0

Hi i am trying to implement OAuth1.0 following this tutorial in this tutorial there is a heading OAuthGetRequestToken

in which for getting request token we have to send a post request to URL

www.google.com/accounts/OAuthGetRequestToken

i am sending a post request in my code in google app engine my code is:

 package org.ritesh;

    import java.io.BufferedInputStream;
    import java.io.BufferedReader;
    import java.io.DataInputStream;
    import java.io.File;
    import java.io.FileInputStream;
    import java.io.IOException;
    import java.io.InputStream;
    import java.io.InputStreamReader;
    import java.io.OutputStreamWriter;
    import java.net.HttpURLConnection;
    import java.net.URL;
    import java.net.URLEncoder;
    import java.security.KeyFactory;
    import java.security.NoSuchAlgorithmException;
    import java.security.PrivateKey;
    import java.security.spec.EncodedKeySpec;
    import java.security.spec.InvalidKeySpecException;
    import java.security.spec.PKCS8EncodedKeySpec;
    import java.util.Iterator;
    import java.util.Map;
    import java.util.Set;
    import java.util.TreeMap;

    import com.google.gdata.client.authn.oauth.*;
    import com.google.gdata.util.common.util.Base64;
    import com.google.gdata.util.common.util.Base64DecoderException;
    import com.sun.org.apache.xerces.internal.util.URI;

    import javax.servlet.ServletContext;
    import javax.servlet.http.*;


    @SuppressWarnings("serial")
    public class HelloWorldServlet extends HttpServlet {
        @SuppressWarnings({ "unchecked", "unchecked" })
        public void doGet(HttpServletRequest req, HttpServletResponse resp)
                throws IOException {

        String myrsakey=    "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALwVoQ3Ksd9gwZY3"
            +"a7Flz5bf1oCiYe8XSn6vlkaPiA0jBcPJAmACjI023/Z+8KgDbyhlRumTtcateXNZ"
            +"FVb7q/BKTQWgxK1Fj2XGUkWQz6Nsp/sk54M+R4n3XkTp6W7HhFERE81Iobgy+KtM"
            +"vr5f/tJbCtLspKSaq2totveKMvMDAgMBAAECgYBIeTke3FzfyyOtI1vO9oEgDM5V"
            +"sLx16Y6d9EC+na36CeW9xGWy4yiPfXadP9qxkukxMp05gd5IWS30QX5UjxN4ER9j"
            +"tEDCfDePnrOoi6aUpLXuHoOQbhVIBMTEsFzw9v837a2GOnU0YMgUnGTzC8Ql/3Aw"
            +"kFPNFqVEG57ItzZYGQJBAO8K8qXiDfUeMUjGLwqbRk5NgM7GVlPI80f3/V2o7EtP"
            +"T6kr6nvob7ZfgQ9R1STuIPjF+0GartfHZ5x+7tdcZ7cCQQDJbUV6Y41zzQ/Pg/cl"
            +"VIbZ8Lx9GdtYBaDFeIhGHXDq7Q0I17ztMILJfvx5kKQWGix8ktb0COGX7LxKIwFu"
            +"GxcVAkEAhoDWf9humhnfCV/aYFF2geDCNZcMRCCyIzC689R1APsji8EWM5paIXgj"
            +"moclM556FwDvm7552xhsiHYz1iI8iQJANcCMRvHkIJ/7dSRBQtwAtI4yrqvExgOS"
            +"eMAGlbdrl7W0wcRYrW9Bp6XUmFhKAX/wmTnSVQM9uH47bQlUa16dVQJBAKnnjcgW"
            +"AmoCYM+YYmi6+fytPYn9W61RNdl1f9rtccDBhsWomgS6O204qJoLX+U/aCkjpPxK"
            +"IyilkfsZBNupdzA=";


            resp.setContentType("text/html");

 resp.getWriter().println("<html><head> <meta name=\"google-site-verification\" content=\"OBFeK6hFEbTkNdcYc-SQNH9tCTpcht-HkUdj6IgCaLg\" </head>");

            resp.getWriter().println("<body>Hello, world");

      TreeMap<String,String> tree=new TreeMap<String,String>();
      tree.put("oauth_version","1.0");
      tree.put("oauth_nonce", System.currentTimeMillis()+"");
      tree.put("oauth_timestamp",System.currentTimeMillis()/1000+"");
      tree.put("oauth_consumer_key", "imehandirattaritesh.appspot.com");
      tree.put("oauth_signature_method", "RSA-SHA1");
      tree.put("oauth_signature", myrsakey);
      tree.put("oauth_callback", "https://imehandirattaritesh.appspot.com/authsub");
      tree.put("scope", "http://www.google.com/calendar/feeds");
      Set set = tree.entrySet(); 

