2Ap5TpE9

1const string consumerKey = "REMOVED";
2    const string consumerSecret = "REMOVED";
3    const string tokenSecret = "REMOVED";
4    const string tokenValue = "REMOVED";
5    const string url = "https://api.bricklink.com/api/store/v1/orders";
6    //FULL URL WITH QS PARAMS IS: https://api.bricklink.com/api/store/v1/orders?direction=in
7    string Escape(string s)
8    {
9        // https://stackoverflow.com/questions/846487/how-to-get-uri-escapedatastring-to-comply-with-rfc-3986
10        var charsToEscape = new[] { "!", "*", "'", "(", ")" };
11        var escaped = new StringBuilder(Uri.EscapeDataString(s));
12        foreach (var t in charsToEscape)
13        {
14            escaped.Replace(t, Uri.HexEscape(t[0]));
15        }
16        return escaped.ToString();
17    }
18
19    protected void Button1_Click(object sender, EventArgs e)
20    {
21        var httpWebRequest = (HttpWebRequest)WebRequest.Create(url);
22        httpWebRequest.Method = "GET";
23        var timeStamp = ((int)(DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds).ToString();
24        var nonce = Convert.ToBase64String(Encoding.UTF8.GetBytes(timeStamp));
25
26        var signatureBaseString = Escape(httpWebRequest.Method.ToUpper()) + "&";
27        signatureBaseString += EscapeUriDataStringRfc3986(url.ToLower()) + "&";
28        signatureBaseString += EscapeUriDataStringRfc3986(
29            "oauth_consumer_key=" + EscapeUriDataStringRfc3986(consumerKey) + "&" +
30            "oauth_nonce=" + EscapeUriDataStringRfc3986(nonce) + "&" +
31            "oauth_signature_method=" + EscapeUriDataStringRfc3986("HMAC-SHA1") + "&" +
32            "oauth_timestamp=" + EscapeUriDataStringRfc3986(timeStamp) + "&" +
33            "oauth_token=" + EscapeUriDataStringRfc3986(tokenValue) + "&" +
34            "oauth_version=" + EscapeUriDataStringRfc3986("1.0")
35
36            //ATTEMPT AT ADDING QS PARAM
37            //"direction=" + SimpleQuote("out")
38
39            );
40
41        lblResult.Text=(@"signatureBaseString: " + signatureBaseString+ "<br/><br/>");
42
43        var key = EscapeUriDataStringRfc3986(consumerSecret) + "&" + EscapeUriDataStringRfc3986(tokenSecret);
44        lblResult.Text+=(@"key: " + key);
45        var signatureEncoding = new ASCIIEncoding();
46        var keyBytes = signatureEncoding.GetBytes(key);
47        var signatureBaseBytes = signatureEncoding.GetBytes(signatureBaseString);
48        string signatureString;
49        using (var hmacsha1 = new HMACSHA1(keyBytes))
50        {
51            var hashBytes = hmacsha1.ComputeHash(signatureBaseBytes);
52            signatureString = Convert.ToBase64String(hashBytes);
53        }
54        signatureString = EscapeUriDataStringRfc3986(signatureString);
55        lblResult.Text+=(@"signatureString: " + signatureString + "<br/><br/>");
56
57
58        var header =
59            "OAuth realm=" + SimpleQuote("") + "," +
60            "oauth_consumer_key=" + SimpleQuote(consumerKey) + "," +
61            "oauth_nonce=" + SimpleQuote(nonce) + "," +
62            "oauth_signature_method=" + SimpleQuote("HMAC-SHA1") + "," +
63            "oauth_timestamp=" + SimpleQuote(timeStamp) + "," +
64            "oauth_token=" + SimpleQuote(tokenValue) + "," +
65            "oauth_version=" + SimpleQuote("1.0") + "," +
66            "oauth_signature= " + SimpleQuote(signatureString);
67            //ATTEMPT MADE HERE TOO
68        lblResult.Text+=(@"header: " + header + "<br/><br/>");
69        httpWebRequest.Headers.Add(HttpRequestHeader.Authorization, header);
70
71        var response = httpWebRequest.GetResponse();
72        var characterSet = ((HttpWebResponse)response).CharacterSet;
73        var responseEncoding = characterSet == ""
74            ? Encoding.UTF8
75            : Encoding.GetEncoding(characterSet ?? "utf-8");
76        var responsestream = response.GetResponseStream();
77        if (responsestream == null)
78        {
79            throw new ArgumentNullException(nameof(characterSet));
80        }
81        using (responsestream)
82        {
83            var reader = new StreamReader(responsestream, responseEncoding);
84            var result = reader.ReadToEnd();
85            lblResult.Text+=(@"result: " + result);
86        }
87    }
88
89    string SimpleQuote(string s) => '"' + s + '"';
90
91    private static readonly string[] UriRfc3986CharsToEscape = new[] { "!", "*", "'", "(", ")" };
92
93    /// <summary>
94    /// Escapes a string according to the URI data string rules given in RFC 3986.
95    /// </summary>
96    /// <param name="value">The value to escape.</param>
97    /// <returns>The escaped value.</returns>
98    /// <remarks>
99    /// The <see cref="Uri.EscapeDataString"/> method is <i>supposed</i> to take on
100    /// RFC 3986 behavior if certain elements are present in a .config file.  Even if this
101    /// actually worked (which in my experiments it <i>doesn't</i>), we can't rely on every
102    /// host actually having this configuration element present.
103    /// </remarks>
104    internal static string EscapeUriDataStringRfc3986(string value)
105    {
106        // Start with RFC 2396 escaping by calling the .NET method to do the work.
107        // This MAY sometimes exhibit RFC 3986 behavior (according to the documentation).
108        // If it does, the escaping we do that follows it will be a no-op since the
109        // characters we search for to replace can't possibly exist in the string.
110        StringBuilder escaped = new StringBuilder(Uri.EscapeDataString(value));
111
112        // Upgrade the escaping to RFC 3986, if necessary.
113        for (int i = 0; i < UriRfc3986CharsToEscape.Length; i++)
114        {
115            escaped.Replace(UriRfc3986CharsToEscape[i], Uri.HexEscape(UriRfc3986CharsToEscape[i][0]));
116        }
117
118        // Return the fully-RFC3986-escaped string.
119        return escaped.ToString();
120    }