Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to change signature method and provide RSA signing key. #2

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Add ability to change signature method and provide RSA signing key. #2

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5969aef
Add ability to change signature method and provide rsa signing key.
jekstrom Jul 2, 2018
6b4e912
Remove extra line.
jekstrom Jul 2, 2018
e177b8e
Add BouncyCastle.NetCore to nuspec dependency list.
jekstrom Jul 2, 2018
ae20f47
Make more friendly for Jira integration.
jekstrom Oct 1, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
76 changes: 65 additions & 11 deletions TinyOAuth1/TinyOAuth.cs
View file
Open in desktop
@@ -1,5 +1,9 @@
using System;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.OpenSsl;
using Org.BouncyCastle.Security;
using System;
using System.Collections.Generic;
using System.IO;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Security.Cryptography;
Expand All @@ -26,7 +30,14 @@ public string GetAuthorizationUrl(string requestToken)
//oauth_callback:
//OPTIONAL.The Consumer MAY specify a URL the Service Provider will use to redirect the User back to the Consumer when Obtaining User Authorization is complete.

return _config.AuthorizeTokenUrl + Uri.UnescapeDataString("?oauth_token=" + requestToken);
string url = $"{_config.AuthorizeTokenUrl}?{Uri.UnescapeDataString($"oauth_token={requestToken}")}";

if (!String.IsNullOrWhiteSpace(_config.OauthCallback))
{
url += $"&{Uri.UnescapeDataString($"oauth_callback={_config.OauthCallback}")}";
}

return url;
}

private string GetNonce()
Expand Down Expand Up @@ -125,7 +136,7 @@ public string GetAuthorizationHeaderValue(string accessToken, string accessToken
{
"oauth_consumer_key=" + _config.ConsumerKey,
"oauth_token=" + accessToken,
"oauth_signature_method=HMAC-SHA1",
"oauth_signature_method=" + _config.SignatureMethod,
"oauth_timestamp=" + timeStamp,
"oauth_nonce=" + nonce,
"oauth_version=1.0"
Expand All @@ -147,14 +158,22 @@ public string GetAuthorizationHeaderValue(string accessToken, string accessToken
var signatureBaseString = GetSignatureBaseString(httpMethod.ToString().ToUpper(), url, requestParameters);

// Appendix A.5.2. Calculating Signature Value
var signature = GetSignature(signatureBaseString, _config.ConsumerSecret, accessTokenSecret);
string signature = String.Empty;
if (_config.SignatureMethod.ToLower().Contains("rsa"))
{
signature = GetRSASignature(signatureBaseString, _config.SigningKey);
}
else
{
signature = GetSignature(signatureBaseString, _config.ConsumerSecret, accessTokenSecret);
}

// Same as request parameters but uses a quote (") character around its values and is comma separated
var requestParametersForHeader = new List<string>
{
"oauth_consumer_key=\"" + _config.ConsumerKey + "\"",
"oauth_token=\"" + accessToken + "\"",
"oauth_signature_method=\"HMAC-SHA1\"",
"oauth_signature_method=\"" + _config.SignatureMethod + "\"",
"oauth_timestamp=\"" + timeStamp + "\"",
"oauth_nonce=\"" + nonce + "\"",
"oauth_version=\"1.0\"",
Expand Down Expand Up @@ -215,6 +234,25 @@ private string GetSignature(string signatureBaseString, string consumerSecret, s
// return signature;
}

private string GetRSASignature(string stringToSign, string privateKey)
{
using (var reader = new StringReader(privateKey))
{
AsymmetricCipherKeyPair kp = (AsymmetricCipherKeyPair)new PemReader(reader).ReadObject();

