public void Test_SignatureCompareWithSpaceInSignature()
{
OAuthParameters parameters = new OAuthParameters()
{
ConsumerKey = "key",
Nonce = "5b434e59-729a-444b-9a11-2d8e57b1f2fb",
SignatureMethod = "HMAC-SHA1",
Timestamp = "1251983826",
Version = "1.0",
Callback = "http://yourownsite.com/"
};
string sigbase = SignatureBase.Create(
"GET",
new Uri("http://localhost:3423/request-token.ashx"),
parameters);
string consumerSecret = "secret";
string tokenSecret = null;
HmacSha1SigningProvider signingProvider = new HmacSha1SigningProvider();
Assert.That(signingProvider.SignatureMethod, Is.EqualTo("HMAC-SHA1"));
string hash = signingProvider.ComputeSignature(sigbase, consumerSecret, tokenSecret);
Assert.That(hash, Is.EqualTo("zHTiQHg8X5Lpkh+/0MSatKeNEFg="));
Assert.That(signingProvider.CheckSignature(sigbase, Rfc3986.Decode("zHTiQHg8X5Lpkh+/0MSatKeNEFg="), consumerSecret, tokenSecret), "Signature did not match");
}
public bool ValidateSignature(string signatureBase, string signature, string consumerSecret, string tokenSecret)
{
string expectedSignature = ComputeSignature(signatureBase, consumerSecret, tokenSecret);
string actualSignature = Rfc3986.Decode(signature);
return(expectedSignature == actualSignature);
}
public virtual bool CheckSignature(string signatureBase, string signature, string consumerSecret, string tokenSecret)
{
string expectedSignature = this.ComputeSignature(
signatureBase,
consumerSecret,
tokenSecret);
string actualSignature = Rfc3986.Decode(signature);
return(expectedSignature == actualSignature);
}
private static NameValueCollection ParseAuthHeader(string authHeader)
{
if (!String.IsNullOrEmpty(authHeader))
{
NameValueCollection @params = new NameValueCollection();
// Check for OAuth auth-scheme
Match authSchemeMatch = OAuthCredentialsRegex.Match(authHeader);
if (authSchemeMatch.Success)
{
// We have OAuth credentials in the Authorization header; parse the parts
// Sad-to-say, but this code is much simpler than the regex for it!
string[] authParameterValuePairs = authHeader.Substring(authSchemeMatch.Length).Split(',');
foreach (string authParameterValuePair in authParameterValuePairs)
{
string[] parts = authParameterValuePair.Trim().Split('=');
if (parts.Length == 2)
{
string parameter = parts[0];
string value = parts[1];
if (value.StartsWith("\"", StringComparison.Ordinal) && value.EndsWith("\"", StringComparison.Ordinal))
{
value = value.Substring(1, value.Length - 2);
try {
value = StringEscapeSequence.Replace(value, EvaluateAuthHeaderMatch);
} catch (FormatException) {
continue;
}
// Add the parameter and value
@params.Add(Rfc3986.Decode(parameter), Rfc3986.Decode(value));
}
}
}
}
return(@params);
}
return(null);
}
//TODO: No anda todavia!!
private HttpWebResponse GetContacts()
{
yahooAccessToken = (string[])HttpContext.Current.Session["Yahoo_AccessToken"];
Uri RequestContactBaseUri = new Uri("http://social.yahooapis.com/v1/user/" + YGuid + "/contacts");
int timestamp = Common.GetTimestamp();
OAuthParameters parameters = new OAuthParameters();
parameters.ConsumerKey = apiKey;
parameters.Nonce = new GuidNonceProvider().GenerateNonce(timestamp);
parameters.SignatureMethod = "HMAC-SHA1";
parameters.Timestamp = timestamp.ToString(CultureInfo.InvariantCulture);
parameters.Token = Rfc3986.Decode(AccessToken);
parameters.Version = "1.0";
parameters.AdditionalParameters.Add("format", "xml");
string sigBase = SignatureBase.Create("GET", RequestContactBaseUri, parameters);
HmacSha1SigningProvider singProvier = new HmacSha1SigningProvider();
parameters.Signature = singProvier.ComputeSignature(
sigBase, (secret), Rfc3986.Encode(AccessTokenSecret));
HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://social.yahooapis.com/v1/user/" + YGuid + "/contacts?view=tinyusercard");
request.CookieContainer = new CookieContainer();
request.Headers["WWW-Authenticate"] = " OAuth realm='yahooapis.com',";
request.Headers["WWW-Authenticate"] += " oauth_consumer_key='" + parameters.ConsumerKey + "',";
request.Headers["WWW-Authenticate"] += " oauth_nonce='" + parameters.Nonce + "',";
request.Headers["WWW-Authenticate"] += " oauth_signature_method='" + parameters.SignatureMethod + "',";
request.Headers["WWW-Authenticate"] += " oauth_timestamp='" + parameters.Timestamp + "',";
request.Headers["WWW-Authenticate"] += " oauth_token='" + token + "',";
request.Headers["WWW-Authenticate"] += " oauth_version='" + parameters.Version + "',";
request.Headers["WWW-Authenticate"] += " oauth_signature='" + parameters.Signature + "'";
request.Method = "GET";
request.ContentType = "application/xml; charset=utf-8";
return((HttpWebResponse)request.GetResponse());
}
public static OAuthToken Deserialize(string serializedForm)
{
if (string.IsNullOrEmpty(serializedForm))
{
throw new ArgumentException("serializedForm argument must not be null or empty", "serializedForm");
}
if (!serializedForm.StartsWith("[", StringComparison.Ordinal))
{
throw new FormatException("Serialized SimpleToken must start with [");
}
if (!serializedForm.EndsWith("]", StringComparison.Ordinal))
{
throw new FormatException("Serialized SimpleToken must end with ]");
}
string[] parts = serializedForm.Substring(1, serializedForm.Length - 2)
.Split(new char[] { '|' }, StringSplitOptions.None);
if (parts.Length != 4)
{
throw new FormatException("Serialized SimpleToken must consist of 4 pipe-separated fields");
}
if (string.IsNullOrEmpty(parts[0]))
{
throw new FormatException("Error deserializing SimpleToken.Type (field 0): cannot be null or empty");
}
TokenType type;
try {
type = (TokenType)Enum.Parse(typeof(TokenType), Rfc3986.Decode(parts[0]), true);
} catch (Exception e) {
throw new FormatException("Error deserializing SimpleToken.Type (field 0)", e);
}
if (string.IsNullOrEmpty(parts[1]))
{
throw new FormatException("Error deserializing SimpleToken.Token (field 1): cannot be null or empty");
}
string token;
try {
token = Rfc3986.Decode(parts[1]);
} catch (Exception e) {
throw new FormatException("Error deserializing SimpleToken.Token (field 1)", e);
}
string secret;
try {
secret = Rfc3986.Decode(parts[2]);
} catch (Exception e) {
throw new FormatException("Error deserializing SimpleToken.Secret (field 2)", e);
}
string consumerKey;
try {
consumerKey = Rfc3986.Decode(parts[3]);
} catch (Exception e) {
throw new FormatException("Error deserializing SimpleToken.ConsumerKey (field 3)", e);
}
return(new OAuthToken(type, token, secret, consumerKey));
}