public OAuthParameters BuildProtectedResourceSignature(string method, WebPairCollection parameters, string url) { ValidateProtectedResourceState(); var allParameters = new WebPairCollection(); allParameters.AddRange(parameters); // Include url parameters in query pool var uri = new Uri(url); var urlParameters = HttpUtility.ParseQueryString(uri.Query); allParameters.AddRange(urlParameters.AllKeys.Select(x => new WebPair(x !, urlParameters[x] !))); var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); var authParameters = GenerateAuthParameters(timestamp, nonce); allParameters.AddRange(authParameters); var signatureBase = OAuthTools.ConcatenateRequestElements(method, url, allParameters); return(new OAuthParameters { Signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret), Parameters = authParameters }); }
public void GetNonce_Is_Threadsafe() { string nonce1 = string.Empty; string nonce2 = string.Empty; Thread thread1 = new Thread(() => { Thread.Sleep(100); nonce1 = OAuthTools.GetNonce(); }); Thread thread2 = new Thread(() => { Thread.Sleep(100); nonce2 = OAuthTools.GetNonce(); }); thread1.Start(); thread2.Start(); thread1.Join(); thread2.Join(); Assert.NotNull(nonce1); Assert.NotNull(nonce2); Assert.NotEmpty(nonce1); Assert.NotEmpty(nonce2); Assert.NotEqual(nonce1, nonce2); }
public void HmacSha256_Hashes_Correctly(string value, string expected) { string consumerSecret = "12345678"; string actual = OAuthTools.GetSignature(OAuthSignatureMethod.HmacSha256, value, consumerSecret); Assert.AreEqual(expected, actual); }
private void getCar2GoAccounts(string token, string token_secret, DownloadStringCompletedEventHandler requestCallback) { var car2GoRequestEndpoint = "https://www.car2go.com/api/v2.1/accounts"; var parameters = new WebParameterCollection(); parameters.Add("oauth_callback", "oob"); parameters.Add("oauth_signature_method", "HMAC-SHA1"); parameters.Add("oauth_token", token); parameters.Add("oauth_version", "1.0"); parameters.Add("oauth_consumer_key", FreeCarsCredentials.Car2Go.ConsumerKey); parameters.Add("oauth_timestamp", OAuthTools.GetTimestamp()); parameters.Add("oauth_nonce", OAuthTools.GetNonce()); parameters.Add("format", "json"); parameters.Add("loc", Car2Go.City); //parameters.Add("test", "1"); var signatureBase = OAuthTools.ConcatenateRequestElements("GET", car2GoRequestEndpoint, parameters); var signature = OAuthTools.GetSignature(OAuthSignatureMethod.HmacSha1, OAuthSignatureTreatment.Escaped, signatureBase, FreeCarsCredentials.Car2Go.SharedSecred, token_secret); var requestParameters = OAuthTools.NormalizeRequestParameters(parameters); var requestUrl = new Uri(car2GoRequestEndpoint + "?" + requestParameters + "&oauth_signature=" + signature, UriKind.Absolute); var webClient = new WebClient(); webClient.DownloadStringCompleted += requestCallback; webClient.DownloadStringAsync(requestUrl); }
private string GetAuthorizationHeader(WebPairCollection parameters) { var sb = new StringBuilder("OAuth "); if (!string.IsNullOrEmpty(Realm)) { sb.Append(string.Format("realm=\"{0}\",", OAuthTools.UrlEncodeRelaxed(Realm))); } parameters.Sort((l, r) => String.Compare(l.Name, r.Name, StringComparison.Ordinal)); var parameterCount = 0; var oathParameters = parameters.Where( parameter => !string.IsNullOrEmpty(parameter.Name) && !string.IsNullOrEmpty(parameter.Value) && (parameter.Name.StartsWith("oauth_") || parameter.Name.StartsWith("x_auth_")) ).ToList(); foreach (var parameter in oathParameters) { parameterCount++; var format = parameterCount < oathParameters.Count ? "{0}=\"{1}\"," : "{0}=\"{1}\""; sb.Append(string.Format(format, parameter.Name, parameter.Value)); } var authorization = sb.ToString(); return(authorization); }
