using System; using System.Security.Cryptography; using System.Collections.Generic; using System.Text; using System.Web; // Base oAuth Class for Twitter and LinkedIn // Author: Eran Sandler // Code Url: http://oauth.net/code/ // Author Url: http://eran.sandler.co.il/ // // Some modifications by Shannon Whitley // Author Url: http://voiceoftech.com/ namespace TradeIdeas.TIProGUI { public class OAuthBase { ///

/// Provides a predefined set of algorithms that are supported officially by the protocol ///

public enum SignatureTypes { HMACSHA1, PLAINTEXT, RSASHA1 } ///

/// Provides an internal structure to sort the query parameter ///

protected class QueryParameter { private string name = null; private string value = null; public QueryParameter(string name, string value) { this.name = name; this.value = value; } public string Name { get { return name; } } public string Value { get { return value; } } } ///

/// Comparer class used to perform the sorting of the query parameters ///

protected class QueryParameterComparer : IComparer { #region IComparer Members public int Compare(QueryParameter x, QueryParameter y) { if (x.Name == y.Name) { return string.Compare(x.Value, y.Value); } else { return string.Compare(x.Name, y.Name); } } #endregion } protected const string OAuthVersion = "1.0"; protected const string OAuthParameterPrefix = "oauth_"; // // List of know and used oauth parameters' names // protected const string OAuthConsumerKeyKey = "oauth_consumer_key"; protected const string OAuthCallbackKey = "oauth_callback"; protected const string OAuthVersionKey = "oauth_version"; protected const string OAuthSignatureMethodKey = "oauth_signature_method"; protected const string OAuthSignatureKey = "oauth_signature"; protected const string OAuthTimestampKey = "oauth_timestamp"; protected const string OAuthNonceKey = "oauth_nonce"; protected const string OAuthTokenKey = "oauth_token"; protected const string OAuthTokenSecretKey = "oauth_token_secret"; protected const string OAuthVerifier = "oauth_verifier"; protected const string HMACSHA1SignatureType = "HMAC-SHA1"; protected const string PlainTextSignatureType = "PLAINTEXT"; protected const string RSASHA1SignatureType = "RSA-SHA1"; protected Random random = new Random(); private string oauth_verifier; public string Verifier { get { return oauth_verifier; } set { oauth_verifier = value; } } protected string unreservedChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~"; ///

/// Helper function to compute a hash value ///

/// The hashing algoirhtm used. If that algorithm needs some initialization, like HMAC and its derivatives, they should be initialized prior to passing it to this function /// The data to hash /// a Base64 string of the hash value private string ComputeHash(HashAlgorithm hashAlgorithm, string data) { if (hashAlgorithm == null) { throw new ArgumentNullException("hashAlgorithm"); } if (string.IsNullOrEmpty(data)) { throw new ArgumentNullException("data"); } byte[] dataBuffer = System.Text.Encoding.ASCII.GetBytes(data); byte[] hashBytes = hashAlgorithm.ComputeHash(dataBuffer); return Convert.ToBase64String(hashBytes); } ///

/// Internal function to cut out all non oauth query string parameters (all parameters not begining with "oauth_") ///

/// The query string part of the Url /// A list of QueryParameter each containing the parameter name and value private List GetQueryParameters(string parameters) { if (parameters.StartsWith("?")) { parameters = parameters.Remove(0, 1); } List result = new List(); if (!string.IsNullOrEmpty(parameters)) { string[] p = parameters.Split('&'); foreach (string s in p) { if (!string.IsNullOrEmpty(s) && !s.StartsWith(OAuthParameterPrefix)) { if (s.IndexOf('=') > -1) { string[] temp = s.Split('='); result.Add(new QueryParameter(temp[0], temp[1])); } else { result.Add(new QueryParameter(s, string.Empty)); } } } } return result; } ///

/// This is a different Url Encode implementation since the default .NET one outputs the percent encoding in lower case. /// While this is not a problem with the percent encoding spec, it is used in upper case throughout OAuth ///

/// The value to Url encode /// Returns a Url encoded string public string UrlEncode(string value) { string oAuthUnreservedChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~"; StringBuilder sb = new StringBuilder(); Encoding uTF8Encoding = Encoding.UTF8; foreach (char thisChar in value) { if (oAuthUnreservedChars.IndexOf(thisChar) != -1) { sb.Append(thisChar); } else { byte[] bytes = uTF8Encoding.GetBytes(thisChar.ToString()); foreach (byte b in bytes) { sb.Append('%' + String.Format("{0:X2}", b)); } } } return sb.ToString(); } ///

