/*++
* @method: oAuth::getOAuthHeader
*
* @description: this method builds OAuth header that should be used in HTTP requests to twitter
*
* @input: eType - HTTP request type
* rawUrl - raw url of the HTTP request
* rawData - HTTP data (post fields)
* includeOAuthVerifierPin - flag to indicate whether or not oauth_verifier needs to included
* in OAuth header
*
* @output: oAuthHttpHeader - OAuth header
*
*--*/
bool oAuth::getOAuthHeader( const eOAuthHttpRequestType eType,
const std::string& rawUrl,
const std::string& rawData,
std::string& oAuthHttpHeader,
const bool includeOAuthVerifierPin )
{
oAuthKeyValuePairs rawKeyValuePairs;
std::string rawParams;
// MDM Made this a member so it could be read if needed.
// std::string oauthSignature;
m_oAuthSignature = "";
std::string paramsSeperator;
std::string pureUrl( rawUrl );
/* Clear header string initially */
oAuthHttpHeader = "";
rawKeyValuePairs.clear();
/* If URL itself contains ?key=value, then extract and put them in map */
size_t nPos = rawUrl.find_first_of( "?" );
if( std::string::npos != nPos )
{
/* Get only URL */
pureUrl = rawUrl.substr( 0, nPos );
/* Get only key=value data part */
std::string dataPart = rawUrl.substr( nPos + 1 );
/* Split the data in URL as key=value pairs */
buildOAuthRawDataKeyValPairs( dataPart, true, rawKeyValuePairs );
}
/* Split the raw data if it's present, as key=value pairs. Data should already be urlencoded once */
buildOAuthRawDataKeyValPairs( rawData, false, rawKeyValuePairs );
/* Build key-value pairs needed for OAuth request token, without signature */
buildOAuthTokenKeyValuePairs( includeOAuthVerifierPin, rawKeyValuePairs, true );
/* Get url encoded base64 signature using request type, url and parameters */
getSignature( eType, pureUrl, rawKeyValuePairs );
/* Clear map so that the parameters themselves are not sent along with the OAuth values */
rawKeyValuePairs.clear();
/* Now, again build key-value pairs with signature this time */
buildOAuthTokenKeyValuePairs( includeOAuthVerifierPin, rawKeyValuePairs, false );
/* Get OAuth header in string format */
paramsSeperator = ",";
getStringFromOAuthKeyValuePairs( rawKeyValuePairs, rawParams, paramsSeperator );
/* Build authorization header */
oAuthHttpHeader.assign( oAuthLibDefaults::OAUTHLIB_AUTHHEADER_STRING );
oAuthHttpHeader.append( rawParams );
return !oAuthHttpHeader.empty();
}
/*++
* @method: oAuth::getOAuthHeader
*
* @description: this method builds OAuth header that should be used in HTTP requests to twitter
*
* @input: eType - HTTP request type
* rawUrl - raw url of the HTTP request
* rawData - HTTP data
* includeOAuthVerifierPin - flag to indicate whether or not oauth_verifier needs to included
* in OAuth header
*
* @output: oAuthHttpHeader - OAuth header
*
*--*/
bool oAuth::getOAuthHeader( const eOAuthHttpRequestType eType,
const std::string& rawUrl,
const std::string& rawData,
std::string& oAuthHttpHeader,
const bool includeOAuthVerifierPin )
{
oAuthKeyValuePairs rawKeyValuePairs;
std::string rawParams( "" );
std::string oauthSignature( "" );
std::string paramsSeperator( "" );
std::string pureUrl( rawUrl );
/* Clear header string initially */
oAuthHttpHeader.assign( "" );
rawKeyValuePairs.clear();
/* If URL itself contains ?key=value, then extract and put them in map */
size_t nPos = rawUrl.find_first_of( "?" );
if( std::string::npos != nPos )
{
/* Get only URL */
pureUrl = rawUrl.substr( 0, nPos );
/* Get only key=value data part */
std::string dataPart = rawUrl.substr( nPos + 1 );
size_t nPos2 = dataPart.find_first_of( "=" );
if( std::string::npos != nPos2 )
{
std::string dataKey = dataPart.substr( 0, nPos2 );
