OLD | NEW |
| (Empty) |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/http/http_mac_signature.h" | |
6 | |
7 #include "base/base64.h" | |
8 #include "base/rand_util.h" | |
9 #include "base/string_number_conversions.h" | |
10 #include "base/string_util.h" | |
11 #include "crypto/hmac.h" | |
12 | |
13 namespace net { | |
14 | |
15 namespace { | |
16 | |
17 const char kSHA1Name[] = "hmac-sha-1"; | |
18 const char kSHA256Name[] = "hmac-sha-256"; | |
19 const int kNonceLength = 64/8; | |
20 | |
21 bool IsPlainStringCharacter(char character) { | |
22 return character == 0x20 || character == 0x21 || | |
23 (character >= 0x23 && character <= 0x5B) || | |
24 (character >= 0x5D && character <= 0x7E); | |
25 } | |
26 | |
27 bool IsPlainString(const std::string& string) { | |
28 for (size_t i = 0; i < string.size(); ++i) { | |
29 if (!IsPlainStringCharacter(string[i])) | |
30 return false; | |
31 } | |
32 return true; | |
33 } | |
34 | |
35 std::string GenerateNonce() { | |
36 std::string nonce; | |
37 bool result = base::Base64Encode( | |
38 base::RandBytesAsString(kNonceLength), &nonce); | |
39 DCHECK(result); | |
40 return nonce; | |
41 } | |
42 | |
43 } | |
44 | |
45 HttpMacSignature::HttpMacSignature() | |
46 : mac_algorithm_(crypto::HMAC::SHA1) { | |
47 } | |
48 | |
49 HttpMacSignature::~HttpMacSignature() { | |
50 } | |
51 | |
52 bool HttpMacSignature::AddStateInfo(const std::string& id, | |
53 const base::Time& creation_date, | |
54 const std::string& mac_key, | |
55 const std::string& mac_algorithm) { | |
56 DCHECK(id_.empty()); | |
57 | |
58 if (!IsPlainString(id) || id.empty() || | |
59 creation_date.is_null() || | |
60 mac_key.empty() || | |
61 mac_algorithm.empty()) { | |
62 return false; | |
63 } | |
64 | |
65 if (mac_algorithm == kSHA1Name) | |
66 mac_algorithm_ = crypto::HMAC::SHA1; | |
67 else if (mac_algorithm == kSHA256Name) | |
68 mac_algorithm_ = crypto::HMAC::SHA256; | |
69 else | |
70 return false; | |
71 | |
72 id_ = id; | |
73 creation_date_ = creation_date; | |
74 mac_key_ = mac_key; | |
75 return true; | |
76 } | |
77 | |
78 bool HttpMacSignature::AddHttpInfo(const std::string& method, | |
79 const std::string& request_uri, | |
80 const std::string& host, | |
81 int port) { | |
82 DCHECK(method_.empty()); | |
83 | |
84 if (!IsPlainString(method) || method.empty() || | |
85 !IsPlainString(request_uri) || request_uri.empty() || | |
86 !IsPlainString(host) || host.empty() || | |
87 port <= 0 || port > 65535) { | |
88 return false; | |
89 } | |
90 | |
91 method_ = StringToUpperASCII(method); | |
92 request_uri_ = request_uri; | |
93 host_ = StringToLowerASCII(host); | |
94 port_ = base::IntToString(port); | |
95 return true; | |
96 } | |
97 | |
98 bool HttpMacSignature::GenerateAuthorizationHeader(std::string* header) { | |
99 if (id_.empty()) { | |
100 NOTREACHED() << "Call AddStateInfo first."; | |
101 return false; | |
102 } | |
103 if (method_.empty()) { | |
104 NOTREACHED() << "Call AddHttpInfo first."; | |
105 return false; | |
106 } | |
107 | |
108 std::string age = base::Int64ToString( | |
109 (base::Time::Now() - creation_date_).InSeconds()); | |
110 std::string nonce = GenerateNonce(); | |
111 | |
112 return GenerateHeaderString(age, nonce, header); | |
113 } | |
114 | |
115 bool HttpMacSignature::GenerateHeaderString(const std::string& age, | |
116 const std::string& nonce, | |
117 std::string* header) { | |
118 std::string mac; | |
119 if (!GenerateMAC(age, nonce, &mac)) | |
120 return false; | |
121 | |
122 DCHECK(IsPlainString(age)); | |
123 DCHECK(IsPlainString(nonce)); | |
124 DCHECK(IsPlainString(mac)); | |
125 | |
126 *header = "MAC id=\"" + id_ + | |
127 "\", nonce=\"" + age + ":" + nonce + | |
128 "\", mac=\"" + mac + "\""; | |
129 return true; | |
130 } | |
131 | |
132 std::string HttpMacSignature::GenerateNormalizedRequest( | |
133 const std::string& age, | |
134 const std::string& nonce) { | |
135 const std::string kNewLine = "\n"; | |
136 | |
137 std::string normalized_request = age + ":" + nonce + kNewLine; | |
138 normalized_request += method_ + kNewLine; | |
139 normalized_request += request_uri_ + kNewLine; | |
140 normalized_request += host_ + kNewLine; | |
141 normalized_request += port_ + kNewLine; | |
142 normalized_request += kNewLine; | |
143 normalized_request += kNewLine; | |
144 | |
145 return normalized_request; | |
146 } | |
147 | |
148 bool HttpMacSignature::GenerateMAC(const std::string& age, | |
149 const std::string& nonce, | |
150 std::string* mac) { | |
151 std::string request = GenerateNormalizedRequest(age, nonce); | |
152 | |
153 crypto::HMAC hmac(mac_algorithm_); | |
154 if (!hmac.Init(mac_key_)) { | |
155 NOTREACHED(); | |
156 return false; | |
157 } | |
158 | |
159 std::string signature; | |
160 size_t length = hmac.DigestLength(); | |
161 DCHECK_GT(length, 0u); | |
162 if (!hmac.Sign(request, | |
163 // We need the + 1 here not because the call will write a trailing \0, | |
164 // but so that signature.length() is correctly set to |length|. | |
165 reinterpret_cast<unsigned char*>(WriteInto(&signature, length + 1)), | |
166 length)) { | |
167 NOTREACHED(); | |
168 return false; | |
169 } | |
170 | |
171 std::string encoded_signature; | |
172 if (!base::Base64Encode(signature, &encoded_signature)) { | |
173 NOTREACHED(); | |
174 return false; | |
175 } | |
176 | |
177 mac->swap(encoded_signature); | |
178 return true; | |
179 } | |
180 | |
181 } // namespace net | |
OLD | NEW |