// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "google_apis/gaia/oauth_request_signer.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"
// This value is used to seed the PRNG at the beginning of a sequence of
// operations to produce a repeatable sequence.
#define RANDOM_SEED (0x69E3C47D)
TEST(OAuthRequestSignerTest, Encode) {
ASSERT_EQ(OAuthRequestSigner::Encode("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789"
"-._~"),
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz"
"0123456789"
"-._~");
ASSERT_EQ(OAuthRequestSigner::Encode(
"https://accounts.google.com/OAuthLogin"),
"https%3A%2F%2Faccounts.google.com%2FOAuthLogin");
ASSERT_EQ(OAuthRequestSigner::Encode("%"), "%25");
ASSERT_EQ(OAuthRequestSigner::Encode("%25"), "%2525");
ASSERT_EQ(OAuthRequestSigner::Encode(
"Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed "
"do eiusmod tempor incididunt ut labore et dolore magna "
"aliqua. Ut enim ad minim veniam, quis nostrud exercitation "
"ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis "
"aute irure dolor in reprehenderit in voluptate velit esse "
"cillum dolore eu fugiat nulla pariatur. Excepteur sint "
"occaecat cupidatat non proident, sunt in culpa qui officia "
"deserunt mollit anim id est laborum."),
"Lorem%20ipsum%20dolor%20sit%20amet%2C%20consectetur%20"
"adipisicing%20elit%2C%20sed%20do%20eiusmod%20tempor%20"
"incididunt%20ut%20labore%20et%20dolore%20magna%20aliqua.%20Ut%20"
"enim%20ad%20minim%20veniam%2C%20quis%20nostrud%20exercitation%20"
"ullamco%20laboris%20nisi%20ut%20aliquip%20ex%20ea%20commodo%20"
"consequat.%20Duis%20aute%20irure%20dolor%20in%20reprehenderit%20"
"in%20voluptate%20velit%20esse%20cillum%20dolore%20eu%20fugiat%20"
"nulla%20pariatur.%20Excepteur%20sint%20occaecat%20cupidatat%20"
"non%20proident%2C%20sunt%20in%20culpa%20qui%20officia%20"
"deserunt%20mollit%20anim%20id%20est%20laborum.");
ASSERT_EQ(OAuthRequestSigner::Encode("!5}&QF~0R-Ecy[?2Cig>6g=;hH!\\Ju4K%UK;"),
"%215%7D%26QF~0R-Ecy%5B%3F2Cig%3E6g%3D%3BhH%21%5CJu4K%25UK%3B");
ASSERT_EQ(OAuthRequestSigner::Encode("1UgHf(r)SkMRS`fRZ/8PsTcXT0:\\<9I=6{|:"),
"1UgHf%28r%29SkMRS%60fRZ%2F8PsTcXT0%3A%5C%3C9I%3D6%7B%7C%3A");
ASSERT_EQ(OAuthRequestSigner::Encode("|<XIy1?o`r\"RuGSX#!:MeP&RLZQM@:\\';2X"),
"%7C%3CXIy1%3Fo%60r%22RuGSX%23%21%3AMeP%26RLZQM%40%3A%5C%27%3B2X");
ASSERT_EQ(OAuthRequestSigner::Encode("#a@A>ZtcQ/yb.~^Q_]daRT?ffK>@A:afWuZL"),
"%23a%40A%3EZtcQ%2Fyb.~%5EQ_%5DdaRT%3FffK%3E%40A%3AafWuZL");
}
TEST(OAuthRequestSignerTest, DecodeEncoded) {
srand(RANDOM_SEED);
static const int kIterations = 500;
static const int kLengthLimit = 500;
for (int iteration = 0; iteration < kIterations; ++iteration) {
std::string text;
int length = rand() % kLengthLimit;
for (int position = 0; position < length; ++position) {
text += static_cast<char>(rand() % 256);
}
std::string encoded = OAuthRequestSigner::Encode(text);
std::string decoded;
ASSERT_TRUE(OAuthRequestSigner::Decode(encoded, &decoded));
