Author: rbaxter85
Date: Fri Aug 16 01:52:21 2013
New Revision: 1514559
URL: http://svn.apache.org/r1514559
Log:
configurable to support different SHA algorithm
SHINDIG-1921
Comitted For Zhi Hong Yang
Added:
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java
(with props)
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java
(with props)
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java
(with props)
Modified:
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java
shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java
shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
Modified:
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
(original)
+++
shindig/trunk/java/common/src/main/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodec.java
Fri Aug 16 01:52:21 2013
@@ -28,6 +28,7 @@ import org.apache.commons.lang3.StringUt
import org.apache.shindig.common.crypto.BasicBlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypterException;
+import org.apache.shindig.common.util.HMACType;
import org.apache.shindig.config.ContainerConfig;
import com.google.common.collect.Maps;
@@ -142,7 +143,7 @@ public class BlobCrypterSecurityTokenCod
* @return The BlobCrypter.
*/
protected BlobCrypter loadCrypter(String key) {
- return new BasicBlobCrypter(key);
+ return new BasicBlobCrypter(key,HMACType.HMACSHA1);
}
/**
Modified:
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
(original)
+++
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/BasicBlobCrypter.java
Fri Aug 16 01:52:21 2013
@@ -18,19 +18,6 @@
*/
package org.apache.shindig.common.crypto;
-import com.google.common.base.Charsets;
-import com.google.common.collect.Maps;
-import com.google.common.base.Preconditions;
-
-import com.google.common.primitives.Bytes;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.shindig.common.util.CharsetUtil;
-import org.apache.shindig.common.util.TimeSource;
-
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
-import org.apache.shindig.common.util.Utf8UrlCoder;
-
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
@@ -38,11 +25,31 @@ import java.io.IOException;
import java.io.InputStreamReader;
import java.security.GeneralSecurityException;
import java.util.Map;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.shindig.common.Nullable;
+import org.apache.shindig.common.logging.i18n.MessageKeys;
+import org.apache.shindig.common.util.CharsetUtil;
+import org.apache.shindig.common.util.GenericDigestUtils;
+import org.apache.shindig.common.util.HMACType;
+import org.apache.shindig.common.util.TimeSource;
+import org.apache.shindig.common.util.Utf8UrlCoder;
+
+import com.google.common.base.Charsets;
+import com.google.common.base.Preconditions;
+import com.google.common.collect.Maps;
+import com.google.common.primitives.Bytes;
+import com.google.inject.Inject;
/**
* Simple implementation of BlobCrypter.
*/
public class BasicBlobCrypter implements BlobCrypter {
+ private static final String CLASSNAME = BasicBlobCrypter.class.getName();
+ private static final Logger LOG = Logger.getLogger(CLASSNAME,
MessageKeys.MESSAGES);
// Labels for key derivation
private static final byte CIPHER_KEY_LABEL = 0;
@@ -55,6 +62,34 @@ public class BasicBlobCrypter implements
private byte[] cipherKey;
private byte[] hmacKey;
+ private static String preferredHMACAlgorithm;
+
+ @Inject(optional = true)
+ public static void setpreferredHMACAlgorithm(
+ @com.google.inject.name.Named("shindig.crypto.preferredHMACAlgorithm")
final String preferredHMACAlgorithm) {
+ BasicBlobCrypter.preferredHMACAlgorithm = preferredHMACAlgorithm;
+ if (LOG.isLoggable(Level.INFO)) {
+ LOG.log(Level.INFO, "shindig.crypto.preferredHMACAlgorithm: "
+ + preferredHMACAlgorithm);
+ }
+ }
+
+ private HMACType hmacType = HMACType.HMACSHA1;
+
+ public HMACType getHmacType() {
+ return hmacType;
+ }
+
+ public void setHmacType(HMACType hmacType) {
+ this.hmacType = hmacType;
+ }
+
+ private void setHmacTypeFromPreferredHMACAlgorithm() {
+ if (BasicBlobCrypter.preferredHMACAlgorithm != null) {
+ this.hmacType =
HMACType.valueOf(BasicBlobCrypter.preferredHMACAlgorithm);
+ }
+ }
+
/**
* Creates a crypter based on a key in a file. The key is the first line
* in the file, whitespace trimmed from either end, as UTF-8 bytes.
@@ -67,11 +102,19 @@ public class BasicBlobCrypter implements
* @throws IOException if the file can't be read.
