Exemplo n.º 1
0
        /**
         * Add some of the parameters needed to request access to a protected
         * resource, if they aren't already in the message.
         *
         * @throws IOException
         * @throws URISyntaxException
         */
        public void addRequiredParameters(OAuthAccessor accessor)
        {
            Dictionary <string, string> pMap = OAuth.newMap(parameters);

            if (!pMap.ContainsKey(OAuth.OAUTH_TOKEN) && accessor.accessToken != null)
            {
                addParameter(OAuth.OAUTH_TOKEN, accessor.accessToken);
            }
            OAuthConsumer consumer = accessor.consumer;

            if (!pMap.ContainsKey(OAuth.OAUTH_CONSUMER_KEY))
            {
                addParameter(OAuth.OAUTH_CONSUMER_KEY, consumer.consumerKey);
            }
            string signatureMethod;

            if (!pMap.TryGetValue(OAuth.OAUTH_SIGNATURE_METHOD, out signatureMethod))
            {
                signatureMethod = (string)consumer.getProperty(OAuth.OAUTH_SIGNATURE_METHOD) ?? OAuth.HMAC_SHA1;
                addParameter(OAuth.OAUTH_SIGNATURE_METHOD, signatureMethod);
            }
            if (!pMap.ContainsKey(OAuth.OAUTH_TIMESTAMP))
            {
                addParameter(OAuth.OAUTH_TIMESTAMP, UnixTime.ToInt64(DateTime.UtcNow).ToString());
            }
            if (!pMap.ContainsKey(OAuth.OAUTH_NONCE))
            {
                addParameter(OAuth.OAUTH_NONCE, Crypto.getRandomString(OAuth.OAUTH_NONCE_LENGTH));
            }

            sign(accessor);
        }
        private static bool hasValidSignature(OAuthMessage message, String appUrl, String appId)
        {
            String sharedSecret = sampleContainerSharedSecrets[appId];
            if (sharedSecret == null)
            {
                return false;
            }

            OAuthServiceProvider provider = new OAuthServiceProvider(null, null, null);
            OAuthConsumer consumer = new OAuthConsumer(null, appUrl, sharedSecret, provider);
            OAuthAccessor accessor = new OAuthAccessor(consumer);

            SimpleOAuthValidator validator = new SimpleOAuthValidator();
            try
            {
                validator.validateMessage(message, accessor);
            }
            catch (OAuthException)
            {
                return false;
            }
            catch (IOException)
            {
                return false;
            }
            catch (UriFormatException)
            {
                return false;
            }

            return true;
        }
Exemplo n.º 3
0
 public AccessorInfo(OAuthAccessor accessor, OAuthStore.ConsumerInfo consumer, HttpMethod httpMethod,
                     OAuthParamLocation? paramLocation, String sessionHandle, long tokenExpireMillis)
 {
     this.accessor = accessor;
     this.consumer = consumer;
     this.httpMethod = httpMethod;
     this.paramLocation = paramLocation;
     this.sessionHandle = sessionHandle;
     this.tokenExpireMillis = tokenExpireMillis;
 }
Exemplo n.º 4
0
        public AccessorInfo create(OAuthResponseParams responseParams)
        {
            if (location == null)
            {
                throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM, "no location");
            }
            if (consumer == null)
            {
                throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM, "no consumer");
            }

            OAuthAccessor accessor = new OAuthAccessor(consumer.getConsumer());

            // request token/access token/token secret can all be null, for signed fetch, or if the OAuth
            // dance is just beginning
            accessor.requestToken = requestToken;
            accessor.accessToken = accessToken;
            accessor.TokenSecret = tokenSecret;
            return new AccessorInfo(accessor, consumer, method, location, sessionHandle, tokenExpireMillis);
        }
Exemplo n.º 5
0
  /**
   * Validates the passed request by reconstructing the original URL and
   * parameters and generating a signature following the OAuth HMAC-SHA1
   * specification and using the passed secret key.
   * 
   * @param  request Servlet request containing required information for
   *         reconstructing the signature such as the request's URL
   *         components and parameters
   * @param  consumerSecret Secret key shared between application owner and
   *         container. Used by containers when issuing signed makeRequests
   *         and by client applications to verify the source of these
   *         requests and the authenticity of its parameters.
   * @return {@code true} if the signature generated in this function matches
   *         the signature in the passed request, {@code false} otherwise
   * @throws IOException
   * @throws URISyntaxException
   */
  public static bool verifyHmacSignature(
      HttpWebRequest request, String consumerSecret)
    {

