Exemplo n.º 1
0
        public void generate_multiple_signature_for_root()
        {
            // generate a signature base, as per the oauth body hash spec example
            // http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html

            var context = new OAuthContext
            {
                RequestMethod   = "POST",
                RawUri          = new Uri("http://www.example.com"),
                RawContentType  = "text/plain",
                RawContent      = Encoding.UTF8.GetBytes("Hello World!"),
                ConsumerKey     = "consumer",
                SignatureMethod = "HMAC-SHA1",
                Timestamp       = "1236874236",
                Version         = "1.0",
                IncludeOAuthRequestBodyHashInSignature = true,
                Nonce = "10369470270925",
                Token = "token"
            };

            Assert.Equal(
                "POST&http%3A%2F%2Fwww.example.com&oauth_body_hash%3DLve95gjOVATpfV8EL5X4nxwjKHE%253D%26oauth_consumer_key%3Dconsumer%26oauth_nonce%3D10369470270925%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1236874236%26oauth_token%3Dtoken%26oauth_version%3D1.0",
                context.GenerateSignatureBase().ElementAt(0));

            Assert.Equal(
                "POST&http%3A%2F%2Fwww.example.com%2F&oauth_body_hash%3DLve95gjOVATpfV8EL5X4nxwjKHE%253D%26oauth_consumer_key%3Dconsumer%26oauth_nonce%3D10369470270925%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1236874236%26oauth_token%3Dtoken%26oauth_version%3D1.0",
                context.GenerateSignatureBase().ElementAt(1));
        }
Exemplo n.º 2
0
        public void SignContext(OAuthContext context, TokenBase accessToken)
        {
            EnsureStateIsValid();

            if (accessToken.ConsumerKey != ConsumerKey)
            {
                throw Error.SuppliedTokenWasNotIssuedToThisConsumer(ConsumerKey, accessToken.ConsumerKey);
            }

            var signer = new OAuthContextSigner();
            var auth   = new NonceGenerator();

            context.UseAuthorizationHeader = UseHeaderForOAuthParameters;
            context.ConsumerKey            = accessToken.ConsumerKey;
            context.Token           = accessToken.Token;
            context.TokenSecret     = accessToken.TokenSecret;
            context.SignatureMethod = SignatureMethod;
            context.Timestamp       = DateTime.Now.EpocString();
            context.Nonce           = auth.GenerateNonce();
            context.Version         = "1.0";

            string signatureBase = context.GenerateSignatureBase();

            Console.WriteLine("signature_base: {0}", signatureBase);

            signer.SignContext(context,
                               new SigningContext
            {
                Algorithm = Key, SignatureBase = signatureBase, ConsumerSecret = ConsumerSecret
            });

            Console.WriteLine("oauth_singature: {0}", context.Signature);
        }
Exemplo n.º 3
0
        public OAuthContext BuildExchangeRequestTokenForAccessTokenContext(TokenBase requestToken,
                                                                           NameValueCollection additionalQueryParameters)
        {
            EnsureStateIsValid();

            if (requestToken.ConsumerKey != ConsumerKey)
            {
                throw Error.SuppliedTokenWasNotIssuedToThisConsumer(ConsumerKey, requestToken.ConsumerKey);
            }

            var auth = new NonceGenerator();

            var          factory = new OAuthContextFactory();
            var          signer  = new OAuthContextSigner();
            OAuthContext context = factory.FromUri("GET", AccessTokenUri);

            if (additionalQueryParameters != null)
            {
                context.QueryParameters.Add(additionalQueryParameters);
            }

            context.ConsumerKey     = ConsumerKey;
            context.Token           = requestToken.Token;
            context.TokenSecret     = requestToken.TokenSecret;
            context.RequestMethod   = "GET";
            context.SignatureMethod = SignatureMethod;
            context.Timestamp       = DateTime.Now.EpocString();
            context.Nonce           = auth.GenerateNonce();
            context.Version         = "1.0";

            string signatureBase = context.GenerateSignatureBase();

            Console.WriteLine("signature_base: {0}", signatureBase);

            signer.SignContext(context,
                               new SigningContext
            {
                Algorithm = Key, SignatureBase = signatureBase, ConsumerSecret = ConsumerSecret
            });

            Console.WriteLine("oauth_singature: {0}", context.Signature);

            Uri uri = context.GenerateUri();

            Console.WriteLine("Uri: {0}", uri);

            return(context);
        }
Exemplo n.º 4
0
        public void TestSignAccessToken()
        {
            var cert = new X509Certificate2("XeroApiNet-Sample.pfx", "password");

            var consumerContext = new OAuthConsumerContext
            {
                // Partner and Private apps use RSA-SHA1 signing method
                SignatureMethod             = SignatureMethod.RsaSha1,
                UseHeaderForOAuthParameters = true,

                // Urls
                RequestTokenUri  = null,
                UserAuthorizeUri = null,
                AccessTokenUri   = XeroApiEndpoints.PublicAccessTokenUri,
                BaseEndpointUri  = XeroApiEndpoints.PublicBaseEndpointUri,

