/* -*- Mode: C; indent-tabs-mode: t; c-basic-offset: 8; tab-width: 8 -*- */

/*

 * GData Client

 * Copyright (C) Philip Withnall 2011 <philip@tecnocode.co.uk>

 *

 * GData Client is free software; you can redistribute it and/or

 * modify it under the terms of the GNU Lesser General Public

 * License as published by the Free Software Foundation; either

 * version 2.1 of the License, or (at your option) any later version.

 *

 * GData Client is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

 * Lesser General Public License for more details.

 *

 * You should have received a copy of the GNU Lesser General Public

 * License along with GData Client.  If not, see <http://www.gnu.org/licenses/>.

 */

/**

 * SECTION:gdata-oauth1-authorizer

 * @short_description: GData OAuth 1.0 authorization interface

 * @stability: Stable

 * @include: gdata/gdata-oauth1-authorizer.h

 *

 * #GDataOAuth1Authorizer provides an implementation of the #GDataAuthorizer interface for authentication and authorization using the

 * <ulink type="http" url="http://code.google.com/apis/accounts/docs/OAuthForInstalledApps.html">OAuth 1.0</ulink> process,

 * which was preferred by Google until OAuth 2.0 was released — it is now

 * preferred to use #GDataOAuth2Authorizer.

 *

 * OAuth 1.0 replaces the deprecated ClientLogin process. One of the main reasons for this is to allow two-factor authentication to be supported, by

 * moving the authentication interface to a web page under Google's control.

 *

 * The OAuth 1.0 process as implemented by Google follows the <ulink type="http" url="http://tools.ietf.org/html/rfc5849">OAuth 1.0 protocol as

 * specified by IETF in RFC 5849</ulink>, with a few additions to support scopes (implemented in libgdata by #GDataAuthorizationDomains),

 * locales and custom domains. Briefly, the process is initiated by requesting an authenticated request token from the Google accounts service

 * (using gdata_oauth1_authorizer_request_authentication_uri()), going to the authentication URI for the request token, authenticating and authorizing

 * access to the desired scopes, then providing the verifier returned by Google to the Google accounts service again (using

 * gdata_oauth1_authorizer_request_authorization()) to authorize the token. This results in an access token which is attached to all future requests

 * to the online service.

 *

 * While Google supports unregistered and registered modes for OAuth 1.0 authorization, it only supports unregistered mode for installed applications.

 * Consequently, libgdata also only supports unregistered mode. For this purpose, the application name to be presented to the user on the

 * authentication page at the URI returned by gdata_oauth1_authorizer_request_authentication_uri() can be specified when constructing the

 * #GDataOAuth1Authorizer.

 *

 * As described, each authentication/authorization operation is in two parts: gdata_oauth1_authorizer_request_authentication_uri() and

 * gdata_oauth1_authorizer_request_authorization(). #GDataOAuth1Authorizer stores no state about ongoing authentication operations (i.e. ones which

 * have successfully called gdata_oauth1_authorizer_request_authentication_uri(), but are yet to successfully call

 * gdata_oauth1_authorizer_request_authorization()). Consequently, operations can be abandoned before calling

 * gdata_oauth1_authorizer_request_authorization() without problems. The only state necessary between the calls is the request token and request token

 * secret, as returned by gdata_oauth1_authorizer_request_authentication_uri() and taken as parameters to

 * gdata_oauth1_authorizer_request_authorization().

 *

 * #GDataOAuth1Authorizer natively supports authorization against multiple services in a single authorization request (unlike

 * #GDataClientLoginAuthorizer).

 *

 * Each access token is long lived, so reauthorization is rarely necessary with #GDataOAuth1Authorizer. Consequently, refreshing authorization using

 * gdata_authorizer_refresh_authorization() is not supported by #GDataOAuth1Authorizer, and will immediately return %FALSE with no error set.

 *

 * <example>

 *	<title>Authenticating Asynchronously Using OAuth 1.0</title>

 *	<programlisting>

 *	GDataSomeService *service;

 *	GDataOAuth1Authorizer *authorizer;

 *

 *	/* Create an authorizer and authenticate and authorize the service we're using, asynchronously. */

 *	authorizer = gdata_oauth1_authorizer_new (_("My libgdata application"), GDATA_TYPE_SOME_SERVICE);

 *	gdata_oauth1_authorizer_request_authentication_uri_async (authorizer, cancellable,

 *	                                                          (GAsyncReadyCallback) request_authentication_uri_cb, user_data);

 *

 *	/* Create a service object and link it with the authorizer */

 *	service = gdata_some_service_new (GDATA_AUTHORIZER (authorizer));

 *

 *	static void

 *	request_authentication_uri_cb (GDataOAuth1Authorizer *authorizer, GAsyncResult *async_result, gpointer user_data)

 *	{

 *		gchar *authentication_uri, *token, *token_secret, *verifier;

 *		GError *error = NULL;

 *

 *		authentication_uri = gdata_oauth1_authorizer_request_authentication_uri_finish (authorizer, async_result, &token, &token_secret,

 *		                                                                                &error);

