@ -0,0 +1,13 @@
OAuth (
Written by Daniel Crenna
This work is public domain.
"The person who associated a work with this document has
dedicated the work to the Commons by waiving all of his
or her rights to the work worldwide under copyright law
and all related or neighboring legal rights he or she
had in the work, to the extent allowable by law."
For more information, please visit:
@ -0,0 +1,12 @@
namespace NzbDrone.Common.OAuth
/// <summary>
/// The encryption method to use when hashing a request signature.
/// </summary>
public enum OAuthSignatureMethod
@ -0,0 +1,409 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
#if !WINRT
using System.Security.Cryptography;
using Windows.Security.Cryptography;
using Windows.Security.Cryptography.Core;
using Windows.Storage.Streams;
using System.Globalization;
namespace NzbDrone.Common.OAuth
/// <summary>
/// A general purpose toolset for creating components of an OAuth request.
/// </summary>
/// <seealso href=""/>
public static class OAuthTools
private const string AlphaNumeric = Upper + Lower + Digit;
private const string Digit = "1234567890";
private const string Lower = "abcdefghijklmnopqrstuvwxyz";
private const string Unreserved = AlphaNumeric + "-._~";
private const string Upper = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
private static readonly Random _random;
private static readonly object _randomLock = new object();
private static readonly RandomNumberGenerator _rng = RandomNumberGenerator.Create();
static OAuthTools()
var bytes = new byte[4];
_random = new Random(BitConverter.ToInt32(bytes, 0));
_random = new Random();
/// <summary>
/// All text parameters are UTF-8 encoded (per section 5.1).
/// </summary>
/// <seealso href=""/>
#if !WINRT
private static readonly Encoding _encoding = Encoding.UTF8;
private static readonly BinaryStringEncoding _encoding = BinaryStringEncoding.Utf8;
/// <summary>
/// Generates a random 16-byte lowercase alphanumeric string.
/// </summary>
/// <seealso href=""/>
/// <returns></returns>
public static string GetNonce()
const string chars = (Lower + Digit);
var nonce = new char[16];
lock (_randomLock)
for (var i = 0; i < nonce.Length; i++)
nonce[i] = chars[_random.Next(0, chars.Length)];
return new string(nonce);
/// <summary>
/// Generates a timestamp based on the current elapsed seconds since '01/01/1970 0000 GMT"
/// </summary>
/// <seealso href=""/>
/// <returns></returns>
public static string GetTimestamp()
return GetTimestamp(DateTime.UtcNow);
/// <summary>
/// Generates a timestamp based on the elapsed seconds of a given time since '01/01/1970 0000 GMT"
/// </summary>
/// <seealso href=""/>
/// <param name="dateTime">A specified point in time.</param>
/// <returns></returns>
public static string GetTimestamp(DateTime dateTime)
var timestamp = ToUnixTime(dateTime);
return timestamp.ToString();
private static long ToUnixTime(DateTime dateTime)
var timeSpan = (dateTime - new DateTime(1970, 1, 1));
var timestamp = (long)timeSpan.TotalSeconds;
return timestamp;
/// <summary>
/// URL encodes a string based on section 5.1 of the OAuth spec.
/// Namely, percent encoding with [RFC3986], avoiding unreserved characters,
/// upper-casing hexadecimal characters, and UTF-8 encoding for text value pairs.
/// </summary>
/// <param name="value"></param>
/// <seealso href="" />
public static string UrlEncodeRelaxed(string value)
var escaped = Uri.EscapeDataString(value);
// LinkedIn users have problems because it requires escaping brackets
escaped = escaped.Replace("(", PercentEncode("("))
.Replace(")", PercentEncode(")"));
return escaped;
private static string PercentEncode(string s)
var bytes = Encoding.UTF8.GetBytes(s);
var sb = new StringBuilder();
foreach (var b in bytes)
// Supports proper encoding of special characters (\n\r\t\b)
if ((b > 7 && b < 11) || b == 13)
sb.Append(string.Format("%0{0:X}", b));
sb.Append(string.Format("%{0:X}", b));
return sb.ToString();
/// <summary>
/// URL encodes a string based on section 5.1 of the OAuth spec.