*/
public BasicBlobCrypter(File keyfile) throws IOException {
+ this(keyfile, null);
+ setHmacTypeFromPreferredHMACAlgorithm();
+ }
+
+ public BasicBlobCrypter(File keyfile, @Nullable HMACType hmacType) throws
IOException {
+ if (hmacType!= null) {
+ this.hmacType = hmacType;
+ }
BufferedReader reader = null;
try {
FileInputStream openFile = new FileInputStream(keyfile);
- reader = new BufferedReader(
- new InputStreamReader(openFile, Charsets.UTF_8));
+ reader = new BufferedReader(new InputStreamReader(openFile,
+ Charsets.UTF_8));
init(reader.readLine());
} finally {
try {
@@ -90,6 +133,14 @@ public class BasicBlobCrypter implements
* @param masterKey
*/
public BasicBlobCrypter(byte[] masterKey) {
+ this(masterKey, null);
+ setHmacTypeFromPreferredHMACAlgorithm();
+ }
+
+ public BasicBlobCrypter(byte[] masterKey, @Nullable HMACType hmacType) {
+ if (hmacType!= null) {
+ this.hmacType = hmacType;
+ }
init(masterKey);
}
@@ -99,6 +150,14 @@ public class BasicBlobCrypter implements
* @param masterKey
*/
public BasicBlobCrypter(String masterKey) {
+ this(masterKey, null);
+ setHmacTypeFromPreferredHMACAlgorithm();
+ }
+
+ public BasicBlobCrypter(String masterKey, @Nullable HMACType hmacType) {
+ if (hmacType!= null) {
+ this.hmacType = hmacType;
+ }
init(masterKey);
}
@@ -131,7 +190,7 @@ public class BasicBlobCrypter implements
*/
private byte[] deriveKey(byte label, byte[] masterKey, int len) {
byte[] base = Bytes.concat(new byte[] { label }, masterKey);
- byte[] hash = DigestUtils.sha(base);
+ byte[] hash = GenericDigestUtils.digest(base);
if (len == 0) {
return hash;
}
@@ -147,7 +206,7 @@ public class BasicBlobCrypter implements
try {
byte[] encoded = serialize(in);
byte[] cipherText = Crypto.aes128cbcEncrypt(cipherKey, encoded);
- byte[] hmac = Crypto.hmacSha1(hmacKey, cipherText);
+ byte[] hmac = Crypto.hmacSha(hmacKey, cipherText,hmacType.getName());
byte[] b64 = Base64.encodeBase64URLSafe(Bytes.concat(cipherText, hmac));
return CharsetUtil.newUtf8String(b64);
} catch (GeneralSecurityException e) {
@@ -181,11 +240,11 @@ public class BasicBlobCrypter implements
public Map<String, String> unwrap(String in) throws BlobCrypterException {
try {
byte[] bin = Base64.decodeBase64(CharsetUtil.getUtf8Bytes(in));
- byte[] hmac = new byte[Crypto.HMAC_SHA1_LEN];
- byte[] cipherText = new byte[bin.length-Crypto.HMAC_SHA1_LEN];
+ byte[] hmac = new byte[Crypto.HMAC_SHA_LEN];
+ byte[] cipherText = new byte[bin.length-Crypto.HMAC_SHA_LEN];
System.arraycopy(bin, 0, cipherText, 0, cipherText.length);
System.arraycopy(bin, cipherText.length, hmac, 0, hmac.length);
- Crypto.hmacSha1Verify(hmacKey, cipherText, hmac);
+ Crypto.hmacShaVerify(hmacKey, cipherText, hmac, hmacType.getName());
byte[] plain = Crypto.aes128cbcDecrypt(cipherKey, cipherText);
Map<String, String> out = deserialize(plain);
return out;
Modified:
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java
(original)
+++
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/crypto/Crypto.java
Fri Aug 16 01:52:21 2013
@@ -18,9 +18,6 @@
*/
package org.apache.shindig.common.crypto;
-import com.google.common.primitives.Bytes;
-import org.apache.commons.codec.binary.Hex;
-
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.SecureRandom;
@@ -30,6 +27,11 @@ import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
+import org.apache.commons.codec.binary.Hex;
+import org.apache.shindig.common.util.HMACType;
+
+import com.google.common.primitives.Bytes;
+
/**
* Cryptographic utility functions.
*/
@@ -44,7 +46,7 @@ public final class Crypto {
/**
* HMAC algorithm to use
*/
- private final static String HMAC_TYPE = "HMACSHA1";
+ private static String HMAC_TYPE = HMACType.HMACSHA1.getName();
/**
* minimum safe length for hmac keys (this is good practice, but not
@@ -69,7 +71,7 @@ public final class Crypto {
/**
* Length of HMAC SHA1 output
*/
- public final static int HMAC_SHA1_LEN = 20;
+ public static int HMAC_SHA_LEN = HMACType.HMACSHA1.getLength();
private final static char[] DIGITS = { '0', '1', '2', '3', '4', '5', '6',
'7', '8', '9' };
@@ -118,37 +120,52 @@ public final class Crypto {
*
* @throws GeneralSecurityException
*/
- public static byte[] hmacSha1(byte[] key, byte[] in) throws
GeneralSecurityException {
+ public static byte[] hmacSha(byte[] key, byte[] in) throws
GeneralSecurityException {
+ return hmacSha(key, in, HMAC_TYPE);
+ }
+
+ /**
+ * HMAC sha
+ *
+ * @param key the key must be at least 8 bytes in length.
