKey {
+
+ private static final String[] METHODS = { "PLAINTEXT", "HMAC-SHA1" };
+
+ private final String value;
+
+ public BasicKey(String value) {
+ this.value = value;
+ }
+
+ public String getValue() {
+ return this.value;
+ }
+
+ public String[] getAlgorithmMethods() {
+ return METHODS;
+ }
+
+}
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/BasicKey.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/BasicKey.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/BasicKey.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/hmac/HmacSha1Method.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/hmac/HmacSha1Method.java?rev=962588&view=auto
==============================================================================
--- incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/hmac/HmacSha1Method.java (added)
+++ incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/hmac/HmacSha1Method.java Fri Jul 9 16:08:19 2010
@@ -0,0 +1,105 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.amber.signature.hmac;
+
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.amber.signature.AbstractMethod;
+import org.apache.amber.signature.SignatureException;
+import org.apache.amber.signature.SigningKey;
+import org.apache.amber.signature.VerifyingKey;
+
+/**
+ * HMAC-SHA1 Method implementation.
+ *
+ * @version $Id$
+ */
+public final class HmacSha1Method extends AbstractMethod {
+
+ private static final String HMAC_SHA1 = "HMAC-SHA1";
+
+ private static final String HMAC_SHA1_ALGORITHM = "HmacSHA1";
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ protected String calculate(SigningKey signingKey,
+ String tokenSecret,
+ String baseString) throws SignatureException {
+ String key = new StringBuilder(percentEncode(signingKey.getValue()))
+ .append('&')
+ .append(percentEncode(tokenSecret))
+ .toString();
+
+ SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(), HMAC_SHA1_ALGORITHM);
+
+ Mac mac = null;
+ try {
+ mac = Mac.getInstance(HMAC_SHA1_ALGORITHM);
+ } catch (NoSuchAlgorithmException e) {
+ throw new SignatureException("HMAC-SHA1 Algorithm not supported", e);
+ }
+
+ try {
+ mac.init(secretKeySpec);
+ } catch (InvalidKeyException e) {
+ throw new SignatureException(new StringBuilder("Signing key '")
+ .append(key)
+ .append("' caused HMAC-SHA1 error")
+ .toString(), e);
+ }
+
+ byte[] rawHmac = mac.doFinal(baseString.getBytes());
+
+ return base64Encode(rawHmac);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ protected boolean verify(String signature,
+ VerifyingKey verifyingKey,
+ String tokenSecret,
+ String baseString) throws SignatureException {
+ String expectedSignature = this.calculate((SigningKey) verifyingKey, tokenSecret, baseString);
+
+ if (this.getLog().isDebugEnabled()) {
+ this.getLog().debug(new StringBuilder("Received signature {")
+ .append(signature)
+ .append("} expected signature {")
+ .append(expectedSignature)
+ .append('}')
+ .toString());
+ }
+
+ return expectedSignature.equals(signature);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getAlgorithm() {
+ return HMAC_SHA1;
+ }
+
+}
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/hmac/HmacSha1Method.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/hmac/HmacSha1Method.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/hmac/HmacSha1Method.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/plaintext/PlaintextMethod.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/plaintext/PlaintextMethod.java?rev=962588&view=auto
==============================================================================
--- incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/plaintext/PlaintextMethod.java (added)
+++ incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/plaintext/PlaintextMethod.java Fri Jul 9 16:08:19 2010
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.amber.signature.plaintext;
+
+import org.apache.amber.signature.AbstractMethod;
+import org.apache.amber.signature.SignatureException;
+import org.apache.amber.signature.SigningKey;
+import org.apache.amber.signature.VerifyingKey;
+
+/**
+ * PLAINTEXT Method implementation.
