private void Initialize()
{
Headers = new NameValueCollection(0);
Parameters = new WebParameterCollection();
Cookies = new WebParameterCollection(0);
PostParameters = new List<HttpPostParameter>(0);
}
public WebParameterCollection GetAllHeaders()
{
var headers = new WebParameterCollection();
var parameters = Headers.AllKeys.Select(key => new WebPair(key, Headers[key]));
foreach (var parameter in parameters)
{
headers.Add(parameter.Name, parameter.Value);
}
return headers;
}
public WebQuery GetQueryFor(string url, WebParameterCollection parameters, IWebQueryInfo info, WebMethod method, bool enableTrace)
{
return GetQueryForImpl(info, enableTrace);
}
public void Can_sort_and_normalize_parameters_excluding_signature()
{
var input = new WebParameterCollection
{
{"a", "1"},
{"f", "50"},
{"f", "25"},
{"z", "t"},
{"oauth_signature", "signature"},
{"f", "a"},
{"c", "hi there"},
{"z", "p"},
};
const string expected = "a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t";
var actual = OAuthTools.NormalizeRequestParameters(input);
Console.WriteLine(actual);
Assert.AreEqual(expected, actual);
}
private void RecalculateProtectedResourceSignature(string url)
{
if(!_recalculate)
{
_recalculate = true;
return; // <-- More efficient for unrecycled queries
}
var info = (OAuthWebQueryInfo) Info;
if(!info.ClientUsername.IsNullOrBlank() || !info.ClientPassword.IsNullOrBlank())
{
// Not a protected resource request
return;
}
if(!string.IsNullOrEmpty(info.Verifier))
{
// This is an access token request
return;
}
var oauth = new OAuthWorkflow
{
ConsumerKey = info.ConsumerKey,
ConsumerSecret = info.ConsumerSecret,
Token = info.Token,
TokenSecret = info.TokenSecret,
ClientUsername = info.ClientUsername,
ClientPassword = info.ClientPassword,
SignatureMethod = info.SignatureMethod.FromRequestValue(),
ParameterHandling = ParameterHandling,
CallbackUrl = info.Callback,
Verifier = info.Verifier
};
// [DC]: Add any non-oauth parameters back into the signature hash
var parameters = new WebParameterCollection();
var nonAuthParameters = Parameters.Where(p => !p.Name.StartsWith("oauth_"));
parameters.AddRange(nonAuthParameters);
// [DC]: Don't escape parameters again when calcing the signature
Info = oauth.BuildProtectedResourceInfo(Method, parameters, url);
// [DC]: Add any non-oauth parameters back into parameter bag
Parameters = ParseInfoParameters();
Parameters.AddRange(nonAuthParameters);
}
private byte[] PostProcessPostParameters(WebRequest request, Uri uri)
{
var body = "";
switch (ParameterHandling)
{
case OAuthParameterHandling.HttpAuthorizationHeader:
SetAuthorizationHeader(request, "Authorization");
#if SILVERLIGHT
var postParameters = new WebParameterCollection(uri.Query.ParseQueryString());
#else
var postParameters = new WebParameterCollection(uri.Query.ParseQueryString());
#endif
// Only use the POST parameters that exist in the body
postParameters = new WebParameterCollection(postParameters.Where(p => !p.Name.StartsWith("oauth_")));
// Append any leftover values to the POST body
var nonAuthParameters = GetPostParametersValue(postParameters, true /* escapeParameters */);
if (body.IsNullOrBlank())
{
body = nonAuthParameters;
}
else
{
if (!nonAuthParameters.IsNullOrBlank())
{
body += "&".Then(nonAuthParameters);
}
}
break;
case OAuthParameterHandling.UrlOrPostParameters:
body = GetPostParametersValue(Parameters, false /* escapeParameters */);
break;
}
var content = Encoding.UTF8.GetBytes(body);
return content;
}
/// <summary>
/// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an
/// <see cref="OAuthWebQuery" /> for the purpose of requesting an
/// unauthorized request token.
