public void TestParameterEncoding_ShouldCreateExpectedSignatureBaseString_WhenQueryParamsNotEncodedInUri()
{
// GIVEN
const string uri = "https://example.com/?param=token1:token2";
// WHEN
var queryParams = OAuth.ExtractQueryParams(uri);
var paramString = OAuth.GetOAuthParamString(queryParams, new Dictionary <string, string>());
var baseString = OAuth.GetSignatureBaseString("https://example.com", "GET", paramString);
// THEN
Assert.AreEqual("GET&https%3A%2F%2Fexample.com¶m%3Dtoken1%3Atoken2", baseString);
}
public void TestExtractQueryParams_ShouldEncodeParams_WhenUriStringWithEncodedParams()
{
// GIVEN
const string uri = "https://example.com/request?colon=%3A&plus=%2B&comma=%2C";
// WHEN
var queryParams = OAuth.ExtractQueryParams(uri);
// THEN
Assert.AreEqual(3, queryParams.Count);
Assert.IsFalse(new List <string> {
"%3A"
}.Except(queryParams["colon"]).Any());
Assert.IsFalse(new List <string> {
"%2B"
}.Except(queryParams["plus"]).Any());
Assert.IsFalse(new List <string> {
"%2C"
}.Except(queryParams["comma"]).Any());
}
public void TestGetSignatureBaseString_Integrated()
{
var encoding = Encoding.GetEncoding("ISO-8859-1");
const string body = "<?xml version=\"1.0\" encoding=\"Windows-1252\"?><ns2:TerminationInquiryRequest xmlns:ns2=\"http://mastercard.com/termination\"><AcquirerId>1996</AcquirerId><TransactionReferenceNumber>1</TransactionReferenceNumber><Merchant><Name>TEST</Name><DoingBusinessAsName>TEST</DoingBusinessAsName><PhoneNumber>5555555555</PhoneNumber><NationalTaxId>1234567890</NationalTaxId><Address><Line1>5555 Test Lane</Line1><City>TEST</City><CountrySubdivision>XX</CountrySubdivision><PostalCode>12345</PostalCode><Country>USA</Country></Address><Principal><FirstName>John</FirstName><LastName>Smith</LastName><NationalId>1234567890</NationalId><PhoneNumber>5555555555</PhoneNumber><Address><Line1>5555 Test Lane</Line1><City>TEST</City><CountrySubdivision>XX</CountrySubdivision><PostalCode>12345</PostalCode><Country>USA</Country></Address><DriversLicense><Number>1234567890</Number><CountrySubdivision>XX</CountrySubdivision></DriversLicense></Principal></Merchant></ns2:TerminationInquiryRequest>";
const string method = "POST";
const string uri = "https://sandbox.api.mastercard.com/fraud/merchant/v1/termination-inquiry?Format=XML&PageOffset=0&PageLength=10";
var queryParameters = OAuth.ExtractQueryParams(uri);
var oauthParameters = new Dictionary <string, string>
{
{ "oauth_consumer_key", "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" },
{ "oauth_nonce", "1111111111111111111" },
{ "oauth_signature_method", "RSA-SHA256" },
{ "oauth_timestamp", "1111111111" },
{ "oauth_version", "1.0" },
{ "oauth_body_hash", OAuth.GetBodyHash(body, encoding) }
};
var oauthParamString = OAuth.GetOAuthParamString(queryParameters, oauthParameters);
var actualSignatureBaseString = OAuth.GetSignatureBaseString(OAuth.GetBaseUriString(uri), method, oauthParamString);
const string expectedSignatureBaseString = "POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Ffraud%2Fmerchant%2Fv1%2Ftermination-inquiry&Format%3DXML%26PageLength%3D10%26PageOffset%3D0%26oauth_body_hash%3Dh2Pd7zlzEZjZVIKB4j94UZn%2FxxoR3RoCjYQ9%2FJdadGQ%3D%26oauth_consumer_key%3Dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%26oauth_nonce%3D1111111111111111111%26oauth_signature_method%3DRSA-SHA256%26oauth_timestamp%3D1111111111%26oauth_version%3D1.0";
Assert.AreEqual(expectedSignatureBaseString, actualSignatureBaseString);
}
public void TestExtractQueryParams_ShouldSupportRfcExample()
{
// GIVEN
const string uri = "https://example.com/request?b5=%3D%253D&a3=a&c%40=&a2=r%20b"; // See: https://tools.ietf.org/html/rfc5849#section-3.4.1.3.1
// WHEN
var queryParams = OAuth.ExtractQueryParams(uri);
// THEN
Assert.AreEqual(4, queryParams.Count);
Assert.IsFalse(new List <string> {
"%3D%253D"
}.Except(queryParams["b5"]).Any());
Assert.IsFalse(new List <string> {
"a"
}.Except(queryParams["a3"]).Any());
Assert.IsFalse(new List <string> {
string.Empty
}.Except(queryParams["c%40"]).Any());
Assert.IsFalse(new List <string> {
"r%20b"
}.Except(queryParams["a2"]).Any());
}
public void TestExtractQueryParams_ShouldSupportDuplicateKeysAndEmptyValues()
{
// GIVEN
const string uri = "https://sandbox.api.mastercard.com/audiences/v1/getcountries?offset=0&offset=1&length=10&empty&odd=";
// WHEN
var queryParams = OAuth.ExtractQueryParams(uri);
// THEN
Assert.AreEqual(4, queryParams.Count);
Assert.IsFalse(new List <string> {
"10"
}.Except(queryParams["length"]).Any());
Assert.IsFalse(new List <string> {
"0", "1"
}.Except(queryParams["offset"]).Any());
Assert.IsFalse(new List <string> {
string.Empty
}.Except(queryParams["empty"]).Any());
Assert.IsFalse(new List <string> {
string.Empty
}.Except(queryParams["odd"]).Any());
}
