1 // OpenTween - Client of Twitter
2 // Copyright (c) 2016 kim_upsilon (@kim_upsilon) <https://upsilo.net/~upsilon/>
3 // All rights reserved.
5 // This file is part of OpenTween.
7 // This program is free software; you can redistribute it and/or modify it
8 // under the terms of the GNU General Public License as published by the Free
9 // Software Foundation; either version 3 of the License, or (at your option)
12 // This program is distributed in the hope that it will be useful, but
13 // WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 // or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
17 // You should have received a copy of the GNU General Public License along
18 // with this program. If not, see <http://www.gnu.org/licenses/>, or write to
19 // the Free Software Foundation, Inc., 51 Franklin Street - Fifth Floor,
20 // Boston, MA 02110-1301, USA.
23 using System.Collections.Generic;
25 using System.Security.Cryptography;
27 using System.Threading.Tasks;
30 namespace OpenTween.Connection
32 public class OAuthUtilityTest
35 public void GetOAuthParameter_Test()
37 var param = OAuthUtility.GetOAuthParameter("ConsumerKey", "Token");
39 Assert.Equal("ConsumerKey", param["oauth_consumer_key"]);
40 Assert.Equal("HMAC-SHA1", param["oauth_signature_method"]);
42 var unixEpoch = new DateTime(1970, 1, 1, 0, 0, 0);
43 var unixTimeNow = Math.Ceiling((DateTime.UtcNow - unixEpoch).TotalSeconds);
44 Assert.InRange(long.Parse(param["oauth_timestamp"]), unixTimeNow - 5, unixTimeNow);
46 Assert.NotEmpty(param["oauth_nonce"]);
47 Assert.Equal("1.0", param["oauth_version"]);
48 Assert.Equal("Token", param["oauth_token"]);
52 public void CreateSignature_Test()
54 // GET http://example.com/hoge?aaa=foo に対する署名を生成
55 // 実際の param は oauth_consumer_key などのパラメーターが加わった状態で渡される
56 var oauthSignature = OAuthUtility.CreateSignature("ConsumerSecret", "TokenSecret",
57 "GET", new Uri("http://example.com/hoge"), new Dictionary<string, string> { ["aaa"] = "foo" });
59 var expectSignatureBase = "GET&http%3A%2F%2Fexample.com%2Fhoge&aaa%3Dfoo";
60 var expectSignatureKey = "ConsumerSecret&TokenSecret";
62 using (var hmacsha1 = new HMACSHA1(Encoding.ASCII.GetBytes(expectSignatureKey)))
64 var expectSignature = Convert.ToBase64String(hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(expectSignatureBase)));
65 Assert.Equal(expectSignature, oauthSignature);
70 public void CreateSignature_NormarizeParametersTest()
72 // GET http://example.com/hoge?aaa=foo&bbb=bar に対する署名を生成
73 // 複数のパラメータが渡される場合は name 順でソートされる
74 var oauthSignature = OAuthUtility.CreateSignature("ConsumerSecret", "TokenSecret",
75 "GET", new Uri("http://example.com/hoge"), new Dictionary<string, string> {
80 var expectSignatureBase = "GET&http%3A%2F%2Fexample.com%2Fhoge&aaa%3Dfoo%26bbb%3Dbar";
81 var expectSignatureKey = "ConsumerSecret&TokenSecret";
83 using (var hmacsha1 = new HMACSHA1(Encoding.ASCII.GetBytes(expectSignatureKey)))
85 var expectSignature = Convert.ToBase64String(hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(expectSignatureBase)));
86 Assert.Equal(expectSignature, oauthSignature);
91 public void CreateSignature_EmptyTokenSecretTest()
93 // GET http://example.com/hoge?aaa=foo に対する署名を生成
94 // リクエストトークンの発行時は tokenSecret が空の状態で署名を生成することになる
95 var oauthSignature = OAuthUtility.CreateSignature("ConsumerSecret", null,
96 "GET", new Uri("http://example.com/hoge"), new Dictionary<string, string> { ["aaa"] = "foo" });
98 var expectSignatureBase = "GET&http%3A%2F%2Fexample.com%2Fhoge&aaa%3Dfoo";
99 var expectSignatureKey = "ConsumerSecret&"; // 末尾の & は除去されない
101 using (var hmacsha1 = new HMACSHA1(Encoding.ASCII.GetBytes(expectSignatureKey)))
103 var expectSignature = Convert.ToBase64String(hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(expectSignatureBase)));
104 Assert.Equal(expectSignature, oauthSignature);
109 public void CreateAuthorization_Test()
111 var authorization = OAuthUtility.CreateAuthorization(
112 "GET", new Uri("http://example.com/hoge"), new Dictionary<string, string> { ["aaa"] = "hoge" },
113 "ConsumerKey", "ConsumerSecret", "AccessToken", "AccessSecret", "Realm");
115 Assert.StartsWith("OAuth ", authorization, StringComparison.Ordinal);
117 var parsedParams = authorization.Substring(6).Split(',')
118 .Where(x => !string.IsNullOrEmpty(x))
119 .Select(x => x.Split(new[] { '=' }, 2))
120 .ToDictionary(x => x[0], x => x[1].Substring(1, x[1].Length - 2)); // x[1] は前後の「"」を除去する
122 var expectAuthzParamKeys = new[] { "realm", "oauth_consumer_key", "oauth_nonce", "oauth_signature_method",
123 "oauth_timestamp", "oauth_token", "oauth_version", "oauth_signature" };
124 Assert.Equal(expectAuthzParamKeys, parsedParams.Keys, AnyOrderComparer<string>.Instance);
126 Assert.Equal("Realm", parsedParams["realm"]);
128 // Signature Base Strings には realm を含めない
129 var expectSignatureBase = "GET&http%3A%2F%2Fexample.com%2Fhoge&" +
131 "oauth_consumer_key%3DConsumerKey%26" +
132 $"oauth_nonce%3D{parsedParams["oauth_nonce"]}%26" +
133 "oauth_signature_method%3DHMAC-SHA1%26" +
134 $"oauth_timestamp%3D{parsedParams["oauth_timestamp"]}%26" +
135 "oauth_token%3DAccessToken%26" +
136 "oauth_version%3D1.0";
138 var expectSignatureKey = "ConsumerSecret&AccessSecret";
140 using (var hmacsha1 = new HMACSHA1(Encoding.ASCII.GetBytes(expectSignatureKey)))
142 var expectSignature = Convert.ToBase64String(hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(expectSignatureBase)));
143 Assert.Equal(expectSignature, Uri.UnescapeDataString(parsedParams["oauth_signature"]));