1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "google_apis/gaia/oauth_request_signer.h" 6 7 #include "testing/gtest/include/gtest/gtest.h" 8 #include "url/gurl.h" 9 10 // This value is used to seed the PRNG at the beginning of a sequence of 11 // operations to produce a repeatable sequence. 12 #define RANDOM_SEED (0x69E3C47D) 13 14 TEST(OAuthRequestSignerTest, Encode) { 15 ASSERT_EQ(OAuthRequestSigner::Encode("ABCDEFGHIJKLMNOPQRSTUVWXYZ" 16 "abcdefghijklmnopqrstuvwxyz" 17 "0123456789" 18 "-._~"), 19 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 20 "abcdefghijklmnopqrstuvwxyz" 21 "0123456789" 22 "-._~"); 23 ASSERT_EQ(OAuthRequestSigner::Encode( 24 "https://accounts.google.com/OAuthLogin"), 25 "https%3A%2F%2Faccounts.google.com%2FOAuthLogin"); 26 ASSERT_EQ(OAuthRequestSigner::Encode("%"), "%25"); 27 ASSERT_EQ(OAuthRequestSigner::Encode("%25"), "%2525"); 28 ASSERT_EQ(OAuthRequestSigner::Encode( 29 "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed " 30 "do eiusmod tempor incididunt ut labore et dolore magna " 31 "aliqua. Ut enim ad minim veniam, quis nostrud exercitation " 32 "ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis " 33 "aute irure dolor in reprehenderit in voluptate velit esse " 34 "cillum dolore eu fugiat nulla pariatur. Excepteur sint " 35 "occaecat cupidatat non proident, sunt in culpa qui officia " 36 "deserunt mollit anim id est laborum."), 37 "Lorem%20ipsum%20dolor%20sit%20amet%2C%20consectetur%20" 38 "adipisicing%20elit%2C%20sed%20do%20eiusmod%20tempor%20" 39 "incididunt%20ut%20labore%20et%20dolore%20magna%20aliqua.%20Ut%20" 40 "enim%20ad%20minim%20veniam%2C%20quis%20nostrud%20exercitation%20" 41 "ullamco%20laboris%20nisi%20ut%20aliquip%20ex%20ea%20commodo%20" 42 "consequat.%20Duis%20aute%20irure%20dolor%20in%20reprehenderit%20" 43 "in%20voluptate%20velit%20esse%20cillum%20dolore%20eu%20fugiat%20" 44 "nulla%20pariatur.%20Excepteur%20sint%20occaecat%20cupidatat%20" 45 "non%20proident%2C%20sunt%20in%20culpa%20qui%20officia%20" 46 "deserunt%20mollit%20anim%20id%20est%20laborum."); 47 ASSERT_EQ(OAuthRequestSigner::Encode("!5}&QF~0R-Ecy[?2Cig>6g=;hH!\\Ju4K%UK;"), 48 "%215%7D%26QF~0R-Ecy%5B%3F2Cig%3E6g%3D%3BhH%21%5CJu4K%25UK%3B"); 49 ASSERT_EQ(OAuthRequestSigner::Encode("1UgHf(r)SkMRS`fRZ/8PsTcXT0:\\<9I=6{|:"), 50 "1UgHf%28r%29SkMRS%60fRZ%2F8PsTcXT0%3A%5C%3C9I%3D6%7B%7C%3A"); 51 ASSERT_EQ(OAuthRequestSigner::Encode("|<XIy1?o`r\"RuGSX#!:MeP&RLZQM@:\\';2X"), 52 "%7C%3CXIy1%3Fo%60r%22RuGSX%23%21%3AMeP%26RLZQM%40%3A%5C%27%3B2X"); 53 ASSERT_EQ(OAuthRequestSigner::Encode("#a@A>ZtcQ/yb.~^Q_]daRT?ffK>@A:afWuZL"), 54 "%23a%40A%3EZtcQ%2Fyb.~%5EQ_%5DdaRT%3FffK%3E%40A%3AafWuZL"); 55 } 56 57 TEST(OAuthRequestSignerTest, DecodeEncoded) { 58 srand(RANDOM_SEED); 59 static const int kIterations = 500; 60 static const int kLengthLimit = 500; 61 for (int iteration = 0; iteration < kIterations; ++iteration) { 62 std::string text; 63 int length = rand() % kLengthLimit; 64 for (int position = 0; position < length; ++position) { 65 text += static_cast<char>(rand() % 256); 66 } 67 std::string encoded = OAuthRequestSigner::Encode(text); 68 std::string decoded; 69 ASSERT_TRUE(OAuthRequestSigner::Decode(encoded, &decoded)); 70 ASSERT_EQ(decoded, text); 71 } 72 } 73 74 TEST(OAuthRequestSignerTest, SignGet1) { 