/// Namely, percent encoding with [RFC3986], avoiding unreserved characters,
/// upper-casing hexadecimal characters, and UTF-8 encoding for text value pairs.
/// </summary>
/// <param name="value"></param>
/// <seealso href="" />
public static string UrlEncodeStrict(string value)
// [JD]: We need to escape the apostrophe as well or the signature will fail
var original = value;
var ret = original.OfType<char>().Where(
c => !Unreserved.OfType<char>().Contains(c) && c != '%').Aggregate(
value, (current, c) => current.Replace(
c.ToString(), PercentEncode(c.ToString())
return ret.Replace("%%", "%25%"); // Revisit to encode actual %'s
/// <summary>
/// Sorts a collection of key-value pairs by name, and then value if equal,
/// concatenating them into a single string. This string should be encoded
/// prior to, or after normalization is run.
/// </summary>
/// <seealso href=""/>
/// <param name="parameters"></param>
/// <returns></returns>
public static string NormalizeRequestParameters(WebParameterCollection parameters)
var copy = SortParametersExcludingSignature(parameters);
var concatenated = Concatenate(copy, "=", "&");
return concatenated;
private static string Concatenate(ICollection<WebParameter> collection, string separator, string spacer)
var sb = new StringBuilder();
var total = collection.Count;
var count = 0;
foreach (var item in collection)
if (count < total)
return sb.ToString();
/// <summary>
/// Sorts a <see cref="WebParameterCollection"/> by name, and then value if equal.
/// </summary>
/// <param name="parameters">A collection of parameters to sort</param>
/// <returns>A sorted parameter collection</returns>
public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters)
var copy = new WebParameterCollection(parameters);
var exclusions = copy.Where(n => EqualsIgnoreCase(n.Name, "oauth_signature"));
foreach(var parameter in copy)
parameter.Value = UrlEncodeStrict(parameter.Value);
copy.Sort((x, y) => x.Name.Equals(y.Name) ? x.Value.CompareTo(y.Value) : x.Name.CompareTo(y.Name));
return copy;
private static bool EqualsIgnoreCase(string left, string right)
return CultureInfo.InvariantCulture.CompareInfo.Compare(left, right, CompareOptions.IgnoreCase) == 0;
return String.Compare(left, right, StringComparison.InvariantCultureIgnoreCase) == 0;
/// <summary>
/// Creates a request URL suitable for making OAuth requests.
/// Resulting URLs must exclude port 80 or port 443 when accompanied by HTTP and HTTPS, respectively.
/// Resulting URLs must be lower case.
/// </summary>
/// <seealso href=""/>
/// <param name="url">The original request URL</param>
/// <returns></returns>
public static string ConstructRequestUrl(Uri url)
if (url == null)
throw new ArgumentNullException("url");
var sb = new StringBuilder();
var requestUrl = string.Format("{0}://{1}", url.Scheme, url.Host);
var qualified = string.Format(":{0}", url.Port);
var basic = url.Scheme == "http" && url.Port == 80;
var secure = url.Scheme == "https" && url.Port == 443;
sb.Append(!basic && !secure ? qualified : "");
return sb.ToString(); //.ToLower();
/// <summary>
/// Creates a request elements concatentation value to send with a request.
/// This is also known as the signature base.
/// </summary>
/// <seealso href=""/>
/// <seealso href=""/>
/// <param name="method">The request's HTTP method type</param>
/// <param name="url">The request URL</param>
/// <param name="parameters">The request's parameters</param>
/// <returns>A signature base string</returns>
public static string ConcatenateRequestElements(string method, string url, WebParameterCollection parameters)
var sb = new StringBuilder();
// Separating &'s are not URL encoded
var requestMethod = string.Concat(method.ToUpper(), "&");
var requestUrl = string.Concat(UrlEncodeRelaxed(ConstructRequestUrl(new Uri(url))), "&");
var requestParameters = UrlEncodeRelaxed(NormalizeRequestParameters(parameters));
return sb.ToString();
/// <summary>
/// Creates a signature value given a signature base and the consumer secret.
