public void ValidateWithTrailingAmpersand_ForUri() { Uri uri = new Uri("http://demo.devdefined.com/OpenSocial/HelloWorld.aspx?oauth_nonce=c39f4e3e6c309988763eb8af85fcb74b&oauth_timestamp=1221992254&oauth_consumer_key=friendster.com&synd=friendster&container=default&opensocial_owner_id=82474146&opensocial_viewer_id=82474146&opensocial_app_id=52ae97f7aa8a7e7565dd40a4e00eb0f5&oauth_token=&xoauth_signature_publickey=http%3A%2F%2Fwww.fmodules.com%2Fpublic080813.crt&oauth_signature_method=RSA-SHA1&oauth_signature=PLOkRKwLLeJRZz18PsAVQgL5y9Rdf0AW5eicdT0xwauRe3bE2NTDFHoMsUtO6UMHEY0v9GRcKbvkgEWEGGtiGA%3D%3D&"); IOAuthContext context = new OAuthContextBuilder().FromUri("GET", uri); var signer = new OAuthContextSigner(); var signingContext = new SigningContext { Algorithm = FriendsterCertificate.PublicKey.Key }; Assert.True(signer.ValidateSignature(context, signingContext)); }
protected virtual SigningContext CreateSignatureContextForConsumer(IOAuthContext context) { var signingContext = new SigningContext {ConsumerSecret = _consumerStore.GetConsumerSecret(context)}; if (SignatureMethodRequiresCertificate(context.SignatureMethod)) { signingContext.Algorithm = _consumerStore.GetConsumerPublicKey(context); } return signingContext; }
protected virtual SigningContext CreateSignatureContextForConsumer(IOAuthContext context) { var signingContext = new SigningContext {ConsumerSecret = _consumerStore.GetConsumerSecret(context)}; if (SignatureMethodRequiresCertificate(context.SignatureMethod)) { X509Certificate2 cert = _consumerStore.GetConsumerCertificate(context); if(cert == null) { throw Error.CertificateNotAvailable(context); } signingContext.Algorithm = cert.PublicKey.Key; } return signingContext; }
public void ValidateWithTrailingAmpersand() { // As reported in issue here: http://code.google.com/p/devdefined-tools/issues/detail?id=1 // validating OAuth requests from Friendster was failing - turns out to be OpenSocial platforms // incorrectly placing a "&" on the end of their query parameters, which was tripping up // query parameters collection - there is now a fix in the context builder to remove the problematic // character when parsing requests/Uri's. var uri = new Uri( "http://demo.devdefined.com/OpenSocial/HelloWorld.aspx?oauth_nonce=c39f4e3e6c309988763eb8af85fcb74b&oauth_timestamp=1221992254&oauth_consumer_key=friendster.com&synd=friendster&container=default&opensocial_owner_id=82474146&opensocial_viewer_id=82474146&opensocial_app_id=52ae97f7aa8a7e7565dd40a4e00eb0f5&oauth_token=&xoauth_signature_publickey=http%3A%2F%2Fwww.fmodules.com%2Fpublic080813.crt&oauth_signature_method=RSA-SHA1&oauth_signature=PLOkRKwLLeJRZz18PsAVQgL5y9Rdf0AW5eicdT0xwauRe3bE2NTDFHoMsUtO6UMHEY0v9GRcKbvkgEWEGGtiGA%3D%3D&"); IOAuthContext context = new OAuthContextBuilder().FromUri("GET", uri); var signer = new OAuthContextSigner(); var signingContext = new SigningContext {Algorithm = FriendsterCertificate.PublicKey.Key}; Assert.IsTrue(signer.ValidateSignature(context, signingContext)); }