public void DoesNotThrowForHmacSha1WithoutSupportOfDotNetStandard20() { void GetHmacSha1Signature() => OAuthTools.GetSignature(OAuthSignatureMethod.HmacSha1, OAuthSignatureTreatment.Escaped, _aStringToSign, _ARsaPemPrivateKey); Assert.DoesNotThrow(GetHmacSha1Signature); }
public WebPair(string name, string value, bool encode = false) { Name = name; Value = value; WebValue = encode ? OAuthTools.UrlEncodeRelaxed(value) : value; Encode = encode; }
public void SignsWithRsaSha1() { var aStringToSign = "AStringToSign"; var rsaPemPrivateKey = @"-----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDAJjTl6pZ3/Z2uuJMHa4ZSUdNu20BrQBf0qSVaJBARdS1JAYk+ f2sLDABERsqJBvkkk3++28bW7RtzDuvB3MYIK5TZyKIvcE+Tgev3tjmD1b7XY1qo 8o0ledbDB/S3k2FfyA9oIfjpHYY1g/S+fD9abe69RTh1ds60XHOwxUgI4QIDAQAB AoGAcZmlCJEqqIIeqV+iPW7KmPybfhzN9xqLjzA5TxOnFEssnM71rydxx7QurC8W KvEedwtlKReSdRr1cY7Ov2yg/slUEq4fNhjSEkzmdxj9E+2dre235r45yyCU5cod QkbluvDOJAgfLq+ZBPZLvwKhEZN/iVfi/3jfnbuzyyWPiukCQQDfFhoHCQciQZbl kNpqs4GFhU1TvxkdKPKkyX0xeh+JPSWo+0cw5yxF2IlifIElxfWGGGupqZCn+nxm MLUSLIZfAkEA3H+fAo9xicTP3F+9TAZCunT0IsheTj7b/E+vbSQam9eLs+ddzgsg DNCe1Bhw1NC2cnXxCqX0+EZix9s0uTU4vwJAcZ1O+iBF6tNep2Hjaw4qu7aNEEa1 4pz1HqmjQeyBXSKwKGR4+FXzvUqvhWIFYBh2l6meQ1UhX/t5GY5a2XulnwJBAJ/E /XO+endoG3FEEgbHNoyid8/IPcUWeRH+r0827OzlJv4pdGf62bNPaval6wPZY4nW edzMWY+YeLT12eMldEMCQQDP7T/nbOomylhOHlCVgojO/BGkbwdhfwOj4EpE8XDU D3yw8+j8kSgGSLuydIGPxHq0JYqTVdkIbA+agBZOiNRQ -----END RSA PRIVATE KEY----- "; var rsaSha1Signature = OAuthTools.GetSignature(OAuthSignatureMethod.RsaSha1, OAuthSignatureTreatment.Escaped, aStringToSign, rsaPemPrivateKey); Assert.AreEqual( "bh2Ljy82v5FSD0PQaKDPDwTHolA6JrBfQPciDLTlR0nNodgFja%2Fw7UmLJuxuARNerX7gpKpFxboprGAOaCWZp0D5NiB4%2FrejvyM3u9iLkh9NPhtU0jihny0MYiWlxT6Tg4yiHr%2FQ5d6a1DEZvg8L6m9A6ckb0%2Bn69vkrnDd1zoE%3D", rsaSha1Signature); }
public void RsaSha1_Signs_Correctly(string value, int keySize) { //SHA1Managed hasher = new SHA1Managed(); //SHA1Cng hasher = new SHA1Cng(); SHA1CryptoServiceProvider hasher = new SHA1CryptoServiceProvider(); byte[] hash = hasher.ComputeHash(value.GetBytes()); using (var crypto = new RSACryptoServiceProvider(keySize) { PersistKeyInCsp = false }) { string privateKey = crypto.ToXmlString(true); string signature = OAuthTools.GetSignature( OAuthSignatureMethod.RsaSha1, OAuthSignatureTreatment.Unescaped, value, privateKey); byte[] signatureBytes = Convert.FromBase64String(signature); Assert.IsTrue(crypto.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signatureBytes)); } }
public void HmacSha256_Does_Not_Accept_Nulls() { string consumerSecret = "12345678"; Assert.That(() => OAuthTools.GetSignature(OAuthSignatureMethod.HmacSha256, null, consumerSecret), Throws.TypeOf <ArgumentNullException>()); }
private string GetAuthorizationHeader(WebPairCollection parameters) { var sb = new StringBuilder("OAuth "); if (!Realm.IsNullOrBlank()) { sb.Append("realm=\"{0}\",".FormatWith(OAuthTools.UrlEncodeRelaxed(Realm))); } parameters.Sort((l, r) => l.Name.CompareTo(r.Name)); var parameterCount = 0; var oathParameters = parameters.Where(p => !p.Name.IsNullOrBlank() && !p.Value.IsNullOrBlank() && (p.Name.StartsWith("oauth_") || p.Name.StartsWith("x_auth_"))) .ToList(); foreach (var parameter in oathParameters) { parameterCount++; var format = parameterCount < oathParameters.Count ? "{0}=\"{1}\"," : "{0}=\"{1}\""; sb.Append(format.FormatWith(parameter.Name, parameter.Value)); } var authorization = sb.ToString(); return(authorization); }
public void Can_url_encode_with_uppercase_hexadecimals() { const string expected = "What%20century%20is%20this%3F"; var actual = OAuthTools.UrlEncodeRelaxed("What century is this?"); Assert.AreEqual(expected, actual); Console.WriteLine(actual); }
