Add .NET Standard 2.0 support and improve compatibility

Author: pwelter34

.github/workflows/stale.yml

@@ -0,0 +1,56 @@
+name: Stale Items
+on:
+  schedule:
+  - cron: "0 6 * * 0"
+
+  workflow_dispatch:
+
+jobs:
+  stale:
+    name: Mark and Close Stale Items
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@v9
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+          days-before-stale: 365
+          days-before-close: 45
+
+          # Issue configuration
+          stale-issue-label: "stale"
+          close-issue-label: "closed:stale"
+          exempt-issue-labels: "pinned,security,enhancement,bug,backlog,epic"
+
+          stale-issue-message: |
+            ## ⏰ Stale Issue
+
+            This issue has had no activity for 1 year.
+            It will be closed in 45 days unless there is new activity.
+            To keep it open, comment or remove the `stale` label.
+
+          close-issue-message: |
+            ## 🔒 Closed: Inactive Issue
+
+            Closed after 45 days of inactivity.
+            To reopen, comment with a reason and a maintainer will review.
+
+          # PR configuration
+          stale-pr-label: "stale"
+          close-pr-label: "closed:stale"
+          exempt-pr-labels: "pinned,work-in-progress,ready-for-review"
+
+          stale-pr-message: |
+            ## ⏰ Stale Pull Request
+
+            No activity for 1 year. Will close in 45 days unless updated.
+            To keep open, push commits, comment, or remove the `stale` label.
+
+          close-pr-message: |
+            ## 🔒 Closed: Inactive PR
+
+            Closed after 45 days of inactivity.
+            To continue, reopen or submit a new PR and reference this one.

src/HashGate.AspNetCore/HmacAuthenticationShared.cs

@@ -100,6 +100,26 @@ public static string CreateStringToSign(
         // 2 for the two '\n' literals
         int totalLength = methodLength + pathAndQueryLength + headerValuesLength + separatorLength + 2;
 
+#if NETSTANDARD2_0
+        var stringBuilder = new StringBuilder(totalLength);
+
+        stringBuilder
+            .Append(method.ToUpperInvariant())
+            .Append('\n')
+            .Append(pathAndQuery)
+            .Append('\n');
+
+        // Write header values with semicolons
+        for (int i = 0; i < headerValues.Count; i++)
+        {
+            if (i > 0)
+                stringBuilder.Append(';');
+
+            stringBuilder.Append(headerValues[i]);
+        }
+
+        return stringBuilder.ToString();
+#else
         return string.Create(totalLength, (method, pathAndQuery, headerValues), (span, state) =>
         {
             int pos = 0;
@@ -129,6 +149,7 @@ public static string CreateStringToSign(
                 pos += header.Length;
             }
         });
+#endif
     }
 
     /// <summary>
@@ -146,6 +167,12 @@ public static string GenerateSignature(
         var secretBytes = Encoding.UTF8.GetBytes(secretKey);
         var dataBytes = Encoding.UTF8.GetBytes(stringToSign);
 
+#if NETSTANDARD2_0
+        // Use traditional approach for .NET Standard 2.0
+        using var hmac = new HMACSHA256(secretBytes);
+        var hash = hmac.ComputeHash(dataBytes);
+        return Convert.ToBase64String(hash);
+#else
         // Compute HMACSHA256
         Span<byte> hash = stackalloc byte[32];
         using var hmac = new HMACSHA256(secretBytes);
@@ -163,6 +190,7 @@ public static string GenerateSignature(
             return new string(base64[..charsWritten]);
 
         return Convert.ToBase64String(hash);
+#endif
     }
 
     /// <summary>
@@ -183,6 +211,34 @@ public static string GenerateAuthorizationHeader(
         const string signedHeadersPrefix = "&SignedHeaders=";
         const string signaturePrefix = "&Signature=";
 
+#if NETSTANDARD2_0
+        var stringBuilder = new StringBuilder();
+
+        // Write scheme
+        stringBuilder.Append(scheme);
+
+        // Write client prefix and client
+        stringBuilder.Append(clientPrefix);
+        stringBuilder.Append(client);
+
+        // Write signedHeaders prefix
+        stringBuilder.Append(signedHeadersPrefix);
+
+        // Write signedHeaders (semicolon separated)
+        for (int i = 0; i < signedHeaders.Count; i++)
+        {
+            if (i > 0)
+                stringBuilder.Append(';');
+
+            stringBuilder.Append(signedHeaders[i]);
+        }
+
+        // Write signature prefix and signature
+        stringBuilder.Append(signaturePrefix);
+        stringBuilder.Append(signature);
+
+        return stringBuilder.ToString();
+#else
         // Calculate signedHeaders string and its length
         int signedHeadersCount = signedHeaders.Count;
         int signedHeadersLength = 0;
@@ -241,6 +297,7 @@ public static string GenerateAuthorizationHeader(
             state.signature.AsSpan().CopyTo(span.Slice(pos, state.signature.Length));
             pos += state.signature.Length;
         });
+#endif
     }
 