+ * @param in byte array to HMAC.
+ * @param hmacType HMAC algorithms.
+ * @return the hash
+ *
+ * @throws GeneralSecurityException
+ */
+ public static byte[] hmacSha(byte[] key, byte[] in, String hmacType) throws
GeneralSecurityException {
if (key.length < MIN_HMAC_KEY_LEN) {
throw new GeneralSecurityException("HMAC key should be at least "
+ MIN_HMAC_KEY_LEN + " bytes.");
}
- Mac hmac = Mac.getInstance(HMAC_TYPE);
- Key hmacKey = new SecretKeySpec(key, HMAC_TYPE);
+ Mac hmac = Mac.getInstance(hmacType);
+ Key hmacKey = new SecretKeySpec(key, hmacType);
hmac.init(hmacKey);
hmac.update(in);
return hmac.doFinal();
}
/**
- * Verifies an HMAC SHA1 hash. Throws if the verification fails.
+ * Verifies an HMAC SHA hash. Throws if the verification fails.
*
* @param key
* @param in
* @param expected
+ * @param hmacType HMAC algorithms.
* @throws GeneralSecurityException
*/
- public static void hmacSha1Verify(byte[] key, byte[] in, byte[] expected)
- throws GeneralSecurityException {
- Mac hmac = Mac.getInstance(HMAC_TYPE);
- Key hmacKey = new SecretKeySpec(key, HMAC_TYPE);
+ public static void hmacShaVerify(byte[] key, byte[] in, byte[] expected,
+ String hmacType) throws GeneralSecurityException {
+ Mac hmac = Mac.getInstance(hmacType);
+ Key hmacKey = new SecretKeySpec(key, hmacType);
hmac.init(hmacKey);
hmac.update(in);
byte actual[] = hmac.doFinal();
if (actual.length != expected.length) {
throw new GeneralSecurityException("HMAC verification failure");
}
- for (int i=0; i < actual.length; i++) {
+ for (int i = 0; i < actual.length; i++) {
if (actual[i] != expected[i]) {
throw new GeneralSecurityException("HMAC verification failure");
}
@@ -156,6 +173,19 @@ public final class Crypto {
}
/**
+ * Verifies an HMAC SHA hash. Throws if the verification fails.
+ *
+ * @param key
+ * @param in
+ * @param expected
+ * @throws GeneralSecurityException
+ */
+ public static void hmacShaVerify(byte[] key, byte[] in, byte[] expected)
+ throws GeneralSecurityException {
+ hmacShaVerify(key, in, expected, HMAC_TYPE);
+ }
+
+ /**
* AES-128-CBC encryption. The IV is returned as the first 16 bytes
* of the cipher text.
*
Added:
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java?rev=1514559&view=auto
==============================================================================
---
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java
(added)
+++
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java
Fri Aug 16 01:52:21 2013
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shindig.common.util;
+
+/**
+ * The Secure Hash Algorithm is a family of cryptographic hash functions
published by the National Institute of Standards and Technology (NIST)
+ */
+public enum DigestType {
+ SHA("SHA"), //$NON-NLS-1$
+ SHA256("SHA-256"), //$NON-NLS-1$
+ SHA384("SHA-384"), //$NON-NLS-1$
+ SHA512("SHA-512"); //$NON-NLS-1$
+ private final String name;
+
+ private DigestType(String name) {
+ this.name = name;
+ }
+
+ public String toString() {
+ return this.name;
+ }
+
+ public String getName() {
+ return this.name;
+ }
+}
Propchange:
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/DigestType.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added:
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java?rev=1514559&view=auto
==============================================================================
---
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java
(added)
+++
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java
Fri Aug 16 01:52:21 2013
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shindig.common.util;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.logging.Logger;
+
+import org.apache.commons.codec.binary.Hex;
+import org.apache.commons.codec.binary.StringUtils;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.apache.shindig.common.logging.i18n.MessageKeys;
+
+import com.google.inject.Inject;
+import java.util.logging.Level;
+
+public class GenericDigestUtils extends DigestUtils {
+ private static final String CLASSNAME = GenericDigestUtils.class.getName();
+ private static final Logger LOG = Logger.getLogger(CLASSNAME,
+ MessageKeys.MESSAGES);
