Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add HMAC-SHA256 signature method for OAuth 1.0 #711

Merged
merged 5 commits into from Aug 11, 2021
Merged

feat: Add HMAC-SHA256 signature method for OAuth 1.0 #711

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
87e0132
feat: Add HMAC-SHA256 signature method for OAuth 1.0
svonduhn Aug 5, 2021
ee68653
Remove Beta and replace Base64 with BaseEncoding
svonduhn Aug 6, 2021
6430333
fix linter issues
svonduhn Aug 6, 2021
ed8d485
fix: empty to restart GitHub Actions
TimurSadykov Aug 11, 2021
fd65b80
Merge branch 'googleapis:master' into HmacSHA256
svonduhn Aug 11, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
64 changes: 64 additions & 0 deletions ...le-oauth-client/src/main/java/com/google/api/client/auth/oauth/OAuthHmacSha256Signer.java
View file
Open in desktop
@@ -0,0 +1,64 @@
/*
* Copyright 2021 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/

package com.google.api.client.auth.oauth;

import com.google.api.client.util.StringUtils;
import com.google.common.io.BaseEncoding;
import java.security.GeneralSecurityException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/** OAuth {@code "HMAC-SHA256"} signature method. */
public final class OAuthHmacSha256Signer implements OAuthSigner {

/** Client secret */
private final String clientSharedSecret;

/** Token secret */
private String tokenSharedSecret;

public void setTokenSecret(String tokenSecret) {
tokenSharedSecret = tokenSecret;
}

public OAuthHmacSha256Signer(String clientSecret) {
this.clientSharedSecret = clientSecret;
}

@Override
public String getSignatureMethod() {
return "HMAC-SHA256";
}

@Override
public String computeSignature(String signatureBaseString) throws GeneralSecurityException {
// compute key
StringBuilder keyBuffer = new StringBuilder();
if (clientSharedSecret != null) {
keyBuffer.append(OAuthParameters.escape(clientSharedSecret));
}
keyBuffer.append('&');
if (tokenSharedSecret != null) {
keyBuffer.append(OAuthParameters.escape(tokenSharedSecret));
}
String key = keyBuffer.toString();
// sign
SecretKey secretKey = new SecretKeySpec(StringUtils.getBytesUtf8(key), "HmacSHA256");
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(secretKey);
return BaseEncoding.base64().encode(mac.doFinal(StringUtils.getBytesUtf8(signatureBaseString)));
}
}
54 changes: 54 additions & 0 deletions ...auth-client/src/test/java/com/google/api/client/auth/oauth/OAuthHmacSha256SignerTest.java
View file
Open in desktop
@@ -0,0 +1,54 @@
/*
* Copyright 2021 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
* in compliance with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/

package com.google.api.client.auth.oauth;

import static org.junit.Assert.assertEquals;

import java.security.GeneralSecurityException;
import org.junit.Test;

/** Tests {@link OAuthHmacSha256Signer}. */
public class OAuthHmacSha256SignerTest {

@Test
public void testComputeSignatureWithNullSecrets() throws GeneralSecurityException {
OAuthHmacSha256Signer signer = new OAuthHmacSha256Signer(null);
String expectedSignature = "l/Es58FI4BtBciSH9XtY/5jXFee70v7/rPiQgEpvv00=";
assertEquals(expectedSignature, signer.computeSignature("baseString"));
}

@Test
public void testComputeSignatureWithNullClientSecret() throws GeneralSecurityException {
OAuthHmacSha256Signer signer = new OAuthHmacSha256Signer(null);
signer.setTokenSecret("tokenSecret");
String expectedSignature = "PgNWY2qQ53qvk3WySct/f037/usxMGpNDjmJeISmgCM=";
assertEquals(expectedSignature, signer.computeSignature("baseString"));
}

@Test
public void testComputeSignatureWithNullTokenSecret() throws GeneralSecurityException {
OAuthHmacSha256Signer signer = new OAuthHmacSha256Signer("clientSecret");
String expectedSignature = "cNrT2sqgyQ+dd7rbAhYBFBk8o82/yZyZkavqsfMDqpo=";
assertEquals(expectedSignature, signer.computeSignature("baseString"));
}

@Test
public void testComputeSignature() throws GeneralSecurityException {
OAuthHmacSha256Signer signer = new OAuthHmacSha256Signer("clientSecret");
signer.setTokenSecret("tokenSecret");
String expectedSignature = "sfnrBcfwccOs2mpc60VQ5zXx5ReP/46lgUcBhU2a4PM=";
assertEquals(expectedSignature, signer.computeSignature("baseString"));
}
}