+ *
+ * @version $Id$
+ */
+public final class PlaintextMethod extends AbstractMethod {
+
+ private static final String PLAINTEXT = "PLAINTEXT";
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ protected String calculate(SigningKey signingKey,
+ String tokenSecret,
+ String baseString) throws SignatureException {
+ return new StringBuilder(signingKey.getValue())
+ .append('&')
+ .append(tokenSecret)
+ .toString();
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ protected boolean verify(String signature,
+ VerifyingKey verifyingKey,
+ String tokenSecret,
+ String baseString) throws SignatureException {
+ String expectedSignature = this.calculate((SigningKey) verifyingKey, tokenSecret, baseString);
+
+ if (this.getLog().isDebugEnabled()) {
+ this.getLog().debug(new StringBuilder("Received signature {")
+ .append(signature)
+ .append("} expected signature {")
+ .append(expectedSignature)
+ .append('}')
+ .toString());
+ }
+
+ return expectedSignature.equals(signature);
+ }
+
+ /**
+ * {@inheritDoc}
+ */
+ public String getAlgorithm() {
+ return PLAINTEXT;
+ }
+
+}
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/plaintext/PlaintextMethod.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/plaintext/PlaintextMethod.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: incubator/amber/trunk/signature-api/src/main/java/org/apache/amber/signature/plaintext/PlaintextMethod.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Copied: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/AbstractSimpleMethodTestCase.java (from r955627, incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/signers/AbstractMethodAlgorithmTestCase.java)
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/AbstractSimpleMethodTestCase.java?p2=incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/AbstractSimpleMethodTestCase.java&p1=incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/signers/AbstractMethodAlgorithmTestCase.java&r1=955627&r2=962588&rev=962588&view=diff
==============================================================================
--- incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/signers/AbstractMethodAlgorithmTestCase.java (original)
+++ incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/AbstractSimpleMethodTestCase.java Fri Jul 9 16:08:19 2010
@@ -14,21 +14,22 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-package org.apache.amber.signature.signers;
+package org.apache.amber.signature;
import static junit.framework.Assert.assertTrue;
import java.net.URL;
-import org.apache.amber.signature.descriptors.HTTPMethod;
-import org.apache.amber.signature.descriptors.Service;
-import org.apache.amber.signature.message.TokenRequestMessage;
-import org.apache.amber.signature.parameters.Parameter;
-import org.apache.amber.signature.signers.SignatureMethod;
-import org.apache.amber.signature.signers.SignatureMethodAlgorithm;
-import org.apache.amber.signature.signers.SigningKey;
-import org.apache.amber.signature.signers.VerifyingKey;
-
+import org.apache.amber.HTTPMethod;
+import org.apache.amber.OAuthMessageParameter;
+import org.apache.amber.OAuthParameter;
+import org.apache.amber.OAuthRequest;
+import org.apache.amber.OAuthRequestParameter;
+import org.apache.amber.OAuthToken;
+import org.apache.amber.Version;
+import org.apache.amber.signature.SignatureMethod;
+import org.apache.amber.signature.SigningKey;
+import org.apache.amber.signature.VerifyingKey;
/**
* Abstract implementation of OAuth signature method algorithm test case.
@@ -36,34 +37,36 @@ import org.apache.amber.signature.signer
* @param <S> the {@link SigningKey} type.
* @param <V> the {@link VerifyingKey} type.
