OAuth 1.0a 的 C# 代碼實現

來源:互聯網
上載者:User

補充:由於很多人跟我要API Proxy,特意在codeplex建了個項目。大家可以去下載。 地址: http://tinalight.codeplex.com/

 

大概是在2月底的時候研究了一下新浪微博開放API,只做到登入通過擷取了第一把資料後就沒有時間了。。因此一直擱置了下來。現在把當時調用OAuth進行驗證的代碼分享出來,希望對開放API感興趣的同學有所協助。

 

OAuth 1.0a 的代碼是根據Google提供的OAuth 1.0進行修改的,現在記得不是很清楚了。。記得當時是加了個參數啥的。本代碼經過新浪開放API測試,大家可以放心使用。

 

當時修改這個的時候手頭沒有任何資料,只有新浪微博開放API裡提供的文檔,我基本上是對比了多份文檔之間的區別。。。才“猜”是不是要加個參數。。。還好猜對了。。

 

我的項目是一個Silverlight項目,因為新浪微博開放API不提供策略檔案(=_=!,基於安全吧。。),因此只好自己寫了一個API代理來實現。如果有需要的同學(Silverlight項目才需要!其它不需要!)可以聯絡我,在新浪微博 @happycharles 就可以!

 

廢話少說~上代碼!~

 