 *

 *		if (error != NULL) {

 *			/* Notify the user of all errors except cancellation errors */

 *			if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) {

 *				g_error ("Requesting a token failed: %s", error->message);

 *			}

 *

 *			g_error_free (error);

 *			goto finish;

 *		}

 *

 *		/* (Present the page at the authentication URI to the user, either in an embedded or stand-alone web browser, and

 *		 * ask them to grant access to the application and return the verifier Google gives them.) */

 *		verifier = ask_user_for_verifier (authentication_uri);

 *

 *		gdata_oauth1_authorizer_request_authorization_async (authorizer, token, token_secret, verifier, cancellable,

 *		                                                     (GAsyncReadyCallback) request_authorization_cb, user_data);

 *

 *	finish:

 *		g_free (verifier);

 *		g_free (authentication_uri);

 *		g_free (token);

 *

 *		/* Zero out the secret before freeing. */

 *		if (token_secret != NULL) {

 *			memset (token_secret, 0, strlen (token_secret));

 *		}

 *

 *		g_free (token_secret);

 *	}

 *

 *	static void

 *	request_authorization_cb (GDataOAuth1Authorizer *authorizer, GAsyncResult *async_result, gpointer user_data)

 *	{

 *		GError *error = NULL;

 *

 *		if (gdata_oauth1_authorizer_request_authorization_finish (authorizer, async_result, &error) == FALSE) {

 *			/* Notify the user of all errors except cancellation errors */

 *			if (!g_error_matches (error, G_IO_ERROR, G_IO_ERROR_CANCELLED)) {

 *				g_error ("Authorization failed: %s", error->message);

 *			}

 *

 *			g_error_free (error);

 *			return;

 *		}

 *

 *		/* (The client is now authenticated and authorized against the service.

 *		 * It can now proceed to execute queries on the service object which require the user to be authenticated.) */

 *	}

 *

 *	g_object_unref (service);

 *	g_object_unref (authorizer);

 *	</programlisting>

 * </example>

 *

 * Since: 0.9.0

 */

#include <config.h>

#include <string.h>

#include <oauth.h>

#include <glib.h>

#include <glib/gi18n-lib.h>

#include "gdata-oauth1-authorizer.h"

#include "gdata-private.h"

#define HMAC_SHA1_LEN 20 /* bytes, raw */

static void authorizer_init (GDataAuthorizerInterface *iface);

static void dispose (GObject *object);

static void finalize (GObject *object);

static void get_property (GObject *object, guint property_id, GValue *value, GParamSpec *pspec);

static void set_property (GObject *object, guint property_id, const GValue *value, GParamSpec *pspec);

static void process_request (GDataAuthorizer *self, GDataAuthorizationDomain *domain, SoupMessage *message);

static gboolean is_authorized_for_domain (GDataAuthorizer *self, GDataAuthorizationDomain *domain);

static void sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *token, const gchar *token_secret, GHashTable *parameters);

static void notify_proxy_uri_cb (GObject *object, GParamSpec *pspec, GDataOAuth1Authorizer *self);

static void notify_timeout_cb (GObject *gobject, GParamSpec *pspec, GObject *self);

static SoupURI *_get_proxy_uri (GDataOAuth1Authorizer *self);

static void _set_proxy_uri (GDataOAuth1Authorizer *self, SoupURI *proxy_uri);

struct _GDataOAuth1AuthorizerPrivate {

	SoupSession *session;

	SoupURI *proxy_uri; /* cached version only set if gdata_oauth1_authorizer_get_proxy_uri() is called */

	GProxyResolver *proxy_resolver;

	gchar *application_name;

	gchar *locale;

	GMutex mutex; /* mutex for token, token_secret and authorization_domains */

	/* Note: This is the access token, not the request token returned by gdata_oauth1_authorizer_request_authentication_uri().

	 * It's NULL iff the authorizer isn't authenticated. token_secret must be NULL iff token is NULL. */

	gchar *token;

	GDataSecureString token_secret; /* must be allocated by _gdata_service_secure_strdup() */

	/* Mapping from GDataAuthorizationDomain to itself; a set of domains for which ->access_token is valid. */

	GHashTable *authorization_domains;

};

enum {

	PROP_APPLICATION_NAME = 1,

	PROP_LOCALE,

	PROP_PROXY_URI,

	PROP_TIMEOUT,

	PROP_PROXY_RESOLVER,

};

G_DEFINE_TYPE_WITH_CODE (GDataOAuth1Authorizer, gdata_oauth1_authorizer, G_TYPE_OBJECT,

                         G_IMPLEMENT_INTERFACE (GDATA_TYPE_AUTHORIZER, authorizer_init))

static void

gdata_oauth1_authorizer_class_init (GDataOAuth1AuthorizerClass *klass)

{

	GObjectClass *gobject_class = G_OBJECT_CLASS (klass);

	g_type_class_add_private (klass, sizeof (GDataOAuth1AuthorizerPrivate));

	gobject_class->get_property = get_property;

	gobject_class->set_property = set_property;

	gobject_class->dispose = dispose;

	gobject_class->finalize = finalize;

	/**

	 * GDataOAuth1Authorizer:application-name:

	 *

	 * The human-readable, translated application name for the client, to be presented to the user on the authentication page at the URI

	 * returned by gdata_oauth1_authorizer_request_authentication_uri().

