public void Should_reject_an_invalid_request()
        {
            var request = new HttpRequestMessage(HttpMethod.Post, "http://myApi/api/somePath");
            request.Headers.Date = new DateTimeOffset(DateTime.UtcNow);
            request.Content = new StringContent("{'A':'b'}");
            request.Headers.Authorization = new AuthenticationHeaderValue(Configuration.AuthenticationScheme,
                string.Format("{0}:{1}", "1234", "bad hash value"));

            request.Content.Headers.ContentMD5 = Encoding.UTF8.GetBytes("anotherBadHash");

            var innerhandler = new FakeInnerHandler
            {
                Message = new HttpResponseMessage(HttpStatusCode.OK)
            };
            var client = new HttpMessageInvoker(new HmacAuthenticationHandler(
                        new ApiKeyRepository(),
                        new CanonicalRepresentationBuilder(),
                        new HmacSignatureCalculator())
            {
                InnerHandler = innerhandler
            });

            var message = client.SendAsync(request, new CancellationToken(false)).Result;
            Assert.AreEqual(message.StatusCode, HttpStatusCode.Unauthorized);
        }
        public void Should_accept_a_valid_request()
        {
            var uri = "/api/somepath";
            var request = new HttpRequestMessage(HttpMethod.Post, "http://myApi" + uri);
            request.Headers.Date = new DateTimeOffset(DateTime.UtcNow);
            var content = "{'A':'b'}";
            request.Content = new StringContent(content);
            request.Content.Headers.ContentMD5 = CalculateHash(content);

            var userId = "1234";
            var md5 = Convert.ToBase64String(request.Content.Headers.ContentMD5);

            var hashedApiKey = ComputeSHA1("v87o2jh388d");
            var representation =   String.Join("|", "POST",
                md5, 
                request.Headers.Date.Value.UtcDateTime.ToString(CultureInfo.InvariantCulture),
                "1234", 
                uri);

            var signatureCaclulator = new HmacSignatureCalculator();
            var messageSignature = signatureCaclulator.Signature(hashedApiKey, representation);

            request.Headers.Authorization = new AuthenticationHeaderValue(
                Configuration.AuthenticationScheme,
                string.Format("{0}:{1}", userId, messageSignature)
            );

            var innerhandler = new FakeInnerHandler();
            innerhandler.Message = new HttpResponseMessage(HttpStatusCode.OK);
            var client = new HttpMessageInvoker(new HmacAuthenticationHandler(
                        new ApiKeyRepository(),
                        new CanonicalRepresentationBuilder(),
                        signatureCaclulator)
            {
                InnerHandler = innerhandler
            });

            var message = client.SendAsync(request, new CancellationToken(false)).Result;
            Assert.AreEqual(message.StatusCode, HttpStatusCode.OK);

        }