public ValueProviderResult GetValue(string key)
{
Type toUse = _query.Contains("Id=") ? typeof(DetailRequest) : typeof(PaginatedSearchRequestDto);
object value = new QueryStringConverter().ConvertStringToValue(_query, toUse);
return(new ValueProviderResult(value, null, null));
}
public FormsPostDispatchMessageFormatter(OperationDescription od, IDispatchMessageFormatter inner, QueryStringConverter queryStringConverter)
{
this.inner = inner;
this.od = od;
this.queryStringConverter = queryStringConverter;
MessageDescription request = null;
foreach (MessageDescription message in od.Messages)
{
if (message.Direction == MessageDirection.Input)
{
request = message;
break;
}
}
if (request != null && request.MessageType == null)
{
for (int i = 0; i < request.Body.Parts.Count; ++i)
{
if (request.Body.Parts[i].Type == typeof(NameValueCollection))
{
this.nvcIndex = i;
break;
}
}
}
}
public TResult GetResult <T, TResult>(T command)
where T : VimeoCommand
{
if (this.AccessToken == null)
{
throw new OAuthAuthenticateException("", "AccessToken does not set.");
}
OAuth2Client cl = this;
Dictionary <String, String> d = new Dictionary <string, string>();
var url = "https://api.vimeo.com/" + command.GetApiEndpointUrl();
var methodName = command.GetHttpMethodName();
if (command != null)
{
d = command.Map(new Dictionary <String, String>());
var keys = d.Where(el => String.IsNullOrEmpty(el.Value)).Select(el => el.Key).ToList();
foreach (var key in keys)
{
d.Remove(key);
}
}
d["access_token"] = this.AccessToken.Value;
if (methodName == HttpMethodName.Get)
{
var cv = new QueryStringConverter();
url = String.Format("{0}?{1}", url, cv.Write(d));
}
var cm = new HttpRequestCommand(url);
cm.Accept = "application/vnd.vimeo.*+json;version=3.2";
cm.MethodName = methodName;
if (methodName != HttpMethodName.Get)
{
cm.SetBodyStream(new HttpBodyFormUrlEncodedData(d));
}
var res = cl.GetResponse(cm);
if (res.StatusCode != HttpStatusCode.OK &&
res.StatusCode != HttpStatusCode.Created &&
res.StatusCode != HttpStatusCode.Accepted)
{
throw new HttpResponseException(res);
}
var json = res.BodyText;
try
{
return(JsonConvert.DeserializeObject <TResult>(json, new JsonSerializerSettings()
{
MissingMemberHandling = MissingMemberHandling.Ignore
}));
}
catch (JsonReaderException)
{
throw new HttpResponseException(res);
}
}
private static void Populate(out Dictionary <int, string> pathMapping, out Dictionary <int, KeyValuePair <string, Type> > queryMapping, out int totalNumUTVars, out UriTemplate uriTemplate,
OperationDescription operationDescription, QueryStringConverter qsc)
{
pathMapping = new Dictionary <int, string>();
queryMapping = new Dictionary <int, KeyValuePair <string, Type> >();
string utString = GetUTStringOrDefault(operationDescription);
uriTemplate = new UriTemplate(utString);
List <string> neededPathVars = new List <string>(uriTemplate.PathSegmentVariableNames);
List <string> neededQueryVars = new List <string>(uriTemplate.QueryValueVariableNames);
Dictionary <string, byte> alreadyGotVars = new Dictionary <string, byte>(StringComparer.OrdinalIgnoreCase);
totalNumUTVars = neededPathVars.Count + neededQueryVars.Count;
for (int i = 0; i < operationDescription.Messages[0].Body.Parts.Count; ++i)
{
MessagePartDescription mpd = operationDescription.Messages[0].Body.Parts[i];
string parameterName = XmlConvert.DecodeName(mpd.Name);
if (alreadyGotVars.ContainsKey(parameterName))
{
throw new InvalidOperationException();
}
List <string> neededPathCopy = new List <string>(neededPathVars);
foreach (string pathVar in neededPathCopy)
{
if (string.Compare(parameterName, pathVar, StringComparison.OrdinalIgnoreCase) == 0)
{
if (mpd.Type != typeof(string))
{
throw new InvalidOperationException();
}
pathMapping.Add(i, parameterName);
alreadyGotVars.Add(parameterName, 0);
neededPathVars.Remove(pathVar);
}
}
List <string> neededQueryCopy = new List <string>(neededQueryVars);
foreach (string queryVar in neededQueryCopy)
{
if (string.Compare(parameterName, queryVar, StringComparison.OrdinalIgnoreCase) == 0)
{
if (!qsc.CanConvert(mpd.Type))
{
throw new InvalidOperationException();
}
queryMapping.Add(i, new KeyValuePair <string, Type>(parameterName, mpd.Type));
