用Java或Groovy填充有效的oauth_signature的绝对最小代码? [英] Absolute minimum code to get a valid oauth_signature populated in Java or Groovy?
本文介绍了用Java或Groovy填充有效的oauth_signature的绝对最小代码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的测试工具会发送HTTP请求,但我需要准备授权标头。
我需要:我想要一个有效的授权标题
我拥有:除了oauth_signature
之外的所有标题我也有2个秘密,token_secret和consumer_secret。我也拥有access_token。所以它真的归结为,必须签署这个请求。我怎么做?
摘要:我只需填充RESTful服务的授权标头的oauth_signature部分。
基本上:
oAuthHeader = OAuth的;
oAuthHeader = oAuthHeader +oauth_signature_method =+ oauth_signature_method;
oAuthHeader = oAuthHeader +,oauth_version =+ oauth_version;
oAuthHeader = oAuthHeader +,oauth_nonce =+ oauth_nonce;
oAuthHeader = oAuthHeader +,oauth_timestamp =+ oauth_timestamp;
oAuthHeader = oAuthHeader +,oauth_consumer_key =+ oauth_consumer_key;
oAuthHeader = oAuthHeader +,oauth_token =+ oauth_token;
oAuthHeader = oAuthHeader +,oauth_signature =+ ** oauth_signature **;
授权= oAuthHeader;
我的问题是我没有它的oauth_signature部分。我不知道如何得到它。请帮忙?
解决方案
这是我的Flickr OAuth代码。注意:我引用了来自SignPost的一些逻辑。生成签名确实非常棘手....确定。这只是生成oauth_signature的一个例子
package oauthflickr;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
导入org.apache.http.HttpEntity;
导入org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
导入org.apache.http.client.utils.URIUtils;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
/ **
*一个简单的程序来获取flickr令牌和令牌秘密。
*
* @author Mark Zang
*
* /
public class OAuthForFlickr {
private static String key =_________________________;
private static String secret =___________;
private static final String HMAC_SHA1 =HmacSHA1;
private static final String ENC =UTF-8;
private static Base64 base64 = new Base64();
/ **
*
* @param url
*request_token的网址URLEncoded。
* @param params
*参数字符串,URLEncoded。
* @return
* @throws UnsupportedEncodingException
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
* /
private static String getSignature(String url,String params)
抛出UnsupportedEncodingException,NoSuchAlgorithmException,
InvalidKeyException {
/ **
* base有三部分,它们通过&连接:1)protocol 2)URL
*(需要URLEncoded)3)参数列表(需要URLEncoded)。
* /
StringBuilder base = new StringBuilder();
base.append(GET&);
base.append(url);
base.append(&);
base.append(params);
System.out.println(生成oauth_signature的Stirng:+ base);
//是的,不要问我为什么,需要添加一个&到
//密钥的末尾。
byte [] keyBytes =(secret +&)。getBytes(ENC);
SecretKey key = new SecretKeySpec(keyBytes,HMAC_SHA1);
Mac mac = Mac.getInstance(HMAC_SHA1);
mac.init(key);
//将其编码,base64,将其更改为字符串并返回。
return new String(base64.encode(mac.doFinal(base.toString()。getBytes(
ENC))),ENC).trim();
}
/ **
* @param args
* @throws IOException
* @throws ClientProtocolException
* @throws URISyntaxException
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
* /
public static void main(String [] args)throws ClientProtocolException,
IOException,URISyntaxException,InvalidKeyException,
NoSuchAlgorithmException {
HttpClient httpclient = new DefaultHttpClient();
列表< NameValuePair> qparams = new ArrayList< NameValuePair>();
//这些参数应该在键
中定购qparams.add(new BasicNameValuePair(oauth_callback,oob));
qparams.add(new BasicNameValuePair(oauth_consumer_key,key));
qparams.add(new BasicNameValuePair(oauth_nonce,
+(int)(Math.random()* 100000000)));
qparams.add(new BasicNameValuePair(oauth_signature_method,
HMAC-SHA1));
qparams.add(new BasicNameValuePair(oauth_timestamp,
+(System.currentTimeMillis()/ 1000)));
qparams.add(new BasicNameValuePair(oauth_version,1.0));
//生成oauth_signature
字符串签名= getSignature(URLEncoder.encode(
http://www.flickr.com/services/oauth/request_token,ENC) ,
URLEncoder.encode(URLEncodedUtils.format(qparams,ENC),ENC));
//将其添加到参数列表
qparams.add(new BasicNameValuePair(oauth_signature,signature));
//生成导致access_token和token_secret的URI。
URI uri = URIUtils.createURI(http,www.flickr.com,-1,
/ services / oauth / request_token,
URLEncodedUtils.format(qparams,ENC ), 空值);
System.out.println(Get Token and Token Secrect from:
+ uri.toString());
HttpGet httpget = new HttpGet(uri);
//输出响应内容。
System.out.println(奥肯和令牌秘诀:);
HttpResponse响应= httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
if(entity!= null){
InputStream instream = entity.getContent();
int len;
byte [] tmp = new byte [2048]; ((len = instream.read(tmp))!= -1){
System.out.println(new String(tmp,0,len,ENC));
}
}
}
}
SO I am testing a Rest OAuth implementation. My testing tool will send the HTTP Request, but I need to prepare the Authorization header.