std::string dataVal = dataPart.substr( nPos2 + 1 );
/* Put this key=value pair in map */
rawKeyValuePairs[dataKey] = urlencode( dataVal );
}
}
/* Build key-value pairs needed for OAuth request token, without signature */
buildOAuthTokenKeyValuePairs( includeOAuthVerifierPin, rawData, std::string( "" ), rawKeyValuePairs );
/* Get url encoded base64 signature using request type, url and parameters */
getSignature( eType, pureUrl, rawKeyValuePairs, oauthSignature );
/* Now, again build key-value pairs with signature this time */
buildOAuthTokenKeyValuePairs( includeOAuthVerifierPin, std::string( "" ), oauthSignature, rawKeyValuePairs );
/* Get OAuth header in string format */
paramsSeperator = ",";
getStringFromOAuthKeyValuePairs( rawKeyValuePairs, rawParams, paramsSeperator );
/* Build authorization header */
oAuthHttpHeader.assign( oAuthLibDefaults::OAUTHLIB_AUTHHEADER_STRING.c_str() );
oAuthHttpHeader.append( rawParams.c_str() );
return ( oAuthHttpHeader.length() > 0 ) ? true : false;
}
/*++
* \fn OAuth::get_oauth_header
*
* \brief this method builds OAuth header that should be used in HTTP requests to twitter
*
* \param eType - HTTP request type
* rawUrl - raw url of the HTTP request
* rawData - HTTP data (post fields)
* includeOAuthVerifierPin - flag to indicate whether or not oauth_verifier needs to included
* in OAuth header
*
* \return oAuthHttpHeader - OAuth header
*
*--*/
std::string OAuth::get_oauth_header( const e_HTTP_request_type method,
const std::string& rawUrl,
const std::string& rawData,
const bool includeOAuthVerifierPin ) {
std::string oAuthHttpHeader;
std::map<std::string, std::string> rawKeyValuePairs;
std::string rawParams;
std::string oauthSignature;
std::string paramsSeperator;
std::string pureUrl( rawUrl );
Utils::debug("----------------------");
Utils::debug("oAuthHeader INPUT :");
Utils::debug("URL : " + rawUrl);
Utils::debug("Data : " + rawData);
Utils::debug("Header : " + oAuthHttpHeader);
/* Clear header string initially */
oAuthHttpHeader.assign( "" );
rawKeyValuePairs.clear();
/* If URL itself contains ?key=value, then extract and put them in map */
size_t nPos = rawUrl.find_first_of( "?" );
if( std::string::npos != nPos ) {
/* Get only URL */
pureUrl = rawUrl.substr( 0, nPos );
/* Get only key=value data part */
std::string dataPart = rawUrl.substr( nPos + 1 );
/* Split the data in URL as key=value pairs */
rawKeyValuePairs = buildOAuthRawDataKeyValPairs( dataPart, true );
}
/* Split the raw data if it's present, as key=value pairs. Data should already be urlencoded once */
rawKeyValuePairs = buildOAuthRawDataKeyValPairs( rawData, false );
/* Build key-value pairs needed for OAuth request token, without signature */
buildOAuthTokenKeyValuePairs( includeOAuthVerifierPin, std::string( "" ), rawKeyValuePairs, true );
/* Get url encoded base64 signature using request type, url and parameters */
getSignature( method, pureUrl, rawKeyValuePairs, oauthSignature );
/* Clear map so that the parameters themselves are not sent along with the OAuth values */
rawKeyValuePairs.clear();
/* Now, again build key-value pairs with signature this time */
buildOAuthTokenKeyValuePairs( includeOAuthVerifierPin, oauthSignature, rawKeyValuePairs, false );
/* Get OAuth header in string format */
paramsSeperator = ",";
getStringFromOAuthKeyValuePairs( rawKeyValuePairs, rawParams, paramsSeperator );
/* Build authorization header */
oAuthHttpHeader.assign( OAuthConsts::AUTHHEADER_STRING );
oAuthHttpHeader.append( rawParams );
Utils::debug("++++++++++++++++++++++");
Utils::debug("oAuthHeader OUPUT : ");
Utils::debug("URL : " + rawUrl);
Utils::debug("Data : " + rawData);
Utils::debug("Header : " + oAuthHttpHeader);
