Are you able to successfully validate requests using this C# routine?
If so, very good work! :) You mention that your code isn't production-
quality, but if you wanted to polish it a bit, we would love to host
it on the opensocial-resources wiki with the PHP and Java
implementations.
- Jason
On Sep 27, 1:43 am, Akash <[EMAIL PROTECTED]> wrote:
> I think I cracked the holy grail (At least for me:-)).
>
> Client Side:-
> I am using following javascript code to make a web service call.
>
> var map = { "Content-Type" : "application/soap+xml;
> charset=utf-8"};
>
> var params = {};
> soapRequest =
> "<?xml version=\"1.0\" encoding=\"utf-8\"?>" +
> "<soap12:Envelope " +
>
> "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"; " +
>
> "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"; " +
>
> "xmlns:soap12=\"http://www.w3.org/2003/05/soap-envelope\";>" +
> "<soap12:Body>" +
> "<" + method + " xmlns=\"" + ns + "\">" +
> parameters.toXml() +
> "</" + method +
> "></soap12:Body></soap12:Envelope>";
> params[gadgets.io.RequestParameters.METHOD] =
> gadgets.io.MethodType.POST;
> params[gadgets.io.RequestParameters.CONTENT_TYPE] =
> gadgets.io.ContentType.DOM;
> params[gadgets.io.RequestParameters.HEADERS] = map;
> params[gadgets.io.RequestParameters.AUTHORIZATION] =
> gadgets.io.AuthorizationType.SIGNED;
> params[gadgets.io.RequestParameters.POST_DATA] = soapRequest;
>
> gadgets.io.makeRequest(url, function(req){
> SOAPClient._onSendSoapRequest(method, async, callback, context, wsdl,
> req);
> }, params);
>
> When the post request reach Orkut Proxy Container, it generates a base
> signature string (http://oauth.net/core/1.0/#anchor14) by Concatenate
> Request Elements
> The following items MUST be concatenated in order into a single
> string. Each item is encoded (Parameter Encoding) and separated by an
> ‘&’ character (ASCII code 38), even if empty.
> 1. The HTTP request method used to send the request. Value MUST be
> uppercase, for example: HEAD, GET , POST, etc.
> In our case it is "POST"
>
> 2. The request URL from Section 9.1.2 (Construct Request URL).
> In our case it ishttp://www.ApplicationServer.com/iApp/Service.asmx
>
> 3. The normalized request parameters string from Section 9.1.1
> (Normalize Request Parameters).
> The request parameters added are following:-
>
> opensocial_owner_id 04260157720044639260
> opensocial_viewer_id 04260157720044639260
> opensocial_app_id 12536334869062616675
> opensocial_app_url http://www.ApplicationServer.com/iApp/KM.xml
> xoauth_signature_publickey pub.
> 1199819524.-1556113204990931254.cer
> oauth_consumer_key orkut.com
> oauth_timestamp 1222452522
> oauth_nonce 1222452522836105000
>
> Base signature string is signed(hashed) and a private key is input for
> RSA-SHA1 algorithm and it generates a signature.
>
> Finally orkut container makes a web service call to the application
> server on behalf of orkut application.
>
> IMPORTANT: Inside the web method all parameters added by orkut
> container are available inside this.Context.Request.Params. These
> parameters are
> opensocial_owner_id 04260157720043639260
> opensocial_viewer_id 04260157720043639260
> opensocial_app_id 12536334849062616675
> opensocial_app_url http://www.ApplicationServer.com/iApp/KM.xml
> xoauth_signature_publickey pub.
> 1199819524.-1556113204990931254.cer
> oauth_consumer_key orkut.com
> oauth_timestamp 1222452522
> oauth_nonce 1222452522836105000
>
> oauth_signature_method RSA-SHA1
> oauth_signature Q1xim4r9e+3LOpObb6GWhGkw41a8MTc9a
> +bNuleE8jwRyymXbdZNJBIq3N2RoC9Ojri2ha1V43Mj0JfovNDpYKoPnAUlwsUGzAp7KzpXcdAeyUw6txeCtkVSdsiWw7NhX/
> btdJs2dQzbMKBptGAfLdwjCYThmqLqwDicHU1Dr34=
>
> Verification:-
>
> I am using the codehttp://code.google.com/p/devdefined-tools/wiki/OAuth
> byhttp://code.google.com/u/bittercoder/(Thank you for help and great
> work)
>
> I created OpenSocialCertificates.cs that has content of certificate
> pub.1199819524.-1556113204990931254.cer
>
> *****OpenSocialCertificates.cs *****
> using System.Security.Cryptography.X509Certificates;
> using System.Text;
>
> namespace DevDefined.OAuth
> {
> public class OpenSocialCertificates
> {
> private const string _orkutCertificate =
> @"-----BEGIN CERTIFICATE-----
> MIIDHDCCAoWgAwIBAgIJAMbTCksqLiWeMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV
> BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIG
> A1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlh
> bjAeFw0wODAxMDgxOTE1MjdaFw0wOTAxMDcxOTE1MjdaMGgxCzAJBgNVBAYTAlVT
> MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML
> R29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlhbjCBnzAN
> BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAseBXZ4NDhm24nX3sJRiZJhvy9eDZX12G
> j4HWAMmhAcnm2iBgYpAigwhVHtOs+ZIUIdzQHvHeNd0ydc1Jg8e+C+Mlzo38OvaG
> D3qwvzJ0LNn7L80c0XVrvEALdD9zrO+0XSZpTK9PJrl2W59lZlJFUk3pV+jFR8NY