alreadyGotVars.Add(parameterName, 0);
neededQueryVars.Remove(queryVar);
}
}
}
if (neededPathVars.Count != 0)
{
throw new InvalidOperationException();
}
if (neededQueryVars.Count != 0)
{
throw new InvalidOperationException();
}
}
public void QueryStringConverter_StartTimeWithTimeZone()
{
QueryStringConverter cv = new QueryStringConverter();
var d = cv.Parse("?StartTime=2016-06-09+10%3A58%3A14+%2B09%3A00");
Assert.AreEqual("2016-06-09 10:58:14 +09:00", d["StartTime"]);
}
public JsonClientFormatter(Uri baseUri, OperationDescription operationDescription, WebMessageBodyStyle defaultBodyStyle)
{
this.baseUri = baseUri;
this.operationDescription = operationDescription;
this.defaultBodyStyle = defaultBodyStyle;
this.queryStringConverter = new QueryStringConverter();
this.Initialize();
}
/// <summary>
/// Parses and verifies the tampering protected URI.
/// </summary>
/// <param name="protectedUri">The tampering protected URI.</param>
/// <param name="securityKey">The security key to use in the decryption of the <paramref name="token"/>.</param>
/// <param name="token">The security token to decrypt and parse for a <see cref="SecurityToken"/>.</param>
/// <param name="iv">The initialization vector (IV) to use in the decryption of the <paramref name="token"/>.</param>
/// <param name="salt">The salt used in the computation of the integrity verification of <paramref name="protectedUri"/>.</param>
/// <returns>An instance of the <see cref="SecurityToken"/> object if the <paramref name="protectedUri"/> is valid.</returns>
/// <exception cref="SecurityException">This exception is thrown when an unsucessfull parse is meet, hence values has been tampered with, <paramref name="protectedUri"/> is invalid, token has expired or one or more of the necessary parameters is missing.</exception>
public static SecurityToken ParseTamperingProtectedUri(Uri protectedUri, byte[] securityKey, string token, string iv, string salt)
{
if (protectedUri == null)
{
throw new ArgumentNullException(nameof(protectedUri));
}
NameValueCollection querystring = QueryStringConverter.FromString(protectedUri.Query);
return(ParseTamperingProtectedUri(protectedUri, securityKey, token, iv, salt, HttpUtility.UrlDecode(querystring["hash"])));
}
protected override IDispatchMessageFormatter GetRequestDispatchFormatter(OperationDescription operationDescription, ServiceEndpoint endpoint)
{
// This is the default formatter for the operation, which we may wrap with our custom formatter
IDispatchMessageFormatter formatter = base.GetRequestDispatchFormatter(operationDescription, endpoint);
// Messages[0] is the request message
int partsCount = operationDescription.Messages[0].Body.Parts.Count;
// If the message doesn't have any parts, then it can't have any body content so a form post isn't applicable
if (partsCount == 0)
{
return(formatter);
}
//For [WebInvoke] operations with body content, we want to wrap the base formatter with our HtmlFormRequestDispatchFormatter
WebInvokeAttribute webInvoke = operationDescription.Behaviors.Find <WebInvokeAttribute>();
if (webInvoke != null)
{
if (webInvoke.BodyStyle == WebMessageBodyStyle.Wrapped)
{
throw new InvalidOperationException("The FormProcessingBehavior does not support wrapped requests or responses.");
}
// We need to determine the parts of the message that are associated with the Uri and those that are associated
// with the body content of the request. To do this, we need to get the Uri template for the operation and determine
// how many parameters it has
UriTemplate uriTemplate = null;
int bodyPartsCount = partsCount;
if (!string.IsNullOrEmpty(webInvoke.UriTemplate))
{
uriTemplate = new UriTemplate(webInvoke.UriTemplate);
// The number of message parts for the request body will be the equal to the total parts for the message minus
// the total number of UriTemplate variables
bodyPartsCount = partsCount - (uriTemplate.PathSegmentVariableNames.Count + uriTemplate.QueryValueVariableNames.Count);
}
else
{
uriTemplate = new UriTemplate(string.Empty);
}
// Since we've disallowed wrapped message bodies, we can be sure that the message will only have
// 0 or 1 message parts that are associated with the body of the request.