    public class OAuthBase    {        /// <summary>        /// Provides a predefined set of algorithms that are supported officially by the protocol        /// </summary>        public enum SignatureTypes        {            HMACSHA1,            PLAINTEXT,            RSASHA1        }        /// <summary>        /// Provides an internal structure to sort the query parameter        /// </summary>        protected class QueryParameter        {            private string name = null;            private string value = null;            public QueryParameter(string name, string value)            {                this.name = name;                this.value = value;            }            public string Name            {                get { return name; }            }            public string Value            {                get { return value; }            }        }        /// <summary>        /// Comparer class used to perform the sorting of the query parameters        /// </summary>        protected class QueryParameterComparer : IComparer<QueryParameter>        {            #region IComparer<QueryParameter> Members            public int Compare(QueryParameter x, QueryParameter y)            {                if (x.Name == y.Name)                {                    return string.Compare(x.Value, y.Value);                }                else                {                    return string.Compare(x.Name, y.Name);                }            }            #endregion        }        protected const string OAuthVersion = "1.0a";        protected const string OAuthParameterPrefix = "oauth_";        //        // List of know and used oauth parameters' names        //                protected const string OAuthConsumerKeyKey = "oauth_consumer_key";        protected const string OAuthCallbackKey = "oauth_callback";        protected const string OAuthVersionKey = "oauth_version";        protected const string OAuthSignatureMethodKey = "oauth_signature_method";        protected const string OAuthSignatureKey = "oauth_signature";        protected const string OAuthTimestampKey = "oauth_timestamp";        protected const string OAuthNonceKey = "oauth_nonce";        protected const string OAuthTokenKey = "oauth_token";        protected const string OAuthVerifier = "oauth_verifier";        protected const string OAuthTokenSecretKey = "oauth_token_secret";        protected const string HMACSHA1SignatureType = "HMAC-SHA1";        protected const string PlainTextSignatureType = "PLAINTEXT";        protected const string RSASHA1SignatureType = "RSA-SHA1";        protected Random random = new Random();        protected string unreservedChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_.~";        /// <summary>        /// Helper function to compute a hash value        /// </summary>        /// <param name="hashAlgorithm">The hashing algoirhtm used. If that algorithm needs some initialization, like HMAC and its derivatives, they should be initialized prior to passing it to this function</param>        /// <param name="data">The data to hash</param>        /// <returns>a Base64 string of the hash value</returns>        private string ComputeHash(HashAlgorithm hashAlgorithm, string data)        {            if (hashAlgorithm == null)            {                throw new ArgumentNullException("hashAlgorithm");            }            if (string.IsNullOrEmpty(data))            {                throw new ArgumentNullException("data");            }            byte[] dataBuffer = System.Text.Encoding.UTF8.GetBytes(data);            byte[] hashBytes = hashAlgorithm.ComputeHash(dataBuffer);            return Convert.ToBase64String(hashBytes);        }        /// <summary>        /// Internal function to cut out all non oauth query string parameters (all parameters not begining with "oauth_")        /// </summary>        /// <param name="parameters">The query string part of the Url</param>        /// <returns>A list of QueryParameter each containing the parameter name and value</returns>        private List<QueryParameter> GetQueryParameters(string parameters)        {            if (parameters.StartsWith("?"))            {                parameters = parameters.Remove(0, 1);            }            List<QueryParameter> result = new List<QueryParameter>();            if (!string.IsNullOrEmpty(parameters))            {                string[] p = parameters.Split('&');                foreach (string s in p)                {                    if (!string.IsNullOrEmpty(s) && !s.StartsWith(OAuthParameterPrefix))                    {                        if (s.IndexOf('=') > -1)                        {                            string[] temp = s.Split('=');                            result.Add(new QueryParameter(temp[0], temp[1]));                        }                        else                        {                            result.Add(new QueryParameter(s, string.Empty));                        }                    }                }            }            return result;        }        /// <summary>        /// This is a different Url Encode implementation since the default .NET one outputs the percent encoding in lower case.        /// While this is not a problem with the percent encoding spec, it is used in upper case throughout OAuth        /// </summary>        /// <param name="value">The value to Url encode</param>        /// <returns>Returns a Url encoded string</returns>        protected string UrlEncode(string value)        {            StringBuilder result = new StringBuilder();            foreach (char symbol in value)            {                if (unreservedChars.IndexOf(symbol) != -1)                {                    result.Append(symbol);                }                else                {                    result.Append('%' + String.Format("{0:X2}", (int)symbol));                }            }            return result.ToString();        }        /// <summary>        /// Normalizes the request parameters according to the spec        /// </summary>        /// <param name="parameters">The list of parameters already sorted</param>        /// <returns>a string representing the normalized parameters</returns>        protected string NormalizeRequestParameters(IList<QueryParameter> parameters)        {            StringBuilder sb = new StringBuilder();            QueryParameter p = null;            for (int i = 0; i < parameters.Count; i++)            {                p = parameters[i];                sb.AppendFormat("{0}={1}", p.Name, p.Value);                if (i < parameters.Count - 1)                {                    sb.Append("&");                }            }            return sb.ToString();        }        /// <summary>        /// Generate the signature base that is used to produce the signature        /// </summary>        /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param>        /// <param name="consumerKey">The consumer key</param>                /// <param name="token">The token, if available. If not available pass null or an empty string</param>        /// <param name="tokenSecret">The token secret, if available. If not available pass null or an empty string</param>        /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param>        /// <param name="signatureType">The signature type. To use the default values use <see cref="OAuthBase.SignatureTypes">OAuthBase.SignatureTypes</see>.