FileDocCategorySizeDatePackage
FacebookSignatureUtil.javaAPI DocFacebook API11110Mon Jul 16 13:08:38 BST 2007com.facebook.api

FacebookSignatureUtil

public final class FacebookSignatureUtil extends Object

Fields Summary
Constructors Summary
private FacebookSignatureUtil()
Methods Summary
public static java.util.Listconvert(java.util.Collection entries)
Converts a Map of key-value pairs into the form expected by generateSignature

param
entries a collection of Map.Entry's, such as can be obtained using myMap.entrySet()
return
a List suitable for being passed to generateSignature

    List<String> result = new ArrayList<String>(entries.size());
    for (Map.Entry<String, CharSequence> entry: entries)
      result.add(FacebookParam.stripSignaturePrefix(entry.getKey()) + "=" + entry.getValue());
    return result;
public static java.util.ListconvertFacebookParams(java.util.Collection entries)
Converts a Map of key-value pairs into the form expected by generateSignature

param
entries a collection of Map.Entry's, such as can be obtained using myMap.entrySet()
return
a List suitable for being passed to generateSignature

    List<String> result = new ArrayList<String>(entries.size());
    for (Map.Entry<FacebookParam, CharSequence> entry: entries)
      result.add(entry.getKey().getSignatureName() + "=" + entry.getValue());
    return result;
public static java.util.MapextractFacebookNamespaceParams(java.util.Map reqParams)
Out of the passed in reqParams, extracts the parameters that are in the FacebookParam namespace and returns them.

param
reqParams a map of request parameters to their values
return
a boolean indicating whether the calculated signature matched the expected signature

    if (null == reqParams)
      return null;
    Map<String,CharSequence> result = new HashMap<String,CharSequence>(reqParams.size());
    for (Map.Entry<CharSequence,CharSequence> entry : reqParams.entrySet()) {
      String key = entry.getKey().toString();
      if (FacebookParam.isInNamespace(key))
        result.put(key, entry.getValue());
    }
    return result;
public static java.util.EnumMapextractFacebookParams(java.util.Map reqParams)
Out of the passed in reqParams, extracts the parameters that are known FacebookParams and returns them.

param
reqParams a map of request parameters to their values
return
a map suitable for being passed to verify signature

    if (null == reqParams)
      return null;

    EnumMap<FacebookParam, CharSequence> result =
      new EnumMap<FacebookParam, CharSequence>(FacebookParam.class);
    for (Map.Entry<CharSequence, CharSequence> entry: reqParams.entrySet()) {
      FacebookParam matchingFacebookParam = FacebookParam.get(entry.getKey().toString());
      if (null != matchingFacebookParam) {
        result.put(matchingFacebookParam, entry.getValue());
      }
    }
    return result;
public static java.util.MapextractFacebookParamsFromArray(java.util.Map reqParams)
Out of the passed in reqParams, extracts the parameters that are in the FacebookParam namespace and returns them.

param
reqParams A map of request parameters to their values. Values are arrays of strings, as returned by ServletRequest.getParameterMap(). Only the first element in a given array is significant.
return
a boolean indicating whether the calculated signature matched the expected signature

    if (null == reqParams)
      return null;
    Map<String,CharSequence> result = new HashMap<String,CharSequence>(reqParams.size());
    for (Map.Entry<CharSequence,CharSequence[]> entry : reqParams.entrySet()) {
      String key = entry.getKey().toString();
      if (FacebookParam.isInNamespace(key)) {
        CharSequence[] value = entry.getValue();
        if (value.length > 0)
          result.put(key, value[0]);
      }
    }
    return result;
public static java.lang.StringgenerateSignature(java.util.List params, java.lang.String secret)
Calculates the signature for the given set of params using the supplied secret

param
params Strings of the form "key=value"
param
secret
return
the signature

    StringBuffer buffer = new StringBuffer();
    Collections.sort(params);
    for (String param: params) {
      buffer.append(param);
    }

    buffer.append(secret);
    try {
      java.security.MessageDigest md = java.security.MessageDigest.getInstance("MD5");
      StringBuffer result = new StringBuffer();
      for (byte b: md.digest(buffer.toString().getBytes())) {
        result.append(Integer.toHexString((b & 0xf0) >>> 4));
        result.append(Integer.toHexString(b & 0x0f));
      }
      return result.toString();
    }
    catch (java.security.NoSuchAlgorithmException ex) {
      System.err.println("MD5 does not appear to be supported" + ex);
      return "";
    }
public static booleanverifySignature(java.util.EnumMap params, java.lang.String secret)
Verifies that a signature received matches the expected value. Removes FacebookParam.SIGNATURE from params if present.

param
params a map of parameters and their values, such as one obtained from extractFacebookParams; expected to the expected signature as the FacebookParam.SIGNATURE parameter
param
secret
return
a boolean indicating whether the calculated signature matched the expected signature

    if (null == params || params.isEmpty() )
      return false;
    CharSequence sigParam = params.remove(FacebookParam.SIGNATURE);
    return (null == sigParam) ? false : verifySignature(params, secret, sigParam.toString());
public static booleanverifySignature(java.util.EnumMap params, java.lang.String secret, java.lang.String expected)
Verifies that a signature received matches the expected value.

param
params a map of parameters and their values, such as one obtained from extractFacebookParams
return
a boolean indicating whether the calculated signature matched the expected signature

    assert !(null == secret || "".equals(secret));
    if (null == params || params.isEmpty() )
      return false;
    if (null == expected || "".equals(expected)) {
      return false;
    }
    params.remove(FacebookParam.SIGNATURE);
    List<String> sigParams = convertFacebookParams(params.entrySet());
    return verifySignature(sigParams, secret, expected);
public static booleanverifySignature(java.util.Map params, java.lang.String secret)
Verifies that a signature received matches the expected value. Removes FacebookParam.SIGNATURE from params if present.

param
params a map of parameters and their values, such as one obtained from extractFacebookNamespaceParams; expected to contain the signature as the FacebookParam.SIGNATURE parameter
param
secret
return
a boolean indicating whether the calculated signature matched the expected signature

    if (null == params || params.isEmpty() )
      return false;
    CharSequence sigParam = params.remove(FacebookParam.SIGNATURE.toString());
    return (null == sigParam) ? false : verifySignature(params, secret, sigParam.toString());
public static booleanverifySignature(java.util.Map params, java.lang.String secret, java.lang.String expected)
Verifies that a signature received matches the expected value.

param
params a map of parameters and their values, such as one obtained from extractFacebookNamespaceParams
return
a boolean indicating whether the calculated signature matched the expected signature

    assert !(null == secret || "".equals(secret));
    if (null == params || params.isEmpty() )
      return false;
    if (null == expected || "".equals(expected)) {
      return false;
    }
    params.remove(FacebookParam.SIGNATURE.toString());
    List<String> sigParams = convert(params.entrySet());
    return verifySignature(sigParams, secret, expected);
private static booleanverifySignature(java.util.List sigParams, java.lang.String secret, java.lang.String expected)

    if (null == expected || "".equals(expected))
      return false;
    String signature = generateSignature(sigParams, secret);
    return expected.equals(signature);