/// <summary>
 /// Stores a newly generated unauthorized request token, secret, and optional
 /// application-specific parameters for later recall.
 /// </summary>
 /// <param name="request">The request message that resulted in the generation of a new unauthorized request token.</param>
 /// <param name="response">The response message that includes the unauthorized request token.</param>
 /// <exception cref="ArgumentException">Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection.</exception>
 /// <remarks>
 /// Request tokens stored by this method SHOULD NOT associate any user account with this token.
 /// It usually opens up security holes in your application to do so.  Instead, you associate a user
 /// account with access tokens (not request tokens) in the <see cref="ExpireRequestTokenAndStoreNewAccessToken"/>
 /// method.
 /// </remarks>
 public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response)
 {
     using (var db = new DbManager(_dbId))
     {
         db.ExecuteNonQuery(new SqlInsert(TOKEN_TABLE, true).InColumnValue("token", response.Token).InColumnValue("token_secret", response.TokenSecret).InColumnValue("request_token",true));
     }
 }

        /// <summary>
        /// Analyzes an incoming request message payload to discover what kind of
        /// message is embedded in it and returns the type, or null if no match is found.
        /// </summary>
        /// <param name="recipient">The intended or actual recipient of the request message.</param>
        /// <param name="fields">The name/value pairs that make up the message payload.</param>
        /// <returns>
        /// A newly instantiated <see cref="IProtocolMessage"/>-derived object that this message can
        /// deserialize to.  Null if the request isn't recognized as a valid protocol message.
        /// </returns>
        /// <remarks>
        /// The request messages are:
        /// UnauthorizedTokenRequest
        /// AuthorizedTokenRequest
        /// UserAuthorizationRequest
        /// AccessProtectedResourceRequest
        /// </remarks>
        public virtual IDirectedProtocolMessage GetNewRequestMessage(MessageReceivingEndpoint recipient, IDictionary<string, string> fields)
        {
            ErrorUtilities.VerifyArgumentNotNull(recipient, "recipient");
            ErrorUtilities.VerifyArgumentNotNull(fields, "fields");

            MessageBase message = null;

            if (fields.ContainsKey("oauth_consumer_key") &&
                !fields.ContainsKey("oauth_token")) {
                message = new UnauthorizedTokenRequest(recipient);
            } else if (fields.ContainsKey("oauth_consumer_key") &&
                fields.ContainsKey("oauth_token")) {
                // Discern between RequestAccessToken and AccessProtectedResources,
                // which have all the same parameters, by figuring out what type of token
                // is in the token parameter.
                bool tokenTypeIsAccessToken = this.tokenManager.GetTokenType(fields["oauth_token"]) == TokenType.AccessToken;

                message = tokenTypeIsAccessToken ? (MessageBase)new AccessProtectedResourceRequest(recipient) :
                    new AuthorizedTokenRequest(recipient);
            } else {
                // fail over to the message with no required fields at all.
                message = new UserAuthorizationRequest(recipient);
            }

            if (message != null) {
                message.SetAsIncoming();
            }

            return message;
        }

		/// <summary>
		/// Initializes a new instance of the <see cref="UnauthorizedTokenResponse"/> class.
		/// </summary>
		/// <param name="requestMessage">The unauthorized request token message that this message is being generated in response to.</param>
		/// <param name="requestToken">The request token.</param>
		/// <param name="tokenSecret">The token secret.</param>
		/// <remarks>
		/// This constructor is used by the Service Provider to send the message.
		/// </remarks>
		protected internal UnauthorizedTokenResponse(UnauthorizedTokenRequest requestMessage, string requestToken, string tokenSecret)
			: this(requestMessage, requestMessage.Version) {
			Requires.NotNull(requestToken, "requestToken");
			Requires.NotNull(tokenSecret, "tokenSecret");

			this.RequestToken = requestToken;
			this.TokenSecret = tokenSecret;
		}

		/// <summary>
		/// Initializes a new instance of the <see cref="UnauthorizedTokenResponse"/> class.
		/// </summary>
		/// <param name="requestMessage">The unauthorized request token message that this message is being generated in response to.</param>
		/// <param name="requestToken">The request token.</param>
		/// <param name="tokenSecret">The token secret.</param>
		/// <remarks>
		/// This constructor is used by the Service Provider to send the message.
		/// </remarks>
		protected internal UnauthorizedTokenResponse(UnauthorizedTokenRequest requestMessage, string requestToken, string tokenSecret)
			: this(requestMessage, requestMessage.Version) {
			Contract.Requires<ArgumentNullException>(requestToken != null);
			Contract.Requires<ArgumentNullException>(tokenSecret != null);

