List of usage examples for org.springframework.security.oauth.common.signature InvalidSignatureException InvalidSignatureException
public InvalidSignatureException(String msg)
From source file:org.springframework.security.oauth.common.signature.HMAC_SHA1SignatureMethod.java
/** * Verify the signature of the given signature base string. The signature is verified by generating a new request signature octet string, and comparing it * to the signature provided by the Consumer, first URL-decoded per Parameter Encoding, then base64-decoded per RFC2045 section 6.8. The signature is * generated using the request parameters as provided by the Consumer, and the Consumer Secret and Token Secret as stored by the Service Provider. * * @param signatureBaseString The signature base string. * @param signature The signature. * @throws InvalidSignatureException If the signature is invalid for the specified base string. *//*from w ww .j a v a 2s . co m*/ public void verify(String signatureBaseString, String signature) throws InvalidSignatureException { try { if (LOG.isDebugEnabled()) { LOG.debug("signature base: " + signatureBaseString); LOG.debug("signature: " + signature); } byte[] signatureBytes = Base64.decodeBase64(signature.getBytes("UTF-8")); Mac mac = Mac.getInstance(MAC_NAME); mac.init(key); byte[] text = signatureBaseString.getBytes("UTF-8"); byte[] calculatedBytes = mac.doFinal(text); if (!safeArrayEquals(calculatedBytes, signatureBytes)) { throw new InvalidSignatureException("Invalid signature for signature method " + getName()); } } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(e); } catch (InvalidKeyException e) { throw new IllegalStateException(e); } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); } }
From source file:org.springframework.security.oauth.common.signature.RSA_SHA1SignatureMethod.java
/** * Verify the signature of the given signature base string. The signature is verified by generating a new request signature octet string, and comparing it * to the signature provided by the Consumer, first URL-decoded per Parameter Encoding, then base64-decoded per RFC2045 section 6.8. The signature is * generated using the request parameters as provided by the Consumer, and the Consumer Secret and Token Secret as stored by the Service Provider. * * @param signatureBaseString The signature base string. * @param signature The signature. * @throws InvalidSignatureException/*from w ww. j a v a2s .co m*/ * If the signature is invalid for the specified base string. * @throws UnsupportedOperationException If there is no public key. */ public void verify(String signatureBaseString, String signature) throws InvalidSignatureException { if (publicKey == null) { throw new UnsupportedOperationException("A public key must be provided to verify signatures."); } try { byte[] signatureBytes = Base64.decodeBase64(signature.getBytes("UTF-8")); Signature verifier = Signature.getInstance("SHA1withRSA"); verifier.initVerify(publicKey); verifier.update(signatureBaseString.getBytes("UTF-8")); if (!verifier.verify(signatureBytes)) { throw new InvalidSignatureException("Invalid signature for signature method " + getName()); } } catch (UnsupportedEncodingException e) { throw new RuntimeException(e); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(e); } catch (InvalidKeyException e) { throw new IllegalStateException(e); } catch (SignatureException e) { throw new IllegalStateException(e); } }