partner.java

<%@page import="net.oauth.http.HttpClient"%><%@ page language="java" import="client.PartnerHttpClientPool,java.io.*, java.net.*,java.util.*,java.security.*,net.oauth.OAuth, net.oauth.OAuthAccessor, net.oauth.OAuthConsumer, net.oauth.OAuthMessage, net.oauth.OAuthServiceProvider, net.oauth.signature.RSA_SHA1, net.oauth.client.OAuthClient,java.util.*,java.math.BigInteger,javax.xml.parsers.DocumentBuilder,javax.xml.parsers.DocumentBuilderFactory,javax.xml.xpath.XPath,javax.xml.xpath.XPathConstants,javax.xml.xpath.XPathExpression,javax.xml.xpath.XPathFactory,org.w3c.dom.Document,org.w3c.dom.NodeList,org.xml.sax.InputSource,net.oauth.client.httpclient4.HttpClient4" %>

<%

OAuthServiceProvider xeroPartnerProvider =
	new OAuthServiceProvider(
			"https://api-partner.network.xero.com/oauth/RequestToken",
			"https://api.xero.com/oauth/Authorize",
			"https://api-partner.network.xero.com/oauth/AccessToken");

String consumerKey = "CONSUMERKEY";
String consumerSecret = "CONSUMERSECRET";

String apiURL="https://api-partner.network.xero.com/api.xro/2.0/";


InputStream oauthPKCS12Stream = new FileInputStream("c:/certificate/public_privatekey.pfx");
String oauthPKCS12Password = "xero";
InputStream clientCertPKCS12Stream = new FileInputStream("c:/certificate/PKCS12.p12");
String clientCertPKCS12Password = "xero";

KeyStore oauthKeyStore = KeyStore.getInstance("PKCS12");
oauthKeyStore.load(oauthPKCS12Stream, null);
PrivateKey oauthKey = null;
for (Enumeration e = oauthKeyStore.aliases(); e.hasMoreElements(); ) {
	String alias = (String)e.nextElement();
	if (oauthKeyStore.isKeyEntry(alias)) {
		oauthKey = (PrivateKey)oauthKeyStore.getKey(alias, oauthPKCS12Password.toCharArray());
	}
}

KeyStore entrustStore = KeyStore.getInstance("PKCS12");
entrustStore.load(clientCertPKCS12Stream, clientCertPKCS12Password.toCharArray());

OAuthConsumer consumer = new OAuthConsumer("https://www.xero.com", consumerKey, consumerSecret,		
		xeroPartnerProvider);
consumer.setProperty(RSA_SHA1.PRIVATE_KEY, oauthKey);
consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.RSA_SHA1);


OAuthAccessor accessor = new OAuthAccessor(consumer);  
accessor.accessToken = consumerKey;  
accessor.tokenSecret = consumerSecret;

OAuthClient client = new OAuthClient(
		new HttpClient4(new client.PartnerHttpClientPool(entrustStore, clientCertPKCS12Password)));

List<Map.Entry> p = new ArrayList<Map.Entry>(1);
p.add(new OAuth.Parameter(OAuth.OAUTH_CALLBACK,
       "https://www.xero.com"));
		

OAuthMessage m = client.getRequestTokenResponse(accessor,null,p);
//client.getRequestToken(accessor);

String authorizationURL = OAuth.addParameters(
        accessor.consumer.serviceProvider.userAuthorizationURL,
        OAuth.OAUTH_CALLBACK, "https://www.xero.com",
        OAuth.OAUTH_TOKEN, accessor.requestToken
        
        );

response.sendRedirect(authorizationURL);

//out.println("Authorization URL: "+authorizationURL);
//client.getAccessToken(accessor,OAuthMessage.GET,null);
//out.println("See the access token " + accessor.accessToken);

//OAuthMessage m = client.invoke(accessor,OAuthMessage.GET,apiURL+"Organisation",null);
//out.println("See the organisation selected  " + OAuthMessage.readAll(m.getBodyAsStream(),"UTF-8"));
%>

Thanks Ronan. This was very useful to obtain a request token and go through the authorisation process.
The last step (to swap the request token for an access token) is commented out.

I have tried calling client.getAccessToken (as shown in the code) but receive a "token_rejected" response with the message "The Request could not be verified".
Can anyone point out what is missing?

OAuthClient client = new OAuthClient(
        new HttpClient4(new client.PartnerHttpClientPool(entrustStore, clientCertPKCS12Password)));

new client. - looks like a typo