private void Initialize() { Headers = new NameValueCollection(0); Parameters = new WebParameterCollection(); Cookies = new WebParameterCollection(0); PostParameters = new List<HttpPostParameter>(0); }
public WebParameterCollection GetAllHeaders() { var headers = new WebParameterCollection(); var parameters = Headers.AllKeys.Select(key => new WebPair(key, Headers[key])); foreach (var parameter in parameters) { headers.Add(parameter.Name, parameter.Value); } return headers; }
public WebQuery GetQueryFor(string url, WebParameterCollection parameters, IWebQueryInfo info, WebMethod method, bool enableTrace) { return GetQueryForImpl(info, enableTrace); }
public void Can_sort_and_normalize_parameters_excluding_signature() { var input = new WebParameterCollection { {"a", "1"}, {"f", "50"}, {"f", "25"}, {"z", "t"}, {"oauth_signature", "signature"}, {"f", "a"}, {"c", "hi there"}, {"z", "p"}, }; const string expected = "a=1&c=hi%20there&f=25&f=50&f=a&z=p&z=t"; var actual = OAuthTools.NormalizeRequestParameters(input); Console.WriteLine(actual); Assert.AreEqual(expected, actual); }
private void RecalculateProtectedResourceSignature(string url) { if(!_recalculate) { _recalculate = true; return; // <-- More efficient for unrecycled queries } var info = (OAuthWebQueryInfo) Info; if(!info.ClientUsername.IsNullOrBlank() || !info.ClientPassword.IsNullOrBlank()) { // Not a protected resource request return; } if(!string.IsNullOrEmpty(info.Verifier)) { // This is an access token request return; } var oauth = new OAuthWorkflow { ConsumerKey = info.ConsumerKey, ConsumerSecret = info.ConsumerSecret, Token = info.Token, TokenSecret = info.TokenSecret, ClientUsername = info.ClientUsername, ClientPassword = info.ClientPassword, SignatureMethod = info.SignatureMethod.FromRequestValue(), ParameterHandling = ParameterHandling, CallbackUrl = info.Callback, Verifier = info.Verifier }; // [DC]: Add any non-oauth parameters back into the signature hash var parameters = new WebParameterCollection(); var nonAuthParameters = Parameters.Where(p => !p.Name.StartsWith("oauth_")); parameters.AddRange(nonAuthParameters); // [DC]: Don't escape parameters again when calcing the signature Info = oauth.BuildProtectedResourceInfo(Method, parameters, url); // [DC]: Add any non-oauth parameters back into parameter bag Parameters = ParseInfoParameters(); Parameters.AddRange(nonAuthParameters); }
private byte[] PostProcessPostParameters(WebRequest request, Uri uri) { var body = ""; switch (ParameterHandling) { case OAuthParameterHandling.HttpAuthorizationHeader: SetAuthorizationHeader(request, "Authorization"); #if SILVERLIGHT var postParameters = new WebParameterCollection(uri.Query.ParseQueryString()); #else var postParameters = new WebParameterCollection(uri.Query.ParseQueryString()); #endif // Only use the POST parameters that exist in the body postParameters = new WebParameterCollection(postParameters.Where(p => !p.Name.StartsWith("oauth_"))); // Append any leftover values to the POST body var nonAuthParameters = GetPostParametersValue(postParameters, true /* escapeParameters */); if (body.IsNullOrBlank()) { body = nonAuthParameters; } else { if (!nonAuthParameters.IsNullOrBlank()) { body += "&".Then(nonAuthParameters); } } break; case OAuthParameterHandling.UrlOrPostParameters: body = GetPostParametersValue(Parameters, false /* escapeParameters */); break; } var content = Encoding.UTF8.GetBytes(body); return content; }
/// <summary> /// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an /// <see cref="OAuthWebQuery" /> for the purpose of requesting an /// unauthorized request token. /// </summary> /// <param name="method">The HTTP method for the intended request</param> /// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param> /// <seealso cref="http://oauth.net/core/1.0#anchor9"/> /// <returns></returns> public virtual OAuthWebQueryInfo BuildRequestTokenInfo(WebMethod method, WebParameterCollection parameters) { ValidateTokenRequestState(); if (parameters == null) { parameters = new WebParameterCollection(); } var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); AddAuthParameters(parameters, timestamp, nonce); var signatureBase = OAuthTools.ConcatenateRequestElements(method, RequestTokenUrl, parameters); var signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret); var info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = ParameterHandling, ConsumerKey = ConsumerKey, SignatureMethod = SignatureMethod.ToRequestValue(), SignatureTreatment = SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = Version, Callback = OAuthTools.UrlEncodeRelaxed(CallbackUrl ?? ""), UserAgent = "Hammock", TokenSecret = TokenSecret, ConsumerSecret = ConsumerSecret }; return info; }
