public void Test_SignatureCompareWithSpaceInSignature() { OAuthParameters parameters = new OAuthParameters() { ConsumerKey = "key", Nonce = "5b434e59-729a-444b-9a11-2d8e57b1f2fb", SignatureMethod = "HMAC-SHA1", Timestamp = "1251983826", Version = "1.0", Callback = "http://yourownsite.com/" }; string sigbase = SignatureBase.Create( "GET", new Uri("http://localhost:3423/request-token.ashx"), parameters); string consumerSecret = "secret"; string tokenSecret = null; HmacSha1SigningProvider signingProvider = new HmacSha1SigningProvider(); Assert.That(signingProvider.SignatureMethod, Is.EqualTo("HMAC-SHA1")); string hash = signingProvider.ComputeSignature(sigbase, consumerSecret, tokenSecret); Assert.That(hash, Is.EqualTo("zHTiQHg8X5Lpkh+/0MSatKeNEFg=")); Assert.That(signingProvider.CheckSignature(sigbase, Rfc3986.Decode("zHTiQHg8X5Lpkh+/0MSatKeNEFg="), consumerSecret, tokenSecret), "Signature did not match"); }
public bool ValidateSignature(string signatureBase, string signature, string consumerSecret, string tokenSecret) { string expectedSignature = ComputeSignature(signatureBase, consumerSecret, tokenSecret); string actualSignature = Rfc3986.Decode(signature); return(expectedSignature == actualSignature); }
public virtual bool CheckSignature(string signatureBase, string signature, string consumerSecret, string tokenSecret) { string expectedSignature = this.ComputeSignature( signatureBase, consumerSecret, tokenSecret); string actualSignature = Rfc3986.Decode(signature); return(expectedSignature == actualSignature); }
private static NameValueCollection ParseAuthHeader(string authHeader) { if (!String.IsNullOrEmpty(authHeader)) { NameValueCollection @params = new NameValueCollection(); // Check for OAuth auth-scheme Match authSchemeMatch = OAuthCredentialsRegex.Match(authHeader); if (authSchemeMatch.Success) { // We have OAuth credentials in the Authorization header; parse the parts // Sad-to-say, but this code is much simpler than the regex for it! string[] authParameterValuePairs = authHeader.Substring(authSchemeMatch.Length).Split(','); foreach (string authParameterValuePair in authParameterValuePairs) { string[] parts = authParameterValuePair.Trim().Split('='); if (parts.Length == 2) { string parameter = parts[0]; string value = parts[1]; if (value.StartsWith("\"", StringComparison.Ordinal) && value.EndsWith("\"", StringComparison.Ordinal)) { value = value.Substring(1, value.Length - 2); try { value = StringEscapeSequence.Replace(value, EvaluateAuthHeaderMatch); } catch (FormatException) { continue; } // Add the parameter and value @params.Add(Rfc3986.Decode(parameter), Rfc3986.Decode(value)); } } } } return(@params); } return(null); }
//TODO: No anda todavia!! private HttpWebResponse GetContacts() { yahooAccessToken = (string[])HttpContext.Current.Session["Yahoo_AccessToken"]; Uri RequestContactBaseUri = new Uri("http://social.yahooapis.com/v1/user/" + YGuid + "/contacts"); int timestamp = Common.GetTimestamp(); OAuthParameters parameters = new OAuthParameters(); parameters.ConsumerKey = apiKey; parameters.Nonce = new GuidNonceProvider().GenerateNonce(timestamp); parameters.SignatureMethod = "HMAC-SHA1"; parameters.Timestamp = timestamp.ToString(CultureInfo.InvariantCulture); parameters.Token = Rfc3986.Decode(AccessToken); parameters.Version = "1.0"; parameters.AdditionalParameters.Add("format", "xml"); string sigBase = SignatureBase.Create("GET", RequestContactBaseUri, parameters); HmacSha1SigningProvider singProvier = new HmacSha1SigningProvider(); parameters.Signature = singProvier.ComputeSignature( sigBase, (secret), Rfc3986.Encode(AccessTokenSecret)); HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://social.yahooapis.com/v1/user/" + YGuid + "/contacts?view=tinyusercard"); request.CookieContainer = new CookieContainer(); request.Headers["WWW-Authenticate"] = " OAuth realm='yahooapis.com',"; request.Headers["WWW-Authenticate"] += " oauth_consumer_key='" + parameters.ConsumerKey + "',"; request.Headers["WWW-Authenticate"] += " oauth_nonce='" + parameters.Nonce + "',"; request.Headers["WWW-Authenticate"] += " oauth_signature_method='" + parameters.SignatureMethod + "',"; request.Headers["WWW-Authenticate"] += " oauth_timestamp='" + parameters.Timestamp + "',"; request.Headers["WWW-Authenticate"] += " oauth_token='" + token + "',"; request.Headers["WWW-Authenticate"] += " oauth_version='" + parameters.Version + "',"; request.Headers["WWW-Authenticate"] += " oauth_signature='" + parameters.Signature + "'"; request.Method = "GET"; request.ContentType = "application/xml; charset=utf-8"; return((HttpWebResponse)request.GetResponse()); }
public static OAuthToken Deserialize(string serializedForm) { if (string.IsNullOrEmpty(serializedForm)) { throw new ArgumentException("serializedForm argument must not be null or empty", "serializedForm"); } if (!serializedForm.StartsWith("[", StringComparison.Ordinal)) { throw new FormatException("Serialized SimpleToken must start with ["); } if (!serializedForm.EndsWith("]", StringComparison.Ordinal)) { throw new FormatException("Serialized SimpleToken must end with ]"); } string[] parts = serializedForm.Substring(1, serializedForm.Length - 2) .Split(new char[] { '|' }, StringSplitOptions.None); if (parts.Length != 4) { throw new FormatException("Serialized SimpleToken must consist of 4 pipe-separated fields"); } if (string.IsNullOrEmpty(parts[0])) { throw new FormatException("Error deserializing SimpleToken.Type (field 0): cannot be null or empty"); } TokenType type; try { type = (TokenType)Enum.Parse(typeof(TokenType), Rfc3986.Decode(parts[0]), true); } catch (Exception e) { throw new FormatException("Error deserializing SimpleToken.Type (field 0)", e); } if (string.IsNullOrEmpty(parts[1])) { throw new FormatException("Error deserializing SimpleToken.Token (field 1): cannot be null or empty"); } string token; try { token = Rfc3986.Decode(parts[1]); } catch (Exception e) { throw new FormatException("Error deserializing SimpleToken.Token (field 1)", e); } string secret; try { secret = Rfc3986.Decode(parts[2]); } catch (Exception e) { throw new FormatException("Error deserializing SimpleToken.Secret (field 2)", e); } string consumerKey; try { consumerKey = Rfc3986.Decode(parts[3]); } catch (Exception e) { throw new FormatException("Error deserializing SimpleToken.ConsumerKey (field 3)", e); } return(new OAuthToken(type, token, secret, consumerKey)); }