| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/http/http_mac_signature.h" | |
| 6 | |
| 7 #include "base/base64.h" | |
| 8 #include "base/rand_util.h" | |
| 9 #include "base/string_number_conversions.h" | |
| 10 #include "base/string_util.h" | |
| 11 #include "crypto/hmac.h" | |
| 12 | |
| 13 namespace net { | |
| 14 | |
| 15 namespace { | |
| 16 | |
| 17 const char kSHA1Name[] = "hmac-sha-1"; | |
| 18 const char kSHA256Name[] = "hmac-sha-256"; | |
| 19 const int kNonceLength = 64/8; | |
| 20 | |
| 21 bool IsPlainStringCharacter(char character) { | |
| 22 return character == 0x20 || character == 0x21 || | |
| 23 (character >= 0x23 && character <= 0x5B) || | |
| 24 (character >= 0x5D && character <= 0x7E); | |
| 25 } | |
| 26 | |
| 27 bool IsPlainString(const std::string& string) { | |
| 28 for (size_t i = 0; i < string.size(); ++i) { | |
| 29 if (!IsPlainStringCharacter(string[i])) | |
| 30 return false; | |
| 31 } | |
| 32 return true; | |
| 33 } | |
| 34 | |
| 35 std::string GenerateNonce() { | |
| 36 std::string nonce; | |
| 37 bool result = base::Base64Encode( | |
| 38 base::RandBytesAsString(kNonceLength), &nonce); | |
| 39 DCHECK(result); | |
| 40 return nonce; | |
| 41 } | |
| 42 | |
| 43 } | |
| 44 | |
| 45 HttpMacSignature::HttpMacSignature() | |
| 46 : mac_algorithm_(crypto::HMAC::SHA1) { | |
| 47 } | |
| 48 | |
| 49 HttpMacSignature::~HttpMacSignature() { | |
| 50 } | |
| 51 | |
| 52 bool HttpMacSignature::AddStateInfo(const std::string& id, | |
| 53 const base::Time& creation_date, | |
| 54 const std::string& mac_key, | |
| 55 const std::string& mac_algorithm) { | |
| 56 DCHECK(id_.empty()); | |
| 57 | |
| 58 if (!IsPlainString(id) || id.empty() || | |
| 59 creation_date.is_null() || | |
| 60 mac_key.empty() || | |
| 61 mac_algorithm.empty()) { | |
| 62 return false; | |
| 63 } | |
| 64 | |
| 65 if (mac_algorithm == kSHA1Name) | |
| 66 mac_algorithm_ = crypto::HMAC::SHA1; | |
| 67 else if (mac_algorithm == kSHA256Name) | |
| 68 mac_algorithm_ = crypto::HMAC::SHA256; | |
| 69 else | |
| 70 return false; | |
| 71 | |
| 72 id_ = id; | |
| 73 creation_date_ = creation_date; | |
| 74 mac_key_ = mac_key; | |
| 75 return true; | |
| 76 } | |
| 77 | |
| 78 bool HttpMacSignature::AddHttpInfo(const std::string& method, | |
| 79 const std::string& request_uri, | |
| 80 const std::string& host, | |
| 81 int port) { | |
| 82 DCHECK(method_.empty()); | |
| 83 | |
| 84 if (!IsPlainString(method) || method.empty() || | |
| 85 !IsPlainString(request_uri) || request_uri.empty() || | |
| 86 !IsPlainString(host) || host.empty() || | |
| 87 port <= 0 || port > 65535) { | |
| 88 return false; | |
| 89 } | |
| 90 | |
| 91 method_ = StringToUpperASCII(method); | |
| 92 request_uri_ = request_uri; | |
| 93 host_ = StringToLowerASCII(host); | |
| 94 port_ = base::IntToString(port); | |
| 95 return true; | |
| 96 } | |
| 97 | |
| 98 bool HttpMacSignature::GenerateAuthorizationHeader(std::string* header) { | |
| 99 if (id_.empty()) { | |
| 100 NOTREACHED() << "Call AddStateInfo first."; | |
| 101 return false; | |
| 102 } | |
| 103 if (method_.empty()) { | |
| 104 NOTREACHED() << "Call AddHttpInfo first."; | |
| 105 return false; | |
| 106 } | |
| 107 | |
| 108 std::string age = base::Int64ToString( | |
| 109 (base::Time::Now() - creation_date_).InSeconds()); | |
| 110 std::string nonce = GenerateNonce(); | |
| 111 | |
| 112 return GenerateHeaderString(age, nonce, header); | |
| 113 } | |
| 114 | |
| 115 bool HttpMacSignature::GenerateHeaderString(const std::string& age, | |
| 116 const std::string& nonce, | |
| 117 std::string* header) { | |
| 118 std::string mac; | |
| 119 if (!GenerateMAC(age, nonce, &mac)) | |
| 120 return false; | |
| 121 | |
| 122 DCHECK(IsPlainString(age)); | |
| 123 DCHECK(IsPlainString(nonce)); | |
| 124 DCHECK(IsPlainString(mac)); | |
| 125 | |
| 126 *header = "MAC id=\"" + id_ + | |
| 127 "\", nonce=\"" + age + ":" + nonce + | |
| 128 "\", mac=\"" + mac + "\""; | |
| 129 return true; | |
| 130 } | |
| 131 | |
| 132 std::string HttpMacSignature::GenerateNormalizedRequest( | |
| 133 const std::string& age, | |
| 134 const std::string& nonce) { | |
| 135 const std::string kNewLine = "\n"; | |
| 136 | |
| 137 std::string normalized_request = age + ":" + nonce + kNewLine; | |
| 138 normalized_request += method_ + kNewLine; | |
| 139 normalized_request += request_uri_ + kNewLine; | |
| 140 normalized_request += host_ + kNewLine; | |
| 141 normalized_request += port_ + kNewLine; | |
| 142 normalized_request += kNewLine; | |
| 143 normalized_request += kNewLine; | |
| 144 | |
| 145 return normalized_request; | |
| 146 } | |
| 147 | |
| 148 bool HttpMacSignature::GenerateMAC(const std::string& age, | |
| 149 const std::string& nonce, | |
| 150 std::string* mac) { | |
| 151 std::string request = GenerateNormalizedRequest(age, nonce); | |
| 152 | |
| 153 crypto::HMAC hmac(mac_algorithm_); | |
| 154 if (!hmac.Init(mac_key_)) { | |
| 155 NOTREACHED(); | |
| 156 return false; | |
| 157 } | |
| 158 | |
| 159 std::string signature; | |
| 160 size_t length = hmac.DigestLength(); | |
| 161 DCHECK_GT(length, 0u); | |
| 162 if (!hmac.Sign(request, | |
| 163 // We need the + 1 here not because the call will write a trailing \0, | |
| 164 // but so that signature.length() is correctly set to |length|. | |
| 165 reinterpret_cast<unsigned char*>(WriteInto(&signature, length + 1)), | |
| 166 length)) { | |
| 167 NOTREACHED(); | |
| 168 return false; | |
| 169 } | |
| 170 | |
| 171 std::string encoded_signature; | |
| 172 if (!base::Base64Encode(signature, &encoded_signature)) { | |
| 173 NOTREACHED(); | |
| 174 return false; | |
| 175 } | |
| 176 | |
| 177 mac->swap(encoded_signature); | |
| 178 return true; | |
| 179 } | |
| 180 | |
| 181 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9700056:
Remove experimental support for MAC cookies (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src