if (consumer == null) {
throw newUnauthorizedException();
}
OAuthSecrets secrets = new OAuthSecrets().consumerSecret(consumer.getSecret());
OAuthSecurityContext sc;
String nonceKey;
if (token == null) {
if (consumer.getPrincipal() == null) {
throw newUnauthorizedException();
}
nonceKey = "c:" + consumerKey;
sc = new OAuthSecurityContext(consumer, request.isSecure());
} else {
OAuthToken accessToken = provider.getAccessToken(token);
if (accessToken == null) {
throw newUnauthorizedException();
}
OAuthConsumer atConsumer = accessToken.getConsumer();
if (atConsumer == null || !consumerKey.equals(atConsumer.getKey())) {
throw newUnauthorizedException();
}
nonceKey = "t:" + token;
secrets.tokenSecret(accessToken.getSecret());
sc = new OAuthSecurityContext(accessToken, request.isSecure());
}
if (!verifySignature(osr, params, secrets)) {
throw newUnauthorizedException();
}