ASSERT_EQ(decoded, text);
}
}
TEST(OAuthRequestSignerTest, SignGet1) {
GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken");
OAuthRequestSigner::Parameters parameters;
parameters["scope"] = "https://accounts.google.com/OAuthLogin";
parameters["oauth_nonce"] = "2oiE_aHdk5qRTz0L9C8Lq0g";
parameters["xaouth_display_name"] = "Chromium";
parameters["oauth_timestamp"] = "1308152953";
std::string signed_text;
ASSERT_TRUE(OAuthRequestSigner::SignURL(
request_url,
parameters,
OAuthRequestSigner::HMAC_SHA1_SIGNATURE,
OAuthRequestSigner::GET_METHOD,
"johndoe", // oauth_consumer_key
"53cR3t", // consumer secret
"4/VGY0MsQadcmO8VnCv9gnhoEooq1v", // oauth_token
"c5e0531ff55dfbb4054e", // token secret
&signed_text));
ASSERT_EQ("https://www.google.com/accounts/o8/GetOAuthToken"
"?oauth_consumer_key=johndoe"
"&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g"
"&oauth_signature=PFqDTaiyey1UObcvOyI4Ng2HXW0%3D"
"&oauth_signature_method=HMAC-SHA1"
"&oauth_timestamp=1308152953"
"&oauth_token=4%2FVGY0MsQadcmO8VnCv9gnhoEooq1v"
"&oauth_version=1.0"
"&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin"
"&xaouth_display_name=Chromium",
signed_text);
}
TEST(OAuthRequestSignerTest, SignGet2) {
GURL request_url("https://accounts.google.com/OAuthGetAccessToken");
OAuthRequestSigner::Parameters parameters;
parameters["oauth_timestamp"] = "1308147831";
parameters["oauth_nonce"] = "4d4hZW9DygWQujP2tz06UN";
std::string signed_text;
ASSERT_TRUE(OAuthRequestSigner::SignURL(
request_url,
parameters,
OAuthRequestSigner::HMAC_SHA1_SIGNATURE,
OAuthRequestSigner::GET_METHOD,
"anonymous", // oauth_consumer_key
"anonymous", // consumer secret
"4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token
std::string(), // token secret
&signed_text));
ASSERT_EQ(signed_text,
"https://accounts.google.com/OAuthGetAccessToken"
"?oauth_consumer_key=anonymous"
"&oauth_nonce=4d4hZW9DygWQujP2tz06UN"
"&oauth_signature=YiJv%2BEOWsvCDCi13%2FhQBFrr0J7c%3D"
"&oauth_signature_method=HMAC-SHA1"
"&oauth_timestamp=1308147831"
"&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK"
"&oauth_version=1.0");
}
TEST(OAuthRequestSignerTest, ParseAndSignGet1) {
GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken"
"?scope=https://accounts.google.com/OAuthLogin"
"&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g"
"&xaouth_display_name=Chromium"
"&oauth_timestamp=1308152953");
std::string signed_text;
ASSERT_TRUE(OAuthRequestSigner::ParseAndSign(
request_url,
OAuthRequestSigner::HMAC_SHA1_SIGNATURE,
OAuthRequestSigner::GET_METHOD,
"anonymous", // oauth_consumer_key
"anonymous", // consumer secret
"4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token
std::string(), // token secret
&signed_text));
ASSERT_EQ("https://www.google.com/accounts/o8/GetOAuthToken"
"?oauth_consumer_key=anonymous"
"&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g"
"&oauth_signature=PH7KP6cP%2BzZ1SJ6WGqBgXwQP9Mc%3D"
"&oauth_signature_method=HMAC-SHA1"
"&oauth_timestamp=1308152953"
