path: root/modules/online-accounts/camel-sasl-xoauth.c

/*
 * camel-sasl-xoauth.c
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2 of the License, or (at your option) version 3.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with the program; if not, see <http://www.gnu.org/licenses/>
 *
 */

/* XXX Yeah, yeah... */
#define GOA_API_IS_SUBJECT_TO_CHANGE

#include <config.h>
#include <glib/gi18n-lib.h>

#include <goa/goa.h>

#include <libemail-engine/e-mail-session.h>

#include "camel-sasl-xoauth.h"

#define CAMEL_SASL_XOAUTH_GET_PRIVATE(obj) \
    (G_TYPE_INSTANCE_GET_PRIVATE \
    ((obj), CAMEL_TYPE_SASL_XOAUTH, CamelSaslXOAuthPrivate))

#define HMAC_SHA1_LEN 20 /* bytes, raw */

struct _CamelSaslXOAuthPrivate {
    gint placeholder;
};

G_DEFINE_DYNAMIC_TYPE (CamelSaslXOAuth, camel_sasl_xoauth, CAMEL_TYPE_SASL)

static void
sasl_xoauth_append_request (GByteArray *byte_array,
                            const gchar *request_uri,
                            const gchar *consumer_key,
                            const gchar *consumer_secret,
                            const gchar *access_token,
                            const gchar *access_token_secret)
{
    GString *query;
    GString *base_string;
    GString *signing_key;
    GString *request;
    GHashTable *parameters;
    GList *keys;
    GList *iter;
    GHmac *signature_hmac;
    guchar signature_digest[HMAC_SHA1_LEN];
    gsize signature_digest_len;
    gchar *string;
    gpointer key, val;
    guint ii;

    const gchar *oauth_keys[] = {
        "oauth_version",
        "oauth_nonce",
        "oauth_timestamp",
        "oauth_consumer_key",
        "oauth_token",
        "oauth_signature_method",
        "oauth_signature"
    };

    parameters = g_hash_table_new_full (
        (GHashFunc) g_str_hash,
        (GEqualFunc) g_str_equal,
        (GDestroyNotify) NULL,
        (GDestroyNotify) g_free);

    /* Add OAuth parameters. */

    key = (gpointer) "oauth_version";
    g_hash_table_insert (parameters, key, g_strdup ("1.0"));

    key = (gpointer) "oauth_nonce";
    string = g_strdup_printf ("%u", g_random_int ());
    g_hash_table_insert (parameters, key, string); /* takes ownership */

    key = (gpointer) "oauth_timestamp";
    string = g_strdup_printf ("%" G_GINT64_FORMAT, (gint64) time (NULL));
    g_hash_table_insert (parameters, key, string); /* takes ownership */

    key = (gpointer) "oauth_consumer_key";
    g_hash_table_insert (parameters, key, g_strdup (consumer_key));

    key = (gpointer) "oauth_token";
    g_hash_table_insert (parameters, key, g_strdup (access_token));

    key = (gpointer) "oauth_signature_method";
    g_hash_table_insert (parameters, key, g_strdup ("HMAC-SHA1"));

    /* Build the query part of the signature base string.
     * Parameters in the query part must be sorted by name. */

    query = g_string_sized_new (512);
    keys = g_hash_table_get_keys (parameters);
    keys = g_list_sort (keys, (GCompareFunc) g_strcmp0);
    for (iter = keys; iter != NULL; iter = iter->next) {
        key = iter->data;
        val = g_hash_table_lookup (parameters, key);

        if (iter != keys)
            g_string_append_c (query, '&');

        g_string_append_uri_escaped (query, key, NULL, FALSE);
        g_string_append_c (query, '=');
        g_string_append_uri_escaped (query, val, NULL, FALSE);
    }
    g_list_free (keys);

    /* Build the signature base string. */

    base_string = g_string_new (NULL);
    g_string_append (base_string, "GET");
    g_string_append_c (base_string, '&');
    g_string_append_uri_escaped (base_string, request_uri, NULL, FALSE);
    g_string_append_c (base_string, '&');
    g_string_append_uri_escaped (base_string, query->str, NULL, FALSE);

