1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
//-----------------------------------------------------------------------
// <copyright file="AuthorizationCode.cs" company="Andrew Arnott">
// Copyright (c) Andrew Arnott. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.OAuth2.ChannelElements {
using System;
using System.Collections.Generic;
using System.Diagnostics.Contracts;
using System.Security.Cryptography;
using System.Text;
using DotNetOpenAuth.Messaging;
/// <summary>
/// Represents the authorization code created when a user approves authorization that
/// allows the client to request an access/refresh token.
/// </summary>
internal class AuthorizationCode : AuthorizationDataBag {
/// <summary>
/// The name of the bucket for symmetric keys used to sign authorization codes.
/// </summary>
internal const string AuthorizationCodeKeyBucket = "https://localhost/dnoa/oauth_authorization_code";
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationCode"/> class.
/// </summary>
public AuthorizationCode() {
}
/// <summary>
/// Initializes a new instance of the <see cref="AuthorizationCode"/> class.
/// </summary>
/// <param name="clientIdentifier">The client identifier.</param>
/// <param name="callback">The callback the client used to obtain authorization.</param>
/// <param name="scopes">The authorized scopes.</param>
/// <param name="username">The name on the account that authorized access.</param>
internal AuthorizationCode(string clientIdentifier, Uri callback, IEnumerable<string> scopes, string username) {
Requires.NotNullOrEmpty(clientIdentifier, "clientIdentifier");
Requires.NotNull(callback, "callback");
this.ClientIdentifier = clientIdentifier;
this.CallbackHash = CalculateCallbackHash(callback);
this.Scope.ResetContents(scopes);
this.User = username;
this.UtcCreationDate = DateTime.UtcNow;
}
/// <summary>
/// Gets or sets the hash of the callback URL.
/// </summary>
[MessagePart("cb")]
private byte[] CallbackHash { get; set; }
/// <summary>
/// Creates a serializer/deserializer for this type.
/// </summary>
/// <param name="authorizationServer">The authorization server that will be serializing/deserializing this authorization code. Must not be null.</param>
/// <returns>A DataBag formatter.</returns>
internal static IDataBagFormatter<AuthorizationCode> CreateFormatter(IAuthorizationServer authorizationServer) {
Requires.NotNull(authorizationServer, "authorizationServer");
Contract.Ensures(Contract.Result<IDataBagFormatter<AuthorizationCode>>() != null);
return new UriStyleMessageFormatter<AuthorizationCode>(
authorizationServer.CryptoKeyStore,
AuthorizationCodeKeyBucket,
signed: true,
encrypted: true,
compressed: false,
maximumAge: AuthorizationCodeBindingElement.MaximumMessageAge,
decodeOnceOnly: authorizationServer.VerificationCodeNonceStore);
}
/// <summary>
/// Verifies the the given callback URL matches the callback originally given in the authorization request.
/// </summary>
/// <param name="callback">The callback.</param>
/// <remarks>
/// This method serves to verify that the callback URL given in the original authorization request
/// and the callback URL given in the access token request match.
/// </remarks>
/// <exception cref="ProtocolException">Thrown when the callback URLs do not match.</exception>
internal void VerifyCallback(Uri callback) {
ErrorUtilities.VerifyProtocol(MessagingUtilities.AreEquivalent(this.CallbackHash, CalculateCallbackHash(callback)), Protocol.redirect_uri_mismatch);
}
/// <summary>
/// Calculates the hash of the callback URL.
/// </summary>
/// <param name="callback">The callback whose hash should be calculated.</param>
/// <returns>
/// A base64 encoding of the hash of the URL.
/// </returns>
private static byte[] CalculateCallbackHash(Uri callback) {
using (var hasher = new SHA256Managed()) {
return hasher.ComputeHash(Encoding.UTF8.GetBytes(callback.AbsoluteUri));
}
}
}
}
|
