Signing fails when multiple parameters with the same key are used

[GoogleCodeExporter]

In which environment did the problem appear?

java version "1.6.0_17"
Java(TM) SE Runtime Environment (build 1.6.0_17-b04-248)
Java HotSpot(TM) 64-Bit Server VM (build 14.3-b01-101, mixed mode)

What steps will reproduce the problem?

Sign a request for a URL that contains the same query parameter twice:

  URLConnection conn = new URL("http://api.linkedin.com/v1/people/~/mailbox?folder=inbox&message-type=message-connections&message-type=invitation-request").openConnection()

  OAuthConsumer oc = new oauth.signpost.basic.DefaultOAuthConsumer(consumer.token,consumer.secret)
  oc.setTokenWithSecret(user.token,user.secret)
  oc.sign(conn)
  conn.getInputStream()

What is the expected output? What do you see instead?

I expect a response from the server.  Instead, it fails with a 401 
(unauthorized).  The problem appears to be that 
oauth.signpost.OAuth.decodeForm(String) stores the parameters in a 
Map<String,String>.  So, when there are two parameters with the same name, the 
first is overwritten.

Original issue reported on code.google.com by nosretta...@gmail.com on 28 Jan 2011 at 9:59

[GoogleCodeExporter]

It looks like this problem was fixed in 1.2.1.1.  Sorry for not checking that 
first.

Original comment by nosretta...@gmail.com on 8 Feb 2011 at 11:22

[negarnegma]

This answer helped me.

but for PALINTEXT method, you do not need to have params and also url.
they don't change the signature. signature is constant and based on secrets.

but for SHA1 (and other methods) you can use the above answer.