    /* Build the HMAC-SHA1 signing key. */

    signing_key = g_string_sized_new (512);
    g_string_append_uri_escaped (
        signing_key, consumer_secret, NULL, FALSE);
    g_string_append_c (signing_key, '&');
    g_string_append_uri_escaped (
        signing_key, access_token_secret, NULL, FALSE);

    /* Sign the request. */

    signature_digest_len = sizeof (signature_digest);

    signature_hmac = g_hmac_new (
        G_CHECKSUM_SHA1,
        (guchar *) signing_key->str,
        signing_key->len);
    g_hmac_update (
        signature_hmac,
        (guchar *) base_string->str,
        base_string->len);
    g_hmac_get_digest (
        signature_hmac,
        signature_digest,
        &signature_digest_len);
    g_hmac_unref (signature_hmac);

    key = (gpointer) "oauth_signature";
    string = g_base64_encode (signature_digest, signature_digest_len);
    g_hash_table_insert (parameters, key, string); /* takes ownership */

    /* Build the formal request string. */

    /* The request is easier to assemble with a GString. */
    request = g_string_sized_new (512);

    g_string_append_printf (request, "GET %s ", request_uri);

    for (ii = 0; ii < G_N_ELEMENTS (oauth_keys); ii++) {
        key = (gpointer) oauth_keys[ii];
        val = g_hash_table_lookup (parameters, key);

        if (ii > 0)
            g_string_append_c (request, ',');

        g_string_append (request, key);
        g_string_append_c (request, '=');
        g_string_append_c (request, '"');
        g_string_append_uri_escaped (request, val, NULL, FALSE);
        g_string_append_c (request, '"');
    }

    /* Copy the GString content to the GByteArray. */
    g_byte_array_append (
        byte_array, (guint8 *) request->str, request->len + 1);

    g_string_free (request, TRUE);

    /* Clean up. */

    g_string_free (query, TRUE);
    g_string_free (base_string, TRUE);
    g_string_free (signing_key, TRUE);

    g_hash_table_unref (parameters);
}

/****************************************************************************/

static gchar *
sasl_xoauth_find_account_id (ESourceRegistry *registry,
                             const gchar *uid)
{
    ESource *source;
    ESource *ancestor;
    const gchar *extension_name;
    gchar *account_id = NULL;

    extension_name = E_SOURCE_EXTENSION_GOA;

    source = e_source_registry_ref_source (registry, uid);
    g_return_val_if_fail (source != NULL, NULL);

    ancestor = e_source_registry_find_extension (
        registry, source, extension_name);

    if (ancestor != NULL) {
        ESourceGoa *extension;

        extension = e_source_get_extension (ancestor, extension_name);
        account_id = e_source_goa_dup_account_id (extension);

        g_object_unref (ancestor);
    }

    g_object_unref (source);

    return account_id;
}

static GoaObject *
sasl_xoauth_get_account_by_id (GoaClient *client,
                               const gchar *account_id)
{
    GoaObject *match = NULL;
    GList *list, *iter;

    list = goa_client_get_accounts (client);

    for (iter = list; iter != NULL; iter = g_list_next (iter)) {
        GoaObject *goa_object;
        GoaAccount *goa_account;
        const gchar *candidate_id;

        goa_object = GOA_OBJECT (iter->data);
        goa_account = goa_object_get_account (goa_object);
        candidate_id = goa_account_get_id (goa_account);

        if (g_strcmp0 (account_id, candidate_id) == 0)
            match = g_object_ref (goa_object);

        g_object_unref (goa_account);

        if (match != NULL)
            break;
    }

    g_list_free_full (list, (GDestroyNotify) g_object_unref);

    return match;
}

static GByteArray *
sasl_xoauth_challenge_sync (CamelSasl *sasl,
                            GByteArray *token,
                            GCancellable *cancellable,
                            GError **error)
{
    GoaClient *goa_client;
    GoaObject *goa_object;
    GoaAccount *goa_account;
    GByteArray *byte_array = NULL;
    CamelService *service;
    CamelSession *session;
    ESourceRegistry *registry;
    const gchar *uid;
    gchar *account_id;
    gboolean success;

    service = camel_sasl_get_service (sasl);
    session = camel_service_ref_session (service);
    registry = e_mail_session_get_registry (E_MAIL_SESSION (session));