ISigner signer = SignerUtilities.GetSigner("SHA1withRSA");

signer.Init(true, kp.Private);

var bytes = Encoding.UTF8.GetBytes(stringToSign);

signer.BlockUpdate(bytes, 0, bytes.Length);
byte[] signature = signer.GenerateSignature();

return Convert.ToBase64String(signature);
}
}

// 6.3.1. Consumer Requests an Access Token +
// 6.3.2. Service Provider Grants an Access Token
public async Task<AccessTokenInfo> GetAccessTokenAsync(string requestToken, string requestTokenSecret, string verifier)
Expand Down Expand Up @@ -242,7 +280,7 @@ public async Task<AccessTokenInfo> GetAccessTokenAsync(string requestToken, stri
{
"oauth_consumer_key=" + _config.ConsumerKey,
"oauth_token=" + requestToken,
"oauth_signature_method=HMAC-SHA1",
"oauth_signature_method=" + _config.SignatureMethod,
"oauth_timestamp=" + timeStamp,
"oauth_nonce=" + nonce,
"oauth_version=1.0",
Expand All @@ -253,7 +291,15 @@ public async Task<AccessTokenInfo> GetAccessTokenAsync(string requestToken, stri
var signatureBaseString = GetSignatureBaseString("POST", _config.AccessTokenUrl, requestParameters);

// Appendix A.5.2. Calculating Signature Value
var signature = GetSignature(signatureBaseString, _config.ConsumerSecret, requestTokenSecret);
string signature = String.Empty;
if (_config.SignatureMethod.ToLower().Contains("rsa"))
{
signature = GetRSASignature(signatureBaseString, _config.SigningKey);
}
else
{
signature = GetSignature(signatureBaseString, _config.ConsumerSecret, requestTokenSecret);
}

var responseText =
await
Expand Down Expand Up @@ -318,19 +364,27 @@ public async Task<RequestTokenInfo> GetRequestTokenAsync()
var requestParameters = new List<string>
{
"oauth_consumer_key=" + _config.ConsumerKey,
"oauth_signature_method=HMAC-SHA1",
"oauth_signature_method=" + _config.SignatureMethod,
"oauth_timestamp=" + timeStamp,
"oauth_nonce=" + nonce,
"oauth_version=1.0",
"oauth_callback=oob" //TODO: Add parameter so it can be used :)
};

// Appendix A.5.1. Generating Signature Base String
var singatureBaseString = GetSignatureBaseString("POST", _config.RequestTokenUrl, requestParameters);
var signatureBaseString = GetSignatureBaseString("POST", _config.RequestTokenUrl, requestParameters);

// Appendix A.5.2. Calculating Signature Value
var signature = GetSignature(singatureBaseString, _config.ConsumerSecret);

string signature = String.Empty;
if (_config.SignatureMethod.ToLower().Contains("rsa"))
{
signature = GetRSASignature(signatureBaseString, _config.SigningKey);
}
else
{
signature = GetSignature(signatureBaseString, _config.ConsumerSecret);
}

// 6.1.2.Service Provider Issues an Unauthorized Request Token
var responseText = await PostData(_config.RequestTokenUrl,
ConcatList(requestParameters, "&") + "&oauth_signature=" + Uri.EscapeDataString(signature));
Expand Down
4 changes: 4 additions & 0 deletions TinyOAuth1/TinyOAuth1.csproj
View file
Open in desktop
Expand Up @@ -31,4 +31,8 @@
<None Remove="pack.bat" />
</ItemGroup>

<ItemGroup>
<PackageReference Include="BouncyCastle.NetCore" Version="1.8.2" />
</ItemGroup>

</Project>
3 changes: 3 additions & 0 deletions TinyOAuth1/TinyOAuth1.nuspec
View file
Open in desktop
Expand Up @@ -13,5 +13,8 @@
<releaseNotes></releaseNotes>
<copyright>Copyright © 2017 Johan Otterud</copyright>
<tags></tags>
<dependencies>
<dependency id="BouncyCastle.NetCore" version="(1.8.2,)" />
</dependencies>
</metadata>
</package>
3 changes: 3 additions & 0 deletions TinyOAuth1/TinyOAuthConfig.cs
View file
Open in desktop
Expand Up @@ -25,5 +25,8 @@ public class TinyOAuthConfig
public string AccessTokenUrl { get; set; }
public string AuthorizeTokenUrl { get; set; }
public string RequestTokenUrl { get; set; }
public string SignatureMethod { get; set; } = "HMAC-SHA1";
public string SigningKey { get; set; }
public string OauthCallback { get; set; } = "oob";
}
}