75 GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken"); 76 OAuthRequestSigner::Parameters parameters; 77 parameters["scope"] = "https://accounts.google.com/OAuthLogin"; 78 parameters["oauth_nonce"] = "2oiE_aHdk5qRTz0L9C8Lq0g"; 79 parameters["xaouth_display_name"] = "Chromium"; 80 parameters["oauth_timestamp"] = "1308152953"; 81 std::string signed_text; 82 ASSERT_TRUE(OAuthRequestSigner::SignURL( 83 request_url, 84 parameters, 85 OAuthRequestSigner::HMAC_SHA1_SIGNATURE, 86 OAuthRequestSigner::GET_METHOD, 87 "johndoe", // oauth_consumer_key 88 "53cR3t", // consumer secret 89 "4/VGY0MsQadcmO8VnCv9gnhoEooq1v", // oauth_token 90 "c5e0531ff55dfbb4054e", // token secret 91 &signed_text)); 92 ASSERT_EQ("https://www.google.com/accounts/o8/GetOAuthToken" 93 "?oauth_consumer_key=johndoe" 94 "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" 95 "&oauth_signature=PFqDTaiyey1UObcvOyI4Ng2HXW0%3D" 96 "&oauth_signature_method=HMAC-SHA1" 97 "&oauth_timestamp=1308152953" 98 "&oauth_token=4%2FVGY0MsQadcmO8VnCv9gnhoEooq1v" 99 "&oauth_version=1.0" 100 "&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin" 101 "&xaouth_display_name=Chromium", 102 signed_text); 103 } 104 105 TEST(OAuthRequestSignerTest, SignGet2) { 106 GURL request_url("https://accounts.google.com/OAuthGetAccessToken"); 107 OAuthRequestSigner::Parameters parameters; 108 parameters["oauth_timestamp"] = "1308147831"; 109 parameters["oauth_nonce"] = "4d4hZW9DygWQujP2tz06UN"; 110 std::string signed_text; 111 ASSERT_TRUE(OAuthRequestSigner::SignURL( 112 request_url, 113 parameters, 114 OAuthRequestSigner::HMAC_SHA1_SIGNATURE, 115 OAuthRequestSigner::GET_METHOD, 116 "anonymous", // oauth_consumer_key 117 "anonymous", // consumer secret 118 "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token 119 std::string(), // token secret 120 &signed_text)); 121 ASSERT_EQ(signed_text, 122 "https://accounts.google.com/OAuthGetAccessToken" 123 "?oauth_consumer_key=anonymous" 124 "&oauth_nonce=4d4hZW9DygWQujP2tz06UN" 125 "&oauth_signature=YiJv%2BEOWsvCDCi13%2FhQBFrr0J7c%3D" 126 "&oauth_signature_method=HMAC-SHA1" 127 "&oauth_timestamp=1308147831" 128 "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" 129 "&oauth_version=1.0"); 130 } 131 132 TEST(OAuthRequestSignerTest, ParseAndSignGet1) { 133 GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken" 134 "?scope=https://accounts.google.com/OAuthLogin" 135 "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" 136 "&xaouth_display_name=Chromium" 137 "&oauth_timestamp=1308152953"); 138 std::string signed_text; 139 ASSERT_TRUE(OAuthRequestSigner::ParseAndSign( 140 request_url, 141 OAuthRequestSigner::HMAC_SHA1_SIGNATURE, 142 OAuthRequestSigner::GET_METHOD, 143 "anonymous", // oauth_consumer_key 144 "anonymous", // consumer secret 145 "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token 146 std::string(), // token secret 147 &signed_text)); 148 ASSERT_EQ("https://www.google.com/accounts/o8/GetOAuthToken" 149 "?oauth_consumer_key=anonymous" 150 "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" 151 "&oauth_signature=PH7KP6cP%2BzZ1SJ6WGqBgXwQP9Mc%3D" 152 "&oauth_signature_method=HMAC-SHA1" 153 "&oauth_timestamp=1308152953" 154 "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" 155 "&oauth_version=1.0" 