Package net.oauth.signature
Class RSA_SHA1
- java.lang.Object
-
- net.oauth.signature.OAuthSignatureMethod
-
- net.oauth.signature.RSA_SHA1
-
public class RSA_SHA1 extends OAuthSignatureMethod
The RSA-SHA1 signature method. A consumer that wishes to use public-key signatures on messages does not need a shared secret with the service provider, but it needs a private RSA signing key. You create it like this: OAuthConsumer c = new OAuthConsumer(callback_url, consumer_key, null, provider); c.setProperty(RSA_SHA1.PRIVATE_KEY, consumer_privateRSAKey); consumer_privateRSAKey must be an RSA signing key and of type java.security.PrivateKey, String, byte[] or Base64InputStream. The key must either PKCS#1 or PKCS#8 encoded. A service provider that wishes to verify signatures made by such a consumer does not need a shared secret with the consumer, but it needs to know the consumer's public key. You create the necessary OAuthConsumer object (on the service provider's side) like this: OAuthConsumer c = new OAuthConsumer(callback_url, consumer_key, null, provider); c.setProperty(RSA_SHA1.PUBLIC_KEY, consumer_publicRSAKey); consumer_publicRSAKey must be the consumer's public RSAkey and of type java.security.PublicKey, String, or byte[]. In the latter two cases, the key must be X509-encoded (byte[]) or X509-encoded and then Base64-encoded (String). Alternatively, a service provider that wishes to verify signatures made by such a consumer can use a X509 certificate containing the consumer's public key. You create the necessary OAuthConsumer object (on the service provider's side) like this: OAuthConsumer c = new OAuthConsumer(callback_url, consumer_key, null, provider); c.setProperty(RSA_SHA1.X509_CERTIFICATE, consumer_cert); consumer_cert must be a X509 Certificate containing the consumer's public key and be of type java.security.cert.X509Certificate, String, or byte[]. In the latter two cases, the certificate must be DER-encoded (byte[]) or PEM-encoded (String).- Author:
- Dirk Balfanz
-
-
Field Summary
Fields Modifier and Type Field Description static StringPRIVATE_KEYstatic StringPUBLIC_KEYstatic StringX509_CERTIFICATE-
Fields inherited from class net.oauth.signature.OAuthSignatureMethod
_ACCESSOR
-
-
Constructor Summary
Constructors Constructor Description RSA_SHA1()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected StringgetSignature(String baseString)Compute the signature for the given base string.protected voidinitialize(String name, OAuthAccessor accessor)protected booleanisValid(String signature, String baseString)Decide whether the signature is valid.-
Methods inherited from class net.oauth.signature.OAuthSignatureMethod
base64Encode, decodeBase64, equals, equals, getBaseString, getConsumerSecret, getSignature, getTokenSecret, newMethod, newSigner, normalizeParameters, normalizeUrl, registerMethodClass, setConsumerSecret, setTokenSecret, sign, unregisterMethod, validate
-
-
-
-
Field Detail
-
PRIVATE_KEY
public static final String PRIVATE_KEY
- See Also:
- Constant Field Values
-
PUBLIC_KEY
public static final String PUBLIC_KEY
- See Also:
- Constant Field Values
-
X509_CERTIFICATE
public static final String X509_CERTIFICATE
- See Also:
- Constant Field Values
-
-
Method Detail
-
getSignature
protected String getSignature(String baseString) throws OAuthException
Description copied from class:OAuthSignatureMethodCompute the signature for the given base string.- Specified by:
getSignaturein classOAuthSignatureMethod- Throws:
OAuthException
-
initialize
protected void initialize(String name, OAuthAccessor accessor) throws OAuthException
- Overrides:
initializein classOAuthSignatureMethod- Throws:
OAuthException
-
isValid
protected boolean isValid(String signature, String baseString) throws OAuthException
Description copied from class:OAuthSignatureMethodDecide whether the signature is valid.- Specified by:
isValidin classOAuthSignatureMethod- Throws:
OAuthException
-
-