oauth_request_signer.h revision 5821806d5e7f356e8fa4b058a389a808ea183019
1868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)// Copyright (c) 2011 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#ifndef GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_ 6868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#define GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <map> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 10868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/basictypes.h" 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class GURL; 14a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 152a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Implements the OAuth request signing process as described here: 16eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// http://oauth.net/core/1.0/#signing_process 17eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch// 18a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// NOTE: Currently the only supported SignatureMethod is HMAC_SHA1_SIGNATURE 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class OAuthRequestSigner { 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enum SignatureMethod { 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HMAC_SHA1_SIGNATURE, 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) RSA_SHA1_SIGNATURE, 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PLAINTEXT_SIGNATURE 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enum HttpMethod { 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) GET_METHOD, 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) POST_METHOD 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 324e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) typedef std::map<std::string,std::string> Parameters; 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Percent encoding and decoding for OAuth. 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 36868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) // The form of percent encoding used for OAuth request signing is very 37868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) // specific and strict. See http://oauth.net/core/1.0/#encoding_parameters. 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This definition is considered the current standard as of January 2005. 39868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) // While as of July 2011 many systems to do not comply, any valid OAuth 40868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) // implementation must comply. 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Any character which is in the "unreserved set" MUST NOT be encoded. 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // All other characters MUST be encoded. 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The unreserved set is comprised of the alphanumeric characters and these 46868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) // others: 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // - minus (-) 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // - period (.) 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // - underscore (_) 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // - tilde (~) 514e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) static bool Decode(const std::string& text, std::string* decoded_text); 524e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) static std::string Encode(const std::string& text); 534e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) 544e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) // Signs a request specified as URL string, complete with parameters. 551320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // 561320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise 574e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) // it is the request parameters, including the oauth_signature field. 584e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) static bool ParseAndSign(const GURL& request_url_with_parameters, 594e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) SignatureMethod signature_method, 604e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) HttpMethod http_method, 614e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) const std::string& consumer_key, 624e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) const std::string& consumer_secret, 634e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) const std::string& token_key, 644e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) const std::string& token_secret, 654e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) std::string* signed_result); 664e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) 674e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) // Signs a request specified as the combination of a base URL string, with 684e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) // parameters included in a separate map data structure. NOTE: The base URL 694e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) // string must not contain a question mark (?) character. If it does, 704e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) // you can use ParseAndSign() instead. 714e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) // 72a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise 73868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) // it is the request parameters, including the oauth_signature field. 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static bool SignURL(const GURL& request_base_url, 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const Parameters& parameters, 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SignatureMethod signature_method, 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpMethod http_method, 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& consumer_key, 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& consumer_secret, 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& token_key, 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& token_secret, 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string* signed_result); 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Similar to SignURL(), but the returned string is not a URL, but the payload 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // to for an HTTP Authorization header. 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) static bool SignAuthHeader(const GURL& request_base_url, 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const Parameters& parameters, 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SignatureMethod signature_method, 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) HttpMethod http_method, 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& consumer_key, 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& consumer_secret, 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& token_key, 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& token_secret, 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string* signed_result); 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 964e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) private: 974e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) DISALLOW_IMPLICIT_CONSTRUCTORS(OAuthRequestSigner); 984e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)}; 994e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles) 1004e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)#endif // GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_ 1014e180b6a0b4720a9b8e9e959a882386f690f08ffTorne (Richard Coles)