156 "&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin" 157 "&xaouth_display_name=Chromium", 158 signed_text); 159 } 160 161 TEST(OAuthRequestSignerTest, ParseAndSignGet2) { 162 GURL request_url("https://accounts.google.com/OAuthGetAccessToken" 163 "?oauth_timestamp=1308147831" 164 "&oauth_nonce=4d4hZW9DygWQujP2tz06UN"); 165 std::string signed_text; 166 ASSERT_TRUE(OAuthRequestSigner::ParseAndSign( 167 request_url, 168 OAuthRequestSigner::HMAC_SHA1_SIGNATURE, 169 OAuthRequestSigner::GET_METHOD, 170 "anonymous", // oauth_consumer_key 171 "anonymous", // consumer secret 172 "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token 173 std::string(), // token secret 174 &signed_text)); 175 ASSERT_EQ(signed_text, 176 "https://accounts.google.com/OAuthGetAccessToken" 177 "?oauth_consumer_key=anonymous" 178 "&oauth_nonce=4d4hZW9DygWQujP2tz06UN" 179 "&oauth_signature=YiJv%2BEOWsvCDCi13%2FhQBFrr0J7c%3D" 180 "&oauth_signature_method=HMAC-SHA1" 181 "&oauth_timestamp=1308147831" 182 "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" 183 "&oauth_version=1.0"); 184 } 185 186 TEST(OAuthRequestSignerTest, SignPost1) { 187 GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken"); 188 OAuthRequestSigner::Parameters parameters; 189 parameters["scope"] = "https://accounts.google.com/OAuthLogin"; 190 parameters["oauth_nonce"] = "2oiE_aHdk5qRTz0L9C8Lq0g"; 191 parameters["xaouth_display_name"] = "Chromium"; 192 parameters["oauth_timestamp"] = "1308152953"; 193 std::string signed_text; 194 ASSERT_TRUE(OAuthRequestSigner::SignURL( 195 request_url, 196 parameters, 197 OAuthRequestSigner::HMAC_SHA1_SIGNATURE, 198 OAuthRequestSigner::POST_METHOD, 199 "anonymous", // oauth_consumer_key 200 "anonymous", // consumer secret 201 "4/X8x0r7bHif_VNCLjUMutxGkzo13d", // oauth_token 202 "b7120598d47594bd3522", // token secret 203 &signed_text)); 204 ASSERT_EQ("oauth_consumer_key=anonymous" 205 "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" 206 "&oauth_signature=vVlfv6dnV2%2Fx7TozS0Gf83zS2%2BQ%3D" 207 "&oauth_signature_method=HMAC-SHA1" 208 "&oauth_timestamp=1308152953" 209 "&oauth_token=4%2FX8x0r7bHif_VNCLjUMutxGkzo13d" 210 "&oauth_version=1.0" 211 "&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin" 212 "&xaouth_display_name=Chromium", 213 signed_text); 214 } 215 216 TEST(OAuthRequestSignerTest, SignPost2) { 217 GURL request_url("https://accounts.google.com/OAuthGetAccessToken"); 218 OAuthRequestSigner::Parameters parameters; 219 parameters["oauth_timestamp"] = "1234567890"; 220 parameters["oauth_nonce"] = "17171717171717171"; 221 std::string signed_text; 222 ASSERT_TRUE(OAuthRequestSigner::SignURL( 223 request_url, 224 parameters, 225 OAuthRequestSigner::HMAC_SHA1_SIGNATURE, 226 OAuthRequestSigner::POST_METHOD, 227 "anonymous", // oauth_consumer_key 228 "anonymous", // consumer secret 229 "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token 230 std::string(), // token secret 231 &signed_text)); 232 ASSERT_EQ(signed_text, 233 "oauth_consumer_key=anonymous" 234 "&oauth_nonce=17171717171717171" 235 "&oauth_signature=tPX2XqKQICWzopZ80CFGX%2F53DLo%3D" 236 "&oauth_signature_method=HMAC-SHA1" 237 "&oauth_timestamp=1234567890" 238 "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" 239 "&oauth_version=1.0"); 