summaryrefslogtreecommitdiffstats
path: root/google_apis/gaia/oauth_request_signer.h
diff options
context:
space:
mode:
authorjoi@chromium.org <joi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-09-07 04:26:37 +0000
committerjoi@chromium.org <joi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-09-07 04:26:37 +0000
commit6386cf58a85361fa20bba6ecfc23502e922b9a90 (patch)
tree06f9a9aa7e6bb8db149b53bc7489e69fa87c07fb /google_apis/gaia/oauth_request_signer.h
parentf2857ecf6c8da488feeca9b05cf2c046ea43e02f (diff)
downloadchromium_src-6386cf58a85361fa20bba6ecfc23502e922b9a90.zip
chromium_src-6386cf58a85361fa20bba6ecfc23502e922b9a90.tar.gz
chromium_src-6386cf58a85361fa20bba6ecfc23502e922b9a90.tar.bz2
Moving google_apis and GaiaClient to src/google_apis.
TBR=mechanicalowners@chromium.org BUG=145584 Review URL: https://chromiumcodereview.appspot.com/10928017 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@155312 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'google_apis/gaia/oauth_request_signer.h')
-rw-r--r--google_apis/gaia/oauth_request_signer.h100
1 files changed, 100 insertions, 0 deletions
diff --git a/google_apis/gaia/oauth_request_signer.h b/google_apis/gaia/oauth_request_signer.h
new file mode 100644
index 0000000..3b91d4d
--- /dev/null
+++ b/google_apis/gaia/oauth_request_signer.h
@@ -0,0 +1,100 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_
+#define GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_
+
+#include <map>
+#include <string>
+
+#include "base/basictypes.h"
+
+class GURL;
+
+// Implements the OAuth request signing process as described here:
+// http://oauth.net/core/1.0/#signing_process
+//
+// NOTE: Currently the only supported SignatureMethod is HMAC_SHA1_SIGNATURE
+class OAuthRequestSigner {
+ public:
+ enum SignatureMethod {
+ HMAC_SHA1_SIGNATURE,
+ RSA_SHA1_SIGNATURE,
+ PLAINTEXT_SIGNATURE
+ };
+
+ enum HttpMethod {
+ GET_METHOD,
+ POST_METHOD
+ };
+
+ typedef std::map<std::string,std::string> Parameters;
+
+ // Percent encoding and decoding for OAuth.
+ //
+ // The form of percent encoding used for OAuth request signing is very
+ // specific and strict. See http://oauth.net/core/1.0/#encoding_parameters.
+ // This definition is considered the current standard as of January 2005.
+ // While as of July 2011 many systems to do not comply, any valid OAuth
+ // implementation must comply.
+ //
+ // Any character which is in the "unreserved set" MUST NOT be encoded.
+ // All other characters MUST be encoded.
+ //
+ // The unreserved set is comprised of the alphanumeric characters and these
+ // others:
+ // - minus (-)
+ // - period (.)
+ // - underscore (_)
+ // - tilde (~)
+ static bool Decode(const std::string& text, std::string* decoded_text);
+ static std::string Encode(const std::string& text);
+
+ // Signs a request specified as URL string, complete with parameters.
+ //
+ // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise
+ // it is the request parameters, including the oauth_signature field.
+ static bool ParseAndSign(const GURL& request_url_with_parameters,
+ SignatureMethod signature_method,
+ HttpMethod http_method,
+ const std::string& consumer_key,
+ const std::string& consumer_secret,
+ const std::string& token_key,
+ const std::string& token_secret,
+ std::string* signed_result);
+
+ // Signs a request specified as the combination of a base URL string, with
+ // parameters included in a separate map data structure. NOTE: The base URL
+ // string must not contain a question mark (?) character. If it does,
+ // you can use ParseAndSign() instead.
+ //
+ // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise
+ // it is the request parameters, including the oauth_signature field.
+ static bool SignURL(const GURL& request_base_url,
+ const Parameters& parameters,
+ SignatureMethod signature_method,
+ HttpMethod http_method,
+ const std::string& consumer_key,
+ const std::string& consumer_secret,
+ const std::string& token_key,
+ const std::string& token_secret,
+ std::string* signed_result);
+
+ // Similar to SignURL(), but the returned string is not a URL, but the payload
+ // to for an HTTP Authorization header.
+ static bool SignAuthHeader(const GURL& request_base_url,
+ const Parameters& parameters,
+ SignatureMethod signature_method,
+ HttpMethod http_method,
+ const std::string& consumer_key,
+ const std::string& consumer_secret,
+ const std::string& token_key,
+ const std::string& token_secret,
+ std::string* signed_result);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(OAuthRequestSigner);
+};
+
+#endif // GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_