public void Can_generate_timestamp() { var timestamp = OAuthTools.GetTimestamp(); Assert.IsNotNull(timestamp); Assert.IsTrue(timestamp.Length == 10, "What century is this?"); Console.WriteLine(timestamp); }
public void GetNonce_Creates_16_Byte_Nonce() { string nonce = OAuthTools.GetNonce(); Assert.NotNull(nonce); Assert.NotEmpty(nonce); Assert.Equal(NonceLength, nonce.Length); }
public void SignsWithRsaSha1() { var rsaSha1Signature = OAuthTools.GetSignature(OAuthSignatureMethod.RsaSha1, OAuthSignatureTreatment.Escaped, _aStringToSign, _rsaPemPrivateKey); Assert.AreEqual( "bh2Ljy82v5FSD0PQaKDPDwTHolA6JrBfQPciDLTlR0nNodgFja%2Fw7UmLJuxuARNerX7gpKpFxboprGAOaCWZp0D5NiB4%2FrejvyM3u9iLkh9NPhtU0jihny0MYiWlxT6Tg4yiHr%2FQ5d6a1DEZvg8L6m9A6ckb0%2Bn69vkrnDd1zoE%3D", rsaSha1Signature); }
public async Task <string> buscarAlimento(string alimento) { const string baseURL = "http://platform.fatsecret.com/rest/server.api?"; const string consumerKey = "89a75f2dda9748d08cc87d573992fecb"; string signatureMethod = "HMAC-SHA1"; string timestamp = OAuthTools.GetTimestamp(); string nonce = OAuthTools.GetNonce(); const string version = "1.0"; const string method = "foods.search"; const string format = "json"; var normalizedParameters = "format=" + format + "&method=" + method + "&oauth_consumer_key=" + consumerKey + "&oauth_nonce=" + nonce + "&oauth_signature_method=" + signatureMethod + "&oauth_timestamp=" + timestamp + "&oauth_version=" + version + "&search_expression=" + "banana"; var httpMethod = "GET"; var encodedUri = OAuthTools.UrlEncodeStrict(baseURL.Substring(0, baseURL.Length - 1)); var encodedNormalizedParameters = OAuthTools.UrlEncodeStrict(normalizedParameters); var baseSignature = httpMethod + "&" + encodedUri + "&" + encodedNormalizedParameters; string signature; using (HMACSHA1 hmac = new HMACSHA1(Encoding.ASCII.GetBytes("5e1b6dc6e9e84451bc265d633b9fc0de&"))) { byte[] hashPayLoad = hmac.ComputeHash(Encoding.ASCII.GetBytes(baseSignature)); signature = Convert.ToBase64String(hashPayLoad); } string fullURL = baseURL + normalizedParameters + "&oauth_signature=" + signature; String responseText = await Task.Run(() => { try { HttpWebRequest request = WebRequest.Create(fullURL) as HttpWebRequest; request.Method = "GET"; WebResponse response = request.GetResponse(); Stream responseStream = response.GetResponseStream(); return(new StreamReader(responseStream).ReadToEnd()); } catch (Exception e) { Console.WriteLine("Error: " + e.Message); } return(null); }); return(responseText); }
public void Can_construct_non_standard_port_https_request_url() { const string expected = "https://example.com:8080/resource"; var input = "HTTPS://Example.com:8080/resource?id=123".AsUri(); var actual = OAuthTools.ConstructRequestUrl(input); Assert.AreEqual(expected, actual); Console.WriteLine(actual); }
public void GetTimeStamp_Time_Before_Epoch_Is_Accurate() { DateTime earlyDateTime = new DateTime(1900, 1, 1); string unixTime = OAuthTools.GetTimestamp(earlyDateTime); Assert.NotNull(unixTime); Assert.NotEmpty(unixTime); Assert.Equal((earlyDateTime - new DateTime(1970, 1, 1)).TotalSeconds, Convert.ToInt64(unixTime)); }
public void Properly_Encodes_Parameter_Names() { var postData = new WebPairCollection { { "name[first]", "Chuck" }, { "name[last]", "Testa" } }; var sortedParams = OAuthTools.SortParametersExcludingSignature(postData); sortedParams.First().Should().Be("name%5Bfirst%5D=Chuck"); }
public void Properly_Encodes_Parameter_Names() { var postData = new WebParameterCollection { { "name[first]", "Chuck" }, { "name[last]", "Testa" } }; var sortedParams = OAuthTools.SortParametersExcludingSignature(postData); Assert.Equal("name%5Bfirst%5D", sortedParams[0].Name); }