    String method = request.Method;
    String requestUrl = getRequestUrl(request);
    List<OAuth.Parameter> requestParameters = getRequestParameters(request);

    OAuthMessage message =
        new OAuthMessage(method, requestUrl, requestParameters);

    OAuthConsumer consumer =
        new OAuthConsumer(null, null, consumerSecret, null);
    OAuthAccessor accessor = new OAuthAccessor(consumer);

    try {
      message.validateMessage(accessor, new SimpleOAuthValidator());
    } catch (OAuthException e) {
      return false;
    }

    return true;
  }
Exemplo n.º 6
0
 protected void validateSignature(OAuthMessage message, OAuthAccessor accessor)
 {
     message.requireParameters(new[]{OAuth.OAUTH_CONSUMER_KEY,
                                     OAuth.OAUTH_SIGNATURE_METHOD, OAuth.OAUTH_SIGNATURE});
     OAuthSignatureMethod.newSigner(message, accessor).validate(message);
 }
Exemplo n.º 7
0
 /** {@inherit} 
  * @throws URISyntaxException */
 public void validateMessage(OAuthMessage message, OAuthAccessor accessor)
 {
     validateVersion(message);
     validateTimestampAndNonce(message);
     validateSignature(message, accessor);
 }
Exemplo n.º 8
0
  /**
   * Signs the URL associated with the passed request object using the passed
   * consumer key and secret in accordance with the OAuth specification and
   * appends signature and other required parameters to the URL as query
   * string parameters.
   * 
   * @param  request OpenSocialHttpRequest object which contains both the URL
   *         to sign as well as the POST body which must be included as a
   *         parameter when signing POST requests
   * @param  consumerKey Application key assigned and used by containers to
   *         uniquely identify applications
   * @param  consumerSecret Secret key shared between application owner and
   *         container. Used to generate the signature which is attached to
   *         the request so containers can verify the authenticity of the
   *         requests made by the client application.
   * @throws OAuthException
   * @throws IOException
   * @throws URISyntaxException
   */
  public static void signRequest(
      OpenSocialHttpRequest request, String consumerKey, String consumerSecret)
    {

    String postBody = request.getPostBody();
    String requestMethod = request.getMethod();
    OpenSocialUrl requestUrl = request.getUrl();

    if (!String.IsNullOrEmpty(consumerKey) && !String.IsNullOrEmpty(consumerSecret))
    {
      OAuthMessage message =
          new OAuthMessage(requestMethod, requestUrl.ToString(), null);

      if (!String.IsNullOrEmpty(postBody))
      {
        message.addParameter(postBody, "");        
      }

      OAuthConsumer consumer =
          new OAuthConsumer(null, consumerKey, consumerSecret, null);
      consumer.setProperty(OAuth.OAUTH_SIGNATURE_METHOD, OAuth.HMAC_SHA1);

      OAuthAccessor accessor = new OAuthAccessor(consumer);
      accessor.accessToken = "";      

      message.addRequiredParameters(accessor);

