Added facility for SPs to inject extra information into messages prior to signature verification.

5 files changed, 68 insertions, 10 deletions

diff --git a/src/DotNetOAuth/ChannelElements/HmacSha1SigningBindingElement.cs b/src/DotNetOAuth/ChannelElements/HmacSha1SigningBindingElement.cs
index 793d000..d44c64f 100644
--- a/src/DotNetOAuth/ChannelElements/HmacSha1SigningBindingElement.cs
+++ b/src/DotNetOAuth/ChannelElements/HmacSha1SigningBindingElement.cs
@@ -14,10 +14,23 @@ namespace DotNetOAuth.ChannelElements {
 	/// </summary>

 	internal class HmacSha1SigningBindingElement : SigningBindingElementBase {

 		/// <summary>

-		/// Initializes a new instance of the <see cref="HmacSha1SigningBindingElement"/> class.

+		/// Initializes a new instance of the <see cref="HmacSha1SigningBindingElement"/> class

+		/// for use by Consumers.

 		/// </summary>

 		internal HmacSha1SigningBindingElement()

-			: base("HMAC-SHA1") {

+			: this(null) {

+		}

+

+		/// <summary>

+		/// Initializes a new instance of the <see cref="HmacSha1SigningBindingElement"/> class.

+		/// </summary>

+		/// <param name="signatureVerificationCallback">

+		/// The delegate that will initialize the non-serialized properties necessary on a signed

+		/// message so that its signature can be correctly calculated for verification.

+		/// May be null for Consumers (who never have to verify signatures).

+		/// </param>

+		internal HmacSha1SigningBindingElement(Action<ITamperResistantOAuthMessage> signatureVerificationCallback)

+			: base("HMAC-SHA1", signatureVerificationCallback) {

 		}

 

 		/// <summary>

diff --git a/src/DotNetOAuth/ChannelElements/ITamperResistantOAuthMessage.cs b/src/DotNetOAuth/ChannelElements/ITamperResistantOAuthMessage.cs
index cafea5d..6077fb7 100644
--- a/src/DotNetOAuth/ChannelElements/ITamperResistantOAuthMessage.cs
+++ b/src/DotNetOAuth/ChannelElements/ITamperResistantOAuthMessage.cs
@@ -20,19 +20,16 @@ namespace DotNetOAuth.ChannelElements {
 

 		/// <summary>

 		/// Gets or sets the Token Secret used to sign the message.

-		/// Only applicable to Consumer.

 		/// </summary>

 		string TokenSecret { get; set; }

 

 		/// <summary>

 		/// Gets or sets the Consumer Secret used to sign the message.

-		/// Only applicable to Consumer.

 		/// </summary>

 		string ConsumerSecret { get; set; }

 

 		/// <summary>

 		/// Gets or sets the HTTP method that will be used to transmit the message.

-		/// Only applicable to Consumer.

 		/// </summary>

 		string HttpMethod { get; set; }

 

diff --git a/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs b/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs
index 3509ece..86cbd4a 100644
--- a/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs
+++ b/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs
@@ -17,10 +17,23 @@ namespace DotNetOAuth.ChannelElements {
 	/// </summary>

 	internal class PlainTextSigningBindingElement : SigningBindingElementBase {

 		/// <summary>

-		/// Initializes a new instance of the <see cref="PlainTextSigningBindingElement"/> class.

+		/// Initializes a new instance of the <see cref="PlainTextSigningBindingElement"/> class

+		/// for use by Consumers.

 		/// </summary>

 		internal PlainTextSigningBindingElement()

-			: base("PLAINTEXT") {

+			: this(null) {

+		}

+

+		/// <summary>

+		/// Initializes a new instance of the <see cref="PlainTextSigningBindingElement"/> class.

+		/// </summary>

+		/// <param name="signatureVerificationCallback">

+		/// The delegate that will initialize the non-serialized properties necessary on a signed

+		/// message so that its signature can be correctly calculated for verification.

+		/// May be null for Consumers (who never have to verify signatures).

