| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/http/http_mac_signature.h" |
| 6 |
| 7 #include "base/base64.h" |
| 8 #include "base/rand_util.h" |
| 9 #include "base/string_number_conversions.h" |
| 10 #include "base/string_util.h" |
| 11 #include "base/time.h" |
| 12 #include "crypto/hmac.h" |
| 13 |
| 14 namespace net { |
| 15 |
| 16 namespace { |
| 17 |
| 18 const char kSHA1Name[] = "hmac-sha-1"; |
| 19 const char kSHA256Name[] = "hmac-sha-256"; |
| 20 const int kNonceLength = 256 / 8; |
| 21 |
| 22 size_t LengthForHMACAlgorithm(crypto::HMAC::HashAlgorithm algorithm) { |
| 23 if (algorithm == crypto::HMAC::SHA1) |
| 24 return 20; |
| 25 if (algorithm == crypto::HMAC::SHA256) |
| 26 return 32; |
| 27 NOTREACHED(); |
| 28 return 20; |
| 29 } |
| 30 |
| 31 bool IsPlainStringCharacter(char character) { |
| 32 return character == 0x20 || character == 0x21 || |
| 33 (character >= 0x23 && character <= 0x5B) || |
| 34 (character >= 0x5D && character <= 0x7E); |
| 35 } |
| 36 |
| 37 bool IsPlainString(const std::string& string) { |
| 38 for (size_t i = 0; i < string.size(); ++i) { |
| 39 if (!IsPlainStringCharacter(string[i])) |
| 40 return false; |
| 41 } |
| 42 return true; |
| 43 } |
| 44 |
| 45 std::string GenerateNonce() { |
| 46 std::string nonce; |
| 47 bool result = base::Base64Encode(base::RandString(kNonceLength), &nonce); |
| 48 DCHECK(result); |
| 49 return nonce; |
| 50 } |
| 51 |
| 52 } |
| 53 |
| 54 HttpMacSignature::HttpMacSignature() |
| 55 : mac_algorithm_(crypto::HMAC::SHA1) { |
| 56 } |
| 57 |
| 58 HttpMacSignature::~HttpMacSignature() { |
| 59 } |
| 60 |
| 61 bool HttpMacSignature::AddStateInfo(const std::string& id, |
| 62 const std::string& mac_key, |
| 63 const std::string& mac_algorithm, |
| 64 const std::string& issuer) { |
| 65 DCHECK(id_.empty()); |
| 66 |
| 67 if (!IsPlainString(id) || id.empty() |
| 68 || mac_key.empty() |
| 69 || mac_algorithm.empty() |
| 70 || !IsPlainString(issuer) || issuer.empty()) |
| 71 return false; |
| 72 |
| 73 if (mac_algorithm == kSHA1Name) |
| 74 mac_algorithm_ = crypto::HMAC::SHA1; |
| 75 else if (mac_algorithm == kSHA256Name) |
| 76 mac_algorithm_ = crypto::HMAC::SHA256; |
| 77 else |
| 78 return false; |
| 79 |
| 80 id_ = id; |
| 81 mac_key_ = mac_key; |
| 82 issuer_ = issuer; |
| 83 return true; |
| 84 } |
| 85 |
| 86 bool HttpMacSignature::AddHttpInfo(const std::string& method, |
| 87 const std::string& request_uri, |
| 88 const std::string& host, |
| 89 int port) { |
| 90 DCHECK(method_.empty()); |
| 91 |
| 92 if (!IsPlainString(method) || method.empty() |
| 93 || !IsPlainString(request_uri) || request_uri.empty() |
| 94 || !IsPlainString(host) || host.empty() |
| 95 || port <= 0 |
| 96 || port > 65535) |
| 97 return false; |
| 98 |
| 99 method_ = StringToUpperASCII(method); |
| 100 request_uri_ = request_uri; |
| 101 host_ = StringToLowerASCII(host); |
| 102 port_ = base::IntToString(port); |
| 103 return true; |
| 104 } |
| 105 |
| 106 std::string HttpMacSignature::GenerateAuthorizationHeader() { |
| 107 DCHECK(!id_.empty()) << "Call AddStateInfo first."; |
| 108 DCHECK(!method_.empty()) << "Call AddHttpInfo first."; |
| 109 |
| 110 std::string timestamp = base::IntToString((base::Time::Now() - |
| 111 base::Time::UnixEpoch()).InSeconds()); |
| 112 std::string nonce = GenerateNonce(); |
| 113 |
| 114 return GenerateHeaderString(timestamp, nonce); |
| 115 } |
| 116 |
| 117 std::string HttpMacSignature::GenerateHeaderString( |
| 118 const std::string& timestamp, |
| 119 const std::string& nonce) { |
| 120 std::string mac = GenerateMAC(timestamp, nonce); |
| 121 |
| 122 DCHECK(IsPlainString(timestamp)); |
| 123 DCHECK(IsPlainString(nonce)); |
| 124 DCHECK(IsPlainString(mac)); |
| 125 |
| 126 return "MAC id=\"" + id_ + |
| 127 "\", issuer=\"" + issuer_ + |
| 128 "\", timestamp=\"" + timestamp + |
| 129 "\", nonce=\"" + nonce + |
| 130 "\", mac=\"" + mac + "\""; |
| 131 } |
| 132 |
| 133 std::string HttpMacSignature::GenerateNormalizedRequest( |
| 134 const std::string& timestamp, |
| 135 const std::string& nonce) { |
| 136 static const std::string kNewLine = "\n"; |
| 137 |
| 138 std::string normalized_request = id_ + kNewLine; |
| 139 normalized_request += issuer_ + kNewLine; |
| 140 normalized_request += timestamp + kNewLine; |
| 141 normalized_request += nonce + kNewLine; |
| 142 normalized_request += method_ + kNewLine; |
| 143 normalized_request += request_uri_ + kNewLine; |
| 144 normalized_request += host_ + kNewLine; |
| 145 normalized_request += port_ + kNewLine; |
| 146 |
| 147 return normalized_request; |
| 148 } |
| 149 |
| 150 std::string HttpMacSignature::GenerateMAC(const std::string& timestamp, |
| 151 const std::string& nonce) { |
| 152 std::string request = GenerateNormalizedRequest(timestamp, nonce); |
| 153 |
| 154 crypto::HMAC hmac(mac_algorithm_); |
| 155 hmac.Init(mac_key_); |
| 156 |
| 157 std::string signature; |
| 158 size_t length = LengthForHMACAlgorithm(mac_algorithm_); |
| 159 char* buffer = WriteInto(&signature, length); |
| 160 bool result = hmac.Sign(request, |
| 161 reinterpret_cast<unsigned char*>(buffer), |
| 162 length); |
| 163 DCHECK(result); |
| 164 |
| 165 std::string encoded_signature; |
| 166 result = base::Base64Encode(signature, &encoded_signature); |
| 167 DCHECK(result); |
| 168 return encoded_signature; |
| 169 } |
| 170 |
| 171 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6901121:
MAC Cookies (patch 2 of N) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/