                Key            = cert.PrivateKey,
                ConsumerKey    = ConsumerKey,
                ConsumerSecret = string.Empty,
                UserAgent      = UserAgent,
            };

            var oauthContext = new OAuthContext
            {
                RequestMethod   = "POST",
                RawUri          = new Uri("https://photos.example.net/access_token"),
                ConsumerKey     = "dpf43f3p2l4k3l03",
                SignatureMethod = SignatureMethod.RsaSha1,
                Timestamp       = "1191242090",
                Token           = "hh5s93j4hdidpola",
                TokenSecret     = "hdhd0244k9j7ao03",
                Nonce           = "hsu94j3884jdopsl",
                Verifier        = "hfdp7dh39dks9884",
                Version         = "1.0"
            };

            var signatureBase = oauthContext.GenerateSignatureBase();

            consumerContext.Signer.SignContext(oauthContext,
                                               new SigningContext
            {
                Algorithm      = consumerContext.Key,
                ConsumerSecret = null,
                SignatureBase  = signatureBase
            });

            Assert.That(oauthContext.Signature, Is.EqualTo("32vGleSAIeMbgW9E0pC+PUkyZ1Y05zuEd+FZwg+w4jZzj3E1zldbrGY5SnVpypZfjixWuHMtV4mwGwptwiTZRkrLBudWqJDEddvlwuIMY1j6WkQulz/IXzbGuPNgTya/KTEhQ5IExJXCKE1LZ9bNsMXBDpyi7/ayZe9ONqoVzS8="));
        }
Exemplo n.º 5
0
        public void TestSignRequestToken()
        {
            var cert = new X509Certificate2("XeroApiNet-Sample.pfx", "password");

            var consumerContext = new OAuthConsumerContext
            {
                // Partner and Private apps use RSA-SHA1 signing method
                SignatureMethod             = SignatureMethod.RsaSha1,
                UseHeaderForOAuthParameters = true,

                // Urls
                RequestTokenUri  = null,
                UserAuthorizeUri = null,
                AccessTokenUri   = XeroApiEndpoints.PublicAccessTokenUri,
                BaseEndpointUri  = XeroApiEndpoints.PublicBaseEndpointUri,

                Key            = cert.PrivateKey,
                ConsumerKey    = ConsumerKey,
                ConsumerSecret = string.Empty,
                UserAgent      = UserAgent,
            };

            var oauthContext = new OAuthContext
            {
                RequestMethod   = "POST",
                RawUri          = new Uri("https://photos.example.net/request_token"),
                ConsumerKey     = "dpf43f3p2l4k3l03",
                SignatureMethod = SignatureMethod.RsaSha1,
                Timestamp       = "1191242090",
                Nonce           = "hsu94j3884jdopsl",
                Version         = "1.0"
            };

            var signatureBase = oauthContext.GenerateSignatureBase();

            consumerContext.Signer.SignContext(oauthContext,
                                               new SigningContext
            {
                Algorithm      = consumerContext.Key,
                ConsumerSecret = null,
                SignatureBase  = signatureBase
            });

            Assert.That(oauthContext.Signature, Is.EqualTo("aIIAFPjD0uavubFeL/Hz4LSV6NsvAbrvfnPF6OcgGfhML5ezO0+E+tofLgp1SHbLyNFM7D1p/SJN1J4MY7T3HzvM8HX+3u5Q+Ui+en0/ewHZ+3ar6BA7r3zOYqDn8rfCGSnweia3fFYmjkeS8NvKShnewUu0jUFbnG4RXw8BiEk="));
        }
Exemplo n.º 6
0
        public void generate_signature_when_token_is_url_encoded()
        {
            var context = new OAuthContext
            {
                RequestMethod   = "GET",
                RawUri          = new Uri("https://www.google.com/m8/feeds/contacts/default/base"),
                Token           = "1/2",
                ConsumerKey     = "context",
                SignatureMethod = SignatureMethod.RsaSha1
            };

            Assert.Equal(
                "GET&https%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2Fcontacts%2Fdefault%2Fbase&oauth_consumer_key%3Dcontext%26oauth_signature_method%3DRSA-SHA1%26oauth_token%3D1%252F2",
                context.GenerateSignatureBase());

            Assert.Equal(
                "https://www.google.com/m8/feeds/contacts/default/base?oauth_token=1%2F2&oauth_consumer_key=context&oauth_signature_method=RSA-SHA1",
                context.GenerateUrl());
        }
Exemplo n.º 7
0
        public void generate_signature_with_xauth()
        {
            // generate a signature base, as per the twitter example
            // http://dev.twitter.com/pages/xauth

            var context = new OAuthContext
            {
                RawUri          = new Uri("https://api.twitter.com/oauth/access_token"),
                RequestMethod   = "POST",
                ConsumerKey     = "JvyS7DO2qd6NNTsXJ4E7zA",
                SignatureMethod = "HMAC-SHA1",
                Timestamp       = "1284565601",
                Version         = "1.0",
                Nonce           = "6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo",
                XAuthMode       = "client_auth",
                XAuthUsername   = "******",
                XAuthPassword   = "******"
            };