+ private static final int STREAM_BUFFER_LENGTH = 1024;
+
+ private static byte[] digest(MessageDigest digest, InputStream data)
+ throws IOException {
+ byte[] buffer = new byte[STREAM_BUFFER_LENGTH];
+ int read = data.read(buffer, 0, STREAM_BUFFER_LENGTH);
+
+ while (read > -1) {
+ digest.update(buffer, 0, read);
+ read = data.read(buffer, 0, STREAM_BUFFER_LENGTH);
+ }
+
+ return digest.digest();
+ }
+
+ private static byte[] getBytesUtf8(String data) {
+ return StringUtils.getBytesUtf8(data);
+ }
+
+ public static MessageDigest getDigest(String algorithm) {
+ try {
+ return MessageDigest.getInstance(algorithm);
+ } catch (NoSuchAlgorithmException e) {
+ throw new RuntimeException(e.getMessage());
+ }
+ }
+
+ private static String type = DigestType.SHA.getName();
+
+ public static byte[] digest(byte[] data) {
+ return getDigest(type).digest(data);
+ }
+
+ public static byte[] digest(InputStream data) throws IOException {
+ return digest(getDigest(type), data);
+ }
+
+ public static String digestHex(String data) {
+ return Hex.encodeHexString(digest(getBytesUtf8(data)));
+ }
+
+ public static String digestHex(byte[] data) {
+ return Hex.encodeHexString(getDigest(type).digest(data));
+ }
+
+ public static String digestHex(InputStream data) throws IOException {
+ return Hex.encodeHexString(digest(getDigest(type), data));
+ }
+
+ public static byte[] digest(String data) {
+ return digest(getBytesUtf8(data));
+ }
+
+ @Inject(optional = true)
+ public static void setType(
+ @com.google.inject.name.Named("shindig.crypto.preferredHashAlgorithm")
String type) {
+ if (LOG.isLoggable(Level.INFO)) {
+ LOG.log(Level.INFO, "shindig.crypto.preferredHashAlgorithm: " + type);
+ }
+ if (type != null) {
+ GenericDigestUtils.type = type;
+ }
+ }
+}
Propchange:
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/GenericDigestUtils.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Added:
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java?rev=1514559&view=auto
==============================================================================
---
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java
(added)
+++
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java
Fri Aug 16 01:52:21 2013
@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shindig.common.util;
+
+/**
+ * HMACSHA algorithm is a family of Keyed-Hashing for Message Authentication
as defined in RFC 2104 and FIPS 198-1
+ *
+ */
+public enum HMACType {
+ HMACSHA1(20, "HMACSHA1"), //$NON-NLS-1$
+ HMACSHA256(32, "HMACSHA256"), //$NON-NLS-1$
+ HMACSHA384(48, "HMACSHA384"), //$NON-NLS-1$
+ HMACSHA512(64, "HMACSHA512"); //$NON-NLS-1$
+
+ private final int length;
+ private final String name;
+
+ private HMACType(int length, String name) {
+ this.length = length;
+ this.name = name;
+ }
+
+ public String toString() {
+ return this.name;
+ }
+
+ public String getName() {
+ return this.name;
+ }
+
+ public int getLength() {
+ return this.length;
+ }
+
+}
Propchange:
shindig/trunk/java/common/src/main/java/org/apache/shindig/common/util/HMACType.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified:
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
(original)
+++
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenCodecTest.java
Fri Aug 16 01:52:21 2013
@@ -29,6 +29,7 @@ import org.apache.shindig.auth.AbstractS
import org.apache.shindig.common.crypto.BasicBlobCrypter;
import org.apache.shindig.common.crypto.BlobCrypter;
import org.apache.shindig.common.util.FakeTimeSource;
+import org.apache.shindig.common.util.HMACType;
import org.apache.shindig.config.BasicContainerConfig;
import org.apache.shindig.config.ContainerConfig;
import org.junit.Before;
@@ -74,7 +75,7 @@ public class BlobCrypterSecurityTokenCod
}
protected BlobCrypter getBlobCrypter(String key) {
- BasicBlobCrypter c = new BasicBlobCrypter(key);
+ BasicBlobCrypter c = new BasicBlobCrypter(key,HMACType.HMACSHA1);
c.timeSource = timeSource;
return c;
}
Modified:
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
(original)
+++
shindig/trunk/java/common/src/test/java/org/apache/shindig/auth/BlobCrypterSecurityTokenTest.java
Fri Aug 16 01:52:21 2013