*/
-public abstract class AbstractMethodAlgorithmTestCase<S extends SigningKey, V extends VerifyingKey> {
+public abstract class AbstractSimpleMethodTestCase {
- protected void verifySignature(S signingKey,
- V verifyingKey,
- SignatureMethodAlgorithm<S, V> methodAlgorithm,
+ protected void verifySignature(SignatureMethod signatureMethod,
String expectedSignature) throws Exception {
- // token secret
- String secretCredential = "pfkkdhi9sl3r4s00";
+ OAuthRequest request = new FakeOAuthRequest();
+ request.setRequestURL(new URL("http://photos.example.net/photos"));
+ request.setHTTPMethod(HTTPMethod.GET);
+ addMessageParameter(OAuthParameter.CONSUMER_KEY, "dpf43f3p2l4k3l03", request);
+ addMessageParameter(OAuthParameter.NONCE, "kllo9940pd9333jh", request);
+ addMessageParameter(OAuthParameter.SIGNATURE_METHOD, signatureMethod.getAlgorithm(), request);
+ addMessageParameter(OAuthParameter.TIMESTAMP, "1191242096", request);
+ addMessageParameter(OAuthParameter.TOKEN, "nnch734d00sl2jdk", request);
+ addMessageParameter(OAuthParameter.VERSION, Version.v1_0.toString(), request);
+ addMessageParameter("size", "original", request);
+ addMessageParameter("file", "vacation.jpg", request);
+
+ OAuthToken token = new FakeToken();
+ token.setTokenSecret("pfkkdhi9sl3r4s00");
+
+ VerifyingKey verifyingKey = new BasicKey("kd94hf93k423kf44");
+
+ assertTrue(signatureMethod.verify(expectedSignature, verifyingKey, token, request));
+ }
+
+ private static void addMessageParameter(OAuthParameter parameter, String value, OAuthRequest request) {
+ request.addOAuthMessageParameter(new OAuthMessageParameter(parameter, value));
+ }
- // oauth message
- TokenRequestMessage message = new TokenRequestMessage();
- message.setClientIdentifier("dpf43f3p2l4k3l03");
- message.setNonce("kllo9940pd9333jh");
- message.setSignatureMethod(methodAlgorithm.getClass().getAnnotation(SignatureMethod.class).value());
- message.setTimestamp(1191242096);
- message.setToken("nnch734d00sl2jdk");
- message.setVersion(TokenRequestMessage.DEFAULT_VERSION);
-
- // the service has to be invoked
- Service service = new Service(HTTPMethod.GET, new URL("http://photos.example.net/photos"));
-
- assertTrue(methodAlgorithm.verify(expectedSignature,
- verifyingKey,
- secretCredential,
- service,
- message,
- new Parameter("size", "original"),
- new Parameter("file", "vacation.jpg")));
+ private static void addMessageParameter(String name, String value, OAuthRequest request) {
+ request.addOAuthRequestParameter(new OAuthRequestParameter(name, value));
}
}
Added: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeOAuthRequest.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeOAuthRequest.java?rev=962588&view=auto
==============================================================================
--- incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeOAuthRequest.java (added)
+++ incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeOAuthRequest.java Fri Jul 9 16:08:19 2010
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.amber.signature;
+
+import java.net.URL;
+import java.util.Collection;
+import java.util.HashSet;
+
+import org.apache.amber.HTTPMethod;
+import org.apache.amber.OAuthMessageParameter;
+import org.apache.amber.OAuthRequest;
+import org.apache.amber.OAuthRequestParameter;
+
+/**
+ *
+ * @version $Id$
+ */
+final class FakeOAuthRequest implements OAuthRequest {
+
+ private HTTPMethod httpMethod;
+
+ private URL requestURL;
+
+ private final Collection<OAuthMessageParameter> messageParameters = new HashSet<OAuthMessageParameter>();
+
+ private final Collection<OAuthRequestParameter> requestParameters = new HashSet<OAuthRequestParameter>();
+
+ public void addOAuthMessageParameter(OAuthMessageParameter parameter) {
+ this.messageParameters.add(parameter);
+ }
+
+ public void addOAuthRequestParameter(OAuthRequestParameter parameter) {
+ this.requestParameters.add(parameter);
+ }
+
+ public HTTPMethod getHTTPMethod() {
+ return this.httpMethod;
+ }
+
+ public void setHTTPMethod(HTTPMethod httpMethod) {
+ this.httpMethod = httpMethod;
+ }
+
+ public Collection<OAuthMessageParameter> getOAuthMessageParameters() {
+ return this.messageParameters;
+ }
+
+ public Collection<OAuthRequestParameter> getOAuthRequestParameters() {
+ return this.requestParameters;
+ }
+
+ public URL getRequestURL() {
+ return this.requestURL;
+ }
+
+ public void setRequestURL(URL requestURL) {
+ this.requestURL = requestURL;
+ }
+
+}