      Iterator<Map.Entry<String, String>> i = set.iterator(); 
      String datastring="";
      Map.Entry me=(Map.Entry)i.next();
     datastring=me.getKey()+"=";
     datastring+=me.getValue();

     while(i.hasNext()) { 
          me = (Map.Entry)i.next(); 
          datastring+="&"+me.getKey()+"="; 
          datastring+=(me.getValue()); 
          } 


    URL url=new URL("https://www.google.com/accounts/OAuthGetRequestToken?"+datastring); 
                    resp.getWriter().println(""+datastring);
            HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();

            urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

            urlConnection.setRequestProperty("Authorization", "OAuth");

            urlConnection.setRequestMethod("POST");

            urlConnection.setDoOutput(true);

            BufferedReader in = new BufferedReader(new InputStreamReader(urlConnection.getInputStream()));

              resp.getWriter().println( urlConnection.getResponseCode());

               String xx="";

               String xx1="";

               while((xx1=in.readLine()) != null)

               {
                   xx+=xx1;


               }
               resp.getWriter().println(xx);
               resp.getWriter().println("</body></html>");




        }



}

i am hosting my app on domain imehandirattaritesh.appspot.com and i think probably i am putting all my parameters correct.may be in tutorial link signature is a very small string but in my case it is a very big string i am putting the content of my .pk8 file which is generated from certificate .pem file .i am expecting my input as like this

oauth_token=ab3cd9j4ks73hf7g&oauth_token_secret=ZXhhbXBsZS5jb20&oauth_callback_confirmed=true

but in place of this i am getting response of sending post request as

signature_invalidbase_string:POST&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetRequestToken&oauth_callback%3Dhttps%253A%252F%252Fimehandirattaritesh.appspot.com%252Fauthsub%26oauth_consumer_key%3Dimehandirattaritesh.appspot.com%26oauth_nonce%3D1357733037248%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1357733037%26oauth_version%3D1.0%26scope%3Dhttp%253A%252F%252Fwww.google.com%252Fcalendar%252Ffeeds

my oauth_callback is https://imehandirattaritesh.appspot.com/authsub

i am trying to remove this error like hell but failed every time can any one please help how to remove this error or resource or link from which i will get any help.please dont suggest me using java client for OAuth1.0 .i have to use google prediction api and call then from my application and in java client library there is no functionality related to calling google prediction api.please help me how to remove this error and get right output

Kara
  • 6,115
  • 16
  • 50
  • 57
mathlearner
  • 7,509
  • 31
  • 126
  • 189

1 Answers1

1

It clearly says invalid signature. Your RSA key is not your signature. Please refer signing request of the same tutorial to create valid signature. https://developers.google.com/accounts/docs/OAuth_ref#SigningOAuth.

And section 9.3 of http://oauth.net/core/1.0/#signing_process

Rajat Garg
  • 355
  • 1
  • 2
  • 11
  • then what value should i put in place of oauth_signature??i am unable to understand please simplify it!! – mathlearner Jan 09 '13 at 12:42
  • Something like this will work /** * Signs the data with the given key and the provided algorithm. */ private static byte[] sign(PrivateKey key, String data) throws GeneralSecurityException { Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(key); signature.update(data.getBytes()); return signature.sign(); } – Rajat Garg Jan 09 '13 at 12:53
  • i tried many combinations but nothing is working out.can u please read and tell me accrately what should be oauth_signature – mathlearner Jan 09 '13 at 12:57
  • i tries but in first step i selected calendar as scope in second step i choose HMAC-SHA1 nad then enter value of consumer_secret and consumer_key and then press request token then its giving me value of oauth_token and token_secret!! but how to accomplish this in code in which parameter should i put value of consumer secret – mathlearner Jan 09 '13 at 13:33
  • consumer secret comes into the picture when you use RSA. In google OAuth playground you need to click on "use your own private key" to be able to use your secret key. Did you try using the code I pasted as comment? Sorry I dont know how to format in comments. :( – Rajat Garg Jan 09 '13 at 14:42
  • what is String data in sign function??please reply to this query – mathlearner Jan 09 '13 at 17:24
  • String data is the data you want to sign. This will be the Signature base string in this case. – Rajat Garg Jan 09 '13 at 17:29
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/22473/discussion-between-ritesh-mehandiratta-and-rajat-garg) – mathlearner Jan 09 '13 at 17:30