if (bodyPartsCount == 1)
{
QueryStringConverter converter = this.GetQueryStringConverter(operationDescription);
formatter = new HtmlFormRequestDispatchFormatter(operationDescription, uriTemplate, converter, formatter);
}
}
return(formatter);
}
public WebMessageFormatter(OperationDescription operation, ServiceEndpoint endpoint, QueryStringConverter converter, WebHttpBehavior behavior)
{
this.operation = operation;
this.endpoint = endpoint;
this.converter = converter;
this.behavior = behavior;
ApplyWebAttribute();
// This is a hack for WebScriptEnablingBehavior
var jqc = converter as JsonQueryStringConverter;
if (jqc != null)
{
BodyName = jqc.CustomWrapperName;
}
}
public UriTemplateDispatchFormatter(OperationDescription operationDescription, IDispatchMessageFormatter bodyFormatter, QueryStringConverter qsc, string contractName, Uri baseAddress)
{
this.bodyFormatter = bodyFormatter;
this.qsc = qsc;
this.baseAddress = baseAddress;
this.operationName = operationDescription.Name;
Populate(
out this.pathMapping,
out this.queryMapping,
out this.totalNumUTVars,
out this.uriTemplate,
operationDescription,
qsc,
contractName);
}
public JsonValueFormatter(OperationDescription operationDescription, ServiceEndpoint endpoint, QueryStringConverter queryStringConverter, int jsonValuePosition)
{
this.operationDescription = operationDescription;
this.queryStringConverter = queryStringConverter;
this.jsonValuePosition = jsonValuePosition;
BindingElementCollection bindingElements = endpoint.Binding.CreateBindingElements();
WebMessageEncodingBindingElement webEncoding = bindingElements.Find <WebMessageEncodingBindingElement>();
this.charset = CharsetFromEncoding(webEncoding);
this.readerQuotas = new XmlDictionaryReaderQuotas();
XmlDictionaryReaderQuotas.Max.CopyTo(this.readerQuotas);
if (webEncoding != null)
{
webEncoding.ReaderQuotas.CopyTo(this.readerQuotas);
}
}
public void DeserializeRequest(Message message, object[] parameters)
{
// Classes that derive from this class will implement CanDeserializeRequestBody() to
// tell us if we should deserialize this request or allow the default inner formatter to deserailize it.
if (CanDeserializeRequestBody(message))
{
// The UriTemplateMatch instance for the request will tell us the values of the Uri variable parts
UriTemplateMatch match = message.Properties["UriTemplateMatchResults"] as UriTemplateMatch;
for (int x = 0; x < this.partsCount; x++)
{
// For each part of the message we check if the part is the message body or a Uri variable
OperationParameterKind kind = operationParameterInfo[x].Kind;
if (kind == OperationParameterKind.MessageBody)
{
// Since this part is the message body we'll let the derived class deserailize it.
