public OAuthParameters BuildProtectedResourceSignature(string method, WebPairCollection parameters, string url)
{
ValidateProtectedResourceState();
var allParameters = new WebPairCollection();
allParameters.AddRange(parameters);
// Include url parameters in query pool
var uri = new Uri(url);
var urlParameters = HttpUtility.ParseQueryString(uri.Query);
allParameters.AddRange(urlParameters.AllKeys.Select(x => new WebPair(x !, urlParameters[x] !)));
var timestamp = OAuthTools.GetTimestamp();
var nonce = OAuthTools.GetNonce();
var authParameters = GenerateAuthParameters(timestamp, nonce);
allParameters.AddRange(authParameters);
var signatureBase = OAuthTools.ConcatenateRequestElements(method, url, allParameters);
return(new OAuthParameters {
Signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret),
Parameters = authParameters
});
}
public void GetNonce_Is_Threadsafe()
{
string nonce1 = string.Empty;
string nonce2 = string.Empty;
Thread thread1 = new Thread(() =>
{
Thread.Sleep(100);
nonce1 = OAuthTools.GetNonce();
});
Thread thread2 = new Thread(() =>
{
Thread.Sleep(100);
nonce2 = OAuthTools.GetNonce();
});
thread1.Start();
thread2.Start();
thread1.Join();
thread2.Join();
Assert.NotNull(nonce1);
Assert.NotNull(nonce2);
Assert.NotEmpty(nonce1);
Assert.NotEmpty(nonce2);
Assert.NotEqual(nonce1, nonce2);
}
public void HmacSha256_Hashes_Correctly(string value, string expected)
{
string consumerSecret = "12345678";
string actual = OAuthTools.GetSignature(OAuthSignatureMethod.HmacSha256, value, consumerSecret);
Assert.AreEqual(expected, actual);
}
private void getCar2GoAccounts(string token, string token_secret, DownloadStringCompletedEventHandler requestCallback)
{
var car2GoRequestEndpoint = "https://www.car2go.com/api/v2.1/accounts";
var parameters = new WebParameterCollection();
parameters.Add("oauth_callback", "oob");
parameters.Add("oauth_signature_method", "HMAC-SHA1");
parameters.Add("oauth_token", token);
parameters.Add("oauth_version", "1.0");
parameters.Add("oauth_consumer_key", FreeCarsCredentials.Car2Go.ConsumerKey);
parameters.Add("oauth_timestamp", OAuthTools.GetTimestamp());
parameters.Add("oauth_nonce", OAuthTools.GetNonce());
parameters.Add("format", "json");
parameters.Add("loc", Car2Go.City);
//parameters.Add("test", "1");
var signatureBase = OAuthTools.ConcatenateRequestElements("GET", car2GoRequestEndpoint, parameters);
var signature = OAuthTools.GetSignature(OAuthSignatureMethod.HmacSha1, OAuthSignatureTreatment.Escaped, signatureBase, FreeCarsCredentials.Car2Go.SharedSecred, token_secret);
var requestParameters = OAuthTools.NormalizeRequestParameters(parameters);
var requestUrl = new Uri(car2GoRequestEndpoint + "?" + requestParameters + "&oauth_signature=" + signature, UriKind.Absolute);
var webClient = new WebClient();
webClient.DownloadStringCompleted += requestCallback;
webClient.DownloadStringAsync(requestUrl);
}
private string GetAuthorizationHeader(WebPairCollection parameters)
{
