diff options
Diffstat (limited to 'src')
5 files changed, 67 insertions, 1 deletions
diff --git a/src/DotNetOAuth.Test/ChannelElements/PlainTextSigningBindingElementTest.cs b/src/DotNetOAuth.Test/ChannelElements/PlainTextSigningBindingElementTest.cs new file mode 100644 index 0000000..13fce38 --- /dev/null +++ b/src/DotNetOAuth.Test/ChannelElements/PlainTextSigningBindingElementTest.cs @@ -0,0 +1,42 @@ +//-----------------------------------------------------------------------
+// <copyright file="PlainTextSigningBindingElementTest.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOAuth.Test.ChannelElements
+{
+ using DotNetOAuth.ChannelElements;
+ using DotNetOAuth.Messages;
+ using DotNetOAuth.Messaging;
+ using Microsoft.VisualStudio.TestTools.UnitTesting;
+
+ [TestClass]
+ public class PlainTextSigningBindingElementTest {
+ [TestMethod]
+ public void GetSignatureTest() {
+ SigningBindingElementBase target = new PlainTextSigningBindingElement();
+ ServiceProviderEndpoint endpoint = new ServiceProviderEndpoint("https://localtest", HttpDeliveryMethod.GetRequest);
+ ITamperResistantOAuthMessage message = new RequestTokenMessage(endpoint);
+ message.ConsumerSecret = "cs";
+ message.TokenSecret = "ts";
+ Assert.IsTrue(target.PrepareMessageForSending(message));
+ Assert.AreEqual("PLAINTEXT", message.SignatureMethod);
+ Assert.AreEqual("cs%26ts", message.Signature);
+ }
+
+ [TestMethod]
+ public void GetNonEncryptedSignature() {
+ SigningBindingElementBase target = new PlainTextSigningBindingElement();
+ ServiceProviderEndpoint endpoint = new ServiceProviderEndpoint("http://localtest", HttpDeliveryMethod.GetRequest);
+ ITamperResistantOAuthMessage message = new RequestTokenMessage(endpoint);
+ message.ConsumerSecret = "cs";
+ message.TokenSecret = "ts";
+
+ // Since this is (non-encrypted) HTTP, so the plain text signer should not be used
+ Assert.IsFalse(target.PrepareMessageForSending(message));
+ Assert.IsNull(message.SignatureMethod);
+ Assert.IsNull(message.Signature);
+ }
+ }
+}
diff --git a/src/DotNetOAuth.Test/DotNetOAuth.Test.csproj b/src/DotNetOAuth.Test/DotNetOAuth.Test.csproj index 8771050..00c7fc2 100644 --- a/src/DotNetOAuth.Test/DotNetOAuth.Test.csproj +++ b/src/DotNetOAuth.Test/DotNetOAuth.Test.csproj @@ -86,6 +86,7 @@ <Compile Include="Mocks\TestChannel.cs" />
<Compile Include="Mocks\TestMessage.cs" />
<Compile Include="Mocks\TestMessageTypeProvider.cs" />
+ <Compile Include="ChannelElements\PlainTextSigningBindingElementTest.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Messaging\ResponseTests.cs" />
<Compile Include="ProtocolTests.cs" />
@@ -105,6 +106,9 @@ <ItemGroup>
<EmbeddedResource Include="Logging.config" />
</ItemGroup>
+ <ItemGroup>
+ <Shadow Include="Test References\DotNetOAuth.accessor" />
+ </ItemGroup>
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
<Import Project="..\..\tools\DotNetOAuth.Versioning.targets" />
</Project>
\ No newline at end of file diff --git a/src/DotNetOAuth.Test/Test References/DotNetOAuth.accessor b/src/DotNetOAuth.Test/Test References/DotNetOAuth.accessor new file mode 100644 index 0000000..3901fca --- /dev/null +++ b/src/DotNetOAuth.Test/Test References/DotNetOAuth.accessor @@ -0,0 +1,2 @@ +DotNetOAuth.dll
+Desktop
diff --git a/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs b/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs index 86cbd4a..83c3e8b 100644 --- a/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs +++ b/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs @@ -47,5 +47,14 @@ namespace DotNetOAuth.ChannelElements { protected override string GetSignature(ITamperResistantOAuthMessage message) {
return Uri.EscapeDataString(GetConsumerAndTokenSecretString(message));
}
+
+ /// <summary>
+ /// Checks whether this binding element applies to this message.
+ /// </summary>
+ /// <param name="message">The message that needs to be signed.</param>
+ /// <returns>True if this binding element can be used to sign the message. False otherwise.</returns>
+ protected override bool IsMessageApplicable(ITamperResistantOAuthMessage message) {
+ return string.Equals(message.Recipient.Scheme, "https", StringComparison.OrdinalIgnoreCase);
+ }
}
}
diff --git a/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs b/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs index a1e5feb..ebcc8b2 100644 --- a/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs +++ b/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs @@ -61,7 +61,7 @@ namespace DotNetOAuth.ChannelElements { /// <returns>True if the message was signed. False otherwise.</returns>
public bool PrepareMessageForSending(IProtocolMessage message) {
var signedMessage = message as ITamperResistantOAuthMessage;
- if (signedMessage != null) {
+ if (signedMessage != null && this.IsMessageApplicable(signedMessage)) {
signedMessage.SignatureMethod = this.signatureMethod;
signedMessage.Signature = this.GetSignature(signedMessage);
return true;
@@ -170,6 +170,15 @@ namespace DotNetOAuth.ChannelElements { protected abstract string GetSignature(ITamperResistantOAuthMessage message);
/// <summary>
+ /// Checks whether this binding element applies to this message.
+ /// </summary>
+ /// <param name="message">The message that needs to be signed.</param>
+ /// <returns>True if this binding element can be used to sign the message. False otherwise.</returns>
+ protected virtual bool IsMessageApplicable(ITamperResistantOAuthMessage message) {
+ return true;
+ }
+
+ /// <summary>
/// Gets the ConsumerSecret&TokenSecret" string, allowing either property to be empty or null.
/// </summary>
/// <param name="message">The message to extract the secrets from.</param>
|