</param>        /// <returns>The signature base</returns>        public string GenerateSignatureBase(Uri url, string consumerKey, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, string signatureType, string verifier, out string normalizedUrl, out string normalizedRequestParameters)        {            if (token == null)            {                token = string.Empty;            }            if (tokenSecret == null)            {                tokenSecret = string.Empty;            }            if (string.IsNullOrEmpty(consumerKey))            {                throw new ArgumentNullException("consumerKey");            }            if (string.IsNullOrEmpty(httpMethod))            {                throw new ArgumentNullException("httpMethod");            }            if (string.IsNullOrEmpty(signatureType))            {                throw new ArgumentNullException("signatureType");            }            normalizedUrl = null;            normalizedRequestParameters = null;            List<QueryParameter> parameters = GetQueryParameters(url.Query);            parameters.Add(new QueryParameter(OAuthVersionKey, OAuthVersion));            parameters.Add(new QueryParameter(OAuthNonceKey, nonce));            parameters.Add(new QueryParameter(OAuthTimestampKey, timeStamp));            parameters.Add(new QueryParameter(OAuthSignatureMethodKey, signatureType));            parameters.Add(new QueryParameter(OAuthConsumerKeyKey, consumerKey));            if (!string.IsNullOrEmpty(token))            {                parameters.Add(new QueryParameter(OAuthTokenKey, token));            }            if (!string.IsNullOrEmpty(verifier))            {                parameters.Add(new QueryParameter(OAuthVerifier, verifier));            }            parameters.Sort(new QueryParameterComparer());            normalizedUrl = string.Format("{0}://{1}", url.Scheme, url.Host);            if (!((url.Scheme == "http" && url.Port == 80) || (url.Scheme == "https" && url.Port == 443)))            {                normalizedUrl += ":" + url.Port;            }            normalizedUrl += url.AbsolutePath;            normalizedRequestParameters = NormalizeRequestParameters(parameters);            StringBuilder signatureBase = new StringBuilder();            signatureBase.AppendFormat("{0}&", httpMethod.ToUpper());            signatureBase.AppendFormat("{0}&", UrlEncode(normalizedUrl));            signatureBase.AppendFormat("{0}", UrlEncode(normalizedRequestParameters));            return signatureBase.ToString();        }        /// <summary>        /// Generate the signature value based on the given signature base and hash algorithm        /// </summary>        /// <param name="signatureBase">The signature based as produced by the GenerateSignatureBase method or by any other means</param>        /// <param name="hash">The hash algorithm used to perform the hashing. If the hashing algorithm requires initialization or a key it should be set prior to calling this method</param>        /// <returns>A base64 string of the hash value</returns>        public string GenerateSignatureUsingHash(string signatureBase, HashAlgorithm hash)        {            return ComputeHash(hash, signatureBase);        }        /// <summary>        /// Generates a signature using the HMAC-SHA1 algorithm        /// </summary>        /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param>        /// <param name="consumerKey">The consumer key</param>        /// <param name="consumerSecret">The consumer seceret</param>        /// <param name="token">The token, if available. If not available pass null or an empty string</param>        /// <param name="tokenSecret">The token secret, if available. If not available pass null or an empty string</param>        /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param>        /// <returns>A base64 string of the hash value</returns>        public string GenerateSignature(Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, string verifier, out string normalizedUrl, out string normalizedRequestParameters)        {            return GenerateSignature(url, consumerKey, consumerSecret, token, tokenSecret, httpMethod, timeStamp, nonce, SignatureTypes.HMACSHA1, verifier, out normalizedUrl, out normalizedRequestParameters);        }        /// <summary>        /// Generates a signature using the specified signatureType         /// </summary>        /// <param name="url">The full url that needs to be signed including its non OAuth url parameters</param>        /// <param name="consumerKey">The consumer key</param>        /// <param name="consumerSecret">The consumer seceret</param>        /// <param name="token">The token, if available. If not available pass null or an empty string</param>        /// <param name="tokenSecret">The token secret, if available. If not available pass null or an empty string</param>        /// <param name="httpMethod">The http method used. Must be a valid HTTP method verb (POST,GET,PUT, etc)</param>        /// <param name="signatureType">The type of signature to use</param>        /// <returns>A base64 string of the hash value</returns>        public string GenerateSignature(Uri url, string consumerKey, string consumerSecret, string token, string tokenSecret, string httpMethod, string timeStamp, string nonce, SignatureTypes signatureType, string verifier, out string normalizedUrl, out string normalizedRequestParameters)        {            normalizedUrl = null;            normalizedRequestParameters = null;            switch (signatureType)            {                case SignatureTypes.PLAINTEXT:                    return HttpUtility.UrlEncode(string.Format("{0}&{1}", consumerSecret, tokenSecret));                case SignatureTypes.HMACSHA1:                    string signatureBase = GenerateSignatureBase(url, consumerKey, token, tokenSecret, httpMethod, timeStamp, nonce, HMACSHA1SignatureType, verifier, out normalizedUrl, out normalizedRequestParameters);                    HMACSHA1 hmacsha1 = new HMACSHA1();                    hmacsha1.Key = Encoding.UTF8.GetBytes(string.Format("{0}&{1}", UrlEncode(consumerSecret), string.IsNullOrEmpty(tokenSecret) ? "" : UrlEncode(tokenSecret)));                    return GenerateSignatureUsingHash(signatureBase, hmacsha1);                case SignatureTypes.RSASHA1:                    throw new NotImplementedException();                default:                    throw new ArgumentException("Unknown signature type", "signatureType");            }        }        /// <summary>        /// Generate the timestamp for the signature                /// </summary>        /// <returns></returns>        public virtual string GenerateTimeStamp()        {            // Default implementation of UNIX time of the current UTC time            TimeSpan ts = DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, 0);            return Convert.ToInt64(ts.TotalSeconds).ToString();        }        /// <summary>        /// Generate a nonce        /// </summary>        /// <returns></returns>        public virtual string GenerateNonce()        {            // Just a simple implementation of a random number between 123400 and 9999999            return random.Next(123400, 9999999).ToString();        }    }
相關文章

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.