net.oauth.signature
Class RSA_SHA1
java.lang.Object
net.oauth.signature.OAuthSignatureMethod
net.oauth.signature.RSA_SHA1
public class RSA_SHA1
- extends OAuthSignatureMethod
The RSA-SHA1 signature method. A consumer
that wishes to use public-key signatures on messages does not need
a shared secret with the service provider, but it needs a private
RSA signing key. You create it like this:
OAuthConsumer c = new OAuthConsumer(callback_url, consumer_key,
null, provider);
c.setProperty(RSA_SHA1.PRIVATE_KEY, consumer_privateRSAKey);
consumer_privateRSAKey must be an RSA signing key and
of type java.security.PrivateKey, String, byte[] or InputStream.
The key must either PKCS#1 or PKCS#8 encoded.
A service provider that wishes to verify signatures made by such a
consumer does not need a shared secret with the consumer, but it needs
to know the consumer's public key. You create the necessary
OAuthConsumer object (on the service provider's side) like this:
OAuthConsumer c = new OAuthConsumer(callback_url, consumer_key,
null, provider);
c.setProperty(RSA_SHA1.PUBLIC_KEY, consumer_publicRSAKey);
consumer_publicRSAKey must be the consumer's public RSAkey and
of type java.security.PublicKey, String, or byte[]. In the latter two
cases, the key must be X509-encoded (byte[]) or X509-encoded and
then Base64-encoded (String).
Alternatively, a service provider that wishes to verify signatures made
by such a consumer can use a X509 certificate containing the consumer's
public key. You create the necessary OAuthConsumer object (on the service
provider's side) like this:
OAuthConsumer c = new OAuthConsumer(callback_url, consumer_key,
null, provider);
c.setProperty(RSA_SHA1.X509_CERTIFICATE, consumer_cert);
consumer_cert must be a X509 Certificate containing the consumer's public
key and be of type java.security.cert.X509Certificate, String,
or byte[]. In the latter two cases, the certificate must be DER-encoded
(byte[]) or PEM-encoded (String).
- Author:
- Dirk Balfanz
|
Method Summary |
protected java.lang.String |
getSignature(java.lang.String baseString)
Compute the signature for the given base string. |
protected void |
initialize(java.lang.String name,
OAuthAccessor accessor)
|
protected boolean |
isValid(java.lang.String signature,
java.lang.String baseString)
Decide whether the signature is valid. |
| Methods inherited from class net.oauth.signature.OAuthSignatureMethod |
base64Encode, decodeBase64, equals, equals, getBaseString, getConsumerSecret, getSignature, getTokenSecret, newMethod, newSigner, normalizeParameters, normalizeUrl, registerMethodClass, setConsumerSecret, setTokenSecret, sign, unregisterMethod, validate |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
PRIVATE_KEY
public static final java.lang.String PRIVATE_KEY
- See Also:
- Constant Field Values
PUBLIC_KEY
public static final java.lang.String PUBLIC_KEY
- See Also:
- Constant Field Values
X509_CERTIFICATE
public static final java.lang.String X509_CERTIFICATE
- See Also:
- Constant Field Values
RSA_SHA1
public RSA_SHA1()
initialize
protected void initialize(java.lang.String name,
OAuthAccessor accessor)
throws OAuthException
- Overrides:
initialize in class OAuthSignatureMethod
- Throws:
OAuthException
getSignature
protected java.lang.String getSignature(java.lang.String baseString)
throws OAuthException
- Description copied from class:
OAuthSignatureMethod
- Compute the signature for the given base string.
- Specified by:
getSignature in class OAuthSignatureMethod
- Throws:
OAuthException
isValid
protected boolean isValid(java.lang.String signature,
java.lang.String baseString)
throws OAuthException
- Description copied from class:
OAuthSignatureMethod
- Decide whether the signature is valid.
- Specified by:
isValid in class OAuthSignatureMethod
- Throws:
OAuthException
Copyright © 2009. All Rights Reserved.