			this.RequestToken = requestToken;
			this.TokenSecret = tokenSecret;
		}

        /// <summary>
        /// Initializes a new instance of the <see cref="UnauthorizedTokenResponse"/> class.
        /// </summary>
        /// <param name="requestMessage">The unauthorized request token message that this message is being generated in response to.</param>
        /// <param name="requestToken">The request token.</param>
        /// <param name="tokenSecret">The token secret.</param>
        /// <remarks>
        /// This constructor is used by the Service Provider to send the message.
        /// </remarks>
        protected internal UnauthorizedTokenResponse(UnauthorizedTokenRequest requestMessage, string requestToken, string tokenSecret)
            : this(requestMessage)
        {
            ErrorUtilities.VerifyArgumentNotNull(requestToken, "requestToken");
            ErrorUtilities.VerifyArgumentNotNull(tokenSecret, "tokenSecret");

            this.RequestToken = requestToken;
            this.TokenSecret = tokenSecret;
        }

 public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response)
 {
     StoreTokenData(new OAuthToken
     {
         Id = response.Token,
         SecretToken = response.TokenSecret,
         TokenType = TokenType.RequestToken
     });
     _documentSession.SaveChanges();
 }

		public void HttpsSignatureVerificationNotApplicable() {
			SigningBindingElementBase target = new PlaintextSigningBindingElement();
			target.Channel = new TestChannel();
			MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("https://localtest", HttpDeliveryMethods.GetRequest);
			ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
			message.ConsumerSecret = "cs";
			message.TokenSecret = "ts";
			message.SignatureMethod = "ANOTHERALGORITHM";
			message.Signature = "somethingelse";
			Assert.AreEqual(MessageProtections.None, target.ProcessIncomingMessage(message), "PLAINTEXT binding element should opt-out where it doesn't understand.");
		}

		public void HttpSignatureVerification() {
			SigningBindingElementBase target = new PlaintextSigningBindingElement();
			target.Channel = new TestChannel();
			MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("http://localtest", HttpDeliveryMethods.GetRequest);
			ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
			message.ConsumerSecret = "cs";
			message.TokenSecret = "ts";
			message.SignatureMethod = "PLAINTEXT";
			message.Signature = "cs%26ts";
			Assert.IsNull(target.ProcessIncomingMessage(message), "PLAINTEXT signature binding element should refuse to participate in non-encrypted messages.");
		}

		public void HttpsSignatureGeneration() {
			SigningBindingElementBase target = new PlaintextSigningBindingElement();
			target.Channel = new TestChannel();
			MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("https://localtest", HttpDeliveryMethods.GetRequest);
			ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
			message.ConsumerSecret = "cs";
			message.TokenSecret = "ts";
			Assert.IsNotNull(target.ProcessOutgoingMessage(message));
			Assert.AreEqual("PLAINTEXT", message.SignatureMethod);
			Assert.AreEqual("cs&ts", message.Signature);
		}

		public void HttpsSignatureVerification() {
			MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("https://localtest", HttpDeliveryMethods.GetRequest);
			ITamperProtectionChannelBindingElement target = new PlaintextSigningBindingElement();
			target.Channel = new TestChannel();
			ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
			message.ConsumerSecret = "cs";
			message.TokenSecret = "ts";
			message.SignatureMethod = "PLAINTEXT";
			message.Signature = "cs&ts";
			Assert.IsNotNull(target.ProcessIncomingMessage(message));
		}

        /// <summary>
        /// Analyzes an incoming request message payload to discover what kind of
        /// message is embedded in it and returns the type, or null if no match is found.
        /// </summary>
        /// <param name="recipient">The intended or actual recipient of the request message.</param>
        /// <param name="fields">The name/value pairs that make up the message payload.</param>
        /// <returns>
        /// A newly instantiated <see cref="IProtocolMessage"/>-derived object that this message can
        /// deserialize to.  Null if the request isn't recognized as a valid protocol message.
        /// </returns>
        /// <remarks>
        /// The request messages are:
        /// UnauthorizedTokenRequest
        /// AuthorizedTokenRequest
        /// UserAuthorizationRequest
        /// AccessProtectedResourceRequest
        /// </remarks>
        public virtual IDirectedProtocolMessage GetNewRequestMessage(MessageReceivingEndpoint recipient, IDictionary<string, string> fields)
        {
            ErrorUtilities.VerifyArgumentNotNull(recipient, "recipient");
            ErrorUtilities.VerifyArgumentNotNull(fields, "fields");