	 *

	 * If %NULL is provided in the constructor to #GDataOAuth1Authorizer, the value returned by g_get_application_name() will be used as a

	 * fallback. Note that this may also be %NULL: in this case, the authentication page will use the application name “anonymous”.

	 *

	 * Since: 0.9.0

	 */

	g_object_class_install_property (gobject_class, PROP_APPLICATION_NAME,

	                                 g_param_spec_string ("application-name",

	                                                      "Application name", "The human-readable, translated application name for the client.",

	                                                      NULL,

	                                                      G_PARAM_CONSTRUCT_ONLY | G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));

	/**

	 * GDataOAuth1Authorizer:locale:

	 *

	 * The locale to use for network requests, in Unix locale format. (e.g. "en_GB", "cs", "de_DE".) Use %NULL for the default "C" locale

	 * (typically "en_US").

	 *

	 * This locale will be used by the server-side software to localise the authentication and authorization pages at the URI returned by

	 * gdata_oauth1_authorizer_request_authentication_uri().

	 *

	 * The server-side behaviour is undefined if it doesn't support a given locale.

	 *

	 * Since: 0.9.0

	 */

	g_object_class_install_property (gobject_class, PROP_LOCALE,

	                                 g_param_spec_string ("locale",

	                                                      "Locale", "The locale to use for network requests, in Unix locale format.",

	                                                      NULL,

	                                                      G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));

	/**

	 * GDataOAuth1Authorizer:proxy-uri:

	 *

	 * The proxy URI used internally for all network requests.

	 *

	 * Since: 0.9.0

	 * Deprecated: 0.15.0: Use #GDataClientLoginAuthorizer:proxy-resolver instead, which gives more flexibility over the proxy used.

	 */

	g_object_class_install_property (gobject_class, PROP_PROXY_URI,

	                                 g_param_spec_boxed ("proxy-uri",

	                                                     "Proxy URI", "The proxy URI used internally for all network requests.",

	                                                     SOUP_TYPE_URI,

	                                                     G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));

	/**

	 * GDataOAuth1Authorizer:timeout:

	 *

	 * A timeout, in seconds, for network operations. If the timeout is exceeded, the operation will be cancelled and

	 * %GDATA_SERVICE_ERROR_NETWORK_ERROR will be returned.

	 *

	 * If the timeout is 0, operations will never time out.

	 *

	 * Since: 0.9.0

	 */

	g_object_class_install_property (gobject_class, PROP_TIMEOUT,

	                                 g_param_spec_uint ("timeout",

	                                                    "Timeout", "A timeout, in seconds, for network operations.",

	                                                    0, G_MAXUINT, 0,

	                                                    G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));

	/**

	 * GDataOAuth1Authorizer:proxy-resolver:

	 *

	 * The #GProxyResolver used to determine a proxy URI.  Setting this will clear the #GDataOAuth1Authorizer:proxy-uri property.

	 *

	 * Since: 0.15.0

	 */

	g_object_class_install_property (gobject_class, PROP_PROXY_RESOLVER,

	                                 g_param_spec_object ("proxy-resolver",

	                                                      "Proxy Resolver", "A GProxyResolver used to determine a proxy URI.",

	                                                      G_TYPE_PROXY_RESOLVER,

	                                                      G_PARAM_READWRITE | G_PARAM_STATIC_STRINGS));

}

static void

authorizer_init (GDataAuthorizerInterface *iface)

{

	iface->process_request = process_request;

	iface->is_authorized_for_domain = is_authorized_for_domain;

}

static void

gdata_oauth1_authorizer_init (GDataOAuth1Authorizer *self)

{

	self->priv = G_TYPE_INSTANCE_GET_PRIVATE (self, GDATA_TYPE_OAUTH1_AUTHORIZER, GDataOAuth1AuthorizerPrivate);

	/* Set up the authorizer's mutex */

	g_mutex_init (&(self->priv->mutex));

	self->priv->authorization_domains = g_hash_table_new_full (g_direct_hash, g_direct_equal, g_object_unref, NULL);

	/* Set up the session */

	self->priv->session = _gdata_service_build_session ();

	/* Proxy the SoupSession's proxy-uri and timeout properties */

	g_signal_connect (self->priv->session, "notify::proxy-uri", (GCallback) notify_proxy_uri_cb, self);

	g_signal_connect (self->priv->session, "notify::timeout", (GCallback) notify_timeout_cb, self);

	/* Keep our GProxyResolver synchronized with SoupSession's. */

	g_object_bind_property (self->priv->session, "proxy-resolver", self, "proxy-resolver", G_BINDING_BIDIRECTIONAL | G_BINDING_SYNC_CREATE);

}

static void

dispose (GObject *object)

{

	GDataOAuth1AuthorizerPrivate *priv = GDATA_OAUTH1_AUTHORIZER (object)->priv;

	if (priv->session != NULL)

		g_object_unref (priv->session);

	priv->session = NULL;

	g_clear_object (&priv->proxy_resolver);

