final OAuth2HandlerError handlerError = MacTokenHandler.validateOAuth2Params(accessor, request);
if (handlerError != null) {
return handlerError;
}
final OAuth2Token accessToken = accessor.getAccessToken();
String ext = accessToken.getMacExt();
if ((ext == null) || (ext.length() == 0)) {
ext = "";
}
// REQUIRED. The MAC key identifier.
final String id = new String(accessToken.getSecret(), "UTF-8");
// REQUIRED. A unique string generated by the client to allow the
// server to verify that a request has never been made before and
// helps prevent replay attacks when requests are made over an
// insecure channel. The nonce value MUST be unique across all
// requests with the same MAC key identifier.
// The nonce value MUST consist of the age of the MAC credentials
// expressed as the number of seconds since the credentials were
// issued to the client, a colon character (%x25), and a unique
// string (typically random). The age value MUST be a positive
// integer and MUST NOT include leading zeros (e.g.
// "000137131200"). For example: "273156:di3hvdf8".
// To avoid the need to retain an infinite number of nonce values
// for future checks, the server MAY choose to restrict the time
// period after which a request with an old age is rejected. If
// such a restriction is enforced, the server SHOULD allow for a
// sufficiently large window to accommodate network delays which
// will affect the credentials issue time used by the client to
// calculate the credentials' age.
final long currentTime = System.currentTimeMillis() / 1000;
final String nonce = Long.toString(currentTime - accessToken.getIssuedAt()) + ':'
+ String.valueOf(Math.abs(Crypto.RAND.nextLong()));
// OPTIONAL. The HTTP request payload body hash as described in
// Section 3.2.
String bodyHash = MacTokenHandler.getBodyHash(request, accessToken.getMacSecret(),
accessToken.getMacAlgorithm());
if (bodyHash == null) {
bodyHash = "";
}
// mac
// REQUIRED. The HTTP request MAC as described in Section 3.3.
final Uri uri = request.getUri();
String uriString = uri.getPath();
if (uri.getQuery() != null) {
uriString = uriString + '?' + uri.getQuery();
}
String host = uri.getAuthority();
String port = "80";
final int index = host.indexOf(':');
if (index > 0) {
port = host.substring(index + 1);
host = host.substring(0, index);
} else {
final String scheme = uri.getScheme();
if ("https".equals(scheme)) {
port = "443";
}
}
final String mac = MacTokenHandler.getMac(nonce, request.getMethod(), uriString, host, port,
bodyHash, ext, accessToken.getMacSecret(), accessToken.getMacAlgorithm());
final String headerString = buildHeaderString(id, nonce, bodyHash, ext, mac);
request.setHeader(OAuth2Message.AUTHORIZATION_HEADER, headerString);
return null;