Changeset 6849 in josm for trunk/src/oauth/signpost/signature

Timestamp:

2014-02-13T21:10:18+01:00 (11 years ago)

Author:

stoecker

Message:

see #9710 - update oauth library code

Location:

trunk/src/oauth/signpost/signature

Files:

• AuthorizationHeaderSigningStrategy.java (modified) (2 diffs)
• QueryStringSigningStrategy.java (modified) (2 diffs)
• SignatureBaseString.java (modified) (1 diff)

trunk/src/oauth/signpost/signature/AuthorizationHeaderSigningStrategy.java

@@ -1 +1 @@
 package oauth.signpost.signature;
+
+import java.util.Iterator;
 
 import oauth.signpost.OAuth;
@@ -19 +21 @@
 
         sb.append("OAuth ");
+
+        // add the realm parameter, if any
         if (requestParameters.containsKey("realm")) {
             sb.append(requestParameters.getAsHeaderElement("realm"));
             sb.append(", ");
         }
-        if (requestParameters.containsKey(OAuth.OAUTH_TOKEN)) {
-            sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_TOKEN));
-            sb.append(", ");
+
+        // add all (x_)oauth parameters
+        HttpParameters oauthParams = requestParameters.getOAuthParameters();
+        oauthParams.put(OAuth.OAUTH_SIGNATURE, signature, true);
+
+        Iterator<String> iter = oauthParams.keySet().iterator();
+        while (iter.hasNext()) {
+            String key = iter.next();
+            sb.append(oauthParams.getAsHeaderElement(key));
+            if (iter.hasNext()) {
+                sb.append(", ");
+            }
         }
-        if (requestParameters.containsKey(OAuth.OAUTH_CALLBACK)) {
-            sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_CALLBACK));
-            sb.append(", ");
-        }
-        if (requestParameters.containsKey(OAuth.OAUTH_VERIFIER)) {
-            sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_VERIFIER));
-            sb.append(", ");
-        }
-        sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_CONSUMER_KEY));
-        sb.append(", ");
-        sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_VERSION));
-        sb.append(", ");
-        sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_SIGNATURE_METHOD));
-        sb.append(", ");
-        sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_TIMESTAMP));
-        sb.append(", ");
-        sb.append(requestParameters.getAsHeaderElement(OAuth.OAUTH_NONCE));
-        sb.append(", ");
-        sb.append(OAuth.toHeaderElement(OAuth.OAUTH_SIGNATURE, signature));
 
         String header = sb.toString();
+        OAuth.debugOut("Auth Header", header);
         request.setHeader(OAuth.HTTP_AUTHORIZATION_HEADER, header);
 

trunk/src/oauth/signpost/signature/QueryStringSigningStrategy.java

@@ -1 +1 @@
 package oauth.signpost.signature;
+
+import java.util.Iterator;
 
 import oauth.signpost.OAuth;
@@ -21 +23 @@
             HttpParameters requestParameters) {
 
-        // add the signature
-        StringBuilder sb = new StringBuilder(OAuth.addQueryParameters(request.getRequestUrl(),
-            OAuth.OAUTH_SIGNATURE, signature));
+        // add all (x_)oauth parameters
+        HttpParameters oauthParams = requestParameters.getOAuthParameters();
+        oauthParams.put(OAuth.OAUTH_SIGNATURE, signature, true);
 
-        // add the optional OAuth parameters
-        if (requestParameters.containsKey(OAuth.OAUTH_TOKEN)) {
+        Iterator<String> iter = oauthParams.keySet().iterator();
+
+        // add the first query parameter (we always have at least the signature)
+        String firstKey = iter.next();
+        StringBuilder sb = new StringBuilder(OAuth.addQueryString(request.getRequestUrl(),
+            oauthParams.getAsQueryString(firstKey)));
+
+        while (iter.hasNext()) {
             sb.append("&");
-            sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_TOKEN));
+            String key = iter.next();
+            sb.append(oauthParams.getAsQueryString(key));
         }
-        if (requestParameters.containsKey(OAuth.OAUTH_CALLBACK)) {
-            sb.append("&");
-            sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_CALLBACK));
-        }
-        if (requestParameters.containsKey(OAuth.OAUTH_VERIFIER)) {
-            sb.append("&");
-            sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_VERIFIER));
-        }
-
-        // add the remaining OAuth params
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_CONSUMER_KEY));
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_VERSION));
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_SIGNATURE_METHOD));
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_TIMESTAMP));
-        sb.append("&");
-        sb.append(requestParameters.getAsQueryString(OAuth.OAUTH_NONCE));
 
         String signedUrl = sb.toString();

trunk/src/oauth/signpost/signature/SignatureBaseString.java

@@ -111 +111 @@
             }
 
-            sb.append(requestParameters.getAsQueryString(param));
+            // fix contributed by Stjepan Rajko
+            // since param should already be encoded, we supply false for percentEncode
+            sb.append(requestParameters.getAsQueryString(param, false));  
         }
         return sb.toString();