@@ -30,6 +30,7 @@ import org.apache.shindig.auth.AbstractS
import org.apache.shindig.common.crypto.BasicBlobCrypter;
import org.apache.shindig.common.crypto.Crypto;
import org.apache.shindig.common.util.FakeTimeSource;
+import org.apache.shindig.common.util.HMACType;
import org.junit.Before;
import org.junit.Test;
@@ -46,7 +47,7 @@ public class BlobCrypterSecurityTokenTes
@Before
public void setUp() {
- crypter = new BasicBlobCrypter(Crypto.getRandomBytes(20));
+ crypter = new
BasicBlobCrypter(Crypto.getRandomBytes(20),HMACType.HMACSHA1);
crypter.timeSource = timeSource;
}
Modified:
shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java
(original)
+++
shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/BlobCrypterTest.java
Fri Aug 16 01:52:21 2013
@@ -22,6 +22,7 @@ import com.google.common.collect.Immutab
import com.google.common.collect.Maps;
import org.apache.shindig.common.util.FakeTimeSource;
+import org.apache.shindig.common.util.HMACType;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
@@ -37,7 +38,7 @@ public class BlobCrypterTest {
private FakeTimeSource timeSource;
public BlobCrypterTest() {
- crypter = new BasicBlobCrypter("0123456789abcdef".getBytes());
+ crypter = new
BasicBlobCrypter("0123456789abcdef".getBytes(),HMACType.HMACSHA1);
timeSource = new FakeTimeSource();
crypter.timeSource = timeSource;
}
@@ -128,7 +129,7 @@ public class BlobCrypterTest {
@Test
public void testFixedKey() throws Exception {
- BlobCrypter alt = new BasicBlobCrypter("0123456789abcdef".getBytes());
+ BlobCrypter alt = new
BasicBlobCrypter("0123456789abcdef".getBytes(),HMACType.HMACSHA1);
Map<String, String> in = ImmutableMap.of("a","b");
String blob = crypter.wrap(in);
@@ -138,7 +139,7 @@ public class BlobCrypterTest {
@Test(expected=BlobCrypterException.class)
public void testBadKey() throws Exception {
- BlobCrypter alt = new BasicBlobCrypter("1123456789abcdef".getBytes());
+ BlobCrypter alt = new
BasicBlobCrypter("1123456789abcdef".getBytes(),HMACType.HMACSHA1);
Map<String, String> in = ImmutableMap.of("a","b");
String blob = crypter.wrap(in);
Modified:
shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java
(original)
+++
shindig/trunk/java/common/src/test/java/org/apache/shindig/common/crypto/CryptoTest.java
Fri Aug 16 01:52:21 2013
@@ -26,6 +26,7 @@ import java.security.GeneralSecurityExce
import java.util.regex.Pattern;
import org.apache.shindig.common.util.FakeTimeSource;
+import org.apache.shindig.common.util.HMACType;
import org.junit.Test;
public class CryptoTest {
@@ -44,7 +45,7 @@ public class CryptoTest {
-21, 2, 47, -101, 9, -40, 18, 43, 76, 117,
-51, 115, -122, -91, 39, 26, -18, 122, 30, 90,
};
- byte[] hmac = Crypto.hmacSha1(key.getBytes(), val.getBytes());
+ byte[] hmac = Crypto.hmacSha(key.getBytes(),
val.getBytes(),HMACType.HMACSHA1.getName());
assertArrayEquals(expected, hmac);
}
@@ -56,7 +57,7 @@ public class CryptoTest {
-21, 2, 47, -101, 9, -40, 18, 43, 76, 117,
-51, 115, -122, -91, 39, 26, -18, 122, 30, 90,
};
- Crypto.hmacSha1Verify(key.getBytes(), val.getBytes(), expected);
+ Crypto.hmacShaVerify(key.getBytes(), val.getBytes(),
expected,HMACType.HMACSHA1.getName());
}
@@ -68,7 +69,7 @@ public class CryptoTest {
-21, 2, 47, -101, 9, -40, 18, 43, 76, 117,
-51, 115, -122, -91, 39, 0, -18, 122, 30, 90,
};
- Crypto.hmacSha1Verify(key.getBytes(), val.getBytes(), expected);
+ Crypto.hmacShaVerify(key.getBytes(), val.getBytes(),
expected,HMACType.HMACSHA1.getName());
}
@Test
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/DefaultGuiceModule.java
Fri Aug 16 01:52:21 2013
@@ -18,19 +18,21 @@
*/
package org.apache.shindig.gadgets;
-import com.google.common.base.Splitter;
-import com.google.common.collect.ImmutableList;
-
-import com.google.inject.AbstractModule;
-import com.google.inject.Inject;
-import com.google.inject.Provides;
-import com.google.inject.Singleton;
-import com.google.inject.multibindings.Multibinder;
-import com.google.inject.name.Named;
-import com.google.inject.name.Names;
+import java.util.List;
+import java.util.Set;
+import java.util.concurrent.Executor;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.SynchronousQueue;
+import java.util.concurrent.ThreadFactory;