            MessageBase message = null;
            Protocol protocol = Protocol.V10; // default to assuming the less-secure 1.0 instead of 1.0a until we prove otherwise.
            string token;
            fields.TryGetValue("oauth_token", out token);

            try {
                if (fields.ContainsKey("oauth_consumer_key") && !fields.ContainsKey("oauth_token")) {
                    protocol = fields.ContainsKey("oauth_callback") ? Protocol.V10a : Protocol.V10;
                    message = new UnauthorizedTokenRequest(recipient, protocol.Version);
                } else if (fields.ContainsKey("oauth_consumer_key") && fields.ContainsKey("oauth_token")) {
                    // Discern between RequestAccessToken and AccessProtectedResources,
                    // which have all the same parameters, by figuring out what type of token
                    // is in the token parameter.
                    bool tokenTypeIsAccessToken = this.tokenManager.GetTokenType(token) == TokenType.AccessToken;

                    if (tokenTypeIsAccessToken) {
                        message = (MessageBase)new AccessProtectedResourceRequest(recipient, protocol.Version);
                    } else {
                        // Discern between 1.0 and 1.0a requests by checking on the consumer version we stored
                        // when the consumer first requested an unauthorized token.
                        protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion);
                        message = new AuthorizedTokenRequest(recipient, protocol.Version);
                    }
                } else {
                    // fail over to the message with no required fields at all.
                    if (token != null) {
                        protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion);
                    }

                    // If a callback parameter is included, that suggests either the consumer
                    // is following OAuth 1.0 instead of 1.0a, or that a hijacker is trying
                    // to attack.  Either way, if the consumer started out as a 1.0a, keep it
                    // that way, and we'll just ignore the oauth_callback included in this message
                    // by virtue of the UserAuthorizationRequest message not including it in its
                    // 1.0a payload.
                    message = new UserAuthorizationRequest(recipient, protocol.Version);
                }

                if (message != null) {
                    message.SetAsIncoming();
                }

                return message;
            } catch (KeyNotFoundException ex) {
                throw ErrorUtilities.Wrap(ex, OAuthStrings.TokenNotFound);
            }
        }

		public void HttpSignatureGeneration() {
			SigningBindingElementBase target = new PlaintextSigningBindingElement();
			target.Channel = new TestChannel();
			MessageReceivingEndpoint endpoint = new MessageReceivingEndpoint("http://localtest", HttpDeliveryMethods.GetRequest);
			ITamperResistantOAuthMessage message = new UnauthorizedTokenRequest(endpoint, Protocol.Default.Version);
			message.ConsumerSecret = "cs";
			message.TokenSecret = "ts";

			// Since this is (non-encrypted) HTTP, so the plain text signer should not be used
			Assert.IsNull(target.ProcessOutgoingMessage(message));
			Assert.IsNull(message.SignatureMethod);
			Assert.IsNull(message.Signature);
		}

		internal static UnauthorizedTokenRequest CreateTestRequestTokenMessage(MessageDescriptionCollection messageDescriptions, MessageReceivingEndpoint endpoint) {
			endpoint = endpoint ?? new MessageReceivingEndpoint("https://www.google.com/accounts/OAuthGetRequestToken", HttpDeliveryMethods.AuthorizationHeaderRequest | HttpDeliveryMethods.GetRequest);
			UnauthorizedTokenRequest message = new UnauthorizedTokenRequest(endpoint, Protocol.V10.Version);
			message.ConsumerKey = "nerdbank.org";
			((ITamperResistantOAuthMessage)message).ConsumerSecret = "nerdbanksecret";
			var signedMessage = (ITamperResistantOAuthMessage)message;
			signedMessage.HttpMethod = "GET";
			signedMessage.SignatureMethod = "HMAC-SHA1";
			MessageDictionary dictionary = messageDescriptions.GetAccessor(message);
			dictionary["oauth_timestamp"] = "1222665749";
			dictionary["oauth_nonce"] = "fe4045a3f0efdd1e019fa8f8ae3f5c38";
			dictionary["scope"] = "http://www.google.com/m8/feeds/";
			return message;
		}

		public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response) {
			RequestScopedTokenMessage scopedRequest = (RequestScopedTokenMessage)request;
			var consumer = Global.DataContext.OAuthConsumers.Single(consumerRow => consumerRow.ConsumerKey == request.ConsumerKey);
			string scope = scopedRequest.Scope;
			OAuthToken newToken = new OAuthToken {
				OAuthConsumer = consumer,
				Token = response.Token,
				TokenSecret = response.TokenSecret,
				IssueDate = DateTime.UtcNow,
				Scope = scope,
			};

			Global.DataContext.OAuthTokens.InsertOnSubmit(newToken);
			Global.DataContext.SubmitChanges();
		}