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeOAuthRequest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeOAuthRequest.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeOAuthRequest.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeToken.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeToken.java?rev=962588&view=auto
==============================================================================
--- incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeToken.java (added)
+++ incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeToken.java Fri Jul 9 16:08:19 2010
@@ -0,0 +1,53 @@
+package org.apache.amber.signature;
+
+import java.util.Set;
+import java.util.Map.Entry;
+
+import org.apache.amber.OAuthToken;
+
+final class FakeToken implements OAuthToken {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = -4501539974041422272L;
+
+ private String tokenSecret;
+
+ public void addAdditionalParameters(String name, String value) {
+ // unneded for test purposes
+ }
+
+ public Set<Entry<String, String>> additionalParametersEntrySet() {
+ // unneded for test purposes
+ return null;
+ }
+
+ public String getToken() {
+ // unneded for test purposes
+ return null;
+ }
+
+ public String getTokenSecret() {
+ // unneded for test purposes
+ return this.tokenSecret;
+ }
+
+ public boolean isCallbackConfirmed() {
+ // unneded for test purposes
+ return false;
+ }
+
+ public void setCallbackConfirmed(boolean callbackConfirmed) {
+ // unneded for test purposes
+ }
+
+ public void setToken(String token) {
+ // unneded for test purposes
+ }
+
+ public void setTokenSecret(String tokenSecret) {
+ this.tokenSecret = tokenSecret;
+ }
+
+}
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeToken.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeToken.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/FakeToken.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/hmac/HmacSha1MethodTestCase.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/hmac/HmacSha1MethodTestCase.java?rev=962588&view=auto
==============================================================================
--- incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/hmac/HmacSha1MethodTestCase.java (added)
+++ incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/hmac/HmacSha1MethodTestCase.java Fri Jul 9 16:08:19 2010
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.amber.signature.hmac;
+
+import org.apache.amber.signature.AbstractSimpleMethodTestCase;
+import org.junit.Test;
+
+/**
+ * HMAC-SHA1 Method test case implementation.
+ *
+ * @version $Id$
+ */
+public class HmacSha1MethodTestCase extends AbstractSimpleMethodTestCase {
+
+ @Test
+ public void verifyHmacSha1MethodAlgorithm() throws Exception {
+ this.verifySignature(new HmacSha1Method(), "tR3+Ty81lMeYAr/Fid0kMTYa/WM=");
+ }
+
+}
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/hmac/HmacSha1MethodTestCase.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/hmac/HmacSha1MethodTestCase.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/hmac/HmacSha1MethodTestCase.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/plaintext/PlaintextMethodTestCase.java
URL: http://svn.apache.org/viewvc/incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/plaintext/PlaintextMethodTestCase.java?rev=962588&view=auto
==============================================================================
--- incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/plaintext/PlaintextMethodTestCase.java (added)
+++ incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/plaintext/PlaintextMethodTestCase.java Fri Jul 9 16:08:19 2010
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.amber.signature.plaintext;
+
+import org.apache.amber.signature.AbstractSimpleMethodTestCase;
+import org.junit.Test;
+
+/**
+ * HMAC-SHA1 Method test case implementation.
+ *
+ * @version $Id$
+ */
+public class PlaintextMethodTestCase extends AbstractSimpleMethodTestCase {
+
+ @Test
+ public void verifyHmacSha1MethodAlgorithm() throws Exception {
+ this.verifySignature(new PlaintextMethod(), "kd94hf93k423kf44&pfkkdhi9sl3r4s00");
+ }
+
+}
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/plaintext/PlaintextMethodTestCase.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/plaintext/PlaintextMethodTestCase.java
------------------------------------------------------------------------------
svn:keywords = Date Author Id Revision HeadURL
Propchange: incubator/amber/trunk/signature-api/src/test/java/org/apache/amber/signature/plaintext/PlaintextMethodTestCase.java
------------------------------------------------------------------------------
svn:mime-type = text/plain