+import java.util.concurrent.ThreadPoolExecutor;
+import java.util.concurrent.TimeUnit;
+import org.apache.shindig.common.crypto.BasicBlobCrypter;
+import org.apache.shindig.common.servlet.Authority;
import org.apache.shindig.common.servlet.BasicAuthority;
import org.apache.shindig.common.servlet.GuiceServletContextListener;
+import org.apache.shindig.common.util.GenericDigestUtils;
import org.apache.shindig.gadgets.config.DefaultConfigContributorModule;
import org.apache.shindig.gadgets.http.AbstractHttpCache;
import org.apache.shindig.gadgets.http.HttpResponse;
@@ -46,14 +48,17 @@ import org.apache.shindig.gadgets.servle
import org.apache.shindig.gadgets.templates.TemplateModule;
import org.apache.shindig.gadgets.uri.ProxyUriBase;
import org.apache.shindig.gadgets.uri.UriModule;
-
-import org.apache.shindig.common.servlet.Authority;
-
import org.apache.shindig.gadgets.variables.SubstituterModule;
-import java.util.List;
-import java.util.Set;
-import java.util.concurrent.*;
+import com.google.common.base.Splitter;
+import com.google.common.collect.ImmutableList;
+import com.google.inject.AbstractModule;
+import com.google.inject.Inject;
+import com.google.inject.Provides;
+import com.google.inject.Singleton;
+import com.google.inject.multibindings.Multibinder;
+import com.google.inject.name.Named;
+import com.google.inject.name.Names;
/**
* Creates a module to supply all of the core gadget classes.
@@ -90,6 +95,8 @@ public class DefaultGuiceModule extends
requestStaticInjection(HttpResponse.class);
requestStaticInjection(AbstractHttpCache.class);
requestStaticInjection(ProxyUriBase.class);
+ requestStaticInjection(GenericDigestUtils.class);
+ requestStaticInjection(BasicBlobCrypter.class);
registerGadgetHandlers();
registerFeatureHandlers();
}
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/HashLockedDomainService.java
Fri Aug 16 01:52:21 2013
@@ -42,11 +42,11 @@ import com.google.inject.Singleton;
import com.google.inject.name.Named;
/**
- * Locked domain implementation based on sha1.
+ * Locked domain implementation based on sha.
*
* The generated domain takes the form:
*
- * base32(sha1(gadget url)).
+ * base32(sha(gadget url)).
*
* Other domain locking schemes are possible as well.
*/
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth2/handler/MacTokenHandler.java
Fri Aug 16 01:52:21 2013
@@ -18,19 +18,19 @@
*/
package org.apache.shindig.gadgets.oauth2.handler;
+import java.io.UnsupportedEncodingException;
+import java.security.GeneralSecurityException;
+
+import org.apache.commons.codec.binary.Base64;
import org.apache.shindig.common.crypto.Crypto;
import org.apache.shindig.common.uri.Uri;
+import org.apache.shindig.common.util.HMACType;
import org.apache.shindig.gadgets.http.HttpRequest;
import org.apache.shindig.gadgets.oauth2.OAuth2Accessor;
import org.apache.shindig.gadgets.oauth2.OAuth2Error;
import org.apache.shindig.gadgets.oauth2.OAuth2Message;
import org.apache.shindig.gadgets.oauth2.OAuth2Token;
-import org.apache.commons.codec.binary.Base64;
-
-import java.io.UnsupportedEncodingException;
-import java.security.GeneralSecurityException;
-
/**
*
* See {@link ResourceRequestHandler}
@@ -231,7 +231,7 @@ public class MacTokenHandler implements
private static byte[] hash(final byte[] text, final byte[] key, final String
algorithm)
throws GeneralSecurityException {
if (OAuth2Message.HMAC_SHA_1.equalsIgnoreCase(algorithm)) {
- return Crypto.hmacSha1(key, text);
+ return Crypto.hmacSha(key, text, HMACType.HMACSHA1.getName());
}
return new byte[] {};
Modified:
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java
(original)
+++
shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/uri/HashShaLockedDomainPrefixGenerator.java
Fri Aug 16 01:52:21 2013
@@ -18,9 +18,9 @@
*/
package org.apache.shindig.gadgets.uri;
-import org.apache.commons.codec.digest.DigestUtils;
-import org.apache.shindig.common.util.Base32;
import org.apache.shindig.common.uri.Uri;
+import org.apache.shindig.common.util.Base32;
+import org.apache.shindig.common.util.GenericDigestUtils;
/**
* A simple implementation of locked domain that hashes the gadgeturi as the
prefix.