240 } 241 242 TEST(OAuthRequestSignerTest, ParseAndSignPost1) { 243 GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken" 244 "?scope=https://accounts.google.com/OAuthLogin" 245 "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" 246 "&xaouth_display_name=Chromium" 247 "&oauth_timestamp=1308152953"); 248 std::string signed_text; 249 ASSERT_TRUE(OAuthRequestSigner::ParseAndSign( 250 request_url, 251 OAuthRequestSigner::HMAC_SHA1_SIGNATURE, 252 OAuthRequestSigner::POST_METHOD, 253 "anonymous", // oauth_consumer_key 254 "anonymous", // consumer secret 255 "4/X8x0r7bHif_VNCLjUMutxGkzo13d", // oauth_token 256 "b7120598d47594bd3522", // token secret 257 &signed_text)); 258 ASSERT_EQ("oauth_consumer_key=anonymous" 259 "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" 260 "&oauth_signature=vVlfv6dnV2%2Fx7TozS0Gf83zS2%2BQ%3D" 261 "&oauth_signature_method=HMAC-SHA1" 262 "&oauth_timestamp=1308152953" 263 "&oauth_token=4%2FX8x0r7bHif_VNCLjUMutxGkzo13d" 264 "&oauth_version=1.0" 265 "&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin" 266 "&xaouth_display_name=Chromium", 267 signed_text); 268 } 269 270 TEST(OAuthRequestSignerTest, ParseAndSignPost2) { 271 GURL request_url("https://accounts.google.com/OAuthGetAccessToken" 272 "?oauth_timestamp=1234567890" 273 "&oauth_nonce=17171717171717171"); 274 std::string signed_text; 275 ASSERT_TRUE(OAuthRequestSigner::ParseAndSign( 276 request_url, 277 OAuthRequestSigner::HMAC_SHA1_SIGNATURE, 278 OAuthRequestSigner::POST_METHOD, 279 "anonymous", // oauth_consumer_key 280 "anonymous", // consumer secret 281 "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token 282 std::string(), // token secret 283 &signed_text)); 284 ASSERT_EQ(signed_text, 285 "oauth_consumer_key=anonymous" 286 "&oauth_nonce=17171717171717171" 287 "&oauth_signature=tPX2XqKQICWzopZ80CFGX%2F53DLo%3D" 288 "&oauth_signature_method=HMAC-SHA1" 289 "&oauth_timestamp=1234567890" 290 "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" 291 "&oauth_version=1.0"); 292 } 293 294 TEST(OAuthRequestSignerTest, SignAuthHeader) { 295 GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken"); 296 OAuthRequestSigner::Parameters parameters; 297 parameters["scope"] = "https://accounts.google.com/OAuthLogin"; 298 parameters["oauth_nonce"] = "2oiE_aHdk5qRTz0L9C8Lq0g"; 299 parameters["xaouth_display_name"] = "Chromium"; 300 parameters["oauth_timestamp"] = "1308152953"; 301 std::string signed_text; 302 ASSERT_TRUE(OAuthRequestSigner::SignAuthHeader( 303 request_url, 304 parameters, 305 OAuthRequestSigner::HMAC_SHA1_SIGNATURE, 306 OAuthRequestSigner::GET_METHOD, 307 "johndoe", // oauth_consumer_key 308 "53cR3t", // consumer secret 309 "4/VGY0MsQadcmO8VnCv9gnhoEooq1v", // oauth_token 310 "c5e0531ff55dfbb4054e", // token secret 311 &signed_text)); 312 ASSERT_EQ("OAuth " 313 "oauth_consumer_key=\"johndoe\", " 314 "oauth_nonce=\"2oiE_aHdk5qRTz0L9C8Lq0g\", " 315 "oauth_signature=\"PFqDTaiyey1UObcvOyI4Ng2HXW0%3D\", " 316 "oauth_signature_method=\"HMAC-SHA1\", " 317 "oauth_timestamp=\"1308152953\", " 318 "oauth_token=\"4%2FVGY0MsQadcmO8VnCv9gnhoEooq1v\", " 319 "oauth_version=\"1.0\", " 320 "scope=\"https%3A%2F%2Faccounts.google.com%2FOAuthLogin\", " 321 "xaouth_display_name=\"Chromium\"", 322 signed_text); 323 } 324