		/// <summary>
		/// Stores a newly generated unauthorized request token, secret, and optional
		/// application-specific parameters for later recall.
		/// </summary>
		/// <param name="request">The request message that resulted in the generation of a new unauthorized request token.</param>
		/// <param name="response">The response message that includes the unauthorized request token.</param>
		/// <exception cref="ArgumentException">Thrown if the consumer key is not registered, or a required parameter was not found in the parameters collection.</exception>
		/// <remarks>
		/// Request tokens stored by this method SHOULD NOT associate any user account with this token.
		/// It usually opens up security holes in your application to do so.  Instead, you associate a user
		/// account with access tokens (not request tokens) in the <see cref="ExpireRequestTokenAndStoreNewAccessToken"/>
		/// method.
		/// </remarks>
		public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response) {
			Consumer consumer;
			try {
				consumer = Database.DataContext.Consumers.First(c => c.ConsumerKey == request.ConsumerKey);
			} catch (InvalidOperationException) {
				throw new ArgumentOutOfRangeException();
			}

			var token = new IssuedRequestToken {
				Callback = request.Callback,
				Consumer = consumer,
				Token = response.Token,
				TokenSecret = response.TokenSecret,
			};
			string scope;
			if (request.ExtraData.TryGetValue("scope", out scope)) {
				token.Scope = scope;
			}
			Database.DataContext.AddToIssuedTokens(token);
			Database.DataContext.SaveChanges();
		}

		protected internal UserAuthorizationRequest PrepareRequestUserAuthorization(Uri callback, IDictionary<string, string> requestParameters, IDictionary<string, string> redirectParameters, out string requestToken) {
			// Obtain an unauthorized request token.  Assume the OAuth version given in the service description.
			var token = new UnauthorizedTokenRequest(this.ServiceProvider.RequestTokenEndpoint, this.ServiceProvider.Version) {
				ConsumerKey = this.ConsumerKey,
				Callback = callback,
			};
			var tokenAccessor = this.Channel.MessageDescriptions.GetAccessor(token);
			tokenAccessor.AddExtraParameters(requestParameters);
			var requestTokenResponse = this.Channel.Request<UnauthorizedTokenResponse>(token);
			this.TokenManager.StoreNewRequestToken(token, requestTokenResponse);

			// Fine-tune our understanding of the SP's supported OAuth version if it's wrong.
			if (this.ServiceProvider.Version != requestTokenResponse.Version) {
				Logger.OAuth.WarnFormat("Expected OAuth service provider at endpoint {0} to use OAuth {1} but {2} was detected.  Adjusting service description to new version.", this.ServiceProvider.RequestTokenEndpoint.Location, this.ServiceProvider.Version, requestTokenResponse.Version);
				this.ServiceProvider.ProtocolVersion = Protocol.Lookup(requestTokenResponse.Version).ProtocolVersion;
			}

			// Request user authorization.  The OAuth version will automatically include 
			// or drop the callback that we're setting here.
			ITokenContainingMessage assignedRequestToken = requestTokenResponse;
			var requestAuthorization = new UserAuthorizationRequest(this.ServiceProvider.UserAuthorizationEndpoint, assignedRequestToken.Token, requestTokenResponse.Version) {
				Callback = callback,
			};
			var requestAuthorizationAccessor = this.Channel.MessageDescriptions.GetAccessor(requestAuthorization);
			requestAuthorizationAccessor.AddExtraParameters(redirectParameters);
			requestToken = requestAuthorization.RequestToken;
			return requestAuthorization;
		}

 public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response)
 {
     throw new NotImplementedException();
 }

 public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response)
 {
     this.RequestToken = response.Token;
     this.RequestTokenSecret = response.TokenSecret;
 }

 public void StoreNewRequestToken(UnauthorizedTokenRequest request, ITokenSecretContainingMessage response)
 {
     Debug.WriteLine("StoreNewRequestToken: " + response.Token);
     this.requestTokens[response.Token] = response.TokenSecret;
 }

		/// <summary>
		/// Prepares a message containing an unauthorized token for the Consumer to use in a 
		/// user agent redirect for subsequent authorization.
		/// </summary>
		/// <param name="request">The token request message the Consumer sent that the Service Provider is now responding to.</param>
		/// <returns>The response message to send using the <see cref="Channel"/>, after optionally adding extra data to it.</returns>
		public UnauthorizedTokenResponse PrepareUnauthorizedTokenMessage(UnauthorizedTokenRequest request) {
			Requires.NotNull(request, "request");

			string token = this.TokenGenerator.GenerateRequestToken(request.ConsumerKey);
			string secret = this.TokenGenerator.GenerateSecret();
			UnauthorizedTokenResponse response = new UnauthorizedTokenResponse(request, token, secret);

			return response;
		}