Skip to content

Commit 6ca14a1

Browse files
slandelleslandelle
committed
Merge pull request #964 from bomgar/master
Fix NPE in ThreadSafeHMAC when secret is not set
2 parents a83c79e + 6475545 commit 6ca14a1

File tree

2 files changed

+32
-1
lines changed

2 files changed

+32
-1
lines changed

api/src/main/java/org/asynchttpclient/oauth/ThreadSafeHMAC.java

100644100755
Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,9 @@ public ThreadSafeHMAC(ConsumerKey consumerAuth, RequestToken userAuth) {
4444
StringBuilder sb = StringUtils.stringBuilder();
4545
Utf8UrlEncoder.encodeAndAppendQueryElement(sb, consumerAuth.getSecret());
4646
sb.append('&');
47-
Utf8UrlEncoder.encodeAndAppendQueryElement(sb, userAuth.getSecret());
47+
if(userAuth != null && userAuth.getSecret() != null) {
48+
Utf8UrlEncoder.encodeAndAppendQueryElement(sb, userAuth.getSecret());
49+
}
4850
byte[] keyBytes = StringUtils.charSequence2Bytes(sb, UTF_8);
4951
SecretKeySpec signingKey = new SecretKeySpec(keyBytes, HMAC_SHA1_ALGORITHM);
5052

api/src/test/java/org/asynchttpclient/oauth/OAuthSignatureCalculatorTest.java

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -297,4 +297,33 @@ public void testGetWithRequestBuilderAndQuery() {
297297
assertEquals(sig, "tR3+Ty81lMeYAr/Fid0kMTYa/WM=");
298298
assertEquals(req.getUrl(), "http://photos.example.net/photos?file=vacation.jpg&size=original");
299299
}
300+
301+
@Test(groups = "fast")
302+
public void testWithNullRequestToken() {
303+
String url = "http://photos.example.net/photos?file=vacation.jpg&size=original";
304+
ConsumerKey consumer = new ConsumerKey("9djdj82h48djs9d2", CONSUMER_SECRET);
305+
RequestToken user = new RequestToken(null, null);
306+
OAuthSignatureCalculator calc = new OAuthSignatureCalculator(consumer, user);
307+
308+
final Request request = new RequestBuilder("GET")//
309+
.setUri(Uri.create(url))//
310+
.setSignatureCalculator(calc)//
311+
.build();
312+
313+
String signatureBaseString = calc.signatureBaseString(//
314+
request.getMethod(),//
315+
request.getUri(),//
316+
137131201,//
317+
"ZLc92RAkooZcIO/0cctl0Q==",//
318+
request.getFormParams(),//
319+
request.getQueryParams()).toString();
320+
321+
assertEquals(signatureBaseString, "GET&" + //
322+
"http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26" + //
323+
"oauth_consumer_key%3D9djdj82h48djs9d2%26" + //
324+
"oauth_nonce%3DZLc92RAkooZcIO%252F0cctl0Q%253D%253D%26" + //
325+
"oauth_signature_method%3DHMAC-SHA1%26" + //
326+
"oauth_timestamp%3D137131201%26" + //
327+
"oauth_version%3D1.0%26size%3Doriginal");
328+
}
300329
}

0 commit comments

Comments
 (0)