diff options
Diffstat (limited to 'src')
8 files changed, 81 insertions, 11 deletions
diff --git a/src/DotNetOAuth/ChannelElements/HmacSha1SigningBindingElement.cs b/src/DotNetOAuth/ChannelElements/HmacSha1SigningBindingElement.cs index 793d000..d44c64f 100644 --- a/src/DotNetOAuth/ChannelElements/HmacSha1SigningBindingElement.cs +++ b/src/DotNetOAuth/ChannelElements/HmacSha1SigningBindingElement.cs @@ -14,10 +14,23 @@ namespace DotNetOAuth.ChannelElements { /// </summary>
internal class HmacSha1SigningBindingElement : SigningBindingElementBase {
/// <summary>
- /// Initializes a new instance of the <see cref="HmacSha1SigningBindingElement"/> class.
+ /// Initializes a new instance of the <see cref="HmacSha1SigningBindingElement"/> class
+ /// for use by Consumers.
/// </summary>
internal HmacSha1SigningBindingElement()
- : base("HMAC-SHA1") {
+ : this(null) {
+ }
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="HmacSha1SigningBindingElement"/> class.
+ /// </summary>
+ /// <param name="signatureVerificationCallback">
+ /// The delegate that will initialize the non-serialized properties necessary on a signed
+ /// message so that its signature can be correctly calculated for verification.
+ /// May be null for Consumers (who never have to verify signatures).
+ /// </param>
+ internal HmacSha1SigningBindingElement(Action<ITamperResistantOAuthMessage> signatureVerificationCallback)
+ : base("HMAC-SHA1", signatureVerificationCallback) {
}
/// <summary>
diff --git a/src/DotNetOAuth/ChannelElements/ITamperResistantOAuthMessage.cs b/src/DotNetOAuth/ChannelElements/ITamperResistantOAuthMessage.cs index cafea5d..6077fb7 100644 --- a/src/DotNetOAuth/ChannelElements/ITamperResistantOAuthMessage.cs +++ b/src/DotNetOAuth/ChannelElements/ITamperResistantOAuthMessage.cs @@ -20,19 +20,16 @@ namespace DotNetOAuth.ChannelElements { /// <summary>
/// Gets or sets the Token Secret used to sign the message.
- /// Only applicable to Consumer.
/// </summary>
string TokenSecret { get; set; }
/// <summary>
/// Gets or sets the Consumer Secret used to sign the message.
- /// Only applicable to Consumer.
/// </summary>
string ConsumerSecret { get; set; }
/// <summary>
/// Gets or sets the HTTP method that will be used to transmit the message.
- /// Only applicable to Consumer.
/// </summary>
string HttpMethod { get; set; }
diff --git a/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs b/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs index 3509ece..86cbd4a 100644 --- a/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs +++ b/src/DotNetOAuth/ChannelElements/PlainTextSigningBindingElement.cs @@ -17,10 +17,23 @@ namespace DotNetOAuth.ChannelElements { /// </summary>
internal class PlainTextSigningBindingElement : SigningBindingElementBase {
/// <summary>
- /// Initializes a new instance of the <see cref="PlainTextSigningBindingElement"/> class.
+ /// Initializes a new instance of the <see cref="PlainTextSigningBindingElement"/> class
+ /// for use by Consumers.
/// </summary>
internal PlainTextSigningBindingElement()
- : base("PLAINTEXT") {
+ : this(null) {
+ }
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="PlainTextSigningBindingElement"/> class.
+ /// </summary>
+ /// <param name="signatureVerificationCallback">
+ /// The delegate that will initialize the non-serialized properties necessary on a signed
+ /// message so that its signature can be correctly calculated for verification.
+ /// May be null for Consumers (who never have to verify signatures).
+ /// </param>
+ internal PlainTextSigningBindingElement(Action<ITamperResistantOAuthMessage> signatureVerificationCallback)
+ : base("PLAINTEXT", signatureVerificationCallback) {
}
/// <summary>
diff --git a/src/DotNetOAuth/ChannelElements/RsaSha1SigningBindingElement.cs b/src/DotNetOAuth/ChannelElements/RsaSha1SigningBindingElement.cs index edd5109..b8ba841 100644 --- a/src/DotNetOAuth/ChannelElements/RsaSha1SigningBindingElement.cs +++ b/src/DotNetOAuth/ChannelElements/RsaSha1SigningBindingElement.cs @@ -14,10 +14,23 @@ namespace DotNetOAuth.ChannelElements { /// </summary>
internal class RsaSha1SigningBindingElement : SigningBindingElementBase {
/// <summary>
- /// Initializes a new instance of the <see cref="RsaSha1SigningBindingElement"/> class.
+ /// Initializes a new instance of the <see cref="RsaSha1SigningBindingElement"/> class
+ /// for use by Consumers.
/// </summary>
internal RsaSha1SigningBindingElement()
- : base("RSA-SHA1") {
+ : this(null) {
+ }
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="RsaSha1SigningBindingElement"/> class.
+ /// </summary>
+ /// <param name="signatureVerificationCallback">
+ /// The delegate that will initialize the non-serialized properties necessary on a signed
+ /// message so that its signature can be correctly calculated for verification.