      foreach(var p in message.getParameters()) {
        if (!p.Key.Equals(postBody)) {
          requestUrl.addQueryStringParameter(
              OAuth.percentEncode(new List<string> { p.Key }),
              OAuth.percentEncode(new List<string> {p.Value}));          
        }
      }
    }
  }
Exemplo n.º 9
0
 /**
  * Check that the message has a valid signature.
  *
  * @throws IOException
  * @throws URISyntaxException
  *
  * @throws OAuthProblemException
  *                 the signature is invalid
  * @deprecated use {@link OAuthMessage#validateMessage} instead.
  */
 public void validateSignature(OAuthAccessor accessor)
 {
     OAuthSignatureMethod.newSigner(this, accessor).validate(this);
 }
Exemplo n.º 10
0
 /**
  * Check that the message is valid.
  *
  * @throws IOException
  * @throws URISyntaxException
  *
  * @throws OAuthProblemException
  *                 the message is invalid
  */
 public void validateMessage(OAuthAccessor accessor, OAuthValidator validator)
 {
     validator.validateMessage(this, accessor);
 }
Exemplo n.º 11
0
 /**
  * Add a signature to the message.
  *
  * @throws URISyntaxException
  */
 public void sign(OAuthAccessor accessor)
 {
     OAuthSignatureMethod.newSigner(this, accessor).sign(this);
 }
Exemplo n.º 12
0
 /** {@inherit}
  * @throws URISyntaxException */
 public void validateMessage(OAuthMessage message, OAuthAccessor accessor)
 {
     validateVersion(message);
     validateTimestampAndNonce(message);
     validateSignature(message, accessor);
 }
Exemplo n.º 13
0
 /**
  * Check that the message has a valid signature.
  * 
  * @throws IOException
  * @throws URISyntaxException
  * 
  * @throws OAuthProblemException
  *                 the signature is invalid
  * @deprecated use {@link OAuthMessage#validateMessage} instead.
  */
 public void validateSignature(OAuthAccessor accessor)
 {
     OAuthSignatureMethod.newSigner(this, accessor).validate(this);
 }
Exemplo n.º 14
0
 /**
  * Check that the message is valid.
  * 
  * @throws IOException
  * @throws URISyntaxException
  * 
  * @throws OAuthProblemException
  *                 the message is invalid
  */
 public void validateMessage(OAuthAccessor accessor, OAuthValidator validator)
 {
     validator.validateMessage(this, accessor);
 }
Exemplo n.º 15
0
 /**
  * Add a signature to the message.
  * 
  * @throws URISyntaxException
  */
 public void sign(OAuthAccessor accessor)
 {
     OAuthSignatureMethod.newSigner(this, accessor).sign(this);
 }
Exemplo n.º 16
0
 /**
  * Add some of the parameters needed to request access to a protected
  * resource, if they aren't already in the message.
  * 
  * @throws IOException
  * @throws URISyntaxException
  */
 public void addRequiredParameters(OAuthAccessor accessor)
 {
     Dictionary<string, string> pMap = OAuth.newMap(parameters);
     if (!pMap.ContainsKey(OAuth.OAUTH_TOKEN) && accessor.accessToken != null)
     {
         addParameter(OAuth.OAUTH_TOKEN, accessor.accessToken);
     }
     OAuthConsumer consumer = accessor.consumer;
     if (!pMap.ContainsKey(OAuth.OAUTH_CONSUMER_KEY))
     {
         addParameter(OAuth.OAUTH_CONSUMER_KEY, consumer.consumerKey);
     }
     string signatureMethod;
     if (!pMap.TryGetValue(OAuth.OAUTH_SIGNATURE_METHOD, out signatureMethod))
     {
         signatureMethod = (string)consumer.getProperty(OAuth.OAUTH_SIGNATURE_METHOD) ?? OAuth.HMAC_SHA1;
         addParameter(OAuth.OAUTH_SIGNATURE_METHOD, signatureMethod);
     }
     if (!pMap.ContainsKey(OAuth.OAUTH_TIMESTAMP))
     {
         addParameter(OAuth.OAUTH_TIMESTAMP, UnixTime.ToInt64(DateTime.UtcNow).ToString());
     }
     if (!pMap.ContainsKey(OAuth.OAUTH_NONCE))
     {
         addParameter(OAuth.OAUTH_NONCE, Crypto.getRandomString(OAuth.OAUTH_NONCE_LENGTH));
     }
     
     sign(accessor);
 }
Exemplo n.º 17
0
 public static OAuthMessage newRequestMessage(OAuthAccessor accessor, String method, String url,
                 List<OAuth.Parameter> parameters)
 {
     return accessor.newRequestMessage(method, url, parameters);
 }
Exemplo n.º 18
0
 protected void validateSignature(OAuthMessage message, OAuthAccessor accessor)
 {
     message.requireParameters(new[] { OAuth.OAUTH_CONSUMER_KEY,
                                       OAuth.OAUTH_SIGNATURE_METHOD, OAuth.OAUTH_SIGNATURE });
     OAuthSignatureMethod.newSigner(message, accessor).validate(message);
 }