svn commit: r758472 - in /incubator/shindig/trunk/java/social-api/src: main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java

Wed, 25 Mar 2009 18:28:35 -0700 

Author: lryan
Date: Thu Mar 26 00:04:18 2009
New Revision: 758472

URL: http://svn.apache.org/viewvc?rev=758472&view=rev
Log:
Dont attempt legacy body signing if request has no body. 
Make utility methods public static

Modified:
    
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
    
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java

Modified: 
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java?rev=758472&r1=758471&r2=758472&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
 (original)
+++ 
incubator/shindig/trunk/java/social-api/src/main/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHandler.java
 Thu Mar 26 00:04:18 2009
@@ -97,7 +97,9 @@
       // to well so now these clients are required to specify the correct 
content type. This code
       // lets clients which sign using the old technique to work if they 
specify the correct content
       // type. This support is deprecated and should be removed later.
-      if (allowLegacyBodySigning && 
!request.getContentType().contains(OAuth.FORM_ENCODED)) {
+      if (allowLegacyBodySigning && requestHasBody(request) &&
+          (StringUtils.isEmpty(request.getContentType())  ||
+          !request.getContentType().contains(OAuth.FORM_ENCODED))) {
         try {
           message.addParameter(readBodyString(request), "");
           return verifyMessage(message);
@@ -172,7 +174,7 @@
     }
   }
 
-  protected byte[] readBody(HttpServletRequest request) throws IOException {
+  public static byte[] readBody(HttpServletRequest request) throws IOException 
{
     if (request.getAttribute(AuthenticationHandler.STASHED_BODY) != null) {
       return (byte[])request.getAttribute(AuthenticationHandler.STASHED_BODY);
     }
@@ -181,19 +183,19 @@
     return rawBody;
   }
 
-  protected String readBodyString(HttpServletRequest request) throws 
IOException {
+  public static String readBodyString(HttpServletRequest request) throws 
IOException {
     byte[] rawBody = readBody(request);
     return IOUtils.toString(new ByteArrayInputStream(rawBody), 
request.getCharacterEncoding());
   }
 
-  protected void verifyBodyHash(HttpServletRequest request, String 
oauthBodyHash)
+  public static void verifyBodyHash(HttpServletRequest request, String 
oauthBodyHash)
       throws InvalidAuthenticationException {
     // we are doing body hash signing which is not permitted for form-encoded 
data
     if (request.getContentType().contains(OAuth.FORM_ENCODED)) {
       throw new AuthenticationHandler.InvalidAuthenticationException(
           "Cannot use oauth_body_hash with a Content-Type of 
application/x-www-form-urlencoded",
           null);
-    } else if ("GET".equals(request.getMethod()) || 
"HEAD".equals(request.getMethod())) {
+    } else if (!requestHasBody(request)) {
       throw new AuthenticationHandler.InvalidAuthenticationException(
           "Cannot use oauth_body_hash with a GET or HEAD request",null);
     } else {
@@ -212,11 +214,15 @@
     }
   }
 
-  protected String getParameter(OAuthMessage requestMessage, String key) {
+  public static String getParameter(OAuthMessage requestMessage, String key) {
     try {
       return StringUtils.trim(requestMessage.getParameter(key));
     } catch (IOException e) {
       return null;
     }
   }
+
+  public static boolean requestHasBody(HttpServletRequest request) {
+    return !("GET".equals(request.getMethod()) || 
"HEAD".equals(request.getMethod()));
+  }
 }

Modified: 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java?rev=758472&r1=758471&r2=758472&view=diff
==============================================================================
--- 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
 (original)
+++ 
incubator/shindig/trunk/java/social-api/src/test/java/org/apache/shindig/social/core/oauth/OAuthAuthenticationHanderTest.java
 Thu Mar 26 00:04:18 2009
@@ -374,7 +374,7 @@
     FakeHttpServletRequest req = new FakeHttpServletRequest();
     String body = "BODY";
     req.setPostData(CharsetUtil.getUtf8Bytes(body));
-    byte[] bytes = reqHandler.readBody(req);
+    byte[] bytes = OAuthAuthenticationHandler.readBody(req);
     assertTrue(Arrays.equals(bytes, CharsetUtil.getUtf8Bytes(body)));
     assertEquals(req.getAttribute(AuthenticationHandler.STASHED_BODY), bytes);
   }
@@ -388,7 +388,7 @@
     String hash = new 
String(Base64.encodeBase64(DigestUtils.sha(CharsetUtil.getUtf8Bytes(body))),
         "UTF-8");
     req.setParameter(OAuthAuthenticationHandler.OAUTH_BODY_HASH, hash);
-    reqHandler.verifyBodyHash(req, hash);
+    OAuthAuthenticationHandler.verifyBodyHash(req, hash);
   }
 
   @Test
@@ -401,7 +401,7 @@
         DigestUtils.sha(CharsetUtil.getUtf8Bytes("NOTBODY"))), "UTF-8");
     req.setParameter(OAuthAuthenticationHandler.OAUTH_BODY_HASH, hash);
     try {
-      reqHandler.verifyBodyHash(req, hash);
+      OAuthAuthenticationHandler.verifyBodyHash(req, hash);
       fail("Body verification should fail");
     } catch (AuthenticationHandler.InvalidAuthenticationException iae) {
       // Pass
@@ -418,7 +418,7 @@
         "UTF-8");
     req.setParameter(OAuthAuthenticationHandler.OAUTH_BODY_HASH, hash);
     try {
-      reqHandler.verifyBodyHash(req, hash);
+      OAuthAuthenticationHandler.verifyBodyHash(req, hash);
       fail("Body verification should fail");
     } catch (AuthenticationHandler.InvalidAuthenticationException iae) {
       // Pass
@@ -436,7 +436,7 @@
         "UTF-8");
     req.setParameter(OAuthAuthenticationHandler.OAUTH_BODY_HASH, hash);
     try {
-      reqHandler.verifyBodyHash(req, hash);
+      OAuthAuthenticationHandler.verifyBodyHash(req, hash);
       fail("Body verification should fail");
     } catch (AuthenticationHandler.InvalidAuthenticationException iae) {
       // Pass
@@ -454,7 +454,7 @@
         "UTF-8");
     req.setParameter(OAuthAuthenticationHandler.OAUTH_BODY_HASH, hash);
     try {
-      reqHandler.verifyBodyHash(req, hash);
+      OAuthAuthenticationHandler.verifyBodyHash(req, hash);
       fail("Body verification should fail");
     } catch (AuthenticationHandler.InvalidAuthenticationException iae) {
       // Pass

Reply via email to