// We'll provide the message body as a stream to make it easier to work with
Stream stream = message.GetBodyAsStream();
parameters[x] = DeserializeRequestBody(stream);
}
else
{
// Since this part is a Uri variable, we'll get the value for it from the UriTemplateMAtch instance
string value = match.BoundVariables[operationParameterInfo[x].Name];
if (kind == OperationParameterKind.UriQueryVariable &&
operationParameterInfo[x].CanConvert &&
value != null)
{
// Query string Uri variables should be converted to the type of the parameter from the method signature
parameters[x] = QueryStringConverter.ConvertStringToValue(value, operationParameterInfo[x].Type);;
}
else
{
// Path segment Uri variables are always provided as strings
parameters[x] = value;
}
}
}
}
else
{
this.innerFormatter.DeserializeRequest(message, parameters);
}
}
private Func <ParameterInfo, object> CreateParameterBinder(UriTemplateMatch match)
{
QueryStringConverter converter = new QueryStringConverter();
return(delegate(ParameterInfo pi)
{
string value = match.BoundVariables[pi.Name];
if (converter.CanConvert(pi.ParameterType) && value != null)
{
return converter.ConvertStringToValue(value, pi.ParameterType);
}
else
{
return value;
}
});
}
/// <summary>
/// Converts the specified <paramref name="uriLocation"/> to a tampering protected <see cref="Uri"/>.
/// </summary>
/// <param name="uriLocation">The URI to protect from tampering.</param>
/// <param name="securityKey">The security key to use for the <see cref="SecurityToken"/> encryption.</param>
/// <param name="settings">The settings to apply to the <see cref="SecurityToken"/>.</param>
/// <param name="algorithmType">The hash algorithm to use for the URI checksum computation. Default is <b><see cref="HashAlgorithmType.SHA1"/></b>.</param>
/// <param name="secureUriFormat">The naming format of the required query string parameters of the tamper protected URI. Default is <b>?token={0}&iv={1}&salt={2}</b>, where you can change the naming of the query string parameters.</param>
/// <param name="querystringParameterHashName">The name of the checksum parameter to append to the tampering protected URI. Default is <b>hash</b>.</param>
/// <returns>An URI equivalent to the <paramref name="uriLocation"/> but protected from tampering - including but not limited to - MITM attacks.</returns>
public static Uri CreateTamperingProtectedUri(string uriLocation, byte[] securityKey, SecurityTokenSettings settings, HashAlgorithmType algorithmType, string secureUriFormat, string querystringParameterHashName)
{
Validator.ThrowIfNullOrEmpty(uriLocation, nameof(uriLocation));
Validator.ThrowIfNull(securityKey, nameof(securityKey));
Validator.ThrowIfNull(settings, nameof(settings));
Validator.ThrowIfEqual(securityKey.Length, 0, nameof(securityKey));
Validator.ThrowIfNullOrEmpty(secureUriFormat, nameof(secureUriFormat));
int foundArguments;
if (!StringUtility.ParseFormat(secureUriFormat, 3, out foundArguments))
{
throw new ArgumentException("You must - in this order - specify three arguments for; 'token', 'iv' and 'salt'. This value cannot be exceeded nor the opposite. 'token', 'iv' and 'salt' is the default values.");
}
NameValueCollection formatedQuerytring = QueryStringConverter.FromString(secureUriFormat);
SecurityToken securityToken = SecurityToken.Create(settings);
byte[] iv = AdvancedEncryptionStandardUtility.GenerateInitializationVector();
byte[] encryptedSecurityToken = SecurityUtility.CreateEncryptedSecurityToken(securityToken, securityKey, iv);
string ivAsString = HttpUtility.UrlEncode(Encoding.UTF8.GetString(iv, 0, iv.Length));
string encryptedSecurityTokenAsString = HttpUtility.UrlEncode(Convert.ToBase64String(encryptedSecurityToken));
string salt = HttpUtility.UrlEncode(StringUtility.CreateRandomString(18));
int indexOfQuestionMark = uriLocation.IndexOf('?');
string uriLocationQuerystring = indexOfQuestionMark > 0 ? uriLocation.Substring(indexOfQuestionMark) : "";
uriLocation = indexOfQuestionMark > 0 ? uriLocation.Substring(0, indexOfQuestionMark) : uriLocation;
NameValueCollection querystring = QueryStringConverter.FromString(uriLocationQuerystring);
NameValueCollection secureQuerystring = QueryStringConverter.FromString(string.Format(CultureInfo.InvariantCulture, secureUriFormat, encryptedSecurityTokenAsString, ivAsString, salt));
