File Doc Category Size Date Package
FacebookSignatureUtil.java API Doc Google Facebook API v1.4 11844 Tue Oct 23 20:32:32 BST 2007 com.facebook.api

FacebookSignatureUtil

java.lang.Object

public final class FacebookSignatureUtil extends Object

Utility for managing Facebook-specific parameters, specifically those related to session/login aspects.

Fields Summary
Constructors Summary
private FacebookSignatureUtil()

Methods Summary
public static java.util.List convert(java.util.Collection entries)
Converts a Map of key-value pairs into the form expected by generateSignature
param
entries a collection of Map.Entry's, such as can be obtained using myMap.entrySet()
return
a List suitable for being passed to generateSignature
List<String> result = new ArrayList<String>(entries.size()); for (Map.Entry<String, CharSequence> entry: entries) result.add(FacebookParam.stripSignaturePrefix(entry.getKey()) + "=" + entry.getValue()); return result;
public static java.util.List convertFacebookParams(java.util.Collection entries)
Converts a Map of key-value pairs into the form expected by generateSignature
param
entries a collection of Map.Entry's, such as can be obtained using myMap.entrySet()
return
a List suitable for being passed to generateSignature
List<String> result = new ArrayList<String>(entries.size()); for (Map.Entry<FacebookParam, CharSequence> entry: entries) result.add(entry.getKey().getSignatureName() + "=" + entry.getValue()); return result;
public static java.util.Map extractFacebookNamespaceParams(java.util.Map reqParams)
Out of the passed in reqParams, extracts the parameters that are in the FacebookParam namespace and returns them.
param
reqParams a map of request parameters to their values
return
a boolean indicating whether the calculated signature matched the expected signature
if (null == reqParams) return null; Map<String,CharSequence> result = new HashMap<String,CharSequence>(reqParams.size()); for (Map.Entry<CharSequence,CharSequence> entry : reqParams.entrySet()) { String key = entry.getKey().toString(); if (FacebookParam.isInNamespace(key)) result.put(key, entry.getValue()); } return result;
public static java.util.EnumMap extractFacebookParams(java.util.Map reqParams)
Out of the passed in reqParams, extracts the parameters that are known FacebookParams and returns them.
param
reqParams a map of request parameters to their values
return
a map suitable for being passed to verify signature
if (null == reqParams) return null; EnumMap<FacebookParam, CharSequence> result = new EnumMap<FacebookParam, CharSequence>(FacebookParam.class); for (Map.Entry<CharSequence, CharSequence> entry: reqParams.entrySet()) { FacebookParam matchingFacebookParam = FacebookParam.get(entry.getKey().toString()); if (null != matchingFacebookParam) { result.put(matchingFacebookParam, entry.getValue()); } } return result;
public static java.util.Map extractFacebookParamsFromArray(java.util.Map reqParams)
Out of the passed in reqParams, extracts the parameters that are in the FacebookParam namespace and returns them.
param
reqParams A map of request parameters to their values. Values are arrays of strings, as returned by ServletRequest.getParameterMap(). Only the first element in a given array is significant.
return
a boolean indicating whether the calculated signature matched the expected signature
if (null == reqParams) return null; Map<String,CharSequence> result = new HashMap<String,CharSequence>(reqParams.size()); for (Map.Entry<CharSequence,CharSequence[]> entry : reqParams.entrySet()) { String key = entry.getKey().toString(); if (FacebookParam.isInNamespace(key)) { CharSequence[] value = entry.getValue(); if (value.length > 0) result.put(key, value[0]); } } return result;
public static java.lang.String generateSignature(java.util.List params, java.lang.String secret)
Calculates the signature for the given set of params using the supplied secret
param
params Strings of the form "key=value"
param
secret
return
the signature
StringBuffer buffer = new StringBuffer(); Collections.sort(params); for (String param: params) { buffer.append(param); } buffer.append(secret); try { java.security.MessageDigest md = java.security.MessageDigest.getInstance("MD5"); StringBuffer result = new StringBuffer(); for (byte b: md.digest(buffer.toString().getBytes())) { result.append(Integer.toHexString((b & 0xf0) >>> 4)); result.append(Integer.toHexString(b & 0x0f)); } return result.toString(); } catch (java.security.NoSuchAlgorithmException ex) { System.err.println("MD5 does not appear to be supported" + ex); return ""; }
public static boolean verifySignature(java.util.EnumMap params, java.lang.String secret)
Verifies that a signature received matches the expected value. Removes FacebookParam.SIGNATURE from params if present.
param
params a map of parameters and their values, such as one obtained from extractFacebookParams; expected to the expected signature as the FacebookParam.SIGNATURE parameter
param
secret
return
a boolean indicating whether the calculated signature matched the expected signature
if (null == params || params.isEmpty() ) return false; CharSequence sigParam = params.remove(FacebookParam.SIGNATURE); return (null == sigParam) ? false : verifySignature(params, secret, sigParam.toString());
public static boolean verifySignature(java.util.EnumMap params, java.lang.String secret, java.lang.String expected)
Verifies that a signature received matches the expected value.
param
params a map of parameters and their values, such as one obtained from extractFacebookParams
param
secret the developers 'secret' API key
param
expected the expected resulting value of computing the MD5 sum of the 'sig' params and the 'secret' key
return
a boolean indicating whether the calculated signature matched the expected signature
assert !(null == secret || "".equals(secret)); if (null == params || params.isEmpty() ) return false; if (null == expected || "".equals(expected)) { return false; } params.remove(FacebookParam.SIGNATURE); List<String> sigParams = convertFacebookParams(params.entrySet()); return verifySignature(sigParams, secret, expected);
public static boolean verifySignature(java.util.Map params, java.lang.String secret)
Verifies that a signature received matches the expected value. Removes FacebookParam.SIGNATURE from params if present.
param
params a map of parameters and their values, such as one obtained from extractFacebookNamespaceParams; expected to contain the signature as the FacebookParam.SIGNATURE parameter
param
secret the developers 'secret' API key
return
a boolean indicating whether the calculated signature matched the expected signature
if (null == params || params.isEmpty() ) return false; CharSequence sigParam = params.remove(FacebookParam.SIGNATURE.toString()); return (null == sigParam) ? false : verifySignature(params, secret, sigParam.toString());
public static boolean verifySignature(java.util.Map params, java.lang.String secret, java.lang.String expected)
Verifies that a signature received matches the expected value.
param
params a map of parameters and their values, such as one obtained from extractFacebookNamespaceParams
param
secret the developers 'secret' API key
param
expected the expected resulting value of computing the MD5 sum of the 'sig' params and the 'secret' key
return
a boolean indicating whether the calculated signature matched the expected signature
assert !(null == secret || "".equals(secret)); if (null == params || params.isEmpty() ) return false; if (null == expected || "".equals(expected)) { return false; } params.remove(FacebookParam.SIGNATURE.toString()); List<String> sigParams = convert(params.entrySet()); return verifySignature(sigParams, secret, expected);
private static boolean verifySignature(java.util.List sigParams, java.lang.String secret, java.lang.String expected)
if (null == expected || "".equals(expected)) return false; String signature = generateSignature(sigParams, secret); return expected.equals(signature);