	/* Chain up to the parent class */

	G_OBJECT_CLASS (gdata_oauth1_authorizer_parent_class)->dispose (object);

}

static void

finalize (GObject *object)

{

	GDataOAuth1AuthorizerPrivate *priv = GDATA_OAUTH1_AUTHORIZER (object)->priv;

	g_free (priv->application_name);

	g_free (priv->locale);

	g_hash_table_destroy (priv->authorization_domains);

	g_mutex_clear (&(priv->mutex));

	if (priv->proxy_uri != NULL) {

		soup_uri_free (priv->proxy_uri);

	}

	g_free (priv->token);

	_gdata_service_secure_strfree (priv->token_secret);

	/* Chain up to the parent class */

	G_OBJECT_CLASS (gdata_oauth1_authorizer_parent_class)->finalize (object);

}

static void

get_property (GObject *object, guint property_id, GValue *value, GParamSpec *pspec)

{

	GDataOAuth1AuthorizerPrivate *priv = GDATA_OAUTH1_AUTHORIZER (object)->priv;

	switch (property_id) {

		case PROP_APPLICATION_NAME:

			g_value_set_string (value, priv->application_name);

			break;

		case PROP_LOCALE:

			g_value_set_string (value, priv->locale);

			break;

		case PROP_PROXY_URI:

			g_value_set_boxed (value, _get_proxy_uri (GDATA_OAUTH1_AUTHORIZER (object)));

			break;

		case PROP_TIMEOUT:

			g_value_set_uint (value, gdata_oauth1_authorizer_get_timeout (GDATA_OAUTH1_AUTHORIZER (object)));

			break;

		case PROP_PROXY_RESOLVER:

			g_value_set_object (value, gdata_oauth1_authorizer_get_proxy_resolver (GDATA_OAUTH1_AUTHORIZER (object)));

			break;

		default:

			/* We don't have any other property... */

			G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);

			break;

	}

}

static void

set_property (GObject *object, guint property_id, const GValue *value, GParamSpec *pspec)

{

	GDataOAuth1AuthorizerPrivate *priv = GDATA_OAUTH1_AUTHORIZER (object)->priv;

	switch (property_id) {

		/* Construct only */

		case PROP_APPLICATION_NAME:

			priv->application_name = g_value_dup_string (value);

			/* Default to the value of g_get_application_name() */

			if (priv->application_name == NULL || *(priv->application_name) == '\0') {

				g_free (priv->application_name);

				priv->application_name = g_strdup (g_get_application_name ());

			}

			break;

		case PROP_LOCALE:

			gdata_oauth1_authorizer_set_locale (GDATA_OAUTH1_AUTHORIZER (object), g_value_get_string (value));

			break;

		case PROP_PROXY_URI:

			_set_proxy_uri (GDATA_OAUTH1_AUTHORIZER (object), g_value_get_boxed (value));

			break;

		case PROP_TIMEOUT:

			gdata_oauth1_authorizer_set_timeout (GDATA_OAUTH1_AUTHORIZER (object), g_value_get_uint (value));

			break;

		case PROP_PROXY_RESOLVER:

			gdata_oauth1_authorizer_set_proxy_resolver (GDATA_OAUTH1_AUTHORIZER (object), g_value_get_object (value));

			break;

		default:

			/* We don't have any other property... */

			G_OBJECT_WARN_INVALID_PROPERTY_ID (object, property_id, pspec);

			break;

	}

}

static void

process_request (GDataAuthorizer *self, GDataAuthorizationDomain *domain, SoupMessage *message)

{

	GDataOAuth1AuthorizerPrivate *priv = GDATA_OAUTH1_AUTHORIZER (self)->priv;

	/* Set the authorisation header */

	g_mutex_lock (&(priv->mutex));

	/* Sanity check */

	g_assert ((priv->token == NULL) == (priv->token_secret == NULL));

	if (priv->token != NULL && g_hash_table_lookup (priv->authorization_domains, domain) != NULL) {

		sign_message (GDATA_OAUTH1_AUTHORIZER (self), message, priv->token, priv->token_secret, NULL);

	}

	g_mutex_unlock (&(priv->mutex));

}

static gboolean

is_authorized_for_domain (GDataAuthorizer *self, GDataAuthorizationDomain *domain)

{

	GDataOAuth1AuthorizerPrivate *priv = GDATA_OAUTH1_AUTHORIZER (self)->priv;

	gpointer result;

	const gchar *token;

	g_mutex_lock (&(priv->mutex));

	token = priv->token;

	result = g_hash_table_lookup (priv->authorization_domains, domain);

	g_mutex_unlock (&(priv->mutex));

	/* Sanity check */

	g_assert (result == NULL || result == domain);

	return (token != NULL && result != NULL) ? TRUE : FALSE;

}

/* Sign the message and add the Authorization header to it containing the signature.