@@ -31,7 +31,7 @@ public class HashShaLockedDomainPrefixGe
}
public String getLockedDomainPrefix(String token) {
- byte[] sha1 = DigestUtils.sha(token);
- return new String(Base32.encodeBase32(sha1)); // a hash
+ byte[] sha = GenericDigestUtils.digest(token);
+ return new String(Base32.encodeBase32(sha)); // a hash
}
}
Modified:
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
(original)
+++
shindig/trunk/java/gadgets/src/test/java/org/apache/shindig/gadgets/oauth/testing/FakeOAuthServiceProvider.java
Fri Aug 16 01:52:21 2013
@@ -18,9 +18,14 @@
*/
package org.apache.shindig.gadgets.oauth.testing;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
-import com.google.common.collect.Sets;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.concurrent.TimeUnit;
import net.oauth.OAuth;
import net.oauth.OAuth.Parameter;
@@ -33,6 +38,8 @@ import net.oauth.OAuthValidator;
import net.oauth.SimpleOAuthValidator;
import net.oauth.signature.RSA_SHA1;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
import org.apache.shindig.auth.OAuthConstants;
import org.apache.shindig.auth.OAuthUtil;
import org.apache.shindig.auth.OAuthUtil.SignatureType;
@@ -43,6 +50,7 @@ import org.apache.shindig.common.cache.S
import org.apache.shindig.common.crypto.Crypto;
import org.apache.shindig.common.uri.UriBuilder;
import org.apache.shindig.common.util.CharsetUtil;
+import org.apache.shindig.common.util.GenericDigestUtils;
import org.apache.shindig.common.util.TimeSource;
import org.apache.shindig.gadgets.GadgetException;
import org.apache.shindig.gadgets.http.HttpFetcher;
@@ -51,18 +59,9 @@ import org.apache.shindig.gadgets.http.H
import org.apache.shindig.gadgets.http.HttpResponseBuilder;
import org.apache.shindig.gadgets.oauth.AccessorInfo.OAuthParamLocation;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
-import org.apache.commons.io.IOUtils;
-
-import java.io.IOException;
-import java.net.URISyntaxException;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.concurrent.TimeUnit;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
public class FakeOAuthServiceProvider implements HttpFetcher {
@@ -768,7 +767,7 @@ public class FakeOAuthServiceProvider im
throw new RuntimeException("Requiring oauth_body_hash parameter");
}
byte[] received =
Base64.decodeBase64(CharsetUtil.getUtf8Bytes(bodyHash));
- byte[] expected = DigestUtils.sha(info.rawBody);
+ byte[] expected = GenericDigestUtils.digest(info.rawBody);
if (!Arrays.equals(received, expected)) {
throw new RuntimeException("oauth_body_hash mismatch");
}
Modified:
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
(original)
+++
shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
Fri Aug 16 01:52:21 2013
@@ -18,35 +18,35 @@
*/
package org.apache.shindig.social.core.oauth;
-import com.google.common.base.Strings;
-import com.google.inject.Inject;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.Arrays;
+
+import javax.servlet.http.HttpServletRequest;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthException;
import net.oauth.OAuthMessage;
-import net.oauth.OAuthValidator;
import net.oauth.OAuthProblemException;
+import net.oauth.OAuthValidator;
import net.oauth.server.OAuthServlet;
import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.shindig.auth.AuthenticationHandler;
import org.apache.shindig.auth.OAuthConstants;
import org.apache.shindig.auth.SecurityToken;
import org.apache.shindig.common.util.CharsetUtil;
+import org.apache.shindig.common.util.GenericDigestUtils;
import org.apache.shindig.social.opensocial.oauth.OAuthDataStore;
import org.apache.shindig.social.opensocial.oauth.OAuthEntry;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.net.URISyntaxException;
-import java.util.Arrays;
-
-import javax.servlet.http.HttpServletRequest;
+import com.google.common.base.Strings;
+import com.google.inject.Inject;
/**
* Handle both 2-legged consumer and full 3-legged OAuth requests.
