Examples of oauth.signpost.http.HttpParameters

• oauth.signpost.http.HttpParameters
  .net/core/1.0a/#anchor13}. Every key/value pair will be percent-encoded upon insertion. This class has special semantics tailored to being useful for message signing; it's not a general purpose collection class to handle request parameters. @author Matthias Kaeppler

   *            access token
   * @return an exception to throw for the given content
   */
  private BellaDatiRuntimeException buildException(int code, byte[] content, boolean hasToken) {
    try {
      HttpParameters oauthParams = OAuth.decodeForm(new ByteArrayInputStream(content));
      if (oauthParams.containsKey("oauth_problem")) {
        String problem = oauthParams.getFirst("oauth_problem");
        if ("missing_consumer".equals(problem) || "invalid_consumer".equals(problem)) {
          return new AuthorizationException(Reason.CONSUMER_KEY_UNKNOWN);
        } else if ("invalid_signature".equals(problem) || "signature_invalid".equals(problem)) {
          return new AuthorizationException(hasToken ? Reason.TOKEN_INVALID : Reason.CONSUMER_SECRET_INVALID);
        } else if ("domain_expired".equals(problem)) {
          return new AuthorizationException(Reason.DOMAIN_EXPIRED);
        } else if ("missing_token".equals(problem) || "invalid_token".equals(problem)) {
          return new AuthorizationException(Reason.TOKEN_INVALID);
        } else if ("unauthorized_token".equals(problem)) {
          return new AuthorizationException(Reason.TOKEN_UNAUTHORIZED);
        } else if ("token_expired".equals(problem)) {
          return new AuthorizationException(Reason.TOKEN_EXPIRED);
        } else if ("x_auth_disabled".equals(problem)) {
          return new AuthorizationException(Reason.X_AUTH_DISABLED);
        } else if ("piccolo_not_enabled".equals(problem)) {
          return new AuthorizationException(Reason.BD_MOBILE_DISABLED);
        } else if ("missing_username".equals(problem) || "missing_password".equals(problem)
          || "invalid_credentials".equals(problem) || "permission_denied".equals(problem)) {
          return new AuthorizationException(Reason.USER_CREDENTIALS_INVALID);
        } else if ("account_locked".equals(problem) || "user_not_active".equals(problem)) {
          return new AuthorizationException(Reason.USER_ACCOUNT_LOCKED);
        } else if ("domain_restricted".equals(problem)) {
          return new AuthorizationException(Reason.USER_DOMAIN_MISMATCH);
        } else if ("timestamp_refused".equals(problem)) {
          String acceptable = oauthParams.getFirst("oauth_acceptable_timestamps");
          if (acceptable != null && acceptable.contains("-")) {
            return new InvalidTimestampException(Long.parseLong(acceptable.split("-")[0]), Long.parseLong(acceptable
              .split("-")[1]));
          }
        }

    @Test
    public void shouldNormalizeParameters() throws Exception {

        // should ignore signature, callback, and realm params
        HttpParameters params = new HttpParameters();
        params.put("a", "1", true);
        params.put("realm", "www.example.com", true);
        params.put("oauth_signature", "12345", true);
        String result = new SignatureBaseString(httpGetMock, params).normalizeRequestParameters();
        assertEquals("a=1", result);

        // example from OAuth spec
        params = new HttpParameters();
        params.put("a", "1", true);
        params.put("c", "hi there", true);
        params.put("f", "25", true);
        params.put("f", "50", true);
        params.put("f", "a", true);
        params.put("z", "p", true);
        params.put("z", "t", true);
        String expected = "a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t";
        result = new SignatureBaseString(httpGetMock, params).normalizeRequestParameters();
        assertEquals(expected, result);

        // examples from the official test cases on
        // http://oauth.pbwiki.com/TestCases
        params = new HttpParameters();
        params.put("a", "x!y", true);
        params.put("a", "x y", true);
        expected = "a=x%20y&a=x%21y";
        result = new SignatureBaseString(httpGetMock, params).normalizeRequestParameters();
        assertEquals(expected, result);

        params = new HttpParameters();
        params.put("name", "", true);
        assertEquals("name=", new SignatureBaseString(httpGetMock, params)
            .normalizeRequestParameters());
        params.putNull("name", null);
        assertEquals("name=", new SignatureBaseString(httpGetMock, params)
            .normalizeRequestParameters());
    }

    public void shouldEncodeAndConcatenateAllSignatureParts() throws Exception {
        HttpRequest request = mock(HttpRequest.class);
        when(request.getMethod()).thenReturn("GET");
        when(request.getRequestUrl()).thenReturn("http://example.com");

