public static bool Validate(string method, string url, string posted, string authorizationHeader, double numSecondsValid, Func<string, string> GetConsumerSecret, bool throwOnError = false, Func<string, string, string> GetTokenSecret = null) {
method = method ?? "GET";
if (numSecondsValid < 0 || numSecondsValid > MaxNonceAge.TotalSeconds)
throw new ArgumentException(string.Format("Must be more than 0 and less than {0} seconds", MaxNonceAge.TotalSeconds), "numSecondsValid");
var query = new Utilities.Query(url, posted);
if (!authorizationHeader.IsNullOrEmpty()) {
var authorization = ParseAuthorizationHeader(authorizationHeader);
authorization.Keys.ForEach(key => query[key] = authorization[key]);
}
if (query["oauth_version"] != "1.0") {
if (throwOnError) throw new System.Web.HttpException(401, "Invalid version specified");
}
if (numSecondsValid > 0) {
double timestamp = query["oauth_timestamp"].ToDouble();
double diff = Math.Abs(DateTime.UtcNow.GetSecondsSince1970() - timestamp);
if (diff > numSecondsValid) {
if (throwOnError) throw new System.Web.HttpException(401, "The timestamp is too old");
return false;
}
DateTime used = _NonceCache[query["oauth_nonce"]];
if (used.AddSeconds(numSecondsValid) > DateTime.UtcNow) {
if (throwOnError) throw new System.Web.HttpException(401, "The nonce is not unique");
return false;
}
_NonceCache[query["oauth_nonce"]] = DateTime.UtcNow;
}
string hashAlgorithm = query["oauth_signature_method"];
int q = url.IndexOf('?');
string path = q == -1 ? url : url.Substring(0, q);
string secret = GetConsumerSecret(query["oauth_consumer_key"].NotEmpty(query["client_id"]));
string sig;
try {
var querystring = GetQueryString(query, true);
sig = GetSignature(method, hashAlgorithm, secret, path, querystring, GetTokenSecret != null && query.ContainsKey("oauth_token") ? GetTokenSecret(query["oauth_token"], query["oauth_verifier"]) : null);
} catch (Exception) {
if (throwOnError) throw;
return false;
}
var testSig = query["oauth_signature"];
if (sig != testSig) {
if (throwOnError)
throw new System.Web.HttpException(401, string.Format("The signature is invalid. {0}", GetQueryString(query, false)));
return false;
}
return true;
}
public void ParseQueryString()
{
var query = new OyAuth.Utilities.Query("http://test/?id=0&id=1&another=test", string.Empty);
query["id"].Should().Equal("0,1");
query["another"].Should().Equal("test");
query = new OyAuth.Utilities.Query(string.Empty, "id=0&id=1&another=test");
query["id"].Should().Equal("0,1");
query["another"].Should().Equal("test");
query = new Utilities.Query(null, "test+test=test+test");
query["test test"].Should().Equal("test test");
}
public void ParseQueryString()
{
var query = new OyAuth.Utilities.Query("http://test/?id=0&id=1&another=test", string.Empty);
query["id"].Should().Equal("0,1");
query["another"].Should().Equal("test");
query = new OyAuth.Utilities.Query(string.Empty, "id=0&id=1&another=test");
query["id"].Should().Equal("0,1");
query["another"].Should().Equal("test");
query = new Utilities.Query(null, "test+test=test+test");
query["test test"].Should().Equal("test test");
}
public static Tuple<Utilities.Query, Utilities.Query, string> GetInfo(string method, string hashAlgorithm, ref string url, string posted, string consumerKey, string consumerSecret, string token, string verifier, string tokenSecret) {
method = method ?? "GET";
hashAlgorithm = hashAlgorithm ?? HMACSHA1;
string timestamp = DateTime.UtcNow.GetSecondsSince1970().ToString();
string nonce = GetNonce();
var query = new Utilities.Query(url, posted);
var postedquery = new Utilities.Query(string.Empty, posted);
int q = url.IndexOf('?');
if (q > -1) url = url.Substring(0, q);
//add the oauth stuffs
query["oauth_consumer_key"] = consumerKey;
query["oauth_nonce"] = nonce;
query["oauth_signature_method"] = hashAlgorithm;
query["oauth_timestamp"] = timestamp;
query["oauth_version"] = "1.0";
if (token != null) query["oauth_token"] = token;
if (verifier != null) query["oauth_verifier"] = verifier;
//put the querystring back together in alphabetical order
string querystring = GetQueryString(query, true);
string sig = GetSignature(method, hashAlgorithm, consumerSecret, url, querystring, tokenSecret);
return Tuple.Create(query, postedquery, sig);
}