var sb = new StringBuilder("OAuth ");
if (!string.IsNullOrEmpty(Realm))
{
sb.Append(string.Format("realm=\"{0}\",", OAuthTools.UrlEncodeRelaxed(Realm)));
}
parameters.Sort((l, r) => String.Compare(l.Name, r.Name, StringComparison.Ordinal));
var parameterCount = 0;
var oathParameters = parameters.Where(
parameter => !string.IsNullOrEmpty(parameter.Name) &&
!string.IsNullOrEmpty(parameter.Value) &&
(parameter.Name.StartsWith("oauth_") || parameter.Name.StartsWith("x_auth_"))
).ToList();
foreach (var parameter in oathParameters)
{
parameterCount++;
var format = parameterCount < oathParameters.Count ? "{0}=\"{1}\"," : "{0}=\"{1}\"";
sb.Append(string.Format(format, parameter.Name, parameter.Value));
}
var authorization = sb.ToString();
return(authorization);
}
public void DoesNotThrowForHmacSha1WithoutSupportOfDotNetStandard20()
{
void GetHmacSha1Signature() => OAuthTools.GetSignature(OAuthSignatureMethod.HmacSha1,
OAuthSignatureTreatment.Escaped, _aStringToSign, _ARsaPemPrivateKey);
Assert.DoesNotThrow(GetHmacSha1Signature);
}
public WebPair(string name, string value, bool encode = false)
{
Name = name;
Value = value;
WebValue = encode ? OAuthTools.UrlEncodeRelaxed(value) : value;
Encode = encode;
}
public void SignsWithRsaSha1()
{
var aStringToSign = "AStringToSign";
var rsaPemPrivateKey = @"-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDAJjTl6pZ3/Z2uuJMHa4ZSUdNu20BrQBf0qSVaJBARdS1JAYk+
f2sLDABERsqJBvkkk3++28bW7RtzDuvB3MYIK5TZyKIvcE+Tgev3tjmD1b7XY1qo
8o0ledbDB/S3k2FfyA9oIfjpHYY1g/S+fD9abe69RTh1ds60XHOwxUgI4QIDAQAB
AoGAcZmlCJEqqIIeqV+iPW7KmPybfhzN9xqLjzA5TxOnFEssnM71rydxx7QurC8W
KvEedwtlKReSdRr1cY7Ov2yg/slUEq4fNhjSEkzmdxj9E+2dre235r45yyCU5cod
QkbluvDOJAgfLq+ZBPZLvwKhEZN/iVfi/3jfnbuzyyWPiukCQQDfFhoHCQciQZbl
kNpqs4GFhU1TvxkdKPKkyX0xeh+JPSWo+0cw5yxF2IlifIElxfWGGGupqZCn+nxm
MLUSLIZfAkEA3H+fAo9xicTP3F+9TAZCunT0IsheTj7b/E+vbSQam9eLs+ddzgsg
DNCe1Bhw1NC2cnXxCqX0+EZix9s0uTU4vwJAcZ1O+iBF6tNep2Hjaw4qu7aNEEa1
4pz1HqmjQeyBXSKwKGR4+FXzvUqvhWIFYBh2l6meQ1UhX/t5GY5a2XulnwJBAJ/E
/XO+endoG3FEEgbHNoyid8/IPcUWeRH+r0827OzlJv4pdGf62bNPaval6wPZY4nW
edzMWY+YeLT12eMldEMCQQDP7T/nbOomylhOHlCVgojO/BGkbwdhfwOj4EpE8XDU
D3yw8+j8kSgGSLuydIGPxHq0JYqTVdkIbA+agBZOiNRQ
-----END RSA PRIVATE KEY-----
";
var rsaSha1Signature = OAuthTools.GetSignature(OAuthSignatureMethod.RsaSha1,
OAuthSignatureTreatment.Escaped, aStringToSign, rsaPemPrivateKey);
Assert.AreEqual(
"bh2Ljy82v5FSD0PQaKDPDwTHolA6JrBfQPciDLTlR0nNodgFja%2Fw7UmLJuxuARNerX7gpKpFxboprGAOaCWZp0D5NiB4%2FrejvyM3u9iLkh9NPhtU0jihny0MYiWlxT6Tg4yiHr%2FQ5d6a1DEZvg8L6m9A6ckb0%2Bn69vkrnDd1zoE%3D",
rsaSha1Signature);
}
public void RsaSha1_Signs_Correctly(string value, int keySize)
{
//SHA1Managed hasher = new SHA1Managed();
//SHA1Cng hasher = new SHA1Cng();
SHA1CryptoServiceProvider hasher = new SHA1CryptoServiceProvider();
byte[] hash = hasher.ComputeHash(value.GetBytes());
using (var crypto = new RSACryptoServiceProvider(keySize)
{
PersistKeyInCsp = false
})
{
string privateKey = crypto.ToXmlString(true);