return oAuthHttpHeader;
}
/*++
* \fn OAuth::getSignature
*
* \brief this method calculates HMAC-SHA1 signature of OAuth header
*
* \param eType - HTTP request type
* rawUrl - raw url of the HTTP request
* rawKeyValuePairs - key-value pairs containing OAuth headers and HTTP data
*
* \return oAuthSignature - base64 and url encoded signature
*
* @remarks: internal method
*
*--*/
bool OAuth::getSignature( const e_HTTP_request_type method,
const std::string& rawUrl,
const std::map<std::string, std::string>& rawKeyValuePairs,
std::string& oAuthSignature ) {
std::string rawParams;
std::string paramsSeperator;
std::string sigBase;
/* Initially empty signature */
oAuthSignature.assign( "" );
/* Build a string using key-value pairs */
paramsSeperator = "&";
getStringFromOAuthKeyValuePairs( rawKeyValuePairs, rawParams, paramsSeperator );
/* Start constructing base signature string. Refer http://dev.twitter.com/auth#intro */
switch( method ) {
case GET:
sigBase.assign( "GET&" );
break;
case POST:
sigBase.assign( "POST&" );
break;
case DELETE:
sigBase.assign( "DELETE&" );
break;
default:
return false;
break;
}
sigBase.append( urlencode( rawUrl ) );
sigBase.append( "&" );
sigBase.append( urlencode( rawParams ) );
/* Now, hash the signature base string using HMAC_SHA1 class */
CHMAC_SHA1 objHMACSHA1;
std::string secretSigningKey;
unsigned char strDigest[OAuthConsts::BUFFSIZE_LARGE];
memset( strDigest, 0, OAuthConsts::BUFFSIZE_LARGE );
/* Signing key is composed of consumer_secret&token_secret */
secretSigningKey.assign( _consumer_secret );
secretSigningKey.append( "&" );
if( _token_secret.length() ) {
secretSigningKey.append( _token_secret );
}
objHMACSHA1.HMAC_SHA1( (unsigned char*)sigBase.c_str(),
sigBase.length(),
(unsigned char*)secretSigningKey.c_str(),
secretSigningKey.length(),
strDigest );
/* Do a base64 encode of signature */
std::string base64Str = base64_encode( strDigest, 20 /* SHA 1 digest is 160 bits */ );
/* Do an url encode */
oAuthSignature = urlencode( base64Str );
return ( oAuthSignature.length() ) ? true : false;
}
/*++
* @method: oAuth::getSignature
*
* @description: this method calculates HMAC-SHA1 signature of OAuth header
*
* @input: eType - HTTP request type
* rawUrl - raw url of the HTTP request
* rawKeyValuePairs - key-value pairs containing OAuth headers and HTTP data
*
* @output: oAuthSignature - base64 and url encoded signature
*
* @remarks: internal method
*
*--*/
bool oAuth::getSignature( const eOAuthHttpRequestType eType,
const std::string& rawUrl,
const oAuthKeyValuePairs& rawKeyValuePairs,
std::string& oAuthSignature )
{
std::string rawParams;
std::string paramsSeperator;
std::string sigBase;
/* Initially empty signature */
oAuthSignature.assign( "" );
/* Build a string using key-value pairs */
paramsSeperator = "&";
getStringFromOAuthKeyValuePairs( rawKeyValuePairs, rawParams, paramsSeperator );
/* Start constructing base signature string. Refer http://dev.twitter.com/auth#intro */
switch( eType )
{
case eOAuthHttpGet:
{
sigBase.assign( "GET&" );
}
break;
case eOAuthHttpPost:
{
sigBase.assign( "POST&" );
}
break;
case eOAuthHttpDelete:
{
sigBase.assign( "DELETE&" );
}
break;
default:
{
return false;
}
break;
}
sigBase.append( urlencode( rawUrl ) );
sigBase.append( "&" );
sigBase.append( urlencode( rawParams ) );
/* Now, hash the signature base string using HMAC_SHA1 class */
CHMAC_SHA1 objHMACSHA1;
std::string secretSigningKey;
unsigned char strDigest[oAuthLibDefaults::OAUTHLIB_BUFFSIZE_LARGE];
memset( strDigest, 0, oAuthLibDefaults::OAUTHLIB_BUFFSIZE_LARGE );
/* Signing key is composed of consumer_secret&token_secret */
secretSigningKey.assign( m_consumerSecret );