        HttpParameters params = new HttpParameters();
        params.put("a", "1");

        SignatureBaseString sbs = new SignatureBaseString(request, params);

        //TODO: Is it correct that a trailing slash is always added to the
        //request URL authority if the path is empty?

    public void shouldWorkWithBracketsInParameterName() throws Exception {
        HttpRequest request = mock(HttpRequest.class);
        when(request.getMethod()).thenReturn("GET");
        when(request.getRequestUrl()).thenReturn("http://examplebrackets.com");

        HttpParameters params = new HttpParameters();
        params.put("a[]", "1", true);

        SignatureBaseString sbs = new SignatureBaseString(request, params);

        assertEquals("GET&http%3A%2F%2Fexamplebrackets.com%2F&a%255B%255D%3D1", sbs.generate());
    }

    public void shouldWorkWithMultipleParametersWithBracketsOfSameName() throws Exception {
        HttpRequest request = mock(HttpRequest.class);
        when(request.getMethod()).thenReturn("GET");
        when(request.getRequestUrl()).thenReturn("http://examplemultiple.com");

        HttpParameters params = new HttpParameters();
        params.put("a[]", "1", true);
        params.put("a[]", "2", true);

        SignatureBaseString sbs = new SignatureBaseString(request, params);

        assertEquals("GET&http%3A%2F%2Fexamplemultiple.com%2F&a%255B%255D%3D1%26a%255B%255D%3D2", sbs.generate());
    }

        HttpRequest request = mock(HttpRequest.class);
        when(request.getRequestUrl()).thenReturn("http://photos.example.net/photos");
        when(request.getMethod()).thenReturn("GET");

        HttpParameters params = new HttpParameters();
        params.putAll(OAUTH_PARAMS);
        params.put("file", "vacation.jpg");
        params.put("size", "original");

        assertEquals("tR3+Ty81lMeYAr/Fid0kMTYa/WM=", signer.sign(request, params));
    }

    @Test
    public void testDifferentSigningStrategies() throws Exception {
        SigningStrategy strategy = null;
        String signature = "123";
        HttpParameters params = new HttpParameters();
        params.put("realm", "http://x.com");
        params.put("oauth_token", "abc");
        params.put("x_oauth_custom_param", "cde");
        params.put("should_not_appear", "nono");

        strategy = new AuthorizationHeaderSigningStrategy();
        assertEquals(
                "OAuth realm=\"http://x.com\", oauth_signature=\"123\", oauth_token=\"abc\", x_oauth_custom_param=\"cde\"",
                strategy.writeSignature(signature, httpGetMock, params));

        provider = buildProvider(REQUEST_TOKEN_ENDPOINT_URL, ACCESS_TOKEN_ENDPOINT_URL,
            AUTHORIZE_WEBSITE_URL, false);
        provider.setOAuth10a(true);

        // prepare a provider that has response params set
        HttpParameters params = new HttpParameters();
        params.put("a", "1");
        ((AbstractOAuthProvider) provider).setResponseParameters(params);

        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        ObjectOutputStream ostream = new ObjectOutputStream(baos);
        ostream.writeObject(provider);

        return new String(b.toByteArray());
    }

    /** Parse a form-urlencoded document. */
    public static HttpParameters decodeForm(String form) {
        HttpParameters params = new HttpParameters();
        if (isEmpty(form)) {
            return params;
        }
        for (String nvp : form.split("\\&")) {
            int equals = nvp.indexOf('=');
            String name;
            String value;
            if (equals < 0) {
                name = percentDecode(nvp);
                value = null;
            } else {
                name = percentDecode(nvp.substring(0, equals));
                value = percentDecode(nvp.substring(equals + 1));
            }

            params.put(name, value);
        }
        return params;
    }

        }
        return sb.toString();
    }

    public static HttpParameters oauthHeaderToParamsMap(String oauthHeader) {
        HttpParameters params = new HttpParameters();
        if (oauthHeader == null || !oauthHeader.startsWith("OAuth ")) {
            return params;
        }
        oauthHeader = oauthHeader.substring("OAuth ".length());
        String[] elements = oauthHeader.split(",");
        for (String keyValuePair : elements) {
            String[] keyValue = keyValuePair.split("=");
            params.put(keyValue[0].trim(), keyValue[1].replace("\"", "").trim());
        }
        return params;
    }