"&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK"
"&oauth_version=1.0"
"&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin"
"&xaouth_display_name=Chromium",
signed_text);
}
TEST(OAuthRequestSignerTest, ParseAndSignGet2) {
GURL request_url("https://accounts.google.com/OAuthGetAccessToken"
"?oauth_timestamp=1308147831"
"&oauth_nonce=4d4hZW9DygWQujP2tz06UN");
std::string signed_text;
ASSERT_TRUE(OAuthRequestSigner::ParseAndSign(
request_url,
OAuthRequestSigner::HMAC_SHA1_SIGNATURE,
OAuthRequestSigner::GET_METHOD,
"anonymous", // oauth_consumer_key
"anonymous", // consumer secret
"4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token
std::string(), // token secret
&signed_text));
ASSERT_EQ(signed_text,
"https://accounts.google.com/OAuthGetAccessToken"
"?oauth_consumer_key=anonymous"
"&oauth_nonce=4d4hZW9DygWQujP2tz06UN"
"&oauth_signature=YiJv%2BEOWsvCDCi13%2FhQBFrr0J7c%3D"
"&oauth_signature_method=HMAC-SHA1"
"&oauth_timestamp=1308147831"
"&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK"
"&oauth_version=1.0");
}
TEST(OAuthRequestSignerTest, SignPost1) {
GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken");
OAuthRequestSigner::Parameters parameters;
parameters["scope"] = "https://accounts.google.com/OAuthLogin";
parameters["oauth_nonce"] = "2oiE_aHdk5qRTz0L9C8Lq0g";
parameters["xaouth_display_name"] = "Chromium";
parameters["oauth_timestamp"] = "1308152953";
std::string signed_text;
ASSERT_TRUE(OAuthRequestSigner::SignURL(
request_url,
parameters,
OAuthRequestSigner::HMAC_SHA1_SIGNATURE,
OAuthRequestSigner::POST_METHOD,
"anonymous", // oauth_consumer_key
"anonymous", // consumer secret
"4/X8x0r7bHif_VNCLjUMutxGkzo13d", // oauth_token
"b7120598d47594bd3522", // token secret
&signed_text));
ASSERT_EQ("oauth_consumer_key=anonymous"
"&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g"
"&oauth_signature=vVlfv6dnV2%2Fx7TozS0Gf83zS2%2BQ%3D"
"&oauth_signature_method=HMAC-SHA1"
"&oauth_timestamp=1308152953"
"&oauth_token=4%2FX8x0r7bHif_VNCLjUMutxGkzo13d"
"&oauth_version=1.0"
"&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin"
"&xaouth_display_name=Chromium",
signed_text);
}
TEST(OAuthRequestSignerTest, SignPost2) {
GURL request_url("https://accounts.google.com/OAuthGetAccessToken");
OAuthRequestSigner::Parameters parameters;
parameters["oauth_timestamp"] = "1234567890";
parameters["oauth_nonce"] = "17171717171717171";
std::string signed_text;
ASSERT_TRUE(OAuthRequestSigner::SignURL(
request_url,
parameters,
OAuthRequestSigner::HMAC_SHA1_SIGNATURE,
OAuthRequestSigner::POST_METHOD,
"anonymous", // oauth_consumer_key
"anonymous", // consumer secret
"4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token
std::string(), // token secret
&signed_text));
ASSERT_EQ(signed_text,
"oauth_consumer_key=anonymous"
"&oauth_nonce=17171717171717171"
"&oauth_signature=tPX2XqKQICWzopZ80CFGX%2F53DLo%3D"
"&oauth_signature_method=HMAC-SHA1"
"&oauth_timestamp=1234567890"