/// This method is used when the token secret is currently unknown.
/// </summary>
/// <seealso href=""/>
/// <param name="signatureMethod">The hashing method</param>
/// <param name="signatureBase">The signature base</param>
/// <param name="consumerSecret">The consumer key</param>
/// <returns></returns>
public static string GetSignature(OAuthSignatureMethod signatureMethod,
string signatureBase,
string consumerSecret)
return GetSignature(signatureMethod, OAuthSignatureTreatment.Escaped, signatureBase, consumerSecret, null);
/// <summary>
/// Creates a signature value given a signature base and the consumer secret.
/// This method is used when the token secret is currently unknown.
/// </summary>
/// <seealso href=""/>
/// <param name="signatureMethod">The hashing method</param>
/// <param name="signatureTreatment">The treatment to use on a signature value</param>
/// <param name="signatureBase">The signature base</param>
/// <param name="consumerSecret">The consumer key</param>
/// <returns></returns>
public static string GetSignature(OAuthSignatureMethod signatureMethod,
OAuthSignatureTreatment signatureTreatment,
string signatureBase,
string consumerSecret)
return GetSignature(signatureMethod, signatureTreatment, signatureBase, consumerSecret, null);
/// <summary>
/// Creates a signature value given a signature base and the consumer secret and a known token secret.
/// </summary>
/// <seealso href=""/>
/// <param name="signatureMethod">The hashing method</param>
/// <param name="signatureBase">The signature base</param>
/// <param name="consumerSecret">The consumer secret</param>
/// <param name="tokenSecret">The token secret</param>
/// <returns></returns>
public static string GetSignature(OAuthSignatureMethod signatureMethod,
string signatureBase,
string consumerSecret,
string tokenSecret)
return GetSignature(signatureMethod, OAuthSignatureTreatment.Escaped, consumerSecret, tokenSecret);
/// <summary>
/// Creates a signature value given a signature base and the consumer secret and a known token secret.
/// </summary>
/// <seealso href=""/>
/// <param name="signatureMethod">The hashing method</param>
/// <param name="signatureTreatment">The treatment to use on a signature value</param>
/// <param name="signatureBase">The signature base</param>
/// <param name="consumerSecret">The consumer secret</param>
/// <param name="tokenSecret">The token secret</param>
/// <returns></returns>
public static string GetSignature(OAuthSignatureMethod signatureMethod,
OAuthSignatureTreatment signatureTreatment,
string signatureBase,
string consumerSecret,
string tokenSecret)
if (IsNullOrBlank(tokenSecret))
tokenSecret = String.Empty;
consumerSecret = UrlEncodeRelaxed(consumerSecret);
tokenSecret = UrlEncodeRelaxed(tokenSecret);
string signature;
switch (signatureMethod)
case OAuthSignatureMethod.HmacSha1:
var key = string.Concat(consumerSecret, "&", tokenSecret);
IBuffer keyMaterial = CryptographicBuffer.ConvertStringToBinary(key, _encoding);
MacAlgorithmProvider hmacSha1Provider = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithmNames.HmacSha1);
CryptographicKey macKey = hmacSha1Provider.CreateKey(keyMaterial);
IBuffer dataToBeSigned = CryptographicBuffer.ConvertStringToBinary(signatureBase, _encoding);
IBuffer signatureBuffer = CryptographicEngine.Sign(macKey, dataToBeSigned);
signature = CryptographicBuffer.EncodeToBase64String(signatureBuffer);
var crypto = new HMACSHA1();
crypto.Key = _encoding.GetBytes(key);
signature = HashWith(signatureBase, crypto);
throw new NotImplementedException("Only HMAC-SHA1 is currently supported.");
var result = signatureTreatment == OAuthSignatureTreatment.Escaped
? UrlEncodeRelaxed(signature)
: signature;
return result;
#if !WINRT
