OAuth1Consumer consumer = provider.getConsumer(consumerKey);
if (consumer == null) {
throw newUnauthorizedException();
}
OAuth1Secrets secrets = new OAuth1Secrets().consumerSecret(consumer.getSecret());
OAuth1SecurityContext sc;
String nonceKey;
if (token == null) {
if (consumer.getPrincipal() == null) {
throw newUnauthorizedException();
}
nonceKey = "c:" + consumerKey;
sc = new OAuth1SecurityContext(consumer, request.getSecurityContext().isSecure());
} else {
OAuth1Token accessToken = provider.getAccessToken(token);
if (accessToken == null) {
throw newUnauthorizedException();
}
OAuth1Consumer atConsumer = accessToken.getConsumer();
if (atConsumer == null || !consumerKey.equals(atConsumer.getKey())) {
throw newUnauthorizedException();
}
nonceKey = "t:" + token;
secrets.tokenSecret(accessToken.getSecret());
sc = new OAuth1SecurityContext(accessToken, request.getSecurityContext().isSecure());
}
if (!verifySignature(osr, params, secrets)) {
throw newUnauthorizedException();