"&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK"
"&oauth_version=1.0");
}
TEST(OAuthRequestSignerTest, ParseAndSignPost1) {
GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken"
"?scope=https://accounts.google.com/OAuthLogin"
"&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g"
"&xaouth_display_name=Chromium"
"&oauth_timestamp=1308152953");
std::string signed_text;
ASSERT_TRUE(OAuthRequestSigner::ParseAndSign(
request_url,
OAuthRequestSigner::HMAC_SHA1_SIGNATURE,
OAuthRequestSigner::POST_METHOD,
"anonymous", // oauth_consumer_key
"anonymous", // consumer secret
"4/X8x0r7bHif_VNCLjUMutxGkzo13d", // oauth_token
"b7120598d47594bd3522", // token secret
&signed_text));
ASSERT_EQ("oauth_consumer_key=anonymous"
"&oauth_nonce=2oiE_aHdk5qRTz0L9C8Lq0g"
"&oauth_signature=vVlfv6dnV2%2Fx7TozS0Gf83zS2%2BQ%3D"
"&oauth_signature_method=HMAC-SHA1"
"&oauth_timestamp=1308152953"
"&oauth_token=4%2FX8x0r7bHif_VNCLjUMutxGkzo13d"
"&oauth_version=1.0"
"&scope=https%3A%2F%2Faccounts.google.com%2FOAuthLogin"
"&xaouth_display_name=Chromium",
signed_text);
}
TEST(OAuthRequestSignerTest, ParseAndSignPost2) {
GURL request_url("https://accounts.google.com/OAuthGetAccessToken"
"?oauth_timestamp=1234567890"
"&oauth_nonce=17171717171717171");
std::string signed_text;
ASSERT_TRUE(OAuthRequestSigner::ParseAndSign(
request_url,
OAuthRequestSigner::HMAC_SHA1_SIGNATURE,
OAuthRequestSigner::POST_METHOD,
"anonymous", // oauth_consumer_key
"anonymous", // consumer secret
"4/CcC-hgdj1TNnWaX8NTQ76YDXCBEK", // oauth_token
std::string(), // token secret
&signed_text));
ASSERT_EQ(signed_text,
"oauth_consumer_key=anonymous"
"&oauth_nonce=17171717171717171"
"&oauth_signature=tPX2XqKQICWzopZ80CFGX%2F53DLo%3D"
"&oauth_signature_method=HMAC-SHA1"
"&oauth_timestamp=1234567890"
"&oauth_token=4%2FCcC-hgdj1TNnWaX8NTQ76YDXCBEK"
"&oauth_version=1.0");
}
TEST(OAuthRequestSignerTest, SignAuthHeader) {
GURL request_url("https://www.google.com/accounts/o8/GetOAuthToken");
OAuthRequestSigner::Parameters parameters;
parameters["scope"] = "https://accounts.google.com/OAuthLogin";
parameters["oauth_nonce"] = "2oiE_aHdk5qRTz0L9C8Lq0g";
parameters["xaouth_display_name"] = "Chromium";
parameters["oauth_timestamp"] = "1308152953";
std::string signed_text;
ASSERT_TRUE(OAuthRequestSigner::SignAuthHeader(
request_url,
parameters,
OAuthRequestSigner::HMAC_SHA1_SIGNATURE,
OAuthRequestSigner::GET_METHOD,
"johndoe", // oauth_consumer_key
"53cR3t", // consumer secret
"4/VGY0MsQadcmO8VnCv9gnhoEooq1v", // oauth_token
"c5e0531ff55dfbb4054e", // token secret
&signed_text));
ASSERT_EQ("OAuth "
"oauth_consumer_key=\"johndoe\", "
"oauth_nonce=\"2oiE_aHdk5qRTz0L9C8Lq0g\", "
"oauth_signature=\"PFqDTaiyey1UObcvOyI4Ng2HXW0%3D\", "
"oauth_signature_method=\"HMAC-SHA1\", "
"oauth_timestamp=\"1308152953\", "
"oauth_token=\"4%2FVGY0MsQadcmO8VnCv9gnhoEooq1v\", "
"oauth_version=\"1.0\", "
"scope=\"https%3A%2F%2Faccounts.google.com%2FOAuthLogin\", "
"xaouth_display_name=\"Chromium\"",
signed_text);
}