The OAuth Request Body Hash extension to OAuth 1.0 specifies that consumers sending non-form-encoded request bodies should include the SHA1 hash of the request body in the Signature Base String as an oauth_body_hash parameter. Signpost does not have built-in support for this extension, but the service I'm connecting to requires it. How can I add the parameter to my request?
Asked
Active
Viewed 1,638 times
1 Answers
1
Signpost OAuthConsumer classes provide a setAdditionalParameters method. Just calculate the hash and add the parameter yourself. The only complication is that these parameters are not percent-escaped by Signpost, as OAuth Parameter Encoding specifies, so you'll need to do it yourself. Here's an example:
MessageDigest md = MessageDigest.getInstance("SHA1");
md.update(requestBody.getBytes());
byte[] output = Base64.encodeBase64(md.digest());
String hash = new String(output);
HttpParameters parameters = new HttpParameters();
parameters.put("oauth_body_hash", URLEncoder.encode(hash, "UTF-8"));
CommonsHttpOAuthConsumer signer = new CommonsHttpOAuthConsumer(key, secret);
HttpPost request = new HttpPost(url);
request.setHeader("Content-Type", "application/xml");
request.setEntity(new StringEntity(requestBody, "UTF-8"));
signer.setAdditionalParameters(parameters);
signer.sign(request);
Alternatively, you can set the header on the request before signing, and Signpost will merge its header with your own:
request.setHeader("Authorization", "OAuth oauth_body_hash=\""+URLEncoder.encode(hash, "UTF-8")+"\"");