 * NOTE: This must not lock priv->mutex, as it's called from within a critical section in process_request() and priv->mutex isn't recursive. */

static void

sign_message (GDataOAuth1Authorizer *self, SoupMessage *message, const gchar *token, const gchar *token_secret, GHashTable *parameters)

{

	GHashTableIter iter;

	const gchar *key, *value, *consumer_key, *consumer_secret, *signature_method;

	gsize params_length = 0;

	GList *sorted_params = NULL, *i;

	GString *query_string, *signature_base_string, *secret_string, *authorization_header;

	SoupURI *normalised_uri;

	gchar *uri, *signature, *timestamp;

	char *nonce;

	gboolean is_first = TRUE;

	GTimeVal time_val;

	guchar signature_buf[HMAC_SHA1_LEN];

	gsize signature_buf_len;

	GHmac *signature_hmac;

	g_return_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self));

	g_return_if_fail (SOUP_IS_MESSAGE (message));

	g_return_if_fail (token == NULL || *token != '\0');

	g_return_if_fail (token_secret == NULL || *token_secret != '\0');

	g_return_if_fail ((token == NULL) == (token_secret == NULL));

	/* Build and return a HMAC-SHA1 signature for the given SoupMessage. We always use HMAC-SHA1, since installed applications have to be

	 * unregistered (see: http://code.google.com/apis/accounts/docs/OAuth_ref.html#SigningOAuth).

	 * Reference: http://tools.ietf.org/html/rfc5849#section-3.4 */

	signature_method = "HMAC-SHA1";

	/* As described here, we use an anonymous consumer key and secret, since we're designed for installed applications:

	 * http://code.google.com/apis/accounts/docs/OAuth_ref.html#SigningOAuth */

	consumer_key = "anonymous";

	consumer_secret = "anonymous";

	/* Add various standard parameters to the list (note: this modifies the hash table belonging to the caller) */

	nonce = oauth_gen_nonce ();

	g_get_current_time (&time_val);

	timestamp = g_strdup_printf ("%li", time_val.tv_sec);

	if (parameters == NULL) {

		parameters = g_hash_table_new (g_str_hash, g_str_equal);

	} else {

		g_hash_table_ref (parameters);

	}

	g_hash_table_insert (parameters, (gpointer) "oauth_signature_method", (gpointer) signature_method);

	g_hash_table_insert (parameters, (gpointer) "oauth_consumer_key", (gpointer) consumer_key);

	g_hash_table_insert (parameters, (gpointer) "oauth_nonce", nonce);

	g_hash_table_insert (parameters, (gpointer) "oauth_timestamp", timestamp);

	g_hash_table_insert (parameters, (gpointer) "oauth_version", (gpointer) "1.0");

	/* Only add the token if it's been provided */

	if (token != NULL) {

		g_hash_table_insert (parameters, (gpointer) "oauth_token", (gpointer) token);

	}

	/* Sort the parameters and build a query string, as defined here: http://tools.ietf.org/html/rfc5849#section-3.4.1.3 */

	g_hash_table_iter_init (&iter, parameters);

	while (g_hash_table_iter_next (&iter, (gpointer*) &key, (gpointer*) &value) == TRUE) {

		GString *pair = g_string_new (NULL);

		g_string_append_uri_escaped (pair, key, NULL, FALSE);

		g_string_append_c (pair, '=');

		g_string_append_uri_escaped (pair, value, NULL, FALSE);

		/* Append the pair to the list for sorting, and keep track of the total length of the strings in the list so far */

		params_length += pair->len + 1 /* sep */;

		sorted_params = g_list_prepend (sorted_params, g_string_free (pair, FALSE));

	}

	g_hash_table_unref (parameters);

	sorted_params = g_list_sort (sorted_params, (GCompareFunc) g_strcmp0);

	/* Concatenate the parameters to give the query string */

	query_string = g_string_sized_new (params_length);

	for (i = sorted_params; i != NULL; i = i->next) {

		if (is_first == FALSE) {

			g_string_append_c (query_string, '&';;

		}

		g_string_append (query_string, i->data);

		g_free (i->data);

		is_first = FALSE;

	}

	g_list_free (sorted_params);

	/* Normalise the URI as described here: http://tools.ietf.org/html/rfc5849#section-3.4.1.2 */

	normalised_uri = soup_uri_copy (soup_message_get_uri (message));

	soup_uri_set_query (normalised_uri, NULL);

	soup_uri_set_fragment (normalised_uri, NULL);

	/* Append it to the signature base string */

	uri = soup_uri_to_string (normalised_uri, FALSE);

	/* Start building the signature base string as described here: http://tools.ietf.org/html/rfc5849#section-3.4.1.1 */

	signature_base_string = g_string_sized_new (4 /* method */ + 1 /* sep */ + strlen (uri) + 1 /* sep */ + params_length /* query string */);

	g_string_append_uri_escaped (signature_base_string, message->method, NULL, FALSE);

	g_string_append_c (signature_base_string, '&';;

	g_string_append_uri_escaped (signature_base_string, uri, NULL, FALSE);

	g_string_append_c (signature_base_string, '&';;

	g_string_append_uri_escaped (signature_base_string, query_string->str, NULL, FALSE);

	g_free (uri);

	soup_uri_free (normalised_uri);

	g_string_free (query_string, TRUE);

