search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
add flag to guard new miplevel code
[chromium-blink-merge.git] / google_apis / gaia / oauth_request_signer.h
blob3b91d4dbace38b6b05bae1288954db22d75db741
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_
6 #define GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_
7
8 #include <map>
9 #include <string>
10
11 #include "base/basictypes.h"
12
13 class GURL;
14
15 // Implements the OAuth request signing process as described here:
16 // http://oauth.net/core/1.0/#signing_process
17 //
18 // NOTE: Currently the only supported SignatureMethod is HMAC_SHA1_SIGNATURE
19 class OAuthRequestSigner {
20 public:
21 enum SignatureMethod {
22 HMAC_SHA1_SIGNATURE,
23 RSA_SHA1_SIGNATURE,
24 PLAINTEXT_SIGNATURE
25 };
26
27 enum HttpMethod {
28 GET_METHOD,
29 POST_METHOD
30 };
31
32 typedef std::map<std::string,std::string> Parameters;
33
34 // Percent encoding and decoding for OAuth.
35 //
36 // The form of percent encoding used for OAuth request signing is very
37 // specific and strict. See http://oauth.net/core/1.0/#encoding_parameters.
38 // This definition is considered the current standard as of January 2005.
39 // While as of July 2011 many systems to do not comply, any valid OAuth
40 // implementation must comply.
41 //
42 // Any character which is in the "unreserved set" MUST NOT be encoded.
43 // All other characters MUST be encoded.
44 //
45 // The unreserved set is comprised of the alphanumeric characters and these
46 // others:
47 // - minus (-)
48 // - period (.)
49 // - underscore (_)
50 // - tilde (~)
51 static bool Decode(const std::string& text, std::string* decoded_text);
52 static std::string Encode(const std::string& text);
53
54 // Signs a request specified as URL string, complete with parameters.
55 //
56 // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise
57 // it is the request parameters, including the oauth_signature field.
58 static bool ParseAndSign(const GURL& request_url_with_parameters,
59 SignatureMethod signature_method,
60 HttpMethod http_method,
61 const std::string& consumer_key,
62 const std::string& consumer_secret,
63 const std::string& token_key,
64 const std::string& token_secret,
65 std::string* signed_result);
66
67 // Signs a request specified as the combination of a base URL string, with
68 // parameters included in a separate map data structure. NOTE: The base URL
69 // string must not contain a question mark (?) character. If it does,
70 // you can use ParseAndSign() instead.
71 //
72 // If HttpMethod is GET_METHOD, the signed result is the full URL, otherwise
73 // it is the request parameters, including the oauth_signature field.
74 static bool SignURL(const GURL& request_base_url,
75 const Parameters& parameters,
76 SignatureMethod signature_method,
77 HttpMethod http_method,
78 const std::string& consumer_key,
79 const std::string& consumer_secret,
80 const std::string& token_key,
81 const std::string& token_secret,
82 std::string* signed_result);
83
84 // Similar to SignURL(), but the returned string is not a URL, but the payload
85 // to for an HTTP Authorization header.
86 static bool SignAuthHeader(const GURL& request_base_url,
87 const Parameters& parameters,
88 SignatureMethod signature_method,
89 HttpMethod http_method,
90 const std::string& consumer_key,
91 const std::string& consumer_secret,
92 const std::string& token_key,
93 const std::string& token_secret,
94 std::string* signed_result);
95
96 private:
97 DISALLOW_IMPLICIT_CONSTRUCTORS(OAuthRequestSigner);
98 };
99
100 #endif // GOOGLE_APIS_GAIA_OAUTH_REQUEST_SIGNER_H_