whargrove · July 31, 2014 16:37
diff --git a/grade.java b/grade.java
 // First get the body from the HttpServletRequest
 String body = readBody(request);
 // Verify request oauth_body_hash
 verifyOAuthBodyHash(body, oauthParameters, hmacSigner) // oauthParameters and hmacSigner are created in this servlet but omitted from this gist

 // request is handled from doPost() that encapsulates this gist
 private String readBody(HttpServletRequest request) throws IOException {
    BufferedReader reader = new BufferedReader(new InputStreamReader(request.getInputStream()));

    StringBuilder body = new StringBuilder();
    String line = "";
    while ((line = reader.readLine()) != null) {
        body.append(line);
    }
    return body.toString();
 }

 private boolean verifyOAuthBodyHash(String body, List<OAuthParameter> oauthParameters, OAuthHmacSigner hmacSigner) {

    // This is what our reconstruction should match *exactly*
    String expectedOAuthBodyHash = null;
    try {
        expectedOAuthBodyHash = URLDecoder.decode(getParameter(oauthParameters, "oauth_body_hash"), "UTF-8");
    } catch (UnsupportedEncodingException e) {
        // TODO Return 5xx error in response
        // Error message: A server error occured when verifying the request.
    }

    // If expectedOAuthBodyHash is null then the request is invalid
    if (expectedOAuthBodyHash == null) {
        return false;
    }
  
    // Sign the body
    String actual = "";
    try {
        actual = hmacSigner.computeSignature(body);
    } catch (GeneralSecurityException e) {
        // TODO Return 5xx error to client
        // Error message: A server error occured when verifying the request.
        e.printStackTrace();
    }

    return expectedOAuthBodyHash.equals(actual);
 }
	// First get the body from the HttpServletRequest
	String body = readBody(request);
	// Verify request oauth_body_hash
	verifyOAuthBodyHash(body, oauthParameters, hmacSigner) // oauthParameters and hmacSigner are created in this servlet but omitted from this gist

	// request is handled from doPost() that encapsulates this gist
	private String readBody(HttpServletRequest request) throws IOException {
	BufferedReader reader = new BufferedReader(new InputStreamReader(request.getInputStream()));

	StringBuilder body = new StringBuilder();
	String line = "";
	while ((line = reader.readLine()) != null) {
	body.append(line);
	}
	return body.toString();
	}

	private boolean verifyOAuthBodyHash(String body, List<OAuthParameter> oauthParameters, OAuthHmacSigner hmacSigner) {

	// This is what our reconstruction should match exactly
	String expectedOAuthBodyHash = null;
	try {
	expectedOAuthBodyHash = URLDecoder.decode(getParameter(oauthParameters, "oauth_body_hash"), "UTF-8");
	} catch (UnsupportedEncodingException e) {
	// TODO Return 5xx error in response
	// Error message: A server error occured when verifying the request.
	}

	// If expectedOAuthBodyHash is null then the request is invalid
	if (expectedOAuthBodyHash == null) {
	return false;
	}

	// Sign the body
	String actual = "";
	try {
	actual = hmacSigner.computeSignature(body);
	} catch (GeneralSecurityException e) {
	// TODO Return 5xx error to client
	// Error message: A server error occured when verifying the request.
	e.printStackTrace();
	}

	return expectedOAuthBodyHash.equals(actual);
	}