/// Normalizes the request parameters according to the spec ///

/// The list of parameters already sorted /// a string representing the normalized parameters protected string NormalizeRequestParameters(IList parameters) { StringBuilder sb = new StringBuilder(); QueryParameter p = null; for (int i = 0; i < parameters.Count; i++) { p = parameters[i]; sb.AppendFormat("{0}={1}", p.Name, p.Value); if (i < parameters.Count - 1) { sb.Append("&"); } } return sb.ToString(); } /*LinkedIn stuff... Did some code cleanup.. there are some subtle yet important * differences between the parameters necessary for generating signatures for twitter and * those needed for LinkedIn the below "generateSignture methods are gleaned from work by David Quail https://developer.linkedin.com/thread/1346 I took these segments and put in an extra parameter, a string identifier, to differentiate between the two. It is within the GenerateSignature Base where the subtle differences are noted.*/ public string GenerateSignatureBase(string identifier, Uri url, string consumerKey, string token, string tokenSecret, string callbackVerifier, string httpMethod, string timeStamp, string nonce, string signatureType, out string normalizedUrl, out string normalizedRequestParameters) { if (token == null) { token = string.Empty; } if (tokenSecret == null) { tokenSecret = string.Empty; } if (string.IsNullOrEmpty(consumerKey)) { throw new ArgumentNullException("consumerKey"); } if (string.IsNullOrEmpty(httpMethod)) { throw new ArgumentNullException("httpMethod"); } if (string.IsNullOrEmpty(signatureType)) { throw new ArgumentNullException("signatureType"); } normalizedUrl = null; normalizedRequestParameters = null; List parameters = GetQueryParameters(url.Query); parameters.Add(new QueryParameter(OAuthVersionKey, OAuthVersion)); parameters.Add(new QueryParameter(OAuthNonceKey, nonce)); parameters.Add(new QueryParameter(OAuthTimestampKey, timeStamp)); parameters.Add(new QueryParameter(OAuthSignatureMethodKey, signatureType)); parameters.Add(new QueryParameter(OAuthConsumerKeyKey, consumerKey)); //TODO: Make this less of a hack if (identifier == "li") //linkedIn { if (!string.IsNullOrEmpty(callbackVerifier)) { parameters.Add(new QueryParameter(OAuthCallbackKey, UrlEncode(callbackVerifier))); } if (!string.IsNullOrEmpty(oauth_verifier)) { parameters.Add(new QueryParameter(OAuthVerifier, oauth_verifier)); } } else //twitter... { if (!string.IsNullOrEmpty(callbackVerifier)) { parameters.Add(new QueryParameter(OAuthVerifier, callbackVerifier)); } } if (!string.IsNullOrEmpty(token)) //same for both twitter and LinkedIn { parameters.Add(new QueryParameter(OAuthTokenKey, token)); } parameters.Sort(new QueryParameterComparer()); normalizedUrl = string.Format("{0}://{1}", url.Scheme, url.Host); if (!((url.Scheme == "http" && url.Port == 80) || (url.Scheme == "https" && url.Port == 443))) { normalizedUrl += ":" + url.Port; } normalizedUrl += url.AbsolutePath; normalizedRequestParameters = NormalizeRequestParameters(parameters); StringBuilder signatureBase = new StringBuilder(); signatureBase.AppendFormat("{0}&", httpMethod.ToUpper()); signatureBase.AppendFormat("{0}&", UrlEncode(normalizedUrl)); signatureBase.AppendFormat("{0}", UrlEncode(normalizedRequestParameters)); return signatureBase.ToString(); } /// A base64 string of the hash value public string GenerateSignatureUsingHash(string signatureBase, HashAlgorithm hash) { return ComputeHash(hash, signatureBase); } public string GenerateSignature(string id, Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string callbackVerifier, string httpMethod, string timeStamp, string nonce, out string normalizedUrl, out string normalizedRequestParameters) { return GenerateSignature(id, url, consumerKey, consumerSecret, token, tokenSecret, callbackVerifier, httpMethod, timeStamp, nonce, SignatureTypes.HMACSHA1, out normalizedUrl, out normalizedRequestParameters); } public string GenerateSignature(string identifier, Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string callbackVerifier, string httpMethod, string timeStamp, string nonce, SignatureTypes signatureType, out string normalizedUrl, out string normalizedRequestParameters) { normalizedUrl = null; normalizedRequestParameters = null; switch (signatureType) { case SignatureTypes.PLAINTEXT: return HttpUtility.UrlEncode(string.Format("{0}&{1}", consumerSecret, tokenSecret)); case SignatureTypes.HMACSHA1: string signatureBase = GenerateSignatureBase(identifier, url, consumerKey, token, tokenSecret, callbackVerifier, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, out normalizedUrl, out normalizedRequestParameters); HMACSHA1 hmacsha1 = new HMACSHA1(); hmacsha1.Key = Encoding.ASCII.GetBytes(string.Format("{0}&{1}", UrlEncode(consumerSecret), string.IsNullOrEmpty(tokenSecret) ? "" : UrlEncode(tokenSecret))); return GenerateSignatureUsingHash(signatureBase, hmacsha1); case SignatureTypes.RSASHA1: throw new NotImplementedException(); default: throw new ArgumentException("Unknown signature type", "signatureType"); } } ///

/// Generate the timestamp for the signature ///

/// public virtual string GenerateTimeStamp() { // Default implementation of UNIX time of the current UTC time TimeSpan ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0); return Convert.ToInt64(ts.TotalSeconds).ToString(); } ///

/// Generate a nonce ///

/// public virtual string GenerateNonce() { // Just a simple implementation of a random number between 123400 and 9999999 return random.Next(123400, 9999999).ToString(); } } }