secureQuerystring.Add(querystring);
querystring = QueryStringUtility.RemoveDublets(secureQuerystring, formatedQuerytring.AllKeys);
string secureUri = string.Format(CultureInfo.InvariantCulture, "{0}{1}", uriLocation, QueryStringConverter.FromNameValueCollection(querystring));
secureUri += string.Format(CultureInfo.InvariantCulture, "&{0}={1}", querystringParameterHashName, HashUtility.ComputeHash(secureUri + salt + securityToken.Token, o =>
{
o.AlgorithmType = algorithmType;
o.Encoding = Encoding.UTF8;
}).ToHexadecimal());
return(new Uri(secureUri));
}
/// <summary>
/// Initializes a new instance of the EVDispatchFormatter class
/// </summary>
/// <param name="od">OperationDescription object</param>
/// <param name="inner">DispatchMessageFormatter object</param>
/// <param name="queryStringConverter">QueryStringConverter object</param>
public EVDispatchFormatter(OperationDescription od, IDispatchMessageFormatter inner, QueryStringConverter queryStringConverter)
{
this.inner = inner;
this.od = od;
this.queryStringConverter = queryStringConverter;
MessageDescription request = od.Messages.FirstOrDefault(message => message.Direction == MessageDirection.Input);
if (request != null && request.MessageType == null)
{
for (int i = 0; i < request.Body.Parts.Count; ++i)
{
if (request.Body.Parts[i].Type == typeof(NameValueCollection))
{
this.nvcIndex = i;
break;
}
}
}
}
/// <summary>
/// Initiates a GET request for the given operation and return the server respose (as a task).
/// </summary>
/// <param name="result">The result object which contains information about which operation was performed.</param>
/// <param name="parameters">The parameters to the server method, or <c>null</c> if no parameters.</param>
/// <param name="queryOptions">The query options if any.</param>
/// <returns></returns>
private Task <HttpResponseMessage> GetAsync(string operationName, IDictionary <string, object> parameters, IList <ServiceQueryPart> queryOptions, CancellationToken cancellationToken)
{
int i = 0;
var uriBuilder = new StringBuilder();
uriBuilder.Append(operationName);
// Parameters
if (parameters != null && parameters.Count > 0)
{
var converter = new QueryStringConverter();
foreach (var param in parameters)
{
if (param.Value != null)
{
uriBuilder.Append(i++ == 0 ? '?' : '&');
uriBuilder.Append(Uri.EscapeDataString(param.Key));
uriBuilder.Append("=");
var value = converter.ConvertValueToString(param.Value, param.Value.GetType());
uriBuilder.Append(Uri.EscapeDataString(value));
}
}
}
// Query options
if (queryOptions != null && queryOptions.Count > 0)
{
foreach (var queryPart in queryOptions)
{
uriBuilder.Append(i++ == 0 ? "?$" : "&$");
uriBuilder.Append(queryPart.QueryOperator);
uriBuilder.Append("=");
uriBuilder.Append(Uri.EscapeDataString(queryPart.Expression));
}
}
// TODO: Switch to POST if uri becomes to long, we can do so by returning nul ...l
var uri = uriBuilder.ToString();
return(HttpClient.GetAsync(uri, cancellationToken));
}
public MultiDispatchFormatter(OperationDescription operation, QueryStringConverter q, ServiceEndpoint e, bool isRequest)
{
this.operation = operation;
if (isRequest)
{
int operationParameterCount = operation.Messages[0].Body.Parts.Count;
if (operationParameterCount > 1)
{
this.parameterNames = new Dictionary <string, int>();
for (int i = 0; i < operationParameterCount; i++)
{
this.parameterNames.Add(operation.Messages[0].Body.Parts[i].Name, i);
}
}
}
ep = e;
qsc = q;
this.baseAddress = ep.Address.Uri;
Populate(out this.pathMapping, out this.queryMapping, out this.totalNumUTVars, out this.uriTemplate, operation, qsc);
}
static void Main(string[] args)
{
// <Snippet0>
// <Snippet1>
QueryStringConverter converter = new QueryStringConverter();
// </Snippet1>
// <Snippet2>
if (converter.CanConvert(typeof(Int32)))
{
converter.ConvertStringToValue("123", typeof(Int32));
}
// </Snippet2>
// <Snippet3>
int value = 321;
string strValue = converter.ConvertValueToString(value, typeof(Int32));
Console.WriteLine("the value = {0}, the string representation of the value = {1}", value, strValue);
// </Snippet3>
// </Snippet0>
}
private String CallApi(VimeoApiEndpointInfo apiInfo, Dictionary <String, String> parameters)
{
var cl = new HttpClient();
var methodName = apiInfo.HttpMethodName.ToEnum <HttpMethodName>().Value;
