/**
* Add some of the parameters needed to request access to a protected
* resource, if they aren't already in the message.
*
* @throws IOException
* @throws URISyntaxException
*/
public void addRequiredParameters(OAuthAccessor accessor)
{
Dictionary <string, string> pMap = OAuth.newMap(parameters);
if (!pMap.ContainsKey(OAuth.OAUTH_TOKEN) && accessor.accessToken != null)
{
addParameter(OAuth.OAUTH_TOKEN, accessor.accessToken);
}
OAuthConsumer consumer = accessor.consumer;
if (!pMap.ContainsKey(OAuth.OAUTH_CONSUMER_KEY))
{
addParameter(OAuth.OAUTH_CONSUMER_KEY, consumer.consumerKey);
}
string signatureMethod;
if (!pMap.TryGetValue(OAuth.OAUTH_SIGNATURE_METHOD, out signatureMethod))
{
signatureMethod = (string)consumer.getProperty(OAuth.OAUTH_SIGNATURE_METHOD) ?? OAuth.HMAC_SHA1;
addParameter(OAuth.OAUTH_SIGNATURE_METHOD, signatureMethod);
}
if (!pMap.ContainsKey(OAuth.OAUTH_TIMESTAMP))
{
addParameter(OAuth.OAUTH_TIMESTAMP, UnixTime.ToInt64(DateTime.UtcNow).ToString());
}
if (!pMap.ContainsKey(OAuth.OAUTH_NONCE))
{
addParameter(OAuth.OAUTH_NONCE, Crypto.getRandomString(OAuth.OAUTH_NONCE_LENGTH));
}
sign(accessor);
}
private static bool hasValidSignature(OAuthMessage message, String appUrl, String appId)
{
String sharedSecret = sampleContainerSharedSecrets[appId];
if (sharedSecret == null)
{
return false;
}
OAuthServiceProvider provider = new OAuthServiceProvider(null, null, null);
OAuthConsumer consumer = new OAuthConsumer(null, appUrl, sharedSecret, provider);
OAuthAccessor accessor = new OAuthAccessor(consumer);
SimpleOAuthValidator validator = new SimpleOAuthValidator();
try
{
validator.validateMessage(message, accessor);
}
catch (OAuthException)
{
return false;
}
catch (IOException)
{
return false;
}
catch (UriFormatException)
{
return false;
}
return true;
}
public AccessorInfo(OAuthAccessor accessor, OAuthStore.ConsumerInfo consumer, HttpMethod httpMethod,
OAuthParamLocation? paramLocation, String sessionHandle, long tokenExpireMillis)
{
this.accessor = accessor;
this.consumer = consumer;
this.httpMethod = httpMethod;
this.paramLocation = paramLocation;
this.sessionHandle = sessionHandle;
this.tokenExpireMillis = tokenExpireMillis;
}
public AccessorInfo create(OAuthResponseParams responseParams)
{
if (location == null)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM, "no location");
}
if (consumer == null)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM, "no consumer");
}
OAuthAccessor accessor = new OAuthAccessor(consumer.getConsumer());
// request token/access token/token secret can all be null, for signed fetch, or if the OAuth
// dance is just beginning
accessor.requestToken = requestToken;
accessor.accessToken = accessToken;
accessor.TokenSecret = tokenSecret;
return new AccessorInfo(accessor, consumer, method, location, sessionHandle, tokenExpireMillis);
}
/**
* Validates the passed request by reconstructing the original URL and
* parameters and generating a signature following the OAuth HMAC-SHA1
* specification and using the passed secret key.
*
* @param request Servlet request containing required information for
* reconstructing the signature such as the request's URL
* components and parameters
* @param consumerSecret Secret key shared between application owner and
* container. Used by containers when issuing signed makeRequests
* and by client applications to verify the source of these
* requests and the authenticity of its parameters.
* @return {@code true} if the signature generated in this function matches
* the signature in the passed request, {@code false} otherwise
* @throws IOException
* @throws URISyntaxException
*/
public static bool verifyHmacSignature(
HttpWebRequest request, String consumerSecret)
{
String method = request.Method;
String requestUrl = getRequestUrl(request);
List<OAuth.Parameter> requestParameters = getRequestParameters(request);
OAuthMessage message =
new OAuthMessage(method, requestUrl, requestParameters);
OAuthConsumer consumer =
new OAuthConsumer(null, null, consumerSecret, null);
OAuthAccessor accessor = new OAuthAccessor(consumer);
try {
message.validateMessage(accessor, new SimpleOAuthValidator());
} catch (OAuthException e) {
return false;
}
return true;
}
protected void validateSignature(OAuthMessage message, OAuthAccessor accessor)
{
message.requireParameters(new[]{OAuth.OAUTH_CONSUMER_KEY,
OAuth.OAUTH_SIGNATURE_METHOD, OAuth.OAUTH_SIGNATURE});
OAuthSignatureMethod.newSigner(message, accessor).validate(message);
}
/** {@inherit}
* @throws URISyntaxException */
public void validateMessage(OAuthMessage message, OAuthAccessor accessor)
{
validateVersion(message);
validateTimestampAndNonce(message);
validateSignature(message, accessor);
}
/**
* Signs the URL associated with the passed request object using the passed
* consumer key and secret in accordance with the OAuth specification and
* appends signature and other required parameters to the URL as query
* string parameters.
