// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "google_apis/gaia/oauth_request_signer.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" // This value is used to seed the PRNG at the beginning of a sequence of // operations to produce a repeatable sequence. #define RANDOM_SEED (0x69E3C47D) TEST(OAuthRequestSignerTest, Encode) { ASSERT_EQ(OAuthRequestSigner::Encode("ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789" "-._~"), "ABCDEFGHIJKLMNOPQRSTUVWXYZ" "abcdefghijklmnopqrstuvwxyz" "0123456789" "-._~"); ASSERT_EQ(OAuthRequestSigner::Encode( "https://accounts.google.com/OAuthLogin"), "https%3A%2F%2Faccounts.google.com%2FOAuthLogin"); ASSERT_EQ(OAuthRequestSigner::Encode("%"), "%25"); ASSERT_EQ(OAuthRequestSigner::Encode("%25"), "%2525"); ASSERT_EQ(OAuthRequestSigner::Encode( "Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed " "do eiusmod tempor incididunt ut labore et dolore magna " "aliqua. Ut enim ad minim veniam, quis nostrud exercitation " "ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis " "aute irure dolor in reprehenderit in voluptate velit esse " "cillum dolore eu fugiat nulla pariatur. Excepteur sint " "occaecat cupidatat non proident, sunt in culpa qui officia " "deserunt mollit anim id est laborum."), "Lorem%20ipsum%20dolor%20sit%20amet%2C%20consectetur%20" "adipisicing%20elit%2C%20sed%20do%20eiusmod%20tempor%20" "incididunt%20ut%20labore%20et%20dolore%20magna%20aliqua.%20Ut%20" "enim%20ad%20minim%20veniam%2C%20quis%20nostrud%20exercitation%20" "ullamco%20laboris%20nisi%20ut%20aliquip%20ex%20ea%20commodo%20" "consequat.%20Duis%20aute%20irure%20dolor%20in%20reprehenderit%20" "in%20voluptate%20velit%20esse%20cillum%20dolore%20eu%20fugiat%20" "nulla%20pariatur.%20Excepteur%20sint%20occaecat%20cupidatat%20" "non%20proident%2C%20sunt%20in%20culpa%20qui%20officia%20" "deserunt%20mollit%20anim%20id%20est%20laborum."); ASSERT_EQ(OAuthRequestSigner::Encode("!5}&QF~0R-Ecy[?2Cig>6g=;hH!\\Ju4K%UK;"), "%215%7D%26QF~0R-Ecy%5B%3F2Cig%3E6g%3D%3BhH%21%5CJu4K%25UK%3B"); ASSERT_EQ(OAuthRequestSigner::Encode("1UgHf(r)SkMRS`fRZ/8PsTcXT0:\\<9I=6{|:"), "1UgHf%28r%29SkMRS%60fRZ%2F8PsTcXT0%3A%5C%3C9I%3D6%7B%7C%3A"); ASSERT_EQ(OAuthRequestSigner::Encode("|<XIy1?o`r\"RuGSX#!:MeP&RLZQM@:\\';2X"), "%7C%3CXIy1%3Fo%60r%22RuGSX%23%21%3AMeP%26RLZQM%40%3A%5C%27%3B2X"); ASSERT_EQ(OAuthRequestSigner::Encode("#a@A>ZtcQ/yb.~^Q_]daRT?ffK>@A:afWuZL"), "%23a%40A%3EZtcQ%2Fyb.~%5EQ_%5DdaRT%3FffK%3E%40A%3AafWuZL"); } TEST(OAuthRequestSignerTest, DecodeEncoded) { srand(RANDOM_SEED); static const int kIterations = 500; static const int kLengthLimit = 500; for (int iteration = 0; iteration < kIterations; ++iteration) { std::string text; int length = rand() % kLengthLimit; for (int position = 0; position < length; ++position) { text += static_cast<char>(rand() % 256); } std::string encoded = OAuthRequestSigner::Encode(text); std::string decoded; ASSERT_TRUE(OAuthRequestSigner::Decode(encoded, &decoded)); ASSERT_EQ(decoded, text); } } TEST(OAuthRequestSignerTest, SignGet1) { GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken"); OAuthRequestSigner::Parameters parameters; parameters["scope"] = "https://accounts.google.com/OAuthLogin"; parameters["oauth_nonce"] = "2oiE_aHdk5qRTz0L9C8Lq0g"; parameters["xaouth_display_name"] = "Chromium"; parameters["oauth_timestamp"] = "1308152953"; std::string signed_text; ASSERT_TRUE(OAuthRequestSigner::SignURL( request_url, parameters, OAuthRequestSigner::HMAC_SHA1_SIGNATURE, OAuthRequestSigner::GET_METHOD, "johndoe", // oauth_consumer_key "53cR3t", // consumer secret "4/VGY0MsQadcmO8VnCv9gnhoEooq1v", // oauth_token "c5e0531ff55dfbb4054e", // token secret &signed_text)); ASSERT_EQ("https://www.google.com/accounts/o8/GetOAuthToken" "?oauth_consumer_key=johndoe" "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" "&oauth_signature=PFqDTaiyey1UObcvOyI4Ng2HXW0%3D" "&oauth_signature_method=HMAC-SHA1" "&oauth_timestamp=1308152953" "&oauth_token=4%2FVGY0MsQadcmO8VnCv9gnhoEooq1v" "&oauth_version=1.0" "&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin" "&xaouth_display_name=Chromium", signed_text); } TEST(OAuthRequestSignerTest, SignGet2) { GURL