/// </summary>
/// <param name="method">The HTTP method for the intended request</param>
/// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param>
/// <seealso cref="http://oauth.net/core/1.0#anchor9"/>
/// <returns></returns>
public virtual OAuthWebQueryInfo BuildRequestTokenInfo(WebMethod method, WebParameterCollection parameters)
{
ValidateTokenRequestState();
if (parameters == null)
{
parameters = new WebParameterCollection();
}
var timestamp = OAuthTools.GetTimestamp();
var nonce = OAuthTools.GetNonce();
AddAuthParameters(parameters, timestamp, nonce);
var signatureBase = OAuthTools.ConcatenateRequestElements(method, RequestTokenUrl, parameters);
var signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret);
var info = new OAuthWebQueryInfo
{
WebMethod = method,
ParameterHandling = ParameterHandling,
ConsumerKey = ConsumerKey,
SignatureMethod = SignatureMethod.ToRequestValue(),
SignatureTreatment = SignatureTreatment,
Signature = signature,
Timestamp = timestamp,
Nonce = nonce,
Version = Version,
Callback = OAuthTools.UrlEncodeRelaxed(CallbackUrl ?? ""),
UserAgent = "Hammock",
TokenSecret = TokenSecret,
ConsumerSecret = ConsumerSecret
};
return info;
}
private void AddXAuthParameters(ICollection<WebPair> parameters, string timestamp, string nonce)
{
var authParameters = new WebParameterCollection
{
new WebPair("x_auth_username", ClientUsername),
new WebPair("x_auth_password", ClientPassword),
new WebPair("x_auth_mode", "client_auth"),
new WebPair("oauth_consumer_key", ConsumerKey),
new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue()),
new WebPair("oauth_timestamp", timestamp),
new WebPair("oauth_nonce", nonce),
new WebPair("oauth_version", Version ?? "1.0")
};
foreach (var authParameter in authParameters)
{
parameters.Add(authParameter);
}
}
private void AddAuthParameters(ICollection<WebPair> parameters, string timestamp, string nonce)
{
var authParameters = new WebParameterCollection
{
new WebPair("oauth_consumer_key", ConsumerKey),
new WebPair("oauth_nonce", nonce),
new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue()),
new WebPair("oauth_timestamp", timestamp),
new WebPair("oauth_version", Version ?? "1.0")
};
if (!Token.IsNullOrBlank())
{
authParameters.Add(new WebPair("oauth_token", Token));
}
if (!CallbackUrl.IsNullOrBlank())
{
authParameters.Add(new WebPair("oauth_callback", CallbackUrl));
}
if (!Verifier.IsNullOrBlank())
{
authParameters.Add(new WebPair("oauth_verifier", Verifier));
}
if(!SessionHandle.IsNullOrBlank())
{
authParameters.Add(new WebPair("oauth_session_handle", SessionHandle));
}
foreach (var authParameter in authParameters)
{
parameters.Add(authParameter);
}
}
public virtual OAuthWebQueryInfo BuildProtectedResourceInfo(WebMethod method,
WebParameterCollection parameters,
string url)
{
ValidateProtectedResourceState();
if (parameters == null)
{
parameters = new WebParameterCollection();
}
// Include url parameters in query pool
var uri = new Uri(url);
#if !SILVERLIGHT
var urlParameters = System.Compat.Web.HttpUtility.ParseQueryString(uri.Query);
#else
var urlParameters = uri.Query.ParseQueryString();
#endif
#if !SILVERLIGHT
foreach (var parameter in urlParameters.AllKeys)
#else
foreach (var parameter in urlParameters.Keys)
#endif
{
switch (method)
{
case WebMethod.Post:
parameters.Add(new HttpPostParameter(parameter, urlParameters[parameter]));
break;
default:
parameters.Add(parameter, urlParameters[parameter]);
break;
}
}
var timestamp = OAuthTools.GetTimestamp();
var nonce = OAuthTools.GetNonce();
// [DC] Make a copy of the parameters so that the signature double-encode isn't used
var copy = new WebParameterCollection();
foreach(var parameter in parameters)
{
copy.Add(new WebPair(parameter.Name, parameter.Value));
}
AddAuthParameters(copy, timestamp, nonce);
// [DC] Escape parameters at this point; do not escape again if recalculating
var signatureBase = OAuthTools.ConcatenateRequestElements(method, url, copy);
var signature = OAuthTools.GetSignature(
SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret
);
var info = new OAuthWebQueryInfo
{
WebMethod = method,
ParameterHandling = ParameterHandling,
ConsumerKey = ConsumerKey,
Token = Token,
SignatureMethod = SignatureMethod.ToRequestValue(),
SignatureTreatment = SignatureTreatment,
Signature = signature,
Timestamp = timestamp,
Nonce = nonce,
Version = Version ?? "1.0",
Callback = CallbackUrl,
UserAgent = "Hammock",
ConsumerSecret = ConsumerSecret,
TokenSecret = TokenSecret
};
return info;
}
/// <summary>
/// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an
/// <see cref="OAuthWebQuery" /> for the purpose of exchanging user credentials
/// for an access token authorized by the user at the Service Provider site.
