[OpenSocial] Re: Looking for a working example of request verification

Fri, 27 Mar 2009 06:33:41 -0700 

Thank you for the reply.

I didn't explain correctly, but I know that the url is the second
parameter; I removed all the "variables" from the code so that someone
could provide them.

Aside the url, all the other lines where I use an empty string are
supposed to be filled (owner & viewer id, timestamp, nonce, etc.).

I hope someone can fill them and make a working example (I tried
unsuccessfully).

By the way, this could be a useful (important) test for all client
libraries since this is a critical feature...

Pierre Henri.

On Mar 27, 12:25 am, Arne Roomann-Kurrik <api.kur...@google.com>
wrote:
> It looks like you're leaving out the url when calling
> OpenSocialRequestValidator.verifyHmacSignature("POST", "", parameters,
> "uynAeXiWTisflWX99KU1D2q5"));
>
> that second argument should be the entire url that is requested when a
> gadget makes a makeRequest call.  Forexample, if you do
> gadgets.io.makeRequest("http://example.com/stuff";);
>
> then the .NET code athttp://example.com/stuffwould need to call:
> OpenSocialRequestValidator.verifyHmacSignature("POST", "http://
> example.com/stuff", parameters, "uynAeXiWTisflWX99KU1D2q5"));
>
> Also, parameters needs to contain _every_ parameter passed in the
> request, so your parameters.add calls need to iterate over every value
> in the request parameters collection (both GET and POST).
>
> That should help get you started :)
>
> ~Arne
>
> On Mar 18, 5:08 am, Pierre Henri Kuate <phku...@kleartouch.com> wrote:
>
> > Hi,
>
> > I asked this question on another forum (http://groups.google.com/group/
> > opensocial-client-libraries/browse_thread/thread/2bd9eaaa0511c89d/
> > ef248f92a591dd45), but this one might be better suited:
>
> > I am developing a .NET client library for the RESTful services of
> > OpenSocial:http://code.google.com/p/opensocial-net-client/
>
> > I have some problem with request validation and I'm looking for a
> > working example. Ie: A url posted by the container (with the signature
> > created using HMAC-SHA1), and a C# or Java code validating it.
>
> > First, I had modified the implementation of the Java library to:
>
> > // --- START ---
>
> >   public static boolean verifyHmacSignature(
> >       HttpServletRequest request, String consumerSecret)
> >       throws IOException, URISyntaxException {
>
> >     String method = request.getMethod();
> >     String requestUrl = getRequestUrl(request);
> >     List<OAuth.Parameter> requestParameters = getRequestParameters
> > (request);
>
> >     return verifyHmacSignature(method, requestUrl, requestParameters,
> > consumerSecret);
> >   }
>
> >   public static boolean verifyHmacSignature(
> >       String method, String requestUrl, List<OAuth.Parameter>
> > requestParameters, String consumerSecret)
> >       throws IOException, URISyntaxException {
>
> >     OAuthMessage message =
> >         new OAuthMessage(method, requestUrl, requestParameters);
>
> >     OAuthConsumer consumer =
> >         new OAuthConsumer(null, null, consumerSecret, null);
> >     OAuthAccessor accessor = new OAuthAccessor(consumer);
>
> >     try {
> >       message.validateMessage(accessor, new SimpleOAuthValidator());
> >     } catch (OAuthException e) {
> >       return false;
> >     }
>
> >     return true;
> >   }
>
> > // --- END ---
>
> > I tried the following program with some values, but none worked.
>
> > // --- START ---
>
> > import net.oauth.OAuth.Parameter;
> > import org.opensocial.client.OpenSocialRequestValidator;
>
> > import java.util.List;
> > import java.util.ArrayList;
>
> > public class OpenSocialRequestValidatorTest {
> >   public static void main(String[] args) {
> >     try {
> >       List<Parameter> parameters = new ArrayList<Parameter>();
> >       parameters.add(new Parameter("opensocial_owner_id", ""));
> >       parameters.add(new Parameter("opensocial_viewer_id", ""));
> >       parameters.add(new Parameter("opensocial_app_id",
> > "03601006638329987009"));
> >       parameters.add(new Parameter("opensocial_app_url", "http://
> > opensocial-resources.googlecode.com/svn/samples/rest_rpc/
> > sample.xml"));
> >       parameters.add(new Parameter("oauth_consumer_key",
> > "623061448914"));
> >       parameters.add(new Parameter("oauth_version", "1.0"));
> >       parameters.add(new Parameter("oauth_signature_method", "HMAC-
> > SHA1"));
> >       parameters.add(new Parameter("oauth_timestamp", ""));
> >       parameters.add(new Parameter("oauth_nonce", ""));
> >       //parameters.add(new Parameter("oauth_signature", ""));
>
> >       System.out.println("Valid = " +
> >       OpenSocialRequestValidator.verifyHmacSignature("POST", "",
> > parameters, "uynAeXiWTisflWX99KU1D2q5"));
> >     }
> >     catch (Exception e) { System.out.println("Exception: " + e); }
> >   }
>
> > }
>
> > // --- END ---
>
> > Could someone provide the missing values that would make
> > verifyHmacSignature() return true?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"OpenSocial Application Development" group.
To post to this group, send email to opensocial-api@googlegroups.com
To unsubscribe from this group, send email to 
opensocial-api+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to