	/* Build the secret key to use in the HMAC */

	secret_string = g_string_new (NULL);

	g_string_append_uri_escaped (secret_string, consumer_secret, NULL, FALSE);

	g_string_append_c (secret_string, '&';;

	/* Only add token_secret if it was provided */

	if (token_secret != NULL) {

		g_string_append_uri_escaped (secret_string, token_secret, NULL, FALSE);

	}

	/* Create the signature as described here: http://tools.ietf.org/html/rfc5849#section-3.4.2 */

	signature_hmac = g_hmac_new (G_CHECKSUM_SHA1, (const guchar*) secret_string->str, secret_string->len);

	g_hmac_update (signature_hmac, (const guchar*) signature_base_string->str, signature_base_string->len);

	signature_buf_len = G_N_ELEMENTS (signature_buf);

	g_hmac_get_digest (signature_hmac, signature_buf, &signature_buf_len);

	g_hmac_unref (signature_hmac);

	signature = g_base64_encode (signature_buf, signature_buf_len);

	/*g_debug ("Signing message using Signature Base String: “%s” and key “%s” using method “%s” to give signature: “%s”.",

	         signature_base_string->str, secret_string->str, signature_method, signature);*/

	/* Zero out the secret_string before freeing it, to reduce the chance of secrets hitting disk. */

	memset (secret_string->str, 0, secret_string->allocated_len);

	g_string_free (secret_string, TRUE);

	g_string_free (signature_base_string, TRUE);

	/* Build the Authorization header and append it to the message */

	authorization_header = g_string_new ("OAuth oauth_consumer_key=\"");

	g_string_append_uri_escaped (authorization_header, consumer_key, NULL, FALSE);

	/* Only add the token if it's been provided */

	if (token != NULL) {

		g_string_append (authorization_header, "\",oauth_token=\"");

		g_string_append_uri_escaped (authorization_header, token, NULL, FALSE);

	}

	g_string_append (authorization_header, "\",oauth_signature_method=\"");

	g_string_append_uri_escaped (authorization_header, signature_method, NULL, FALSE);

	g_string_append (authorization_header, "\",oauth_signature=\"");

	g_string_append_uri_escaped (authorization_header, signature, NULL, FALSE);

	g_string_append (authorization_header, "\",oauth_timestamp=\"");

	g_string_append_uri_escaped (authorization_header, timestamp, NULL, FALSE);

	g_string_append (authorization_header, "\",oauth_nonce=\"");

	g_string_append_uri_escaped (authorization_header, nonce, NULL, FALSE);

	g_string_append (authorization_header, "\",oauth_version=\"1.0\"");

	soup_message_headers_replace (message->request_headers, "Authorization", authorization_header->str);

	g_string_free (authorization_header, TRUE);

	free (signature);

	g_free (timestamp);

	free (nonce);

}

/**

 * gdata_oauth1_authorizer_new:

 * @application_name: (allow-none): a human-readable, translated application name to use on authentication pages, or %NULL

 * @service_type: the #GType of a #GDataService subclass which the #GDataOAuth1Authorizer will be used with

 *

 * Creates a new #GDataOAuth1Authorizer.

 *

 * The #GDataAuthorizationDomains for the given @service_type (i.e. as returned by gdata_service_get_authorization_domains()) are the ones the

 * user will be requested to authorize access to on the page at the URI returned by gdata_oauth1_authorizer_request_authentication_uri().

 *

 * The given @application_name will set the value of #GDataOAuth1Authorizer:application-name and will be displayed to the user on authentication pages

 * returned by Google. If %NULL is provided, the value of g_get_application_name() will be used as a fallback.

 *

 * Return value: (transfer full): a new #GDataOAuth1Authorizer; unref with g_object_unref()

 *

 * Since: 0.9.0

 */

GDataOAuth1Authorizer *

gdata_oauth1_authorizer_new (const gchar *application_name, GType service_type)

{

	g_return_val_if_fail (g_type_is_a (service_type, GDATA_TYPE_SERVICE), NULL);

	return gdata_oauth1_authorizer_new_for_authorization_domains (application_name, gdata_service_get_authorization_domains (service_type));

}

/**

 * gdata_oauth1_authorizer_new_for_authorization_domains:

 * @application_name: (allow-none): a human-readable, translated application name to use on authentication pages, or %NULL

 * @authorization_domains: (element-type GDataAuthorizationDomain) (transfer none): a non-empty list of #GDataAuthorizationDomains to be

 * authorized against by the #GDataOAuth1Authorizer

 *

 * Creates a new #GDataOAuth1Authorizer. This function is intended to be used only when the default authorization domain list for a single

 * #GDataService, as used by gdata_oauth1_authorizer_new(), isn't suitable. For example, this could be because the #GDataOAuth1Authorizer will be used

 * with multiple #GDataService subclasses, or because the client requires a specific set of authorization domains.

 *

 * The specified #GDataAuthorizationDomains are the ones the user will be requested to authorize access to on the page at the URI returned by

 * gdata_oauth1_authorizer_request_authentication_uri().