var qs = new QueryStringConverter();
var url = String.Format("https://api.vimeo.com/{0}?{1}", apiInfo.ApiPath, qs.Write(parameters));
foreach (var key in _IDParameterValues.Keys)
{
url = url.Replace("{" + key + "}", _IDParameterValues[key]);
}
var cm = new HttpRequestCommand(url);
cm.MethodName = methodName;
if (cm.MethodName != HttpMethodName.Get)
{
cm.SetBodyStream(new HttpBodyFormUrlEncodedData(parameters));
}
var json = cl.GetBodyText(cm);
return(json);
}
public MyConverter(QueryStringConverter inner)
{
this.inner = inner;
}
public CustomQueryStringConverter(QueryStringConverter originalConverter)
{
this.originalConverter = originalConverter;
}
public HtmlFormRequestDispatchFormatter(OperationDescription operation, UriTemplate uriTemplate, QueryStringConverter converter, IDispatchMessageFormatter innerFormatter) :
base(operation, uriTemplate, converter, innerFormatter)
{
// This formatter will only support deserializing form post data to a type if:
// (1) The type can be converted via the QueryStringConverter or...
// (2) The type meets the following requirements:
// (A) The type is decorated with the DataContractAttribute
// (B) Every public field or property that is decorated with the DataMemberAttribute is of a type that
// can be converted by the QueryStringConverter
this.canConvertBodyType = this.QueryStringConverter.CanConvert(this.BodyParameterType);
if (!this.canConvertBodyType)
{
if (this.BodyParameterType.GetCustomAttributes(typeof(DataContractAttribute), false).Length == 0)
{
throw new NotSupportedException(
string.Format("Body parameter '{0}' from operation '{1}' is of type '{2}', which is not decorated with a DataContractAttribute. " +
"Only body parameter types decorated with the DataContractAttribute are supported.",
this.BodyParameterName,
operation.Name,
this.BodyParameterType));
}
// For the body type, we'll need to cache information about each of the public fields/properties
// that is decorated with the DataMemberAttribute; we'll store this info in the bodyMembers dictionary
// where the member name is the dictionary key
bodyMembers = new Dictionary <string, BodyMemberData>();
GetBobyMemberDataForFields(operation.Name);
GetBodyMemberDataForProperties(operation.Name);
requiredBodyMembers = bodyMembers.Where(p => p.Value.IsRequired == true).Select(p => p.Key).ToArray();
}
}
protected RequestBodyDispatchFormatter(OperationDescription operation, UriTemplate uriTemplate, QueryStringConverter converter, IDispatchMessageFormatter innerFormatter)
{
// The inner formatter is the default formatter that WCF normally uses. When the request can't be deserialized
// by our custom formatter, we'll use the default formatter.
this.innerFormatter = innerFormatter;
// We'll use the query string converter for both Uri query string parameters and the values of the
// form post data
this.QueryStringConverter = converter;
// Messages[0] is the request message
MessagePartDescriptionCollection parts = operation.Messages[0].Body.Parts;
// This partsCount includes the Uri parts (both path segment variables and query string variables)
// 1 body content part
partsCount = parts.Count;
ReadOnlyCollection <string> uriPathVariables = uriTemplate.PathSegmentVariableNames;
ReadOnlyCollection <string> uriQueryVariables = uriTemplate.QueryValueVariableNames;
// For each part of the message, we need to capture it's name, type, and whether it is
// a Uri path segment variable, a Uri query string variable or the body content
operationParameterInfo = new OperationParameterInfo[partsCount];
for (int x = 0; x < partsCount; x++)
{
string name = parts[x].Name;
Type type = parts[x].Type;
// We'll assume this part is the message body, but then check if there are
// uri variables that match the name
OperationParameterKind kind = OperationParameterKind.MessageBody;
bool canConvert = false;
CaseInsensitiveEqualityComparer <string> comparer = new CaseInsensitiveEqualityComparer <string>();
if (uriPathVariables.Contains(name, comparer))
{
kind = OperationParameterKind.UriPathVariable;
}
else if (uriQueryVariables.Contains(name, comparer))
{
canConvert = converter.CanConvert(type);
kind = OperationParameterKind.UriQueryVariable;
}
else
{
// If we reached here, then this part really is the message body part.
