/**
* Validates the passed request by reconstructing the original URL and
* parameters and generating a signature following the OAuth HMAC-SHA1
* specification and using the passed secret key.
*
* @param request Servlet request containing required information for
* reconstructing the signature such as the request's URL
* components and parameters
* @param consumerSecret Secret key shared between application owner and
* container. Used by containers when issuing signed makeRequests
* and by client applications to verify the source of these
* requests and the authenticity of its parameters.
* @return {@code true} if the signature generated in this function matches
* the signature in the passed request, {@code false} otherwise
* @throws IOException
* @throws URISyntaxException
*/
public static bool verifyHmacSignature(
HttpWebRequest request, String consumerSecret)
{
String method = request.Method;
String requestUrl = getRequestUrl(request);
List <OAuth.Parameter> requestParameters = getRequestParameters(request);
OAuthMessage message =
new OAuthMessage(method, requestUrl, requestParameters);
OAuthConsumer consumer =
new OAuthConsumer(null, null, consumerSecret, null);
OAuthAccessor accessor = new OAuthAccessor(consumer);
try {
message.validateMessage(accessor, new SimpleOAuthValidator());
} catch (OAuthException e) {
return(false);
}
return(true);
}