string signature = OAuthTools.GetSignature(
OAuthSignatureMethod.RsaSha1,
OAuthSignatureTreatment.Unescaped,
value,
privateKey);
byte[] signatureBytes = Convert.FromBase64String(signature);
Assert.IsTrue(crypto.VerifyHash(hash, CryptoConfig.MapNameToOID("SHA1"), signatureBytes));
}
}
public void HmacSha256_Does_Not_Accept_Nulls()
{
string consumerSecret = "12345678";
Assert.That(() => OAuthTools.GetSignature(OAuthSignatureMethod.HmacSha256, null, consumerSecret),
Throws.TypeOf <ArgumentNullException>());
}
private string GetAuthorizationHeader(WebPairCollection parameters)
{
var sb = new StringBuilder("OAuth ");
if (!Realm.IsNullOrBlank())
{
sb.Append("realm=\"{0}\",".FormatWith(OAuthTools.UrlEncodeRelaxed(Realm)));
}
parameters.Sort((l, r) => l.Name.CompareTo(r.Name));
var parameterCount = 0;
var oathParameters =
parameters.Where(p => !p.Name.IsNullOrBlank() &&
!p.Value.IsNullOrBlank() &&
(p.Name.StartsWith("oauth_") || p.Name.StartsWith("x_auth_")))
.ToList();
foreach (var parameter in oathParameters)
{
parameterCount++;
var format = parameterCount < oathParameters.Count
? "{0}=\"{1}\","
: "{0}=\"{1}\"";
sb.Append(format.FormatWith(parameter.Name, parameter.Value));
}
var authorization = sb.ToString();
return(authorization);
}
public void Can_url_encode_with_uppercase_hexadecimals()
{
const string expected = "What%20century%20is%20this%3F";
var actual = OAuthTools.UrlEncodeRelaxed("What century is this?");
Assert.AreEqual(expected, actual);
Console.WriteLine(actual);
}
public void Can_generate_timestamp()
{
var timestamp = OAuthTools.GetTimestamp();
Assert.IsNotNull(timestamp);
Assert.IsTrue(timestamp.Length == 10, "What century is this?");
Console.WriteLine(timestamp);
}
public void GetNonce_Creates_16_Byte_Nonce()
{
string nonce = OAuthTools.GetNonce();
Assert.NotNull(nonce);
Assert.NotEmpty(nonce);
Assert.Equal(NonceLength, nonce.Length);
}
public void SignsWithRsaSha1()
{
var rsaSha1Signature = OAuthTools.GetSignature(OAuthSignatureMethod.RsaSha1, OAuthSignatureTreatment.Escaped, _aStringToSign, _rsaPemPrivateKey);
Assert.AreEqual(
"bh2Ljy82v5FSD0PQaKDPDwTHolA6JrBfQPciDLTlR0nNodgFja%2Fw7UmLJuxuARNerX7gpKpFxboprGAOaCWZp0D5NiB4%2FrejvyM3u9iLkh9NPhtU0jihny0MYiWlxT6Tg4yiHr%2FQ5d6a1DEZvg8L6m9A6ckb0%2Bn69vkrnDd1zoE%3D",
rsaSha1Signature);
}
public async Task <string> buscarAlimento(string alimento)
{
const string baseURL = "http://platform.fatsecret.com/rest/server.api?";
const string consumerKey = "89a75f2dda9748d08cc87d573992fecb";
string signatureMethod = "HMAC-SHA1";
string timestamp = OAuthTools.GetTimestamp();
string nonce = OAuthTools.GetNonce();
const string version = "1.0";
const string method = "foods.search";
const string format = "json";
var normalizedParameters = "format=" + format
+ "&method=" + method
+ "&oauth_consumer_key=" + consumerKey
+ "&oauth_nonce=" + nonce
+ "&oauth_signature_method=" + signatureMethod
+ "&oauth_timestamp=" + timestamp
+ "&oauth_version=" + version
+ "&search_expression=" + "banana";