    goa_client = goa_client_new_sync (cancellable, error);
    if (goa_client == NULL)
        goto exit;

    uid = camel_service_get_uid (service);
    account_id = sasl_xoauth_find_account_id (registry, uid);
    goa_object = sasl_xoauth_get_account_by_id (goa_client, account_id);

    g_free (account_id);

    if (goa_object == NULL) {
        g_set_error_literal (
            error, CAMEL_SERVICE_ERROR,
            CAMEL_SERVICE_ERROR_CANT_AUTHENTICATE,
            _("Cannot find a corresponding account in "
            "the org.gnome.OnlineAccounts service from "
            "which to obtain an authentication token."));
        g_object_unref (goa_client);
        goto exit;
    }

    goa_account = goa_object_get_account (goa_object);

    success = goa_account_call_ensure_credentials_sync (
        goa_account, NULL, cancellable, error);

    if (success) {
        GoaOAuthBased *goa_oauth_based;
        const gchar *identity;
        const gchar *consumer_key;
        const gchar *consumer_secret;
        const gchar *service_type;
        gchar *access_token = NULL;
        gchar *access_token_secret = NULL;
        gchar *request_uri;

        goa_oauth_based = goa_object_get_oauth_based (goa_object);

        identity = goa_account_get_identity (goa_account);
        service_type = CAMEL_IS_STORE (service) ? "imap" : "smtp";

        /* FIXME This should probably be generalized. */
        request_uri = g_strdup_printf (
            "https://mail.google.com/mail/b/%s/%s/",
            identity, service_type);

        consumer_key =
            goa_oauth_based_get_consumer_key (goa_oauth_based);
        consumer_secret =
            goa_oauth_based_get_consumer_secret (goa_oauth_based);

        success = goa_oauth_based_call_get_access_token_sync (
            goa_oauth_based,
            &access_token,
            &access_token_secret,
            NULL,
            cancellable,
            error);

        if (success) {
            byte_array = g_byte_array_new ();
            sasl_xoauth_append_request (
                byte_array,
                request_uri,
                consumer_key,
                consumer_secret,
                access_token,
                access_token_secret);
        }

        g_free (access_token);
        g_free (access_token_secret);
        g_free (request_uri);

        g_object_unref (goa_oauth_based);
    }

    g_object_unref (goa_account);
    g_object_unref (goa_object);
    g_object_unref (goa_client);

    /* IMAP and SMTP services will Base64-encode the request. */

exit:
    g_object_unref (session);

    return byte_array;
}

static gpointer
camel_sasl_xoauth_auth_type_init (gpointer unused)
{
    CamelServiceAuthType *auth_type;

    /* This is a one-time allocation, never freed. */
    auth_type = g_malloc0 (sizeof (CamelServiceAuthType));
    auth_type->name = _("OAuth");
    auth_type->description =
        _("This option will connect to the server by "
          "way of the GNOME Online Accounts service");
    auth_type->authproto = "XOAUTH";
    auth_type->need_password = FALSE;

    return auth_type;
}

static void
camel_sasl_xoauth_class_init (CamelSaslXOAuthClass *class)
{
    static GOnce auth_type_once = G_ONCE_INIT;
    CamelSaslClass *sasl_class;

    g_once (&auth_type_once, camel_sasl_xoauth_auth_type_init, NULL);

    g_type_class_add_private (class, sizeof (CamelSaslXOAuthPrivate));

    sasl_class = CAMEL_SASL_CLASS (class);
    sasl_class->auth_type = auth_type_once.retval;
    sasl_class->challenge_sync = sasl_xoauth_challenge_sync;
}

static void
camel_sasl_xoauth_class_finalize (CamelSaslXOAuthClass *class)
{
}

static void
camel_sasl_xoauth_init (CamelSaslXOAuth *sasl)
{
    sasl->priv = CAMEL_SASL_XOAUTH_GET_PRIVATE (sasl);
}

void
camel_sasl_xoauth_type_register (GTypeModule *type_module)
{
    /* XXX G_DEFINE_DYNAMIC_TYPE declares a static type registration
     *     function, so we have to wrap it with a public function in
     *     order to register types from a separate compilation unit. */
    camel_sasl_xoauth_register_type (type_module);
}