+		/// </param>

+		internal PlainTextSigningBindingElement(Action<ITamperResistantOAuthMessage> signatureVerificationCallback)

+			: base("PLAINTEXT", signatureVerificationCallback) {

 		}

 

 		/// <summary>

diff --git a/src/DotNetOAuth/ChannelElements/RsaSha1SigningBindingElement.cs b/src/DotNetOAuth/ChannelElements/RsaSha1SigningBindingElement.cs
index edd5109..b8ba841 100644
--- a/src/DotNetOAuth/ChannelElements/RsaSha1SigningBindingElement.cs
+++ b/src/DotNetOAuth/ChannelElements/RsaSha1SigningBindingElement.cs
@@ -14,10 +14,23 @@ namespace DotNetOAuth.ChannelElements {
 	/// </summary>

 	internal class RsaSha1SigningBindingElement : SigningBindingElementBase {

 		/// <summary>

-		/// Initializes a new instance of the <see cref="RsaSha1SigningBindingElement"/> class.

+		/// Initializes a new instance of the <see cref="RsaSha1SigningBindingElement"/> class

+		/// for use by Consumers.

 		/// </summary>

 		internal RsaSha1SigningBindingElement()

-			: base("RSA-SHA1") {

+			: this(null) {

+		}

+

+		/// <summary>

+		/// Initializes a new instance of the <see cref="RsaSha1SigningBindingElement"/> class.

+		/// </summary>

+		/// <param name="signatureVerificationCallback">

+		/// The delegate that will initialize the non-serialized properties necessary on a signed

+		/// message so that its signature can be correctly calculated for verification.

+		/// May be null for Consumers (who never have to verify signatures).

+		/// </param>

+		internal RsaSha1SigningBindingElement(Action<ITamperResistantOAuthMessage> signatureVerificationCallback)

+			: base("RSA-SHA1", signatureVerificationCallback) {

 		}

 

 		/// <summary>

diff --git a/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs b/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs
index f4663b1..43d1e8b 100644
--- a/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs
+++ b/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs
@@ -22,11 +22,27 @@ namespace DotNetOAuth.ChannelElements {
 		private string signatureMethod;

 

 		/// <summary>

+		/// The delegate that will initialize the non-serialized properties necessary on a signed

+		/// message so that its signature can be correctly calculated for verification.

+		/// </summary>

+		private readonly Action<ITamperResistantOAuthMessage> incomingMessageSignatureVerificationCallback;

+

+		/// <summary>

 		/// Initializes a new instance of the <see cref="SigningBindingElementBase"/> class.

 		/// </summary>

 		/// <param name="signatureMethod">The OAuth signature method that the binding element uses.</param>

-		internal SigningBindingElementBase(string signatureMethod) {

+		/// <param name="signatureVerificationCallback">

+		/// The delegate that will initialize the non-serialized properties necessary on a signed

+		/// message so that its signature can be correctly calculated for verification.

+		/// May be null for Consumers (who never have to verify signatures).

+		/// </param>

+		internal SigningBindingElementBase(string signatureMethod, Action<ITamperResistantOAuthMessage> signatureVerificationCallback) {

+			if (String.IsNullOrEmpty(signatureMethod)) {

+				throw new ArgumentNullException("signatureMethod");

+			}

+

 			this.signatureMethod = signatureMethod;

+			this.incomingMessageSignatureVerificationCallback = signatureVerificationCallback;

 		}

 

 		#region IChannelBindingElement Members

@@ -68,6 +84,12 @@ namespace DotNetOAuth.ChannelElements {
 					throw new InvalidSignatureException(message);

 				}

 

+				if (this.incomingMessageSignatureVerificationCallback != null) {

+					this.incomingMessageSignatureVerificationCallback(signedMessage);

+				} else {

+					throw new InvalidOperationException(MessagingStrings.SignatureVerificationCallbackMissing);

+				}

+

 				string signature = this.GetSignature(signedMessage);

 				if (signedMessage.Signature != signature) {

 					Logger.Error("Signature verification failed.");