@@ -187,7 +187,7 @@ public class OAuthAuthenticationHandler
try {
byte[] rawBody = readBody(request);
byte[] received =
Base64.decodeBase64(CharsetUtil.getUtf8Bytes(oauthBodyHash));
- byte[] expected = DigestUtils.sha(rawBody);
+ byte[] expected = GenericDigestUtils.digest(rawBody);
if (!Arrays.equals(received, expected)) {
throw new AuthenticationHandler.InvalidAuthenticationException(
"oauth_body_hash failed verification", null);
Modified:
shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java
(original)
+++
shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/FakeOAuthRequest.java
Fri Aug 16 01:52:21 2013
@@ -18,8 +18,9 @@
*/
package org.apache.shindig.social.core.oauth;
-import com.google.common.base.Strings;
-import com.google.common.collect.Lists;
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
@@ -27,17 +28,15 @@ import net.oauth.OAuthConsumer;
import net.oauth.OAuthMessage;
import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.codec.digest.DigestUtils;
-
import org.apache.shindig.auth.OAuthConstants;
import org.apache.shindig.common.testing.FakeHttpServletRequest;
import org.apache.shindig.common.uri.Uri;
import org.apache.shindig.common.uri.UriBuilder;
import org.apache.shindig.common.util.CharsetUtil;
+import org.apache.shindig.common.util.GenericDigestUtils;
-import java.io.IOException;
-import java.util.List;
-import java.util.Map;
+import com.google.common.base.Strings;
+import com.google.common.collect.Lists;
/**
* This is largely a copy of OAuthCommandLine with some tweaks for
FakeHttpServletRequest
@@ -100,7 +99,7 @@ public class FakeOAuthRequest {
} else if (bodySigning == BodySigning.HASH) {
oauthParams.add(
new OAuth.Parameter(OAuthConstants.OAUTH_BODY_HASH,
- new
String(Base64.encodeBase64(DigestUtils.sha(body.getBytes())), "UTF-8")));
+ new
String(Base64.encodeBase64(GenericDigestUtils.digest(body.getBytes())),
"UTF-8")));
}
}
Modified:
shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
URL:
http://svn.apache.org/viewvc/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java?rev=1514559&r1=1514558&r2=1514559&view=diff
==============================================================================
---
shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
(original)
+++
shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
Fri Aug 16 01:52:21 2013
@@ -18,10 +18,17 @@
*/
package org.apache.shindig.social.core.oauth;
+import java.util.Arrays;
+import java.util.Date;
+
+import javax.servlet.http.HttpServletRequest;
+
import net.oauth.OAuth;
import net.oauth.OAuthConsumer;
-import net.oauth.OAuthServiceProvider;
import net.oauth.OAuthProblemException;
+import net.oauth.OAuthServiceProvider;
+import net.oauth.OAuthValidator;
+import net.oauth.SimpleOAuthValidator;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
@@ -32,20 +39,13 @@ import org.apache.shindig.auth.SecurityT
import org.apache.shindig.common.EasyMockTestCase;
import org.apache.shindig.common.testing.FakeHttpServletRequest;
import org.apache.shindig.common.util.CharsetUtil;
+import org.apache.shindig.common.util.GenericDigestUtils;
import org.apache.shindig.social.opensocial.oauth.OAuthDataStore;
import org.apache.shindig.social.opensocial.oauth.OAuthEntry;
-
-import net.oauth.OAuthValidator;
-import net.oauth.SimpleOAuthValidator;
import org.easymock.EasyMock;
import org.junit.Before;
import org.junit.Test;
-import java.util.Arrays;
-import java.util.Date;
-
-import javax.servlet.http.HttpServletRequest;
-
/**
* Verify behavior of OAuth handler for consumer and 3-legged requests.
*/
@@ -374,7 +374,7 @@ public class OAuthAuthenticationHanderTe
req.setContentType("text/plain");
String body = "BODY";
req.setPostData(CharsetUtil.getUtf8Bytes(body));
- String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
+ String hash = new
String(Base64.encodeBase64(GenericDigestUtils.digest(CharsetUtil
.getUtf8Bytes(body))), "UTF-8");
req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
OAuthAuthenticationHandler.verifyBodyHash(req, hash);
@@ -386,7 +386,7 @@ public class OAuthAuthenticationHanderTe
req.setContentType("text/plain");
String body = "BODY";
req.setPostData(CharsetUtil.getUtf8Bytes(body));
- String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
+ String hash = new
String(Base64.encodeBase64(GenericDigestUtils.digest(CharsetUtil
.getUtf8Bytes("NOTBODY"))), "UTF-8");
req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
try {
@@ -403,7 +403,7 @@ public class OAuthAuthenticationHanderTe
req.setContentType(OAuth.FORM_ENCODED);
String body = "BODY";
req.setPostData(CharsetUtil.getUtf8Bytes(body));
- String hash = new String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil
+ String hash = new
String(Base64.encodeBase64(GenericDigestUtils.digest(CharsetUtil
.getUtf8Bytes(body))), "UTF-8");
req.setParameter(OAuthConstants.OAUTH_BODY_HASH, hash);
try {
