Thank you for the reply. I didn't explain correctly, but I know that the url is the second parameter; I removed all the "variables" from the code so that someone could provide them.
Aside the url, all the other lines where I use an empty string are supposed to be filled (owner & viewer id, timestamp, nonce, etc.). I hope someone can fill them and make a working example (I tried unsuccessfully). By the way, this could be a useful (important) test for all client libraries since this is a critical feature... Pierre Henri. On Mar 27, 12:25 am, Arne Roomann-Kurrik <api.kur...@google.com> wrote: > It looks like you're leaving out the url when calling > OpenSocialRequestValidator.verifyHmacSignature("POST", "", parameters, > "uynAeXiWTisflWX99KU1D2q5")); > > that second argument should be the entire url that is requested when a > gadget makes a makeRequest call. Forexample, if you do > gadgets.io.makeRequest("http://example.com/stuff"); > > then the .NET code athttp://example.com/stuffwould need to call: > OpenSocialRequestValidator.verifyHmacSignature("POST", "http:// > example.com/stuff", parameters, "uynAeXiWTisflWX99KU1D2q5")); > > Also, parameters needs to contain _every_ parameter passed in the > request, so your parameters.add calls need to iterate over every value > in the request parameters collection (both GET and POST). > > That should help get you started :) > > ~Arne > > On Mar 18, 5:08 am, Pierre Henri Kuate <phku...@kleartouch.com> wrote: > > > Hi, > > > I asked this question on another forum (http://groups.google.com/group/ > > opensocial-client-libraries/browse_thread/thread/2bd9eaaa0511c89d/ > > ef248f92a591dd45), but this one might be better suited: > > > I am developing a .NET client library for the RESTful services of > > OpenSocial:http://code.google.com/p/opensocial-net-client/ > > > I have some problem with request validation and I'm looking for a > > working example. Ie: A url posted by the container (with the signature > > created using HMAC-SHA1), and a C# or Java code validating it. > > > First, I had modified the implementation of the Java library to: > > > // --- START --- > > > public static boolean verifyHmacSignature( > > HttpServletRequest request, String consumerSecret) > > throws IOException, URISyntaxException { > > > String method = request.getMethod(); > > String requestUrl = getRequestUrl(request); > > List<OAuth.Parameter> requestParameters = getRequestParameters > > (request); > > > return verifyHmacSignature(method, requestUrl, requestParameters, > > consumerSecret); > > } > > > public static boolean verifyHmacSignature( > > String method, String requestUrl, List<OAuth.Parameter> > > requestParameters, String consumerSecret) > > throws IOException, URISyntaxException { > > > OAuthMessage message = > > new OAuthMessage(method, requestUrl, requestParameters); > > > OAuthConsumer consumer = > > new OAuthConsumer(null, null, consumerSecret, null); > > OAuthAccessor accessor = new OAuthAccessor(consumer); > > > try { > > message.validateMessage(accessor, new SimpleOAuthValidator()); > > } catch (OAuthException e) { > > return false; > > } > > > return true; > > } > > > // --- END --- > > > I tried the following program with some values, but none worked. > > > // --- START --- > > > import net.oauth.OAuth.Parameter; > > import org.opensocial.client.OpenSocialRequestValidator; > > > import java.util.List; > > import java.util.ArrayList; > > > public class OpenSocialRequestValidatorTest { > > public static void main(String[] args) { > > try { > > List<Parameter> parameters = new ArrayList<Parameter>(); > > parameters.add(new Parameter("opensocial_owner_id", "")); > > parameters.add(new Parameter("opensocial_viewer_id", "")); > > parameters.add(new Parameter("opensocial_app_id", > > "03601006638329987009")); > > parameters.add(new Parameter("opensocial_app_url", "http:// > > opensocial-resources.googlecode.com/svn/samples/rest_rpc/ > > sample.xml")); > > parameters.add(new Parameter("oauth_consumer_key", > > "623061448914")); > > parameters.add(new Parameter("oauth_version", "1.0")); > > parameters.add(new Parameter("oauth_signature_method", "HMAC- > > SHA1")); > > parameters.add(new Parameter("oauth_timestamp", "")); > > parameters.add(new Parameter("oauth_nonce", "")); > > //parameters.add(new Parameter("oauth_signature", "")); > > > System.out.println("Valid = " + > > OpenSocialRequestValidator.verifyHmacSignature("POST", "", > > parameters, "uynAeXiWTisflWX99KU1D2q5")); > > } > > catch (Exception e) { System.out.println("Exception: " + e); } > > } > > > } > > > // --- END --- > > > Could someone provide the missing values that would make > > verifyHmacSignature() return true? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---