public void Can_strict_url_encode_complex_string() { const string expected = "%21%3F%22%3B%3A%3C%3E%5C%5C%7C%60%23%24%25%5E%26%2A%2B-_%7B%7D%5B%5D"; const string sequence = @"!?"";:<>\\|`#$%^&*+-_{}[]"; var actual = OAuthTools.UrlEncodeStrict(sequence); Assert.AreEqual(expected, actual); }
public void Can_strict_prevent_double_encoding() { const string expected = "123AaBb%21%3F%22%3B%3A%3C%3E%5C%5C%7C%60%23%24%25%20%25A%5E%26%2A%2B-_%7B%7D%5B%5D%F0%9F%98%83"; const string sequence = @"123AaBb!?"";:<>\\|`#$% %A^&*+-_{}[]😃"; var actual = OAuthTools.UrlEncodeStrict(sequence); actual = OAuthTools.UrlEncodeStrict(actual); Assert.AreEqual(expected, actual); }
public void Can_relax_url_encode_complex_string() { // Doesn't URL encode ! or * in this sequence const string expected = "!%3F%22%3B%3A%3C%3E%5C%5C%7C%60%23%24%25%5E%26*%2B-_%7B%7D%5B%5D"; const string sequence = @"!?"";:<>\\|`#$%^&*+-_{}[]"; var actual = OAuthTools.UrlEncodeRelaxed(sequence); Assert.AreEqual(expected, actual); }
public static string ToQueryString(this IDictionary <string, string> collection) { var sb = new StringBuilder(); foreach (var key in collection.Keys) { var parameter = OAuthTools.UrlEncodeStrict(collection[key]); sb.AppendFormat("{0}={1}&", key, parameter); } return(sb.ToString().TrimEnd('&')); }
public void GetTimeStamp_Calculates_Seconds_From_Epoch() { int secondsFromEpoch = 1000; DateTime dateTimeFromEpoch = new DateTime(1970, 1, 1).AddSeconds(secondsFromEpoch); string unixTime = OAuthTools.GetTimestamp(dateTimeFromEpoch); Assert.NotNull(unixTime); Assert.NotEmpty(unixTime); Assert.Equal(secondsFromEpoch, Convert.ToInt32(unixTime)); }
public void Use_RFC_3986_Encoding_For_Auth_Signature_Base() { // reserved characters for 2396 and 3986 var reserved2396Characters = new[] { ";", "/", "?", ":", "@", "&", "=", "+", "$", "," }; // http://www.ietf.org/rfc/rfc2396.txt var additionalReserved3986Characters = new[] { "!", "*", "'", "(", ")" }; // http://www.ietf.org/rfc/rfc3986.txt var reservedCharacterString = string.Join(string.Empty, reserved2396Characters.Union(additionalReserved3986Characters)); // act var escapedString = OAuthTools.UrlEncodeRelaxed(reservedCharacterString); // assert Assert.Equal("%3B%2F%3F%3A%40%26%3D%2B%24%2C%21%2A%27%28%29", escapedString); }
public void Can_generate_nonce() { var nonce = OAuthTools.GetNonce(); Assert.IsNotNull(nonce); Assert.IsTrue(nonce.Length == 16); Console.WriteLine(nonce); var next = OAuthTools.GetNonce(); Assert.AreNotEqual(nonce, next); Console.WriteLine(next); }
private string GetQueryString(Dictionary <string, string> dict) { if (dict == null) { return(""); } List <string> sb = new List <string>(); foreach (var kvp in dict) { sb.Add(string.Format("{0}={1}", OAuthTools.UrlEncodeStrict(kvp.Key), OAuthTools.UrlEncodeStrict(kvp.Value))); } return(string.Join("&", sb)); }
public void NormalizeRequestParameters_Normalizes_And_Encodes_QueryString() { var parameters = new WebParameterCollection(new[] { new WebParameter("test", "value"), new WebParameter("name", "joe"), new WebParameter("grant_type", "code"), new WebParameter("string", "this+is+a+string"), }); var expected = "grant_type=code&name=joe&string=this%2Bis%2Ba%2Bstring&test=value"; var result = OAuthTools.NormalizeRequestParameters(parameters); Assert.Equal(expected, result); }
public void GetNonce_Creates_New_Nonce_Each_Run() { string nonce1 = OAuthTools.GetNonce(); string nonce2 = OAuthTools.GetNonce(); string nonce3 = OAuthTools.GetNonce(); Assert.NotNull(nonce1); Assert.NotNull(nonce2); Assert.NotNull(nonce3); Assert.NotEmpty(nonce1); Assert.NotEmpty(nonce2); Assert.NotEmpty(nonce3); Assert.NotEqual(nonce1, nonce2); Assert.NotEqual(nonce2, nonce3); Assert.NotEqual(nonce1, nonce3); }