 *

 * The given @application_name will set the value of #GDataOAuth1Authorizer:application-name and will be displayed to the user on authentication pages

 * returned by Google. If %NULL is provided, the value of g_get_application_name() will be used as a fallback.

 *

 * Return value: (transfer full): a new #GDataOAuth1Authorizer; unref with g_object_unref()

 *

 * Since: 0.9.0

 */

GDataOAuth1Authorizer *

gdata_oauth1_authorizer_new_for_authorization_domains (const gchar *application_name, GList *authorization_domains)

{

	GList *i;

	GDataOAuth1Authorizer *authorizer;

	g_return_val_if_fail (authorization_domains != NULL, NULL);

	authorizer = GDATA_OAUTH1_AUTHORIZER (g_object_new (GDATA_TYPE_OAUTH1_AUTHORIZER,

	                                                    "application-name", application_name,

	                                                    NULL));

	/* Register all the domains with the authorizer */

	for (i = authorization_domains; i != NULL; i = i->next) {

		g_return_val_if_fail (GDATA_IS_AUTHORIZATION_DOMAIN (i->data), NULL);

		/* We don't have to lock the authoriser's mutex here as no other code has seen the authoriser yet */

		g_hash_table_insert (authorizer->priv->authorization_domains, g_object_ref (GDATA_AUTHORIZATION_DOMAIN (i->data)), i->data);

	}

	return authorizer;

}

/**

 * gdata_oauth1_authorizer_request_authentication_uri:

 * @self: a #GDataOAuth1Authorizer

 * @token: (out callee-allocates): return location for the temporary credentials token returned by the authentication service; free with g_free()

 * @token_secret: (out callee-allocates): return location for the temporary credentials token secret returned by the authentication service; free with

 * g_free()

 * @cancellable: (allow-none): optional #GCancellable object, or %NULL

 * @error: a #GError, or %NULL

 *

 * Requests a fresh unauthenticated token from the Google accounts service and builds and returns the URI of an authentication page for that token.

 * This should then be presented to the user (e.g. in an embedded or stand alone web browser). The authentication page will ask the user to log in

 * using their Google account, then ask them to grant access to the #GDataAuthorizationDomains passed to the constructor of the

 * #GDataOAuth1Authorizer. If the user grants access, they will be given a verifier, which can then be passed to

 * gdata_oauth1_authorizer_request_authorization() (along with the @token and @token_secret values returned by this method) to authorize the token.

 *

 * This method can fail if the server returns an error, but this is unlikely. If it does happen, a %GDATA_SERVICE_ERROR_PROTOCOL_ERROR will be

 * raised, @token and @token_secret will be set to %NULL and %NULL will be returned.

 *

 * This method implements <ulink type="http" url="http://tools.ietf.org/html/rfc5849#section-2.1">Section 2.1</ulink> and

 * <ulink type="http" url="http://tools.ietf.org/html/rfc5849#section-2.2">Section 2.2</ulink> of the

 * <ulink type="http" url="http://tools.ietf.org/html/rfc5849">OAuth 1.0 protocol</ulink>.

 *

 * When freeing @token_secret, it's advisable to set it to all zeros first, to reduce the chance of the sensitive token being recoverable from the

 * free memory pool and (accidentally) leaked by a different part of the process. This can be achieved with the following code:

 * |[

 *	if (token_secret != NULL) {

 *		memset (token_secret, 0, strlen (token_secret));

 *		g_free (token_secret);

 *	}

 * ]|

 *

 * Return value: (transfer full): the URI of an authentication page for the user to use; free with g_free()

 *

 * Since: 0.9.0

 */

gchar *

gdata_oauth1_authorizer_request_authentication_uri (GDataOAuth1Authorizer *self, gchar **token, gchar **token_secret,

                                                    GCancellable *cancellable, GError **error)

{

	GDataOAuth1AuthorizerPrivate *priv;

	SoupMessage *message;

	guint status;

	gchar *request_body;

	GString *scope_string, *authentication_uri;

	GHashTable *parameters;

	GHashTableIter iter;

	gboolean is_first = TRUE;

	GDataAuthorizationDomain *domain;

	GHashTable *response_details;

	const gchar *callback_uri, *_token, *_token_secret, *callback_confirmed;

	SoupURI *_uri;

	g_return_val_if_fail (GDATA_IS_OAUTH1_AUTHORIZER (self), NULL);

	g_return_val_if_fail (token != NULL, NULL);

	g_return_val_if_fail (token_secret != NULL, NULL);

	g_return_val_if_fail (cancellable == NULL || G_IS_CANCELLABLE (cancellable), NULL);

	g_return_val_if_fail (error == NULL || *error == NULL, NULL);

	priv = self->priv;

	/* This implements OAuthGetRequestToken and returns the URI for OAuthAuthorizeToken, which the client must then use themselves (e.g. in an

	 * embedded web browser) to authorise the temporary credentials token. They then pass the request token and verification code they get back

	 * from that to gdata_oauth1_authorizer_request_authorization(). */

	/* We default to out-of-band callbacks */

	callback_uri = "oob";

	/* Set the output parameters to NULL in case of failure */

	*token = NULL;

	*token_secret = NULL;