What I need: I want a valid Authorization Header
What I have: All the headers except the oauth_signature I also have the 2 secrets, the token_secret and the consumer_secret. I also posses the access_token. So It really boils down to, having to sign this request. How do I do that?
Summary: I simply need to populate the oauth_signature portion of the Authorization header for a RESTful service. How do I do it?
Basically:
oAuthHeader="OAuth";
oAuthHeader=oAuthHeader+" oauth_signature_method="+oauth_signature_method;
oAuthHeader=oAuthHeader+",oauth_version="+oauth_version;
oAuthHeader=oAuthHeader+",oauth_nonce="+oauth_nonce;
oAuthHeader=oAuthHeader+",oauth_timestamp="+oauth_timestamp;
oAuthHeader=oAuthHeader+",oauth_consumer_key="+oauth_consumer_key;
oAuthHeader=oAuthHeader+",oauth_token="+oauth_token;
oAuthHeader=oAuthHeader+",oauth_signature="+**oauth_signature**;
Authorization = oAuthHeader;
My problem is I do not have the oauth_signature portion of it. And I do not know how to get it. Help please?
解决方案
Here is my code for Flickr OAuth. NOTICE: I REFERED some logic from SignPost. It is really very tricky to generate it signature.... OK. This is just an example for generate the "oauth_signature"
package oauthflickr;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URIUtils;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
/**
* a simple program to get flickr token and token secret.
*
* @author Mark Zang
*
*/
public class OAuthForFlickr {
private static String key = "_________________________";
private static String secret = "___________";
private static final String HMAC_SHA1 = "HmacSHA1";
private static final String ENC = "UTF-8";
private static Base64 base64 = new Base64();
/**
*
* @param url
* the url for "request_token" URLEncoded.
* @param params
* parameters string, URLEncoded.
* @return
* @throws UnsupportedEncodingException
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
*/
private static String getSignature(String url, String params)
throws UnsupportedEncodingException, NoSuchAlgorithmException,
InvalidKeyException {
/**
* base has three parts, they are connected by "&": 1) protocol 2) URL
* (need to be URLEncoded) 3) Parameter List (need to be URLEncoded).
*/
StringBuilder base = new StringBuilder();
base.append("GET&");
base.append(url);
base.append("&");
base.append(params);
System.out.println("Stirng for oauth_signature generation:" + base);
// yea, don't ask me why, it is needed to append a "&" to the end of
// secret key.
byte[] keyBytes = (secret + "&").getBytes(ENC);
SecretKey key = new SecretKeySpec(keyBytes, HMAC_SHA1);
Mac mac = Mac.getInstance(HMAC_SHA1);
mac.init(key);
// encode it, base64 it, change it to string and return.
return new String(base64.encode(mac.doFinal(base.toString().getBytes(
ENC))), ENC).trim();
}
/**
* @param args
* @throws IOException
* @throws ClientProtocolException
* @throws URISyntaxException
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
*/
public static void main(String[] args) throws ClientProtocolException,
IOException, URISyntaxException, InvalidKeyException,
NoSuchAlgorithmException {
HttpClient httpclient = new DefaultHttpClient();
List<NameValuePair> qparams = new ArrayList<NameValuePair>();
// These params should ordered in key
qparams.add(new BasicNameValuePair("oauth_callback", "oob"));
qparams.add(new BasicNameValuePair("oauth_consumer_key", key));
qparams.add(new BasicNameValuePair("oauth_nonce", ""
+ (int) (Math.random() * 100000000)));
qparams.add(new BasicNameValuePair("oauth_signature_method",
"HMAC-SHA1"));
qparams.add(new BasicNameValuePair("oauth_timestamp", ""
+ (System.currentTimeMillis() / 1000)));
qparams.add(new BasicNameValuePair("oauth_version", "1.0"));
// generate the oauth_signature
String signature = getSignature(URLEncoder.encode(
"http://www.flickr.com/services/oauth/request_token", ENC),
URLEncoder.encode(URLEncodedUtils.format(qparams, ENC), ENC));
// add it to params list
qparams.add(new BasicNameValuePair("oauth_signature", signature));
// generate URI which lead to access_token and token_secret.
URI uri = URIUtils.createURI("http", "www.flickr.com", -1,
"/services/oauth/request_token",
URLEncodedUtils.format(qparams, ENC), null);
System.out.println("Get Token and Token Secrect from:"
+ uri.toString());
HttpGet httpget = new HttpGet(uri);
// output the response content.
System.out.println("oken and Token Secrect:");
HttpResponse response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
if (entity != null) {
InputStream instream = entity.getContent();
int len;
byte[] tmp = new byte[2048];
while ((len = instream.read(tmp)) != -1) {
System.out.println(new String(tmp, 0, len, ENC));
}
}
}
}
这篇关于用Java或Groovy填充有效的oauth_signature的绝对最小代码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