     /// <summary>
@@ -262,7 +319,16 @@ public static bool FixedTimeEquals(
         if (leftBytes.Length != rightBytes.Length)
             return false;
 
+#if NETSTANDARD2_0
+        // Manual constant-time comparison for .NET Standard 2.0
+        int result = 0;
+        for (int i = 0; i < leftBytes.Length; i++)
+            result |= leftBytes[i] ^ rightBytes[i];
+
+        return result == 0;
+#else
         // Use FixedTimeEquals for constant-time comparison
         return CryptographicOperations.FixedTimeEquals(leftBytes, rightBytes);
+#endif
     }
 }

src/HashGate.HttpClient/DependencyInjectionExtensions.cs

@@ -67,7 +67,8 @@ public static IServiceCollection AddHmacAuthentication(
         this IServiceCollection services,
         Action<HmacAuthenticationOptions>? configure = null)
     {
-        ArgumentNullException.ThrowIfNull(services);
+        if (services == null)
+            throw new ArgumentNullException(nameof(services));
 
         services
             .AddOptions<HmacAuthenticationOptions>()

src/HashGate.HttpClient/HashGate.HttpClient.csproj

@@ -1,13 +1,13 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFrameworks>net8.0;net9.0</TargetFrameworks>
+    <TargetFrameworks>netstandard2.0;net8.0;net9.0</TargetFrameworks>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>
     <Description>HTTP client library for HMAC authentication in ASP.NET Core applications. Provides easy integration for making authenticated HTTP requests using HMAC-based authentication schemes.</Description>
     <PackageTags>aspnetcore;hmac;authentication;http;client;security</PackageTags>
   </PropertyGroup>
-
+ 
   <ItemGroup>
     <Compile Include="..\HashGate.AspNetCore\HmacAuthenticationShared.cs" Link="HmacAuthenticationShared.cs" />
   </ItemGroup>

src/HashGate.HttpClient/HmacAuthenticationOptions.cs

@@ -64,7 +64,7 @@ public class HmacAuthenticationOptions
     /// </list>
     /// </remarks>
     [Required]
-    public required string Client { get; set; }
+    public string Client { get; set; } = null!;
 
     /// <summary>
     /// Gets or sets the secret key used for HMAC-SHA256 signature generation.
@@ -89,7 +89,7 @@ public class HmacAuthenticationOptions
     /// </para>
     /// </remarks>
     [Required]
-    public required string Secret { get; set; }
+    public string Secret { get; set; } = null!;
 
     /// <summary>
     /// Gets or sets the list of HTTP header names that should be included in the HMAC signature calculation.

src/HashGate.HttpClient/HttpRequestMessageExtensions.cs

@@ -57,9 +57,20 @@ public static async Task AddHmacAuthentication(
         string secret,
         IReadOnlyList<string>? signedHeaders = null)
     {
-        ArgumentNullException.ThrowIfNull(request);
-        ArgumentException.ThrowIfNullOrWhiteSpace(client);
-        ArgumentException.ThrowIfNullOrWhiteSpace(secret);
+        if (request is null)
+            throw new ArgumentNullException(nameof(request));
+
+        if (client is null)
+            throw new ArgumentNullException(nameof(client));
+
+        if (string.IsNullOrWhiteSpace(client))
+            throw new ArgumentException("Client cannot be empty or whitespace.", nameof(client));
+
+        if (secret is null)
+            throw new ArgumentNullException(nameof(secret));
+
+        if (string.IsNullOrWhiteSpace(secret))
+            throw new ArgumentException("Secret cannot be empty or whitespace.", nameof(secret));
 
         // ensure required headers are present
         if (signedHeaders == null)
@@ -126,8 +137,10 @@ public static Task AddHmacAuthentication(
         this HttpRequestMessage request,
         HmacAuthenticationOptions options)
     {
-        ArgumentNullException.ThrowIfNull(request);
-        ArgumentNullException.ThrowIfNull(options);
+        if (request is null)
+            throw new ArgumentNullException(nameof(request));
+        if (options is null)
+            throw new ArgumentNullException(nameof(options));
 
         return request.AddHmacAuthentication(
             client: options.Client,
@@ -174,8 +187,14 @@ public static async Task<string> GenerateContentHash(this HttpRequestMessage req
         if (request.Content == null)
             return HmacAuthenticationShared.EmptyContentHash;
 
-        byte[] bodyBytes = await request.Content.ReadAsByteArrayAsync();
+        var bodyBytes = await request.Content.ReadAsByteArrayAsync();
+
+#if NETSTANDARD2_0
+        using var sha256 = SHA256.Create();
+        var hashBytes = sha256.ComputeHash(bodyBytes);
+#else
         var hashBytes = SHA256.HashData(bodyBytes);
+#endif
 