request_url("https://accounts.google.com/OAuthGetAccessToken"); OAuthRequestSigner::Parameters parameters; parameters["oauth_timestamp"] = "1308147831"; parameters["oauth_nonce"] = "4d4hZW9DygWQujP2tz06UN"; std::string signed_text; ASSERT_TRUE(OAuthRequestSigner::SignURL( request_url, parameters, OAuthRequestSigner::HMAC_SHA1_SIGNATURE, OAuthRequestSigner::GET_METHOD, "anonymous", // oauth_consumer_key "anonymous", // consumer secret "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token std::string(), // token secret &signed_text)); ASSERT_EQ(signed_text, "https://accounts.google.com/OAuthGetAccessToken" "?oauth_consumer_key=anonymous" "&oauth_nonce=4d4hZW9DygWQujP2tz06UN" "&oauth_signature=YiJv%2BEOWsvCDCi13%2FhQBFrr0J7c%3D" "&oauth_signature_method=HMAC-SHA1" "&oauth_timestamp=1308147831" "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" "&oauth_version=1.0"); } TEST(OAuthRequestSignerTest, ParseAndSignGet1) { GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken" "?scope=https://accounts.google.com/OAuthLogin" "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" "&xaouth_display_name=Chromium" "&oauth_timestamp=1308152953"); std::string signed_text; ASSERT_TRUE(OAuthRequestSigner::ParseAndSign( request_url, OAuthRequestSigner::HMAC_SHA1_SIGNATURE, OAuthRequestSigner::GET_METHOD, "anonymous", // oauth_consumer_key "anonymous", // consumer secret "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token std::string(), // token secret &signed_text)); ASSERT_EQ("https://www.google.com/accounts/o8/GetOAuthToken" "?oauth_consumer_key=anonymous" "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" "&oauth_signature=PH7KP6cP%2BzZ1SJ6WGqBgXwQP9Mc%3D" "&oauth_signature_method=HMAC-SHA1" "&oauth_timestamp=1308152953" "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" "&oauth_version=1.0" "&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin" "&xaouth_display_name=Chromium", signed_text); } TEST(OAuthRequestSignerTest, ParseAndSignGet2) { GURL request_url("https://accounts.google.com/OAuthGetAccessToken" "?oauth_timestamp=1308147831" "&oauth_nonce=4d4hZW9DygWQujP2tz06UN"); std::string signed_text; ASSERT_TRUE(OAuthRequestSigner::ParseAndSign( request_url, OAuthRequestSigner::HMAC_SHA1_SIGNATURE, OAuthRequestSigner::GET_METHOD, "anonymous", // oauth_consumer_key "anonymous", // consumer secret "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token std::string(), // token secret &signed_text)); ASSERT_EQ(signed_text, "https://accounts.google.com/OAuthGetAccessToken" "?oauth_consumer_key=anonymous" "&oauth_nonce=4d4hZW9DygWQujP2tz06UN" "&oauth_signature=YiJv%2BEOWsvCDCi13%2FhQBFrr0J7c%3D" "&oauth_signature_method=HMAC-SHA1" "&oauth_timestamp=1308147831" "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" "&oauth_version=1.0"); } TEST(OAuthRequestSignerTest, SignPost1) { GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken"); OAuthRequestSigner::Parameters parameters; parameters["scope"] = "https://accounts.google.com/OAuthLogin"; parameters["oauth_nonce"] = "2oiE_aHdk5qRTz0L9C8Lq0g"; parameters["xaouth_display_name"] = "Chromium"; parameters["oauth_timestamp"] = "1308152953"; std::string signed_text; ASSERT_TRUE(OAuthRequestSigner::SignURL( request_url, parameters, OAuthRequestSigner::HMAC_SHA1_SIGNATURE, OAuthRequestSigner::POST_METHOD, "anonymous", // oauth_consumer_key "anonymous", // consumer secret "4/X8x0r7bHif_VNCLjUMutxGkzo13d", // oauth_token "b7120598d47594bd3522", // token secret &signed_text)); ASSERT_EQ("oauth_consumer_key=anonymous" "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" "&oauth_signature=vVlfv6dnV2%2Fx7TozS0Gf83zS2%2BQ%3D" "&oauth_signature_method=HMAC-SHA1" "&oauth_timestamp=1308152953" "&oauth_token=4%2FX8x0r7bHif_VNCLjUMutxGkzo13d" "&oauth_version=1.0" "&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin" "&xaouth_display_name=Chromium", signed_text); } TEST(OAuthRequestSignerTest, SignPost2) { GURL