Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix handling of large signature base strings.
Add tests that use very long query strings to ensure the code works properly on very large buffers. These tests use 16K long query strings, resulting in even larger buffers for generating signatures. Based on these tests, fix the HMAC_SHA1 signing code to handle these long buffers. The code that was breaking was pointless anyway -- fixed sized buffers were used to construct combined buffers that were then passed into the SHA1 function. Instead, we can just take the two separate buffers and call Update() for each one, avoiding allocation of buffers, copying of data, etc. As a side effect, this got rid of most of the buffers used during computation, got rid of any heap allocation, and reduced the size of some other buffers. Now we only have 3 buffers, each a SHA1 block size (64 bytes) in length. All are allocated directly as arrays in the CHMAC_SHA1 object. Two are the buffers used in computing the HMAC signature and one holds the SHA1-based key (either the data directly if short enough or the SHA1 of the input data). Fixes #12.
- Loading branch information
Showing
4 changed files
with
92 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
#ifndef __LIBOAUTHCPP_LONG_REQUEST_TEST_H__ | ||
#define __LIBOAUTHCPP_LONG_REQUEST_TEST_H__ | ||
|
||
#include "testutil.h" | ||
#include <liboauthcpp/liboauthcpp.h> | ||
|
||
using namespace OAuth; | ||
|
||
namespace OAuthTest { | ||
|
||
/** Tests long requests -- longer than a normal request such that they can cause | ||
* problems if buffers are not big enough, etc. | ||
**/ | ||
class LongRequestTest { | ||
public: | ||
static void run() { | ||
std::string consumer_key = "wwwwxxxxyyyyzzzz"; | ||
std::string consumer_secret = "zzzzyyyyxxxxwwww"; | ||
OAuth::Consumer consumer(consumer_key, consumer_secret); | ||
|
||
std::string oauth_token = "aaaabbbbccccdddd"; | ||
std::string oauth_token_secret = "ddddccccbbbbaaaa"; | ||
OAuth::Token token(oauth_token, oauth_token_secret); | ||
|
||
// This sets up the client class to generate reproducible results. | ||
Client::initialize(100, 1390268986); | ||
OAuth::Client oauth(&consumer, &token); | ||
|
||
// Generate a very long resource by adding very long parameters | ||
std::string resource_arg = "arg=" + | ||
std::string(16384, 'x') // 16K long | ||
; | ||
std::string resource = "resource?" + resource_arg; | ||
|
||
// Test all request types, simple, unreserved chars in resource name, no parameters | ||
ASSERT_EQUAL( | ||
oauth.getURLQueryString(OAuth::Http::Head, resource), | ||
resource_arg + "&oauth_consumer_key=wwwwxxxxyyyyzzzz&oauth_nonce=139026898664&oauth_signature=YnNugcEr0E4TDgkzR4ZFMFoHEgU%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1390268986&oauth_token=aaaabbbbccccdddd&oauth_version=1.0", | ||
"Validate long HEAD request signature" | ||
); | ||
ASSERT_EQUAL( | ||
oauth.getURLQueryString(OAuth::Http::Get, resource), | ||
resource_arg + "&oauth_consumer_key=wwwwxxxxyyyyzzzz&oauth_nonce=139026898664&oauth_signature=5weTspQ0eMH5dFMDdsrGZlNrfPk%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1390268986&oauth_token=aaaabbbbccccdddd&oauth_version=1.0", | ||
"Validate long GET request signature" | ||
); | ||
ASSERT_EQUAL( | ||
oauth.getURLQueryString(OAuth::Http::Post, resource), | ||
resource_arg + "&oauth_consumer_key=wwwwxxxxyyyyzzzz&oauth_nonce=139026898664&oauth_signature=thJwo%2ByzdRtxwrBqDXRCo2a1mcY%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1390268986&oauth_token=aaaabbbbccccdddd&oauth_version=1.0", | ||
"Validate long POST request signature" | ||
); | ||
ASSERT_EQUAL( | ||
oauth.getURLQueryString(OAuth::Http::Delete, resource), | ||
resource_arg + "&oauth_consumer_key=wwwwxxxxyyyyzzzz&oauth_nonce=139026898664&oauth_signature=ONjZansHtzGD57pZ9S65s0a6aXs%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1390268986&oauth_token=aaaabbbbccccdddd&oauth_version=1.0", | ||
"Validate long DELETE request signature" | ||
); | ||
ASSERT_EQUAL( | ||
oauth.getURLQueryString(OAuth::Http::Put, resource), | ||
resource_arg + "&oauth_consumer_key=wwwwxxxxyyyyzzzz&oauth_nonce=139026898664&oauth_signature=6FFgNsTsCl8ABh9i93rRN1m3csE%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1390268986&oauth_token=aaaabbbbccccdddd&oauth_version=1.0", | ||
"Validate long PUT request signature" | ||
); | ||
} | ||
}; | ||
|
||
} | ||
|
||
#endif |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
502403e
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
first