public ChatterProxyService()
{
WriteLogToFile("Starting ChatterProxyService");
url = ConfigurationSettings.AppSettings["SalesForceUrl"];
userName = ConfigurationSettings.AppSettings["SalesForceUserName"];
password = ConfigurationSettings.AppSettings["SalesForcePassword"];
token = ConfigurationSettings.AppSettings["SalesForceToken"];
clientId = ConfigurationSettings.AppSettings["SalesForceClientId"];
grantType = ConfigurationSettings.AppSettings["SalesForceGrantType"];
clientSecret = ConfigurationSettings.AppSettings["SalesForceClientSecret"];
cacheInterval = Int32.Parse(ConfigurationSettings.AppSettings["CacheInterval"]);
cacheCapacity = Int32.Parse(ConfigurationSettings.AppSettings["cacheCapacity"]);
logService = Boolean.Parse(ConfigurationSettings.AppSettings["LogService"]);
signedFetch = Boolean.Parse(ConfigurationSettings.AppSettings["SignedFetch"]);
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(customXertificateValidation);
profilesService = new ProfilesServices();
getChatterSoapService();
if (signedFetch)
{
// load default cert
X509Certificate2 cert = new X509Certificate2(ConfigurationSettings.AppSettings["OAuthCert"]);
provider = cert.PublicKey.Key;
signer = new OAuthContextSigner();
signingContext = new SigningContext();
//signingContext.ConsumerSecret = ...; // if there is a consumer secret
signingContext.Algorithm = provider;
}
activitiesFetcher = new Timer(GetActivities, null, 0, cacheInterval * 1000);
}
public void SignContext(OAuthContext context, TokenBase accessToken)
{
EnsureStateIsValid();
if (accessToken.ConsumerKey != ConsumerKey)
{
throw Error.SuppliedTokenWasNotIssuedToThisConsumer(ConsumerKey, accessToken.ConsumerKey);
}
var signer = new OAuthContextSigner();
var auth = new NonceGenerator();
context.UseAuthorizationHeader = UseHeaderForOAuthParameters;
context.ConsumerKey = accessToken.ConsumerKey;
context.Token = accessToken.Token;
context.TokenSecret = accessToken.TokenSecret;
context.SignatureMethod = SignatureMethod;
context.Timestamp = DateTime.Now.EpocString();
context.Nonce = auth.GenerateNonce();
context.Version = "1.0";
string signatureBase = context.GenerateSignatureBase();
Console.WriteLine("signature_base: {0}", signatureBase);
signer.SignContext(context,
new SigningContext
{
Algorithm = Key, SignatureBase = signatureBase, ConsumerSecret = ConsumerSecret
});
Console.WriteLine("oauth_singature: {0}", context.Signature);
}
public void ValidateWithTrailingAmpersand_ForUrl()
{
string url =
"http://demo.devdefined.com/OpenSocial/HelloWorld.aspx?oauth_nonce=c39f4e3e6c309988763eb8af85fcb74b&oauth_timestamp=1221992254&oauth_consumer_key=friendster.com&synd=friendster&container=default&opensocial_owner_id=82474146&opensocial_viewer_id=82474146&opensocial_app_id=52ae97f7aa8a7e7565dd40a4e00eb0f5&oauth_token=&xoauth_signature_publickey=http%3A%2F%2Fwww.fmodules.com%2Fpublic080813.crt&oauth_signature_method=RSA-SHA1&oauth_signature=PLOkRKwLLeJRZz18PsAVQgL5y9Rdf0AW5eicdT0xwauRe3bE2NTDFHoMsUtO6UMHEY0v9GRcKbvkgEWEGGtiGA%3D%3D&";
IOAuthContext context = new OAuthContextBuilder().FromUrl("GET", url);
var signer = new OAuthContextSigner();
var signingContext = new SigningContext {
Algorithm = FriendsterCertificate.PublicKey.Key
};
Assert.True(signer.ValidateSignature(context, signingContext));
}
public OAuthContext BuildExchangeRequestTokenForAccessTokenContext(TokenBase requestToken,
NameValueCollection additionalQueryParameters)
{
EnsureStateIsValid();
if (requestToken.ConsumerKey != ConsumerKey)
{
throw Error.SuppliedTokenWasNotIssuedToThisConsumer(ConsumerKey, requestToken.ConsumerKey);
}
var auth = new NonceGenerator();
var factory = new OAuthContextFactory();
var signer = new OAuthContextSigner();
OAuthContext context = factory.FromUri("GET", AccessTokenUri);
if (additionalQueryParameters != null)
{
context.QueryParameters.Add(additionalQueryParameters);
}
context.ConsumerKey = ConsumerKey;
context.Token = requestToken.Token;
context.TokenSecret = requestToken.TokenSecret;
context.RequestMethod = "GET";
context.SignatureMethod = SignatureMethod;
context.Timestamp = DateTime.Now.EpocString();
context.Nonce = auth.GenerateNonce();
context.Version = "1.0";
string signatureBase = context.GenerateSignatureBase();
Console.WriteLine("signature_base: {0}", signatureBase);
signer.SignContext(context,
new SigningContext
{
Algorithm = Key, SignatureBase = signatureBase, ConsumerSecret = ConsumerSecret
});
Console.WriteLine("oauth_singature: {0}", context.Signature);
Uri uri = context.GenerateUri();
Console.WriteLine("Uri: {0}", uri);
return(context);
}
private bool IsOAuthValid(string secret)
{
try {
var context = new OAuthContextBuilder().FromHttpRequest(Request);
IOAuthContextSigner signer = new OAuthContextSigner();
SigningContext signingContext = new SigningContext {
ConsumerSecret = secret
};
return(signer.ValidateSignature(context, signingContext));
} catch (OAuthException) {
return(false);
}
}
private bool IsOAuthSignatureValid()
{
string oauthKey = System.Configuration.ConfigurationManager.AppSettings["OauthKey"];
// Normally would use key to lookup appropriate secret for the specifc LMS
string oauthSecret = System.Configuration.ConfigurationManager.AppSettings["OauthSecret"];
var context = new OAuthContextBuilder().FromHttpRequest(Request);
IOAuthContextSigner signer = new OAuthContextSigner();
SigningContext signingContext = new SigningContext {
ConsumerSecret = oauthSecret
};
return(signer.ValidateSignature(context, signingContext));
}
public void ValidateWithTrailingAmpersand()
{
// As reported in issue here: http://code.google.com/p/devdefined-tools/issues/detail?id=1
// validating OAuth requests from Friendster was failing - turns out to be OpenSocial platforms
// incorrectly placing a "&" on the end of their query parameters, which was tripping up
// query parameters collection - there is now a fix in the context builder to remove the problematic
// character when parsing requests/Uri's.
