1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_ 6 #define GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_ 7 8 #include <map> 9 #include <string> 10 11 #include "base/basictypes.h" 12 13 class GURL; 14 15 // Implements the OAuth request signing process as described here: 16 // http://oauth.net/core/1.0/#signing_process 17 // 18 // NOTE: Currently the only supported SignatureMethod is HMAC_SHA1_SIGNATURE 19 class OAuthRequestSigner { 20 public: 21 enum SignatureMethod { 22 HMAC_SHA1_SIGNATURE, 23 RSA_SHA1_SIGNATURE, 24 PLAINTEXT_SIGNATURE 25 }; 26 27 enum HttpMethod { 28 GET_METHOD, 29 POST_METHOD 30 }; 31 32 typedef std::map<std::string,std::string> Parameters; 33 34 // Percent encoding and decoding for OAuth. 35 // 36 // The form of percent encoding used for OAuth request signing is very 37 // specific and strict. See http://oauth.net/core/1.0/#encoding_parameters. 38 // This definition is considered the current standard as of January 2005. 39 // While as of July 2011 many systems to do not comply, any valid OAuth 40 // implementation must comply. 41 // 42 // Any character which is in the "unreserved set" MUST NOT be encoded. 43 // All other characters MUST be encoded. 44 // 45 // The unreserved set is comprised of the alphanumeric characters and these 46 // others: 47 // - minus (-) 48 // - period (.) 49 // - underscore (_) 50 // - tilde (~) 51 static bool Decode(const std::string& text, std::string* decoded_text); 52 static std::string Encode(const std::string& text); 53 54 // Signs a request specified as URL string, complete with parameters. 55 // 56 // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise 57 // it is the request parameters, including the oauth_signature field. 58 static bool ParseAndSign(const GURL& request_url_with_parameters, 59 SignatureMethod signature_method, 60 HttpMethod http_method, 61 const std::string& consumer_key, 62 const std::string& consumer_secret, 63 const std::string& token_key, 64 const std::string& token_secret, 65 std::string* signed_result); 66 67 // Signs a request specified as the combination of a base URL string, with 68 // parameters included in a separate map data structure. NOTE: The base URL 69 // string must not contain a question mark (?) character. If it does, 70 // you can use ParseAndSign() instead. 71 // 72 // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise 73 // it is the request parameters, including the oauth_signature field. 74 static bool SignURL(const GURL& request_base_url, 75 const Parameters& parameters, 76 SignatureMethod signature_method, 77 HttpMethod http_method, 78 const std::string& consumer_key, 79 const std::string& consumer_secret, 80 const std::string& token_key, 81 const std::string& token_secret, 82 std::string* signed_result); 83 84 // Similar to SignURL(), but the returned string is not a URL, but the payload 85 // to for an HTTP Authorization header. 86 static bool SignAuthHeader(const GURL& request_base_url, 87 const Parameters& parameters, 88 SignatureMethod signature_method, 89 HttpMethod http_method, 90 const std::string& consumer_key, 91 const std::string& consumer_secret, 92 const std::string& token_key, 93 const std::string& token_secret, 94 std::string* signed_result); 95 96 private: 97 DISALLOW_IMPLICIT_CONSTRUCTORS(OAuthRequestSigner); 98 }; 99 100 #endif // GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_ 101
