I'm trying to validate an OpenSocial 0.7 signed request, using the sample Java code on that page. I think it should work this way, but I still get a signature_invalid error.
Main validation code:
// NOTE: req = HttpServletRequest
// check for hyves
if (!"hyves.nl".equals(req.getParameter("oauth_consumer_key"))) {
throw new RuntimeException("Only hyves supported");
}
// update hyves' certificate
getHyvesCert(req.getParameter("xoauth_signature_publickey"));
// construct message object
OAuthMessage oaMessage = new OAuthMessage(req.getMethod(), getRequestUrl(req), getParameters(req));
// validate message
// (will throw exception if invalid)
new SimpleOAuthValidator().validateMessage(oaMessage, new OAuthAccessor(OAUTH_CONSUMER_HYVES));
OAUTH_CONSUMER_HYVES
:
private static final OAuthServiceProvider OAUTH_THIS = new OAuthServiceProvider(null, null, null);
private static final OAuthConsumer OAUTH_CONSUMER_HYVES = new OAuthConsumer(null, "hyves.nl", null, OAUTH_THIS);
getHyvesCert
:
public void getHyvesCert(String name) {
synchronized(certLoadLock) {
// in reality this is code that downloads the certificate
// with the specified name, but this is the result
hyvesCert = "---BEGIN CERTIFICATE---- etc...";
OAUTH_CONSUMER_HYVES.setProperty(RSA_SHA1.X509_CERTIFICATE, hyvesCert);
}
}
The methods getRequestUrl
and getParameters
are directly copied from here.