> eB/fto7AVtECAwEAAaOBzTCByjAdBgNVHQ4EFgQUv7TZGZaI+FifzjpTVjtPHSvb
> XqUwgZoGA1UdIwSBkjCBj4AUv7TZGZaI+FifzjpTVjtPHSvbXqWhbKRqMGgxCzAJ
> BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
> MBIGA1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVs
> cnlhboIJAMbTCksqLiWeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA
> CETnhlEnCJVDXoEtSSwUBLP/147sqiu9a4TNqchTHJObwTwDPUMaU6XIs2OTMmFu
> GeIYpkHXzTa9Q6IKlc7Bt2xkSeY3siRWCxvZekMxPvv7YTcnaVlZzHrVfAzqNsTG
> P3J//C0j+8JWg6G+zuo5k7pNRKDY76GxxHPYamdLfwk=
> -----END CERTIFICATE-----";
>
> public static X509Certificate2 OrkutCertificate
> {
> get { return new
> X509Certificate2(Encoding.ASCII.GetBytes(_orkutCertificate)); }
> }
> }
>
> }
>
> I added another method inside OAuthContextBuilder.cs because the
> parameters using for validation are inside datastructure
> request.Params
>
> public OAuthContext FromHttpParams(HttpRequest request)
> {
> var context = new OAuthContext();
>
> // Required to create signature base string
> // Http Method
> context.RequestMethod = request.HttpMethod;
> //Request URL
> context.RawUri = new Uri("http://"; +
> request.Params["SERVER_NAME"] + request.Params["SCRIPT_NAME"]);
>
> //Request parameters
> context.authParams.Add("opensocial_owner_id",
> request.Params["opensocial_owner_id"]);
> context.authParams.Add("opensocial_viewer_id",
> request.Params["opensocial_viewer_id"]);
> context.authParams.Add("opensocial_app_id",
> request.Params["opensocial_app_id"]);
> context.authParams.Add("opensocial_app_url",
> request.Params["opensocial_app_url"]);
> context.authParams.Add("xoauth_signature_publickey",
> request.Params["xoauth_signature_publickey"]);
> context.authParams.Add(Parameters.OAuth_Consumer_Key,
> request.Params[Parameters.OAuth_Consumer_Key]);
> context.authParams.Add(Parameters.OAuth_Signature_Method,
> request.Params[Parameters.OAuth_Signature_Method]);
> context.authParams.Add(Parameters.OAuth_Timestamp,
> request.Params[Parameters.OAuth_Timestamp]);
> context.authParams.Add(Parameters.OAuth_Nonce,
> request.Params[Parameters.OAuth_Nonce]);
>
> //Algorithm used for signing
> context.SignatureMethod =
> request.Params[Parameters.OAuth_Signature_Method];
>
> //Signature
> context.Signature =
> request.Params[Parameters.OAuth_Signature];
>
> return context;
> }
>
> Inside OAuthContext.cs I added a name value collection named
> authParams
>
> public OAuthContext()
> {
> ...
> ...
> ...
> ...
> ...
> //Akash
> authParams = new NameValueCollection();
> }
>
> ...
> ...
> ...
> ...
> ...
>
> public NameValueCollection authParams
> {
> get
> {
> if (_authParams == null) _authParams = new
> NameValueCollection();
> return _authParams;
> }
> set { _authParams = value; }
> }
>
> ...
> ...
> ...
> ...
> ...
>
> Following is the code for generating signature based
>
> public string GenerateSignatureBaseAuthParams()
> {
> var allParameters = new List<QueryParameter>();
> allParameters.AddRange(authParams.ToQueryParameters());
>
> // Returns signature based
>
> return UriUtility.FormatParameters(RequestMethod, new
> Uri(NormalizedRequestUrl), allParameters);
> }
>
> Here is the code for validation
>
> private static string ValidateWithDevDefinedOAuth(HttpRequest req)
> {
> string str = "Validated";
> try
> {
> OAuthContext context = new
> OAuthContextBuilder().FromHttpParams(req);
> var signer = new OAuthContextSigner();
> var signingContext = new SigningContext { Algorithm =
> DevDefined.OAuth.OpenSocialCertificates.OrkutCertificate.PublicKey.Key };
>
> if (!signer.ValidateSignatureAuthParams(context,
> signingContext))
> {
> str += "Validation Failed\n";
> throw new OAuthException(context,
> OAuthProblems.SignatureInvalid, "check certificate is still valid");
> }
> }
> catch (OAuthException authEx)
> {
> str = authEx.Report.ToString();
> }
> return str;
> }
>
> The code I have added is not a production quality code(Quite obvious).
>
> Thanks,
> -Akash
>
> On Sep 26, 11:05 pm, Akash <[EMAIL PROTECTED]> wrote:
>
> > Thanks Raman & Jason. Now I have much better clarity on how things
> > work.
>
> > I tried the options you suggested and able to make lot of progress.
> > Since I am making a web service call, I am wondering how to Generate
> > Signature Base. Following is the JS code I am using to make the web
> > service call.
>
> > var map = { "Content-Type" : "application/soap+xml;
> > charset=utf-8"};
>
> > var params = {};
> > soapRequest =
> > "<?xml version=\"1.0\"
> > encoding=\"utf-8\"?>" +
> > "<soap12:Envelope " +
> >
> > "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"; " +
> >
> > "xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\"; " +
> >
>
> ...
>
> read more »
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Orkut Developer Forum" group.
To post to this group, send email to opensocial-orkut@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---