private static string HashWith(string input, HashAlgorithm algorithm)
var data = Encoding.UTF8.GetBytes(input);
var hash = algorithm.ComputeHash(data);
return Convert.ToBase64String(hash);
private static bool IsNullOrBlank(string value)
return String.IsNullOrEmpty(value) || (!String.IsNullOrEmpty(value) && value.Trim() == String.Empty);
@ -0,0 +1,202 @@
using System;
using System.Collections;
using System.Collections.Generic;
using System.Linq;
using System.Collections.Specialized;
namespace NzbDrone.Common.OAuth
public class WebParameterCollection : IList<WebParameter>
private IList<WebParameter> _parameters;
public virtual WebParameter this[string name]
var parameters = this.Where(p => p.Name.Equals(name));
if(parameters.Count() == 0)
return null;
if(parameters.Count() == 1)
return parameters.Single();
var value = string.Join(",", parameters.Select(p => p.Value).ToArray());
return new WebParameter(name, value);
public virtual IEnumerable<string> Names
get { return _parameters.Select(p => p.Name); }
public virtual IEnumerable<string> Values
get { return _parameters.Select(p => p.Value); }
public WebParameterCollection(IEnumerable<WebParameter> parameters)
_parameters = new List<WebParameter>(parameters);
#if !WINRT
public WebParameterCollection(NameValueCollection collection) : this()
public virtual void AddRange(NameValueCollection collection)
private void AddCollection(NameValueCollection collection)
var parameters = collection.AllKeys.Select(key => new WebParameter(key, collection[key]));
foreach (var parameter in parameters)
public WebParameterCollection(IDictionary<string, string> collection) : this()
public void AddCollection(IDictionary<string, string> collection)
foreach (var parameter in collection.Keys.Select(key => new WebParameter(key, collection[key])))
public WebParameterCollection()
_parameters = new List<WebParameter>(0);
public WebParameterCollection(int capacity)
_parameters = new List<WebParameter>(capacity);
private void AddCollection(IEnumerable<WebParameter> collection)
foreach (var pair in collection.Select(parameter => new WebParameter(parameter.Name, parameter.Value)))
public virtual void AddRange(WebParameterCollection collection)
public virtual void AddRange(IEnumerable<WebParameter> collection)
public virtual void Sort(Comparison<WebParameter> comparison)
var sorted = new List<WebParameter>(_parameters);
_parameters = sorted;
public virtual bool RemoveAll(IEnumerable<WebParameter> parameters)
var array = parameters.ToArray();
var success = array.Aggregate(true, (current, parameter) => current & _parameters.Remove(parameter));
return success && array.Length > 0;
public virtual void Add(string name, string value)
var pair = new WebParameter(name, value);
#region IList<WebParameter> Members
public virtual IEnumerator<WebParameter> GetEnumerator()
return _parameters.GetEnumerator();
IEnumerator IEnumerable.GetEnumerator()
return GetEnumerator();
public virtual void Add(WebParameter parameter)
public virtual void Clear()
public virtual bool Contains(WebParameter parameter)
return _parameters.Contains(parameter);
public virtual void CopyTo(WebParameter[] parameters, int arrayIndex)
_parameters.CopyTo(parameters, arrayIndex);
public virtual bool Remove(WebParameter parameter)
return _parameters.Remove(parameter);
public virtual int Count
get { return _parameters.Count; }
public virtual bool IsReadOnly
get { return _parameters.IsReadOnly; }
public virtual int IndexOf(WebParameter parameter)
return _parameters.IndexOf(parameter);
public virtual void Insert(int index, WebParameter parameter)
_parameters.Insert(index, parameter);
public virtual void RemoveAt(int index)
public virtual WebParameter this[int index]
get { return _parameters[index]; }
set { _parameters[index] = value; }
Reference in new issue