public static OAuthEchoHandler CreateHandler(HttpMessageHandler innerHandler, Uri authServiceProvider,
string consumerKey, string consumerSecret, string accessToken, string accessSecret, Uri?realm = null)
{
var credential = OAuthUtility.CreateAuthorization("GET", authServiceProvider, null,
consumerKey, consumerSecret, accessToken, accessSecret, realm?.AbsoluteUri);
return(new OAuthEchoHandler(innerHandler, authServiceProvider, credential));
}
public void GetOAuthParameter_Test()
{
var param = OAuthUtility.GetOAuthParameter("ConsumerKey", "Token");
Assert.Equal("ConsumerKey", param["oauth_consumer_key"]);
Assert.Equal("HMAC-SHA1", param["oauth_signature_method"]);
var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0);
var unixTimeNow = Math.Ceiling((DateTime.UtcNow - unixEpoch).TotalSeconds);
Assert.InRange(long.Parse(param["oauth_timestamp"]), unixTimeNow - 5, unixTimeNow);
Assert.NotEmpty(param["oauth_nonce"]);
Assert.Equal("1.0", param["oauth_version"]);
Assert.Equal("Token", param["oauth_token"]);
}
public void CreateSignature_EmptyTokenSecretTest()
{
// GET http://example.com/hoge?aaa=foo に対する署名を生成
// リクエストトークンの発行時は tokenSecret が空の状態で署名を生成することになる
var oauthSignature = OAuthUtility.CreateSignature("ConsumerSecret", null,
"GET", new Uri("http://example.com/hoge"), new Dictionary <string, string> {
["aaa"] = "foo"
});
var expectSignatureBase = "GET&http%3A%2F%2Fexample.com%2Fhoge&aaa%3Dfoo";
var expectSignatureKey = "ConsumerSecret&"; // 末尾の & は除去されない
using var hmacsha1 = new HMACSHA1(Encoding.ASCII.GetBytes(expectSignatureKey));
var expectSignature = Convert.ToBase64String(hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(expectSignatureBase)));
Assert.Equal(expectSignature, oauthSignature);
}
public void CreateSignature_Test()
{
// GET http://example.com/hoge?aaa=foo に対する署名を生成
// 実際の param は oauth_consumer_key などのパラメーターが加わった状態で渡される
var oauthSignature = OAuthUtility.CreateSignature("ConsumerSecret", "TokenSecret",
"GET", new Uri("http://example.com/hoge"), new Dictionary <string, string> {
["aaa"] = "foo"
});
var expectSignatureBase = "GET&http%3A%2F%2Fexample.com%2Fhoge&aaa%3Dfoo";
var expectSignatureKey = "ConsumerSecret&TokenSecret";
using var hmacsha1 = new HMACSHA1(Encoding.ASCII.GetBytes(expectSignatureKey));
var expectSignature = Convert.ToBase64String(hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(expectSignatureBase)));
Assert.Equal(expectSignature, oauthSignature);
}
public void CreateSignature_NormarizeParametersTest()
{
// GET http://example.com/hoge?aaa=foo&bbb=bar に対する署名を生成
// 複数のパラメータが渡される場合は name 順でソートされる
var oauthSignature = OAuthUtility.CreateSignature("ConsumerSecret", "TokenSecret",
"GET", new Uri("http://example.com/hoge"), new Dictionary <string, string> {
["bbb"] = "bar",
["aaa"] = "foo",
});
var expectSignatureBase = "GET&http%3A%2F%2Fexample.com%2Fhoge&aaa%3Dfoo%26bbb%3Dbar";
var expectSignatureKey = "ConsumerSecret&TokenSecret";
using var hmacsha1 = new HMACSHA1(Encoding.ASCII.GetBytes(expectSignatureKey));
var expectSignature = Convert.ToBase64String(hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(expectSignatureBase)));
Assert.Equal(expectSignature, oauthSignature);
}
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var query = await GetParameters(request.RequestUri, request.Content)
.ConfigureAwait(false);
var credential = OAuthUtility.CreateAuthorization(request.Method.ToString().ToUpperInvariant(), request.RequestUri, query,
this.ConsumerKey, this.ConsumerSecret, this.AccessToken, this.AccessSecret);
request.Headers.TryAddWithoutValidation("Authorization", credential);
if (request.Content is FormUrlEncodedContent postContent)
{
request.Content = new StringContent(MyCommon.BuildQueryString(query), Encoding.UTF8, "application/x-www-form-urlencoded");
postContent.Dispose();
}
return(await base.SendAsync(request, cancellationToken)
.ConfigureAwait(false));
}
public void CreateAuthorization_Test()
{
var authorization = OAuthUtility.CreateAuthorization(
"GET", new Uri("http://example.com/hoge"), new Dictionary <string, string> {
["aaa"] = "hoge"
},
"ConsumerKey", "ConsumerSecret", "AccessToken", "AccessSecret", "Realm");
Assert.True(authorization.StartsWith("OAuth ", StringComparison.Ordinal));
var parsedParams = authorization.Substring(6).Split(',')
.Where(x => !string.IsNullOrEmpty(x))
.Select(x => x.Split(new[] { '=' }, 2))
.ToDictionary(x => x[0], x => x[1].Substring(1, x[1].Length - 2)); // x[1] は前後の「"」を除去する
var expectAuthzParamKeys = new[] { "realm", "oauth_consumer_key", "oauth_nonce", "oauth_signature_method",
"oauth_timestamp", "oauth_token", "oauth_version", "oauth_signature" };
Assert.Equal(expectAuthzParamKeys, parsedParams.Keys, AnyOrderComparer <string> .Instance);
Assert.Equal("Realm", parsedParams["realm"]);
// Signature Base Strings には realm を含めない
var expectSignatureBase = "GET&http%3A%2F%2Fexample.com%2Fhoge&" +
"aaa%3Dhoge%26" +
"oauth_consumer_key%3DConsumerKey%26" +
$"oauth_nonce%3D{parsedParams["oauth_nonce"]}%26" +
"oauth_signature_method%3DHMAC-SHA1%26" +
$"oauth_timestamp%3D{parsedParams["oauth_timestamp"]}%26" +
"oauth_token%3DAccessToken%26" +
"oauth_version%3D1.0";
var expectSignatureKey = "ConsumerSecret&AccessSecret";
using (var hmacsha1 = new HMACSHA1(Encoding.ASCII.GetBytes(expectSignatureKey)))
{
var expectSignature = Convert.ToBase64String(hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(expectSignatureBase)));
Assert.Equal(expectSignature, Uri.UnescapeDataString(parsedParams["oauth_signature"]));
}
}