public void TestOAuth() { X509Certificate2 cert = new X509Certificate2(ConfigurationSettings.AppSettings["OAuthCert"]); AsymmetricAlgorithm provider = cert.PublicKey.Key; OAuthContextSigner signer = new OAuthContextSigner(); SigningContext signingContext = new SigningContext(); //signingContext.ConsumerSecret = ...; // if there is a consumer secret signingContext.Algorithm = provider; Uri uri = new Uri( "http://dev-profiles.campus.net.ucsf.edu/chatter/ChatterProxyService.svc/user/5138614/unfollow/4621800?accessToken=00DZ0000000jhLQ!ARIAQAlqX_qtYj95uzEftkMIKQggfo.RoJ3KnvvakO97Xrjptfq89vTtwGFgR1jnyeNSm1CwnLSSz0N3g8.bQrX.jCpJ6Np3&oauth_body_hash=2jmj7l5rSw0yVb/vlWAYkK/YBwk=&opensocial_owner_id=4621800&opensocial_viewer_id=5138614&opensocial_app_id=http://dev-profiles.ucsf.edu/ORNG/ChatterFollow.xml&opensocial_app_url=http://dev-profiles.ucsf.edu/ORNG/ChatterFollow.xml&oauth_consumer_key=&xoauth_signature_publickey=mytestkey&xoauth_public_key=mytestkey&oauth_version=1.0&oauth_timestamp=1349466703&oauth_nonce=7533897618501371565&oauth_consumer_key=&oauth_signature_method=RSA-SHA1&oauth_signature=d0UIIXK+HwbkLD4VE59ylZ9XoBreMBqc0Kcf4v2DjzWT0AE1JtCUhDmS1Uy1P9K54tpeoQwjcu8mnWsA7PQpTRTYyU1k+ueT4M2ihoaB+CunpZz6Q3KE8MUZn4Sy0D7iNuje6WdgHZ80f9Ln8OwRPzrfHA5v0KowATRv7T2h+x0=" ); IOAuthContext context = new OAuthContextBuilder().FromUri("GET", uri); // use context.ConsumerKey to fetch information required for signature validation for this consumer. if (!signer.ValidateSignature(context, signingContext)) { throw new Exception("Invalid signature : " + uri); } }
public ChatterProxyService() { WriteLogToFile("Starting ChatterProxyService"); url = ConfigurationSettings.AppSettings["SalesForceUrl"]; userName = ConfigurationSettings.AppSettings["SalesForceUserName"]; password = ConfigurationSettings.AppSettings["SalesForcePassword"]; token = ConfigurationSettings.AppSettings["SalesForceToken"]; clientId = ConfigurationSettings.AppSettings["SalesForceClientId"]; grantType = ConfigurationSettings.AppSettings["SalesForceGrantType"]; clientSecret = ConfigurationSettings.AppSettings["SalesForceClientSecret"]; cacheInterval = Int32.Parse(ConfigurationSettings.AppSettings["CacheInterval"]); cacheCapacity = Int32.Parse(ConfigurationSettings.AppSettings["cacheCapacity"]); logService = Boolean.Parse(ConfigurationSettings.AppSettings["LogService"]); signedFetch = Boolean.Parse(ConfigurationSettings.AppSettings["SignedFetch"]); ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(customXertificateValidation); profilesService = new ProfilesServices(); getChatterSoapService(); if (signedFetch) { // load default cert X509Certificate2 cert = new X509Certificate2(ConfigurationSettings.AppSettings["OAuthCert"]); provider = cert.PublicKey.Key; signer = new OAuthContextSigner(); signingContext = new SigningContext(); //signingContext.ConsumerSecret = ...; // if there is a consumer secret signingContext.Algorithm = provider; } activitiesFetcher = new Timer(GetActivities, null, 0, cacheInterval * 1000); }
private bool IsOAuthValid( string secret ) { try { var context = new OAuthContextBuilder().FromHttpRequest( Request ); IOAuthContextSigner signer = new OAuthContextSigner(); SigningContext signingContext = new SigningContext {ConsumerSecret = secret}; return signer.ValidateSignature( context, signingContext ); } catch( OAuthException ) { return false; } }
private bool IsOAuthSignatureValid() { string oauthKey = System.Configuration.ConfigurationManager.AppSettings["OauthKey"]; // Normally would use key to lookup appropriate secret for the specifc LMS string oauthSecret = System.Configuration.ConfigurationManager.AppSettings["OauthSecret"]; var context = new OAuthContextBuilder().FromHttpRequest( Request ); IOAuthContextSigner signer = new OAuthContextSigner(); SigningContext signingContext = new SigningContext {ConsumerSecret = oauthSecret}; return signer.ValidateSignature( context, signingContext ); }