secretSigningKey.append( "&" );
if( m_oAuthTokenSecret.length() )
{
secretSigningKey.append( m_oAuthTokenSecret );
}
objHMACSHA1.HMAC_SHA1( (unsigned char*)sigBase.c_str(),
sigBase.length(),
(unsigned char*)secretSigningKey.c_str(),
secretSigningKey.length(),
strDigest );
/* Do a base64 encode of signature */
std::string base64Str = base64_encode( strDigest, 20 /* SHA 1 digest is 160 bits */ );
/* Do an url encode */
oAuthSignature = urlencode( base64Str );
return ( oAuthSignature.length() ) ? true : false;
}
std::string Client::buildOAuthParameterString(
ParameterStringType string_type,
const Http::RequestType eType,
const std::string& rawUrl,
const std::string& rawData,
const bool includeOAuthVerifierPin)
{
KeyValuePairs rawKeyValuePairs;
std::string rawParams;
std::string oauthSignature;
std::string paramsSeperator;
std::string pureUrl( rawUrl );
std::string separator;
bool do_urlencode;
if (string_type == AuthorizationHeaderString) {
separator = ",";
do_urlencode = false;
}
else { /*if (string_type == QueryStringString)*/
separator = "&";
do_urlencode = true;
}
/* Clear header string initially */
rawKeyValuePairs.clear();
/* If URL itself contains ?key=value, then extract and put them in map */
size_t nPos = rawUrl.find_first_of( "?" );
if( std::string::npos != nPos )
{
/* Get only URL */
pureUrl = rawUrl.substr( 0, nPos );
/* Get only key=value data part */
std::string dataPart = rawUrl.substr( nPos + 1 );
rawKeyValuePairs = ParseKeyValuePairs(dataPart);
}
// We always request URL encoding on the first pass so that the
// signature generation works properly. This *relies* on
// buildOAuthTokenKeyValuePairs overwriting values when we do the second
// pass to get the values in the form we actually want. The signature and
// rawdata are the only things that change, but the signature is only used
// in the second pass and the rawdata is already encoded, regardless of
// request type.
/* Build key-value pairs needed for OAuth request token, without signature */
buildOAuthTokenKeyValuePairs( includeOAuthVerifierPin, rawData, std::string( "" ), rawKeyValuePairs, true, true );
/* Get url encoded base64 signature using request type, url and parameters */
getSignature( eType, pureUrl, rawKeyValuePairs, oauthSignature );
/* Now, again build key-value pairs with signature this time */
buildOAuthTokenKeyValuePairs( includeOAuthVerifierPin, std::string( "" ), oauthSignature, rawKeyValuePairs, do_urlencode, false );
/* Get OAuth header in string format. If we're getting the Authorization
* header, we need to filter out other parameters.
*/
if (string_type == AuthorizationHeaderString) {
KeyValuePairs oauthKeyValuePairs;
std::vector<std::string> oauth_keys;
oauth_keys.push_back(Defaults::CONSUMERKEY_KEY);
oauth_keys.push_back(Defaults::NONCE_KEY);
oauth_keys.push_back(Defaults::SIGNATURE_KEY);
oauth_keys.push_back(Defaults::SIGNATUREMETHOD_KEY);
oauth_keys.push_back(Defaults::TIMESTAMP_KEY);
oauth_keys.push_back(Defaults::TOKEN_KEY);
oauth_keys.push_back(Defaults::VERIFIER_KEY);
oauth_keys.push_back(Defaults::VERSION_KEY);
for(size_t i = 0; i < oauth_keys.size(); i++) {
assert(rawKeyValuePairs.count(oauth_keys[i]) <= 1);
KeyValuePairs::iterator oauth_key_it = rawKeyValuePairs.find(oauth_keys[i]);
if (oauth_key_it != rawKeyValuePairs.end())
ReplaceOrInsertKeyValuePair(oauthKeyValuePairs, oauth_keys[i], oauth_key_it->second);
}
getStringFromOAuthKeyValuePairs( oauthKeyValuePairs, rawParams, separator );
}
else if (string_type == QueryStringString) {
getStringFromOAuthKeyValuePairs( rawKeyValuePairs, rawParams, separator );
}
/* Build authorization header */
return rawParams;
}