private void AddXAuthParameters(ICollection<WebPair> parameters, string timestamp, string nonce) { var authParameters = new WebParameterCollection { new WebPair("x_auth_username", ClientUsername), new WebPair("x_auth_password", ClientPassword), new WebPair("x_auth_mode", "client_auth"), new WebPair("oauth_consumer_key", ConsumerKey), new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue()), new WebPair("oauth_timestamp", timestamp), new WebPair("oauth_nonce", nonce), new WebPair("oauth_version", Version ?? "1.0") }; foreach (var authParameter in authParameters) { parameters.Add(authParameter); } }
private void AddAuthParameters(ICollection<WebPair> parameters, string timestamp, string nonce) { var authParameters = new WebParameterCollection { new WebPair("oauth_consumer_key", ConsumerKey), new WebPair("oauth_nonce", nonce), new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue()), new WebPair("oauth_timestamp", timestamp), new WebPair("oauth_version", Version ?? "1.0") }; if (!Token.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_token", Token)); } if (!CallbackUrl.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_callback", CallbackUrl)); } if (!Verifier.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_verifier", Verifier)); } if(!SessionHandle.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_session_handle", SessionHandle)); } foreach (var authParameter in authParameters) { parameters.Add(authParameter); } }
public virtual OAuthWebQueryInfo BuildProtectedResourceInfo(WebMethod method, WebParameterCollection parameters, string url) { ValidateProtectedResourceState(); if (parameters == null) { parameters = new WebParameterCollection(); } // Include url parameters in query pool var uri = new Uri(url); #if !SILVERLIGHT var urlParameters = System.Compat.Web.HttpUtility.ParseQueryString(uri.Query); #else var urlParameters = uri.Query.ParseQueryString(); #endif #if !SILVERLIGHT foreach (var parameter in urlParameters.AllKeys) #else foreach (var parameter in urlParameters.Keys) #endif { switch (method) { case WebMethod.Post: parameters.Add(new HttpPostParameter(parameter, urlParameters[parameter])); break; default: parameters.Add(parameter, urlParameters[parameter]); break; } } var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); // [DC] Make a copy of the parameters so that the signature double-encode isn't used var copy = new WebParameterCollection(); foreach(var parameter in parameters) { copy.Add(new WebPair(parameter.Name, parameter.Value)); } AddAuthParameters(copy, timestamp, nonce); // [DC] Escape parameters at this point; do not escape again if recalculating var signatureBase = OAuthTools.ConcatenateRequestElements(method, url, copy); var signature = OAuthTools.GetSignature( SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret ); var info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = ParameterHandling, ConsumerKey = ConsumerKey, Token = Token, SignatureMethod = SignatureMethod.ToRequestValue(), SignatureTreatment = SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = Version ?? "1.0", Callback = CallbackUrl, UserAgent = "Hammock", ConsumerSecret = ConsumerSecret, TokenSecret = TokenSecret }; return info; }
/// <summary> /// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an /// <see cref="OAuthWebQuery" /> for the purpose of exchanging user credentials /// for an access token authorized by the user at the Service Provider site. /// </summary> /// <param name="method">The HTTP method for the intended request</param> /// <seealso cref="http://tools.ietf.org/html/draft-dehora-farrell-oauth-accesstoken-creds-00#section-4"/> /// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param> public virtual OAuthWebQueryInfo BuildClientAuthAccessTokenInfo(WebMethod method, WebParameterCollection parameters) { ValidateClientAuthAccessRequestState(); if (parameters == null) { parameters = new WebParameterCollection(); } var