// We'll store the name and type in the class properties so that derived
// types have access to this information
this.BodyParameterName = name;
this.BodyParameterType = type;
}
operationParameterInfo[x] = new OperationParameterInfo(kind, type, name, canConvert);
}
}
protected WebDispatchMessageFormatter(OperationDescription operation, ServiceEndpoint endpoint, QueryStringConverter converter, WebHttpBehavior behavior)
: base(operation, endpoint, converter, behavior)
{
}
/// <summary>
/// Parses and verifies the tampering protected URI.
/// </summary>
/// <param name="protectedUri">The tampering protected URI.</param>
/// <param name="securityKey">The security key to use in the decryption of the <paramref name="token"/>.</param>
/// <param name="token">The security token to decrypt and parse for a <see cref="SecurityToken"/>.</param>
/// <param name="iv">The initialization vector (IV) to use in the decryption of the <paramref name="token"/>.</param>
/// <param name="salt">The salt used in the computation of the integrity verification of <paramref name="protectedUri"/>.</param>
/// <param name="hash">The checksum to verify the integrity of <paramref name="protectedUri"/>.</param>
/// <param name="algorithmType">The hash algorithm to use for the <paramref name="protectedUri"/> checksum computation. Default is <b><see cref="HashAlgorithmType.SHA1"/></b>.</param>
/// <param name="querystringParameterHashName">The name of the checksum parameter to remove from the <paramref name="protectedUri"/> before integrity verification. Default is <b>hash</b>.</param>
/// <returns>An instance of the <see cref="SecurityToken"/> object if the <paramref name="protectedUri"/> is valid.</returns>
/// <exception cref="SecurityException">This exception is thrown when an unsucessfull parse is meet, hence values has been tampered with, <paramref name="protectedUri"/> is invalid, token has expired or one or more of the necessary parameters is missing.</exception>
public static SecurityToken ParseTamperingProtectedUri(Uri protectedUri, byte[] securityKey, string token, string iv, string salt, string hash, HashAlgorithmType algorithmType, string querystringParameterHashName)
{
if (protectedUri == null)
{
throw new ArgumentNullException(nameof(protectedUri));
}
if (string.IsNullOrEmpty(hash))
{
throw new SecurityException("Security checksum was not specified.");
}
if (string.IsNullOrEmpty(salt))
{
throw new SecurityException("Security salt was not specified.");
}
if (string.IsNullOrEmpty(token))
{
throw new SecurityException("Security token was not specified.");
}
if (string.IsNullOrEmpty(iv))
{
throw new SecurityException("Security initialization vector was not specified.");
}
if (querystringParameterHashName == null)
{
throw new ArgumentNullException(nameof(querystringParameterHashName));
}
if (querystringParameterHashName.Length == 0)
{
throw new ArgumentException("Value cannot be empty.", nameof(querystringParameterHashName));
}
SecurityToken securityToken;
try
{
securityToken = SecurityUtility.ParseEncryptedSecurityToken(Convert.FromBase64String(token), securityKey, Encoding.UTF8.GetBytes(iv));
string originalUriString = string.Format(CultureInfo.InvariantCulture, protectedUri.IsDefaultPort ? "{0}{1}{2}{4}" : "{0}{1}{2}:{3}{4}",
protectedUri.Scheme,
"://",
protectedUri.Host,
protectedUri.Port,
protectedUri.PathAndQuery);
string querystring = QueryStringConverter.FromNameValueCollection(QueryStringUtility.Remove(protectedUri.Query, querystringParameterHashName));
Uri originalUriWithRemovedChecksum = new Uri(originalUriString);
string urlToCompute = string.Format(CultureInfo.InvariantCulture, "{0}{1}", new Uri(originalUriWithRemovedChecksum, originalUriWithRemovedChecksum.AbsolutePath), querystring);