+ /// May be null for Consumers (who never have to verify signatures).
+ /// </param>
+ internal RsaSha1SigningBindingElement(Action<ITamperResistantOAuthMessage> signatureVerificationCallback)
+ : base("RSA-SHA1", signatureVerificationCallback) {
}
/// <summary>
diff --git a/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs b/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs index f4663b1..43d1e8b 100644 --- a/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs +++ b/src/DotNetOAuth/ChannelElements/SigningBindingElementBase.cs @@ -22,11 +22,27 @@ namespace DotNetOAuth.ChannelElements { private string signatureMethod;
/// <summary>
+ /// The delegate that will initialize the non-serialized properties necessary on a signed
+ /// message so that its signature can be correctly calculated for verification.
+ /// </summary>
+ private readonly Action<ITamperResistantOAuthMessage> incomingMessageSignatureVerificationCallback;
+
+ /// <summary>
/// Initializes a new instance of the <see cref="SigningBindingElementBase"/> class.
/// </summary>
/// <param name="signatureMethod">The OAuth signature method that the binding element uses.</param>
- internal SigningBindingElementBase(string signatureMethod) {
+ /// <param name="signatureVerificationCallback">
+ /// The delegate that will initialize the non-serialized properties necessary on a signed
+ /// message so that its signature can be correctly calculated for verification.
+ /// May be null for Consumers (who never have to verify signatures).
+ /// </param>
+ internal SigningBindingElementBase(string signatureMethod, Action<ITamperResistantOAuthMessage> signatureVerificationCallback) {
+ if (String.IsNullOrEmpty(signatureMethod)) {
+ throw new ArgumentNullException("signatureMethod");
+ }
+
this.signatureMethod = signatureMethod;
+ this.incomingMessageSignatureVerificationCallback = signatureVerificationCallback;
}
#region IChannelBindingElement Members
@@ -68,6 +84,12 @@ namespace DotNetOAuth.ChannelElements { throw new InvalidSignatureException(message);
}
+ if (this.incomingMessageSignatureVerificationCallback != null) {
+ this.incomingMessageSignatureVerificationCallback(signedMessage);
+ } else {
+ throw new InvalidOperationException(MessagingStrings.SignatureVerificationCallbackMissing);
+ }
+
string signature = this.GetSignature(signedMessage);
if (signedMessage.Signature != signature) {
Logger.Error("Signature verification failed.");
diff --git a/src/DotNetOAuth/Messaging/MessagingStrings.Designer.cs b/src/DotNetOAuth/Messaging/MessagingStrings.Designer.cs index 11a9edd..0416255 100644 --- a/src/DotNetOAuth/Messaging/MessagingStrings.Designer.cs +++ b/src/DotNetOAuth/Messaging/MessagingStrings.Designer.cs @@ -259,6 +259,15 @@ namespace DotNetOAuth.Messaging { }
/// <summary>
+ /// Looks up a localized string similar to Signature verification required, but required callback delegate was not provided..
+ /// </summary>
+ internal static string SignatureVerificationCallbackMissing {
+ get {
+ return ResourceManager.GetString("SignatureVerificationCallbackMissing", resourceCulture);
+ }
+ }
+
+ /// <summary>
/// Looks up a localized string similar to This channel does not support signing messages. To support signing messages, a derived Channel type must override the Sign and IsSignatureValid methods..
/// </summary>
internal static string SigningNotSupported {
diff --git a/src/DotNetOAuth/Messaging/MessagingStrings.resx b/src/DotNetOAuth/Messaging/MessagingStrings.resx index 2bfe46f..f549b9c 100644 --- a/src/DotNetOAuth/Messaging/MessagingStrings.resx +++ b/src/DotNetOAuth/Messaging/MessagingStrings.resx @@ -183,6 +183,9 @@ <data name="SignatureInvalid" xml:space="preserve">
<value>Message signature was incorrect.</value>
</data>
+ <data name="SignatureVerificationCallbackMissing" xml:space="preserve">
+ <value>Signature verification required, but required callback delegate was not provided.</value>
+ </data>
<data name="SigningNotSupported" xml:space="preserve">
<value>This channel does not support signing messages. To support signing messages, a derived Channel type must override the Sign and IsSignatureValid methods.</value>
</data>
diff --git a/src/DotNetOAuth/ServiceProvider.cs b/src/DotNetOAuth/ServiceProvider.cs index 217d064..327e5ca 100644 --- a/src/DotNetOAuth/ServiceProvider.cs +++ b/src/DotNetOAuth/ServiceProvider.cs @@ -33,7 +33,7 @@ namespace DotNetOAuth { /// Initializes a new instance of the <see cref="ServiceProvider"/> class.
/// </summary>
public ServiceProvider() {
- SigningBindingElementBase signingElement = new PlainTextSigningBindingElement();
+ SigningBindingElementBase signingElement = new PlainTextSigningBindingElement(/*TODO*/);
INonceStore store = new NonceMemoryStore(StandardExpirationBindingElement.DefaultMaximumMessageAge);
this.Channel = new OAuthChannel(signingElement, store);
}
|