WebApiUtil.java example

Explorer
bigbluebutton-master
package org.bigbluebutton.core.util;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Map;
import java.util.SortedSet;
import java.util.TreeSet;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.StringUtils;

public class WebApiUtil {

  private final String securitySalt = "changeme";
      
  //
  //checksum() -- Return a checksum based on SHA-1 digest
  //
  public String checksum(String s) {
   String checksum = "";
   try {
     checksum = DigestUtils.shaHex(s);
   } catch (Exception e) {
     e.printStackTrace();
   }
   return checksum;
  }

  //From the list of parameters we want to pass. Creates a base string with parameters
  //sorted in alphabetical order for us to sign.
  public String createBaseString(Map<String, String[]> params) {
   StringBuffer csbuf = new StringBuffer();
   SortedSet<String> keys = new TreeSet<String>(params.keySet());
  
   boolean first = true;
   for (String key: keys) {
     for (String value: params.get(key)) {
       if (first) {
         first = false;
       } else {
         csbuf.append("&");
       }
       csbuf.append(key);
       csbuf.append("=");
       csbuf.append(value);
     }
   }
  
   return csbuf.toString();
  }
  
  public boolean isChecksumSame(String apiCall, String checksum, String queryString) {
    if (StringUtils.isEmpty(securitySalt)) {
      return true;
    }

    if( queryString == null ) {
        queryString = "";
    } else {
        // handle either checksum as first or middle / end parameter
        // TODO: this is hackish - should be done better
        queryString = queryString.replace("&checksum=" + checksum, "");
        queryString = queryString.replace("checksum=" + checksum + "&", "");
        queryString = queryString.replace("checksum=" + checksum, "");
    }

    String cs = DigestUtils.shaHex(apiCall + queryString + securitySalt);

    if (cs == null || cs.equals(checksum) == false) {
      return false;
    }

    return true; 
  }
  
  //
  //encodeURIComponent() -- Java encoding similiar to JavaScript encodeURIComponent
  //
  public String encodeURIComponent(String component)   {     
    String result = null;      
    
    try {       
      result = URLEncoder.encode(component, "UTF-8")   
           .replaceAll("\\%28", "(")                          
           .replaceAll("\\%29", ")")      
           .replaceAll("\\+", "%20")                          
           .replaceAll("\\%27", "'")           
           .replaceAll("\\%21", "!")
           .replaceAll("\\%7E", "~");     
    } catch (UnsupportedEncodingException e) {       
      result = component;     
    }      
    
    return result;   
  } 
}