uri = new Uri(AccessTokenUrl); var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); AddXAuthParameters(parameters, timestamp, nonce); var signatureBase = OAuthTools.ConcatenateRequestElements(method, uri.ToString(), parameters); var signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret); var info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = ParameterHandling, ClientMode = "client_auth", ClientUsername = ClientUsername, ClientPassword = ClientPassword, ConsumerKey = ConsumerKey, SignatureMethod = SignatureMethod.ToRequestValue(), SignatureTreatment = SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = Version, UserAgent = "Hammock", TokenSecret = TokenSecret, ConsumerSecret = ConsumerSecret }; return info; }
public WebQuery GetQueryFor(string url, WebParameterCollection parameters, IWebQueryInfo info, WebMethod method) { return GetQueryForImpl(info); }
/// <summary> /// Creates a request elements concatentation value to send with a request. /// This is also known as the signature base. /// </summary> /// <seealso cref="http://oauth.net/core/1.0#rfc.section.9.1.3"/> /// <seealso cref="http://oauth.net/core/1.0#sig_base_example"/> /// <param name="method">The request's HTTP method type</param> /// <param name="url">The request URL</param> /// <param name="parameters">The request's parameters</param> /// <returns>A signature base string</returns> public static string ConcatenateRequestElements(WebMethod method, string url, WebParameterCollection parameters) { var sb = new StringBuilder(); // Separating &'s are not URL encoded var requestMethod = method.ToUpper().Then("&"); var requestUrl = UrlEncodeRelaxed(ConstructRequestUrl(url.AsUri())).Then("&"); var requestParameters = UrlEncodeRelaxed(NormalizeRequestParameters(parameters)); sb.Append(requestMethod); sb.Append(requestUrl); sb.Append(requestParameters); return sb.ToString(); }
/// <summary> /// Sorts a <see cref="WebParameterCollection"/> by name, and then value if equal. /// </summary> /// <param name="parameters">A collection of parameters to sort</param> /// <returns>A sorted parameter collection</returns> public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters) { var copy = new WebParameterCollection(parameters); var exclusions = copy.Where(n => n.Name.EqualsIgnoreCase("oauth_signature")); copy.RemoveAll(exclusions); copy.ForEach(p => p.Value = UrlEncodeStrict(p.Value)); copy.Sort((x, y) => x.Name.Equals(y.Name) ? x.Value.CompareTo(y.Value) : x.Name.CompareTo(y.Name)); return copy; }
/// <summary> /// Sorts a collection of key-value pairs by name, and then value if equal, /// concatenating them into a single string. This string should be encoded /// prior to, or after normalization is run. /// </summary> /// <seealso cref="http://oauth.net/core/1.0#rfc.section.9.1.1"/> /// <param name="parameters"></param> /// <returns></returns> public static string NormalizeRequestParameters(WebParameterCollection parameters) { var copy = SortParametersExcludingSignature(parameters); var concatenated = copy.Concatenate("=", "&"); return concatenated; }
public virtual WebQuery GetQueryFor(string url, WebParameterCollection parameters, IWebQueryInfo info, WebMethod method, bool enableTrace) { OAuthWebQueryInfo oauth; var workflow = new OAuthWorkflow { ConsumerKey = ConsumerKey, ConsumerSecret = ConsumerSecret, ParameterHandling = ParameterHandling, SignatureMethod = SignatureMethod, SignatureTreatment = SignatureTreatment, CallbackUrl = CallbackUrl, ClientPassword = ClientPassword, ClientUsername = ClientUsername, Verifier = Verifier, Token = Token, TokenSecret = TokenSecret, Version = Version ?? "1.0", SessionHandle = SessionHandle }; switch (Type) { case OAuthType.RequestToken: workflow.RequestTokenUrl = url; oauth = workflow.BuildRequestTokenInfo(method, parameters); break; case OAuthType.AccessToken: workflow.AccessTokenUrl = url; oauth = workflow.BuildAccessTokenInfo(method, parameters); break; case OAuthType.ClientAuthentication: method = WebMethod.Post; workflow.AccessTokenUrl = url; oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters); break; case OAuthType.ProtectedResource: oauth = workflow.BuildProtectedResourceInfo(method, parameters, url); oauth.FirstUse = true; break; default: throw new ArgumentOutOfRangeException(); } return new OAuthWebQuery(oauth, enableTrace); }