or run

tessl search
Log in

Version

Files

evals

scenario-9

rubric.jsontask.md
tile.json

task.mdevals/scenario-9/

OAuth Signature Key Builder

Build a utility that constructs signing keys for OAuth 1.0 authentication using different cryptographic methods.

Requirements

Your task is to implement a key builder utility that creates properly formatted signing keys for OAuth 1.0 signature generation. The utility should support multiple signature methods and handle various edge cases related to secret encoding and key construction.

Core Functionality

Implement a module that constructs signing keys for OAuth 1.0 signatures:

  1. HMAC Key Construction: Create signing keys by combining consumer and token secrets with proper encoding and formatting
  2. RSA Key Handling: Validate and prepare RSA private keys for signature generation
  3. Secret Encoding: Ensure all secrets are properly percent-encoded before use
  4. Edge Case Handling: Handle missing, empty, or undefined secrets gracefully

Key Construction Rules

For HMAC-based signatures (HMAC-SHA1, HMAC-SHA256):

  • The signing key is formed by concatenating the encoded consumer secret, an ampersand (&), and the encoded token secret
  • Both secrets must be percent-encoded according to RFC 3986 before concatenation
  • If a secret is missing or undefined, treat it as an empty string
  • The ampersand separator must always be present, even if one or both secrets are empty

For RSA-based signatures:

  • Accept PEM-formatted RSA private keys
  • Validate that the provided key is in proper PEM format
  • The key should be ready for use with cryptographic signing functions

Implementation Details

Create a module with the following capabilities:

  • Construct HMAC signing keys from consumer and token secrets
  • Validate and prepare RSA private keys
  • Apply RFC 3986 percent-encoding to secrets
  • Handle edge cases like missing secrets, empty strings, and special characters

Test Cases

  • @test Constructs HMAC key from valid consumer secret "consumer_secret" and token secret "token_secret" to produce "consumer_secret&token_secret"
  • @test Constructs HMAC key with secrets containing special characters (e.g., "secret!@#" and "token$%^") with proper percent-encoding
  • @test Constructs HMAC key when token secret is undefined or empty, resulting in "consumer_secret&"
  • @test Constructs HMAC key when consumer secret is undefined or empty, resulting in "&token_secret"
  • @test Validates that RSA private key is in PEM format (contains "BEGIN RSA PRIVATE KEY" or "BEGIN PRIVATE KEY")

Implementation

@generates

API

/**
 * Constructs an HMAC signing key from consumer and token secrets.
 * Both secrets are RFC 3986 encoded and concatenated with '&'.
 *
 * @param {string} consumerSecret - The OAuth consumer secret (empty string if undefined)
 * @param {string} tokenSecret - The OAuth token secret (empty string if undefined)
 * @returns {string} The constructed HMAC signing key
 */
function buildHmacKey(consumerSecret, tokenSecret) {
  // IMPLEMENTATION HERE
}

/**
 * Validates and prepares an RSA private key for signing.
 *
 * @param {string} privateKey - The RSA private key in PEM format
 * @returns {string} The validated private key
 * @throws {Error} If the key is not in valid PEM format
 */
function prepareRsaKey(privateKey) {
  // IMPLEMENTATION HERE
}

/**
 * Applies RFC 3986 percent-encoding to a string.
 * This extends standard URI encoding to encode additional characters: !, *, ', (, )
 *
 * @param {string} str - The string to encode
 * @returns {string} The RFC 3986 encoded string
 */
function encodeRfc3986(str) {
  // IMPLEMENTATION HERE
}

module.exports = {
  buildHmacKey,
  prepareRsaKey,
  encodeRfc3986
};

Dependencies { .dependencies }

oauth-sign { .dependency }

Provides OAuth 1.0 signature generation capabilities for reference implementation patterns.