request_url("https://accounts.google.com/OAuthGetAccessToken"); OAuthRequestSigner::Parameters parameters; parameters["oauth_timestamp"] = "1234567890"; parameters["oauth_nonce"] = "17171717171717171"; std::string signed_text; ASSERT_TRUE(OAuthRequestSigner::SignURL( request_url, parameters, OAuthRequestSigner::HMAC_SHA1_SIGNATURE, OAuthRequestSigner::POST_METHOD, "anonymous", // oauth_consumer_key "anonymous", // consumer secret "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token std::string(), // token secret &signed_text)); ASSERT_EQ(signed_text, "oauth_consumer_key=anonymous" "&oauth_nonce=17171717171717171" "&oauth_signature=tPX2XqKQICWzopZ80CFGX%2F53DLo%3D" "&oauth_signature_method=HMAC-SHA1" "&oauth_timestamp=1234567890" "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" "&oauth_version=1.0"); } TEST(OAuthRequestSignerTest, ParseAndSignPost1) { GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken" "?scope=https://accounts.google.com/OAuthLogin" "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" "&xaouth_display_name=Chromium" "&oauth_timestamp=1308152953"); std::string signed_text; ASSERT_TRUE(OAuthRequestSigner::ParseAndSign( request_url, OAuthRequestSigner::HMAC_SHA1_SIGNATURE, OAuthRequestSigner::POST_METHOD, "anonymous", // oauth_consumer_key "anonymous", // consumer secret "4/X8x0r7bHif_VNCLjUMutxGkzo13d", // oauth_token "b7120598d47594bd3522", // token secret &signed_text)); ASSERT_EQ("oauth_consumer_key=anonymous" "&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g" "&oauth_signature=vVlfv6dnV2%2Fx7TozS0Gf83zS2%2BQ%3D" "&oauth_signature_method=HMAC-SHA1" "&oauth_timestamp=1308152953" "&oauth_token=4%2FX8x0r7bHif_VNCLjUMutxGkzo13d" "&oauth_version=1.0" "&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin" "&xaouth_display_name=Chromium", signed_text); } TEST(OAuthRequestSignerTest, ParseAndSignPost2) { GURL request_url("https://accounts.google.com/OAuthGetAccessToken" "?oauth_timestamp=1234567890" "&oauth_nonce=17171717171717171"); std::string signed_text; ASSERT_TRUE(OAuthRequestSigner::ParseAndSign( request_url, OAuthRequestSigner::HMAC_SHA1_SIGNATURE, OAuthRequestSigner::POST_METHOD, "anonymous", // oauth_consumer_key "anonymous", // consumer secret "4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token std::string(), // token secret &signed_text)); ASSERT_EQ(signed_text, "oauth_consumer_key=anonymous" "&oauth_nonce=17171717171717171" "&oauth_signature=tPX2XqKQICWzopZ80CFGX%2F53DLo%3D" "&oauth_signature_method=HMAC-SHA1" "&oauth_timestamp=1234567890" "&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK" "&oauth_version=1.0"); } TEST(OAuthRequestSignerTest, SignAuthHeader) { GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken"); OAuthRequestSigner::Parameters parameters; parameters["scope"] = "https://accounts.google.com/OAuthLogin"; parameters["oauth_nonce"] = "2oiE_aHdk5qRTz0L9C8Lq0g"; parameters["xaouth_display_name"] = "Chromium"; parameters["oauth_timestamp"] = "1308152953"; std::string signed_text; ASSERT_TRUE(OAuthRequestSigner::SignAuthHeader( request_url, parameters, OAuthRequestSigner::HMAC_SHA1_SIGNATURE, OAuthRequestSigner::GET_METHOD, "johndoe", // oauth_consumer_key "53cR3t", // consumer secret "4/VGY0MsQadcmO8VnCv9gnhoEooq1v", // oauth_token "c5e0531ff55dfbb4054e", // token secret &signed_text)); ASSERT_EQ("OAuth " "oauth_consumer_key=\"johndoe\", " "oauth_nonce=\"2oiE_aHdk5qRTz0L9C8Lq0g\", " "oauth_signature=\"PFqDTaiyey1UObcvOyI4Ng2HXW0%3D\", " "oauth_signature_method=\"HMAC-SHA1\", " "oauth_timestamp=\"1308152953\", " "oauth_token=\"4%2FVGY0MsQadcmO8VnCv9gnhoEooq1v\", " "oauth_version=\"1.0\", " "scope=\"https%3A%2F%2Faccounts.google.com%2FOAuthLogin\", " "xaouth_display_name=\"Chromium\"", signed_text); }