var httpMethod = "GET";
var encodedUri = OAuthTools.UrlEncodeStrict(baseURL.Substring(0, baseURL.Length - 1));
var encodedNormalizedParameters = OAuthTools.UrlEncodeStrict(normalizedParameters);
var baseSignature = httpMethod + "&" + encodedUri + "&" + encodedNormalizedParameters;
string signature;
using (HMACSHA1 hmac = new HMACSHA1(Encoding.ASCII.GetBytes("5e1b6dc6e9e84451bc265d633b9fc0de&")))
{
byte[] hashPayLoad = hmac.ComputeHash(Encoding.ASCII.GetBytes(baseSignature));
signature = Convert.ToBase64String(hashPayLoad);
}
string fullURL = baseURL + normalizedParameters
+ "&oauth_signature=" + signature;
String responseText = await Task.Run(() =>
{
try
{
HttpWebRequest request = WebRequest.Create(fullURL) as HttpWebRequest;
request.Method = "GET";
WebResponse response = request.GetResponse();
Stream responseStream = response.GetResponseStream();
return(new StreamReader(responseStream).ReadToEnd());
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
}
return(null);
});
return(responseText);
}
public void Can_construct_non_standard_port_https_request_url()
{
const string expected = "https://example.com:8080/resource";
var input = "HTTPS://Example.com:8080/resource?id=123".AsUri();
var actual = OAuthTools.ConstructRequestUrl(input);
Assert.AreEqual(expected, actual);
Console.WriteLine(actual);
}
public void GetTimeStamp_Time_Before_Epoch_Is_Accurate()
{
DateTime earlyDateTime = new DateTime(1900, 1, 1);
string unixTime = OAuthTools.GetTimestamp(earlyDateTime);
Assert.NotNull(unixTime);
Assert.NotEmpty(unixTime);
Assert.Equal((earlyDateTime - new DateTime(1970, 1, 1)).TotalSeconds, Convert.ToInt64(unixTime));
}
public void Properly_Encodes_Parameter_Names() {
var postData = new WebPairCollection {
{ "name[first]", "Chuck" },
{ "name[last]", "Testa" }
};
var sortedParams = OAuthTools.SortParametersExcludingSignature(postData);
sortedParams.First().Should().Be("name%5Bfirst%5D=Chuck");
}
public void Properly_Encodes_Parameter_Names()
{
var postData = new WebParameterCollection {
{ "name[first]", "Chuck" }, { "name[last]", "Testa" }
};
var sortedParams = OAuthTools.SortParametersExcludingSignature(postData);
Assert.Equal("name%5Bfirst%5D", sortedParams[0].Name);
}
public void Can_strict_url_encode_complex_string()
{
const string expected = "%21%3F%22%3B%3A%3C%3E%5C%5C%7C%60%23%24%25%5E%26%2A%2B-_%7B%7D%5B%5D";
const string sequence = @"!?"";:<>\\|`#$%^&*+-_{}[]";
var actual = OAuthTools.UrlEncodeStrict(sequence);
Assert.AreEqual(expected, actual);
}
public void Can_strict_prevent_double_encoding()
{
const string expected = "123AaBb%21%3F%22%3B%3A%3C%3E%5C%5C%7C%60%23%24%25%20%25A%5E%26%2A%2B-_%7B%7D%5B%5D%F0%9F%98%83";
const string sequence = @"123AaBb!?"";:<>\\|`#$% %A^&*+-_{}[]😃";
var actual = OAuthTools.UrlEncodeStrict(sequence);
actual = OAuthTools.UrlEncodeStrict(actual);
Assert.AreEqual(expected, actual);
}
public void Can_relax_url_encode_complex_string()
{
// Doesn't URL encode ! or * in this sequence