         // consume the content stream, need to recreate it
         var originalContent = new ByteArrayContent(bodyBytes);
@@ -185,10 +204,12 @@ public static async Task<string> GenerateContentHash(this HttpRequestMessage req
         // Restore content with headers
         request.Content = originalContent;
 
+#if !NETSTANDARD2_0
         // 32 bytes SHA256 -> 44 chars base64
         Span<char> base64 = stackalloc char[44];
         if (Convert.TryToBase64Chars(hashBytes, base64, out int charsWritten))
             return new string(base64[..charsWritten]);
+#endif
 
         // if stackalloc is not large enough (should not happen for SHA256)
         return Convert.ToBase64String(hashBytes);

test/HashGate.HttpClient.Tests/HmacAuthenticationSharedTests.cs

@@ -0,0 +1,102 @@
+namespace HashGate.HttpClient.Tests;
+
+public class HmacAuthenticationSharedTests
+{
+    [Fact]
+    public void CreateStringToSign_CreatesExpectedFormat()
+    {
+        var method = "get";
+        var pathAndQuery = "/api/resource?x=1";
+        var headers = new[] { "value1", "value2" };
+        var result = HmacAuthenticationShared.CreateStringToSign(method, pathAndQuery, headers);
+
+        Assert.Equal("GET\n/api/resource?x=1\nvalue1;value2", result);
+    }
+
+    [Fact]
+    public void CreateStringToSign_EmptyHeaders_CreatesExpectedFormat()
+    {
+        var method = "post";
+        var pathAndQuery = "/api/empty";
+        var headers = Array.Empty<string>();
+        var result = HmacAuthenticationShared.CreateStringToSign(method, pathAndQuery, headers);
+
+        Assert.Equal("POST\n/api/empty\n", result);
+    }
+
+    [Fact]
+    public void CreateStringToSign_SingleHeader_CreatesExpectedFormat()
+    {
+        var method = "put";
+        var pathAndQuery = "/api/one";
+        var headers = new[] { "onlyone" };
+        var result = HmacAuthenticationShared.CreateStringToSign(method, pathAndQuery, headers);
+
+        Assert.Equal("PUT\n/api/one\nonlyone", result);
+    }
+
+    [Theory]
+    [InlineData("", "", true)]
+    [InlineData(" ", " ", true)]
+    [InlineData("abc", "", false)]
+    [InlineData("", "abc", false)]
+    public void FixedTimeEquals_EmptyAndWhitespaceCases(string left, string right, bool expected)
+    {
+        Assert.Equal(expected, HmacAuthenticationShared.FixedTimeEquals(left, right));
+    }
+
+    [Theory]
+    [InlineData("abc", "abc", true)]
+    [InlineData("abc", "def", false)]
+    [InlineData("abc", "abcd", false)]
+    [InlineData("abc", "abc ", false)]
+    public void FixedTimeEquals_ComparesCorrectly(string left, string right, bool expected)
+    {
+        Assert.Equal(expected, HmacAuthenticationShared.FixedTimeEquals(left, right));
+    }
+
+
+    [Fact]
+    public void GenerateAuthorizationHeader_CreatesExpectedHeader()
+    {
+        var client = "abc123";
+        var signedHeaders = new[] { "host", "date" };
+        var signature = "xyz789";
+        var header = HmacAuthenticationShared.GenerateAuthorizationHeader(client, signedHeaders, signature);
+
+        Assert.Equal("HMAC Client=abc123&SignedHeaders=host;date&Signature=xyz789", header);
+    }
+
+    [Fact]
+    public void GenerateAuthorizationHeader_EmptyHeaders_CreatesExpectedHeader()
+    {
+        var client = "empty";
+        var signedHeaders = Array.Empty<string>();
+        var signature = "sig";
+        var header = HmacAuthenticationShared.GenerateAuthorizationHeader(client, signedHeaders, signature);
+
+        Assert.Equal("HMAC Client=empty&SignedHeaders=&Signature=sig", header);
+    }
+
+    [Fact]
+    public void GenerateSignature_EmptyInputs_ReturnsExpectedBase64()
+    {
+        var signature = HmacAuthenticationShared.GenerateSignature("", "");
+        Assert.Equal(44, signature.Length);
+        Assert.True(Convert.TryFromBase64String(signature, new Span<byte>(new byte[32]), out _));
+    }
+
+    [Fact]
+    public void GenerateSignature_ReturnsExpectedBase64()
+    {
+        var stringToSign = "GET\n/api/resource?x=1\nvalue1;value2";
+        var secretKey = "mysecret";
+        var signature = HmacAuthenticationShared.GenerateSignature(stringToSign, secretKey);
+
+        // Validate base64 length for SHA256
+        Assert.Equal(44, signature.Length);
+
+        // Should be valid base64
+        Assert.True(Convert.TryFromBase64String(signature, new Span<byte>(new byte[32]), out _));
+    }
+}