	/* Build up the space-separated list of scopes we're requesting authorisation for */

	g_mutex_lock (&(priv->mutex));

	scope_string = g_string_new (NULL);

	g_hash_table_iter_init (&iter, priv->authorization_domains);

	while (g_hash_table_iter_next (&iter, (gpointer*) &domain, NULL) == TRUE) {

		if (is_first == FALSE) {

			/* Delimiter */

			g_string_append_c (scope_string, ' ');

		}

		g_string_append (scope_string, gdata_authorization_domain_get_scope (domain));

		is_first = FALSE;

	}

	g_mutex_unlock (&(priv->mutex));

	/* Build the request body and the set of parameters to be signed */

	parameters = g_hash_table_new (g_str_hash, g_str_equal);

	g_hash_table_insert (parameters, (gpointer) "scope", scope_string->str);

	g_hash_table_insert (parameters, (gpointer) "xoauth_displayname", priv->application_name);

	g_hash_table_insert (parameters, (gpointer) "oauth_callback", (gpointer) callback_uri);

	request_body = soup_form_encode_hash (parameters);

	/* Build the message */

	_uri = soup_uri_new ("https://www.google.com/accounts/OAuthGetRequestToken");

	soup_uri_set_port (_uri, _gdata_service_get_https_port ());

	message = soup_message_new_from_uri (SOUP_METHOD_POST, _uri);

	soup_uri_free (_uri);

	soup_message_set_request (message, "application/x-www-form-urlencoded", SOUP_MEMORY_TAKE, request_body, strlen (request_body));

	sign_message (self, message, NULL, NULL, parameters);

	g_hash_table_destroy (parameters);

	g_string_free (scope_string, TRUE);

	/* Send the message */

	_gdata_service_actually_send_message (priv->session, message, cancellable, error);

	status = message->status_code;

	if (status == SOUP_STATUS_CANCELLED) {

		/* Cancelled (the error has already been set) */

		g_object_unref (message);

		return NULL;

	} else if (status != SOUP_STATUS_OK) {

		/* Server returned an error. Not much we can do, since the error codes aren't documented and it shouldn't normally ever happen

		 * anyway. */

		g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_PROTOCOL_ERROR,

		                     _("The server rejected the temporary credentials request."));

		g_object_unref (message);

		return NULL;

	}

	g_assert (message->response_body->data != NULL);

	/* Parse the response. We expect something like:

	 *   oauth_token=ab3cd9j4ks73hf7g&oauth_token_secret=ZXhhbXBsZS5jb20&oauth_callback_confirmed=true

	 * See: http://code.google.com/apis/accounts/docs/OAuth_ref.html#RequestToken and

	 * http://tools.ietf.org/html/rfc5849#section-2.1 for details. */

	response_details = soup_form_decode (message->response_body->data);

	g_object_unref (message);

	_token = g_hash_table_lookup (response_details, "oauth_token");

	_token_secret = g_hash_table_lookup (response_details, "oauth_token_secret");

	callback_confirmed = g_hash_table_lookup (response_details, "oauth_callback_confirmed");

	/* Validate the returned values */

	if (_token == NULL || _token_secret == NULL || callback_confirmed == NULL ||

	    *_token == '\0' || *_token_secret == '\0' ||

	    strcmp (callback_confirmed, "true") != 0) {

		g_set_error_literal (error, GDATA_SERVICE_ERROR, GDATA_SERVICE_ERROR_PROTOCOL_ERROR,

		                     _("The server returned a malformed response."));

		g_hash_table_destroy (response_details);

		return NULL;

	}

	/* Build the authentication URI which the user will then open in a web browser and use to authenticate and authorise our application.

	 * We expect to build something like this:

	 *   https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=ab3cd9j4ks73hf7g&hd=mycollege.edu&hl=en&btmpl=mobile

	 * See: http://code.google.com/apis/accounts/docs/OAuth_ref.html#GetAuth for more details. */

	authentication_uri = g_string_new ("https://www.google.com/accounts/OAuthAuthorizeToken?oauth_token=");

	g_string_append_uri_escaped (authentication_uri, g_hash_table_lookup (response_details, "oauth_token"), NULL, TRUE);

	if (priv->locale != NULL) {

		g_string_append (authentication_uri, "&hl=");

		g_string_append_uri_escaped (authentication_uri, priv->locale, NULL, TRUE);

	}

	/* Return the token and token secret */

	*token = g_strdup (_token);

	*token_secret = g_strdup (_token_secret); /* NOTE: Ideally this would be allocated in non-pageable memory, but changing that would break API */

	g_hash_table_destroy (response_details);

	return g_string_free (authentication_uri, FALSE);

}

typedef struct {

	/* All return values */

	gchar *token;

	gchar *token_secret; /* NOTE: Ideally this would be allocated in non-pageable memory, but changing that would break API */

	gchar *authentication_uri;

} RequestAuthenticationUriAsyncData;

static void

request_authentication_uri_async_data_free (RequestAuthenticationUriAsyncData *data)

{

	g_free (data->token);

	g_free (data->token_secret);

	g_free (data->authentication_uri);