            Assert.Equal(
                "POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token&oauth_consumer_key%3DJvyS7DO2qd6NNTsXJ4E7zA%26oauth_nonce%3D6AN2dKRzxyGhmIXUKSmp1JcB4pckM8rD3frKMTmVAo%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1284565601%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3Dtwitter-xauth%26x_auth_username%3Doauth_test_exec",
                context.GenerateSignatureBase());
        }
 public bool ValidateSignature(OAuthContext authContext, SigningContext signingContext)
 {
     signingContext.SignatureBase = authContext.GenerateSignatureBase();
     return FindImplementationForAuthContext(authContext).ValidateSignature(authContext, signingContext);
 }
 public void SignContext(OAuthContext authContext, SigningContext signingContext)
 {
     signingContext.SignatureBase = authContext.GenerateSignatureBase();
     FindImplementationForAuthContext(authContext).SignContext(authContext, signingContext);
 }
Exemplo n.º 10
0
        public void SignContext(OAuthContext context, TokenBase accessToken)
        {
            EnsureStateIsValid();

            if (accessToken.ConsumerKey != ConsumerKey)
                throw Error.SuppliedTokenWasNotIssuedToThisConsumer(ConsumerKey, accessToken.ConsumerKey);

            var signer = new OAuthContextSigner();
            var auth = new NonceGenerator();

            context.UseAuthorizationHeader = UseHeaderForOAuthParameters;
            context.ConsumerKey = accessToken.ConsumerKey;
            context.Token = accessToken.Token;
            context.TokenSecret = accessToken.TokenSecret;
            context.SignatureMethod = SignatureMethod;
            context.Timestamp = DateTime.Now.EpocString();
            context.Nonce = auth.GenerateNonce();
            context.Version = "1.0";

            string signatureBase = context.GenerateSignatureBase();

            Console.WriteLine("signature_base: {0}", signatureBase);

            signer.SignContext(context,
                               new SigningContext
                                   {Algorithm = Key, SignatureBase = signatureBase, ConsumerSecret = ConsumerSecret});

            Console.WriteLine("oauth_singature: {0}", context.Signature);
        }
        private string CreateAuthorizationHeaderInternal(HttpMethod httpMethod, string url, Dictionary <string, string> parameters,
                                                         string body)
        {
            Encoding enc = Encoding.UTF8;

            NameValueCollection authorizationHeaderParameters = new NameValueCollection();

            authorizationHeaderParameters.Add(Parameters.OAuth_Timestamp, DateTime.Now.Epoch().ToString());
            authorizationHeaderParameters.Add(Parameters.OAuth_Version, "1.0");
            authorizationHeaderParameters.Add(Parameters.OAuth_Consumer_Key, _consumerKey);
            authorizationHeaderParameters.Add(Parameters.OAuth_Signature_Method, SignatureMethod.RsaSha1);
            authorizationHeaderParameters.Add(Parameters.Realm, Realm);

            var oauthContext = new OAuthContext
            {
                AuthorizationHeaderParameters = authorizationHeaderParameters,
                RawUri        = new Uri(url),
                RequestMethod = httpMethod.Method
            };

            authorizationHeaderParameters.Add(Parameters.OAuth_Nonce, new GuidNonceGenerator().GenerateNonce(oauthContext));

            if (parameters != null && parameters.ContainsKey("CallbackUrl"))
            {
                authorizationHeaderParameters.Add(Parameters.OAuth_Callback, parameters["CallbackUrl"]);
            }
            if (parameters != null && parameters.ContainsKey("Oauth_Verifier"))
            {
                authorizationHeaderParameters.Add(Parameters.OAuth_Verifier, parameters["Oauth_Verifier"]);
            }
            if (parameters != null && parameters.ContainsKey("Token"))
            {
                authorizationHeaderParameters.Add(Parameters.OAuth_Token, parameters["Token"]);
            }

            if (body != null)
            {
                var rawContent = enc.GetBytes(body);
                oauthContext.Realm      = null;
                oauthContext.RawContent = rawContent;
                authorizationHeaderParameters.Add(Parameters.OAuth_Body_Hash, oauthContext.GenerateBodyHash());
            }

            oauthContext.AuthorizationHeaderParameters = authorizationHeaderParameters;

            var privateKey = GetCertificate(_certThumbprint).PrivateKey;
            // Set the signature base string so that it's viewable by the
            // caller upon the return of the response.
            var signatureBaseString = oauthContext.GenerateSignatureBase();
            var signer = new RsaSha1SignatureImplementation();

            signer.SignContext(oauthContext,
                               new SigningContext {
                Algorithm = privateKey, SignatureBase = signatureBaseString
            });

            authorizationHeaderParameters.Add(Parameters.OAuth_Signature, oauthContext.Signature);
            oauthContext.AuthorizationHeaderParameters = authorizationHeaderParameters;

            var authHeader = oauthContext.GenerateOAuthParametersForHeader();

            return(authHeader);
        }