*
* @param request OpenSocialHttpRequest object which contains both the URL
* to sign as well as the POST body which must be included as a
* parameter when signing POST requests
* @param consumerKey Application key assigned and used by containers to
* uniquely identify applications
* @param consumerSecret Secret key shared between application owner and
* container. Used to generate the signature which is attached to
* the request so containers can verify the authenticity of the
* requests made by the client application.
* @throws OAuthException
* @throws IOException
* @throws URISyntaxException
*/
public static void signRequest(
OpenSocialHttpRequest request, String consumerKey, String consumerSecret)
{
String postBody = request.getPostBody();
String requestMethod = request.getMethod();
OpenSocialUrl requestUrl = request.getUrl();
if (!String.IsNullOrEmpty(consumerKey) && !String.IsNullOrEmpty(consumerSecret))
{
OAuthMessage message =
new OAuthMessage(requestMethod, requestUrl.ToString(), null);
if (!String.IsNullOrEmpty(postBody))
{
message.addParameter(postBody, "");
}
OAuthConsumer consumer =
new OAuthConsumer(null, consumerKey, consumerSecret, null);
consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1);
OAuthAccessor accessor = new OAuthAccessor(consumer);
accessor.accessToken = "";
message.addRequiredParameters(accessor);
foreach(var p in message.getParameters()) {
if (!p.Key.Equals(postBody)) {
requestUrl.addQueryStringParameter(
OAuth.percentEncode(new List<string> { p.Key }),
OAuth.percentEncode(new List<string> {p.Value}));
}
}
}
}
/**
* Check that the message has a valid signature.
*
* @throws IOException
* @throws URISyntaxException
*
* @throws OAuthProblemException
* the signature is invalid
* @deprecated use {@link OAuthMessage#validateMessage} instead.
*/
public void validateSignature(OAuthAccessor accessor)
{
OAuthSignatureMethod.newSigner(this, accessor).validate(this);
}
/**
* Check that the message is valid.
*
* @throws IOException
* @throws URISyntaxException
*
* @throws OAuthProblemException
* the message is invalid
*/
public void validateMessage(OAuthAccessor accessor, OAuthValidator validator)
{
validator.validateMessage(this, accessor);
}
/**
* Add a signature to the message.
*
* @throws URISyntaxException
*/
public void sign(OAuthAccessor accessor)
{
OAuthSignatureMethod.newSigner(this, accessor).sign(this);
}
/** {@inherit}
* @throws URISyntaxException */
public void validateMessage(OAuthMessage message, OAuthAccessor accessor)
{
validateVersion(message);
validateTimestampAndNonce(message);
validateSignature(message, accessor);
}
/**
* Check that the message has a valid signature.
*
* @throws IOException
* @throws URISyntaxException
*
* @throws OAuthProblemException
* the signature is invalid
* @deprecated use {@link OAuthMessage#validateMessage} instead.
*/
public void validateSignature(OAuthAccessor accessor)
{
OAuthSignatureMethod.newSigner(this, accessor).validate(this);
}
/**
* Check that the message is valid.
*
* @throws IOException
* @throws URISyntaxException
*
* @throws OAuthProblemException
* the message is invalid
*/
public void validateMessage(OAuthAccessor accessor, OAuthValidator validator)
{
validator.validateMessage(this, accessor);
}
/**
* Add a signature to the message.
*
* @throws URISyntaxException
*/
public void sign(OAuthAccessor accessor)
{
OAuthSignatureMethod.newSigner(this, accessor).sign(this);
}
/**
* Add some of the parameters needed to request access to a protected
* resource, if they aren't already in the message.
*
* @throws IOException
* @throws URISyntaxException
*/
public void addRequiredParameters(OAuthAccessor accessor)
{
Dictionary<string, string> pMap = OAuth.newMap(parameters);
if (!pMap.ContainsKey(OAuth.OAUTH_TOKEN) && accessor.accessToken != null)
{
addParameter(OAuth.OAUTH_TOKEN, accessor.accessToken);
}
OAuthConsumer consumer = accessor.consumer;
if (!pMap.ContainsKey(OAuth.OAUTH_CONSUMER_KEY))
{
addParameter(OAuth.OAUTH_CONSUMER_KEY, consumer.consumerKey);
}
string signatureMethod;
if (!pMap.TryGetValue(OAuth.OAUTH_SIGNATURE_METHOD, out signatureMethod))
{
signatureMethod = (string)consumer.getProperty(OAuth.OAUTH_SIGNATURE_METHOD) ?? OAuth.HMAC_SHA1;
addParameter(OAuth.OAUTH_SIGNATURE_METHOD, signatureMethod);
}
if (!pMap.ContainsKey(OAuth.OAUTH_TIMESTAMP))
{
addParameter(OAuth.OAUTH_TIMESTAMP, UnixTime.ToInt64(DateTime.UtcNow).ToString());
}
if (!pMap.ContainsKey(OAuth.OAUTH_NONCE))
{
addParameter(OAuth.OAUTH_NONCE, Crypto.getRandomString(OAuth.OAUTH_NONCE_LENGTH));
}
sign(accessor);
}
public static OAuthMessage newRequestMessage(OAuthAccessor accessor, String method, String url,
List<OAuth.Parameter> parameters)
{
return accessor.newRequestMessage(method, url, parameters);
}
protected void validateSignature(OAuthMessage message, OAuthAccessor accessor)
{
message.requireParameters(new[] { OAuth.OAUTH_CONSUMER_KEY,
OAuth.OAUTH_SIGNATURE_METHOD, OAuth.OAUTH_SIGNATURE });
OAuthSignatureMethod.newSigner(message, accessor).validate(message);
}