const string expected = "!%3F%22%3B%3A%3C%3E%5C%5C%7C%60%23%24%25%5E%26*%2B-_%7B%7D%5B%5D";
const string sequence = @"!?"";:<>\\|`#$%^&*+-_{}[]";
var actual = OAuthTools.UrlEncodeRelaxed(sequence);
Assert.AreEqual(expected, actual);
}
public static string ToQueryString(this IDictionary <string, string> collection)
{
var sb = new StringBuilder();
foreach (var key in collection.Keys)
{
var parameter = OAuthTools.UrlEncodeStrict(collection[key]);
sb.AppendFormat("{0}={1}&", key, parameter);
}
return(sb.ToString().TrimEnd('&'));
}
public void GetTimeStamp_Calculates_Seconds_From_Epoch()
{
int secondsFromEpoch = 1000;
DateTime dateTimeFromEpoch = new DateTime(1970, 1, 1).AddSeconds(secondsFromEpoch);
string unixTime = OAuthTools.GetTimestamp(dateTimeFromEpoch);
Assert.NotNull(unixTime);
Assert.NotEmpty(unixTime);
Assert.Equal(secondsFromEpoch, Convert.ToInt32(unixTime));
}
public void Use_RFC_3986_Encoding_For_Auth_Signature_Base()
{
// reserved characters for 2396 and 3986
var reserved2396Characters = new[] { ";", "/", "?", ":", "@", "&", "=", "+", "$", "," }; // http://www.ietf.org/rfc/rfc2396.txt
var additionalReserved3986Characters = new[] { "!", "*", "'", "(", ")" }; // http://www.ietf.org/rfc/rfc3986.txt
var reservedCharacterString = string.Join(string.Empty, reserved2396Characters.Union(additionalReserved3986Characters));
// act
var escapedString = OAuthTools.UrlEncodeRelaxed(reservedCharacterString);
// assert
Assert.Equal("%3B%2F%3F%3A%40%26%3D%2B%24%2C%21%2A%27%28%29", escapedString);
}
public void Can_generate_nonce()
{
var nonce = OAuthTools.GetNonce();
Assert.IsNotNull(nonce);
Assert.IsTrue(nonce.Length == 16);
Console.WriteLine(nonce);
var next = OAuthTools.GetNonce();
Assert.AreNotEqual(nonce, next);
Console.WriteLine(next);
}
private string GetQueryString(Dictionary <string, string> dict)
{
if (dict == null)
{
return("");
}
List <string> sb = new List <string>();
foreach (var kvp in dict)
{
sb.Add(string.Format("{0}={1}", OAuthTools.UrlEncodeStrict(kvp.Key), OAuthTools.UrlEncodeStrict(kvp.Value)));
}
return(string.Join("&", sb));
}
public void NormalizeRequestParameters_Normalizes_And_Encodes_QueryString()
{
var parameters = new WebParameterCollection(new[]
{
new WebParameter("test", "value"),
new WebParameter("name", "joe"),
new WebParameter("grant_type", "code"),
new WebParameter("string", "this+is+a+string"),
});
var expected = "grant_type=code&name=joe&string=this%2Bis%2Ba%2Bstring&test=value";
var result = OAuthTools.NormalizeRequestParameters(parameters);
Assert.Equal(expected, result);
}
public void GetNonce_Creates_New_Nonce_Each_Run()
{
string nonce1 = OAuthTools.GetNonce();
string nonce2 = OAuthTools.GetNonce();
string nonce3 = OAuthTools.GetNonce();
Assert.NotNull(nonce1);
Assert.NotNull(nonce2);
Assert.NotNull(nonce3);
Assert.NotEmpty(nonce1);
Assert.NotEmpty(nonce2);
Assert.NotEmpty(nonce3);
Assert.NotEqual(nonce1, nonce2);
Assert.NotEqual(nonce2, nonce3);
Assert.NotEqual(nonce1, nonce3);
}
