• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_
6 #define GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_
7 
8 #include <map>
9 #include <string>
10 
11 #include "base/basictypes.h"
12 
13 class GURL;
14 
15 // Implements the OAuth request signing process as described here:
16 //   http://oauth.net/core/1.0/#signing_process
17 //
18 // NOTE: Currently the only supported SignatureMethod is HMAC_SHA1_SIGNATURE
19 class OAuthRequestSigner {
20  public:
21   enum SignatureMethod {
22     HMAC_SHA1_SIGNATURE,
23     RSA_SHA1_SIGNATURE,
24     PLAINTEXT_SIGNATURE
25   };
26 
27   enum HttpMethod {
28     GET_METHOD,
29     POST_METHOD
30   };
31 
32   typedef std::map<std::string,std::string> Parameters;
33 
34   // Percent encoding and decoding for OAuth.
35   //
36   // The form of percent encoding used for OAuth request signing is very
37   // specific and strict.  See http://oauth.net/core/1.0/#encoding_parameters.
38   // This definition is considered the current standard as of January 2005.
39   // While as of July 2011 many systems to do not comply, any valid OAuth
40   // implementation must comply.
41   //
42   // Any character which is in the "unreserved set" MUST NOT be encoded.
43   // All other characters MUST be encoded.
44   //
45   // The unreserved set is comprised of the alphanumeric characters and these
46   // others:
47   //   - minus (-)
48   //   - period (.)
49   //   - underscore (_)
50   //   - tilde (~)
51   static bool Decode(const std::string& text, std::string* decoded_text);
52   static std::string Encode(const std::string& text);
53 
54   // Signs a request specified as URL string, complete with parameters.
55   //
56   // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise
57   // it is the request parameters, including the oauth_signature field.
58   static bool ParseAndSign(const GURL& request_url_with_parameters,
59                            SignatureMethod signature_method,
60                            HttpMethod http_method,
61                            const std::string& consumer_key,
62                            const std::string& consumer_secret,
63                            const std::string& token_key,
64                            const std::string& token_secret,
65                            std::string* signed_result);
66 
67   // Signs a request specified as the combination of a base URL string, with
68   // parameters included in a separate map data structure.  NOTE: The base URL
69   // string must not contain a question mark (?) character.  If it does,
70   // you can use ParseAndSign() instead.
71   //
72   // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise
73   // it is the request parameters, including the oauth_signature field.
74   static bool SignURL(const GURL& request_base_url,
75                       const Parameters& parameters,
76                       SignatureMethod signature_method,
77                       HttpMethod http_method,
78                       const std::string& consumer_key,
79                       const std::string& consumer_secret,
80                       const std::string& token_key,
81                       const std::string& token_secret,
82                       std::string* signed_result);
83 
84   // Similar to SignURL(), but the returned string is not a URL, but the payload
85   // to for an HTTP Authorization header.
86   static bool SignAuthHeader(const GURL& request_base_url,
87                              const Parameters& parameters,
88                              SignatureMethod signature_method,
89                              HttpMethod http_method,
90                              const std::string& consumer_key,
91                              const std::string& consumer_secret,
92                              const std::string& token_key,
93                              const std::string& token_secret,
94                              std::string* signed_result);
95 
96  private:
97   DISALLOW_IMPLICIT_CONSTRUCTORS(OAuthRequestSigner);
98 };
99 
100 #endif  // GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_
101