string computedChecksum = HashUtility.ComputeHash(urlToCompute + salt + securityToken.Token, o =>
{
o.AlgorithmType = algorithmType;
o.Encoding = Encoding.UTF8;
}).ToHexadecimal();
if (!string.Equals(hash, computedChecksum))
{
throw new SecurityException("Security checksum is invalid.");
}
if (securityToken.HasExpired)
{
throw new SecurityException("Security token is expired.");
}
}
catch (SecurityException)
{
throw;
}
catch (Exception ex)
{
throw new SecurityException("Invalid protected URI specified.", ex);
}
return(securityToken);
}
public ParameterDataProviderFromQueryString()
{
this.QueryStringConverter = new QueryStringConverter();
}
public ReplyDispatchFormatter(OperationDescription operation, ServiceEndpoint endpoint, QueryStringConverter converter, WebHttpBehavior behavior)
: base(operation, endpoint, converter, behavior)
{
}
public void Setup()
{
c = new QueryStringConverter();
}
private void CheckNoUnmappedParameters(OperationDescription operationDescription, int jsonValuePosition)
{
string uriTemplate = null;
WebInvokeAttribute wia = operationDescription.Behaviors.Find <WebInvokeAttribute>();
MessagePartDescriptionCollection inputBodyParts = operationDescription.Messages[0].Body.Parts;
if (wia != null)
{
uriTemplate = wia.UriTemplate;
}
// if uriTemplate == null, no parameters are bound to the template; JsonValue must be the only parameter in the operation
if (uriTemplate != null)
{
UriTemplate template = new UriTemplate(uriTemplate);
Dictionary <string, Type> operationParameters = new Dictionary <string, Type>(StringComparer.OrdinalIgnoreCase);
Dictionary <string, bool> mappedOperationParameters = new Dictionary <string, bool>(StringComparer.OrdinalIgnoreCase);
for (int i = 0; i < inputBodyParts.Count; i++)
{
if (i != jsonValuePosition)
{
operationParameters.Add(inputBodyParts[i].Name, inputBodyParts[i].Type);
mappedOperationParameters[inputBodyParts[i].Name] = false;
}
}
foreach (string pathVar in template.PathSegmentVariableNames)
{
if (operationParameters.ContainsKey(pathVar))
{
mappedOperationParameters[pathVar] = true;
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new InvalidOperationException(
DiagnosticUtility.GetString(
SR.UriTemplateParameterNotInOperation,
operationDescription.Name,
operationDescription.DeclaringContract.Name,
pathVar)));
}
}
QueryStringConverter qsc = this.GetQueryStringConverter(operationDescription);
foreach (string queryVar in template.QueryValueVariableNames)
{
if (operationParameters.ContainsKey(queryVar))
{
mappedOperationParameters[queryVar] = true;
if (!qsc.CanConvert(operationParameters[queryVar]))
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new InvalidOperationException(
DiagnosticUtility.GetString(
SR.QueryVariableCannotBeConverted,
operationDescription.Name,
operationDescription.DeclaringContract.Name,
queryVar,
operationParameters[queryVar].FullName,
qsc.GetType().Name)));
}
}
else
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new InvalidOperationException(
DiagnosticUtility.GetString(
SR.UriTemplateParameterNotInOperation,
operationDescription.Name,
operationDescription.DeclaringContract.Name,
queryVar)));
}
}
foreach (string paramName in mappedOperationParameters.Keys)
{
if (!mappedOperationParameters[paramName])
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(
new InvalidOperationException(
DiagnosticUtility.GetString(
SR.ParameterUnmappedInUriTemplate,
operationDescription.Name,
operationDescription.DeclaringContract.Name)));
}
}
}
}
public MyFormUrlEncodedAwareFormatter(OperationDescription operation, IDispatchMessageFormatter originalFormatter, QueryStringConverter queryStringConverter)
{
this.operation = operation;
this.originalFormatter = originalFormatter;
this.queryStringConverter = queryStringConverter;
}