var uri =
new Uri(
"http://demo.devdefined.com/OpenSocial/HelloWorld.aspx?oauth_nonce=c39f4e3e6c309988763eb8af85fcb74b&oauth_timestamp=1221992254&oauth_consumer_key=friendster.com&synd=friendster&container=default&opensocial_owner_id=82474146&opensocial_viewer_id=82474146&opensocial_app_id=52ae97f7aa8a7e7565dd40a4e00eb0f5&oauth_token=&xoauth_signature_publickey=http%3A%2F%2Fwww.fmodules.com%2Fpublic080813.crt&oauth_signature_method=RSA-SHA1&oauth_signature=PLOkRKwLLeJRZz18PsAVQgL5y9Rdf0AW5eicdT0xwauRe3bE2NTDFHoMsUtO6UMHEY0v9GRcKbvkgEWEGGtiGA%3D%3D&");
IOAuthContext context = new OAuthContextBuilder().FromUri("GET", uri);
var signer = new OAuthContextSigner();
var signingContext = new SigningContext {
Algorithm = FriendsterCertificate.PublicKey.Key
};
Assert.IsTrue(signer.ValidateSignature(context, signingContext));
}
void ValidateWithDevDefinedOAuth()
{
try
{
var context = new OAuthContextBuilder().FromHttpRequest(Request);
var signer = new OAuthContextSigner();
var signingContext = new SigningContext {
Algorithm = OpenSocialCertificates.FriendsterCertificate.PublicKey.Key
};
if (!signer.ValidateSignature(context, signingContext))
{
throw new OAuthException(context, OAuthProblems.SignatureInvalid, "check certificate is still valid");
}
}
catch (OAuthException authEx)
{
Response.Clear();
Response.Write(authEx.Report.ToString());
Response.End();
}
}
public void TestOAuth()
{
X509Certificate2 cert = new X509Certificate2(ConfigurationSettings.AppSettings["OAuthCert"]);
AsymmetricAlgorithm provider = cert.PublicKey.Key;
OAuthContextSigner signer = new OAuthContextSigner();
SigningContext signingContext = new SigningContext();
//signingContext.ConsumerSecret = ...; // if there is a consumer secret
signingContext.Algorithm = provider;
Uri uri = new Uri(
"http://dev-profiles.campus.net.ucsf.edu/chatter/ChatterProxyService.svc/user/5138614/unfollow/4621800?accessToken=00DZ0000000jhLQ!ARIAQAlqX_qtYj95uzEftkMIKQggfo.RoJ3KnvvakO97Xrjptfq89vTtwGFgR1jnyeNSm1CwnLSSz0N3g8.bQrX.jCpJ6Np3&oauth_body_hash=2jmj7l5rSw0yVb/vlWAYkK/YBwk=&opensocial_owner_id=4621800&opensocial_viewer_id=5138614&opensocial_app_id=http://dev-profiles.ucsf.edu/ORNG/ChatterFollow.xml&opensocial_app_url=http://dev-profiles.ucsf.edu/ORNG/ChatterFollow.xml&oauth_consumer_key=&xoauth_signature_publickey=mytestkey&xoauth_public_key=mytestkey&oauth_version=1.0&oauth_timestamp=1349466703&oauth_nonce=7533897618501371565&oauth_consumer_key=&oauth_signature_method=RSA-SHA1&oauth_signature=d0UIIXK+HwbkLD4VE59ylZ9XoBreMBqc0Kcf4v2DjzWT0AE1JtCUhDmS1Uy1P9K54tpeoQwjcu8mnWsA7PQpTRTYyU1k+ueT4M2ihoaB+CunpZz6Q3KE8MUZn4Sy0D7iNuje6WdgHZ80f9Ln8OwRPzrfHA5v0KowATRv7T2h+x0="
);
IOAuthContext context = new OAuthContextBuilder().FromUri("GET", uri);
// use context.ConsumerKey to fetch information required for signature validation for this consumer.
if (!signer.ValidateSignature(context, signingContext))
{
throw new Exception("Invalid signature : " + uri);
}
}