/// </summary>
/// <param name="method">The HTTP method for the intended request</param>
/// <seealso cref="http://tools.ietf.org/html/draft-dehora-farrell-oauth-accesstoken-creds-00#section-4"/>
/// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param>
public virtual OAuthWebQueryInfo BuildClientAuthAccessTokenInfo(WebMethod method, WebParameterCollection parameters)
{
ValidateClientAuthAccessRequestState();
if (parameters == null)
{
parameters = new WebParameterCollection();
}
var uri = new Uri(AccessTokenUrl);
var timestamp = OAuthTools.GetTimestamp();
var nonce = OAuthTools.GetNonce();
AddXAuthParameters(parameters, timestamp, nonce);
var signatureBase = OAuthTools.ConcatenateRequestElements(method, uri.ToString(), parameters);
var signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret);
var info = new OAuthWebQueryInfo
{
WebMethod = method,
ParameterHandling = ParameterHandling,
ClientMode = "client_auth",
ClientUsername = ClientUsername,
ClientPassword = ClientPassword,
ConsumerKey = ConsumerKey,
SignatureMethod = SignatureMethod.ToRequestValue(),
SignatureTreatment = SignatureTreatment,
Signature = signature,
Timestamp = timestamp,
Nonce = nonce,
Version = Version,
UserAgent = "Hammock",
TokenSecret = TokenSecret,
ConsumerSecret = ConsumerSecret
};
return info;
}
public WebQuery GetQueryFor(string url, WebParameterCollection parameters, IWebQueryInfo info, WebMethod method)
{
return GetQueryForImpl(info);
}
/// <summary>
/// Creates a request elements concatentation value to send with a request.
/// This is also known as the signature base.
/// </summary>
/// <seealso cref="http://oauth.net/core/1.0#rfc.section.9.1.3"/>
/// <seealso cref="http://oauth.net/core/1.0#sig_base_example"/>
/// <param name="method">The request's HTTP method type</param>
/// <param name="url">The request URL</param>
/// <param name="parameters">The request's parameters</param>
/// <returns>A signature base string</returns>
public static string ConcatenateRequestElements(WebMethod method, string url, WebParameterCollection parameters)
{
var sb = new StringBuilder();
// Separating &'s are not URL encoded
var requestMethod = method.ToUpper().Then("&");
var requestUrl = UrlEncodeRelaxed(ConstructRequestUrl(url.AsUri())).Then("&");
var requestParameters = UrlEncodeRelaxed(NormalizeRequestParameters(parameters));
sb.Append(requestMethod);
sb.Append(requestUrl);
sb.Append(requestParameters);
return sb.ToString();
}
/// <summary>
/// Sorts a <see cref="WebParameterCollection"/> by name, and then value if equal.
/// </summary>
/// <param name="parameters">A collection of parameters to sort</param>
/// <returns>A sorted parameter collection</returns>
public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters)
{
var copy = new WebParameterCollection(parameters);
var exclusions = copy.Where(n => n.Name.EqualsIgnoreCase("oauth_signature"));
copy.RemoveAll(exclusions);
copy.ForEach(p => p.Value = UrlEncodeStrict(p.Value));
copy.Sort((x, y) => x.Name.Equals(y.Name) ? x.Value.CompareTo(y.Value) : x.Name.CompareTo(y.Name));
return copy;
}
/// <summary>
/// Sorts a collection of key-value pairs by name, and then value if equal,
/// concatenating them into a single string. This string should be encoded
/// prior to, or after normalization is run.
/// </summary>
/// <seealso cref="http://oauth.net/core/1.0#rfc.section.9.1.1"/>
/// <param name="parameters"></param>
/// <returns></returns>
public static string NormalizeRequestParameters(WebParameterCollection parameters)
{
var copy = SortParametersExcludingSignature(parameters);
var concatenated = copy.Concatenate("=", "&");
return concatenated;
}
public virtual WebQuery GetQueryFor(string url,
WebParameterCollection parameters,
IWebQueryInfo info,
WebMethod method,
bool enableTrace)
{
OAuthWebQueryInfo oauth;
var workflow = new OAuthWorkflow
{
ConsumerKey = ConsumerKey,
ConsumerSecret = ConsumerSecret,
ParameterHandling = ParameterHandling,
SignatureMethod = SignatureMethod,
SignatureTreatment = SignatureTreatment,
CallbackUrl = CallbackUrl,
ClientPassword = ClientPassword,
ClientUsername = ClientUsername,
Verifier = Verifier,
Token = Token,
TokenSecret = TokenSecret,
Version = Version ?? "1.0",
SessionHandle = SessionHandle
};
switch (Type)
{
case OAuthType.RequestToken:
workflow.RequestTokenUrl = url;
oauth = workflow.BuildRequestTokenInfo(method, parameters);
break;
case OAuthType.AccessToken:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildAccessTokenInfo(method, parameters);
break;
case OAuthType.ClientAuthentication:
method = WebMethod.Post;
workflow.AccessTokenUrl = url;
oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters);
break;
case OAuthType.ProtectedResource:
oauth = workflow.BuildProtectedResourceInfo(method, parameters, url);
oauth.FirstUse = true;
break;
default:
throw new ArgumentOutOfRangeException();
}
return new OAuthWebQuery(oauth, enableTrace);
}
