Context Navigation

source: lib/oauth.c @ 91ae87d

Last change on this file since 91ae87d was e306fbf, checked in by Wilmer van der Gaast <wilmer@…>, at 2011-12-21T19:35:13Z
Fixed a bug that probably (can't test this now since it's down) broke OAuth setup for identi.ca. Turning on oauth for identi.ca accounts by default now.
Property mode set to `100644`
File size: 11.3 KB

Line
1	/***************************************************************************\
2	* *
3	* BitlBee - An IRC to IM gateway *
4	* Simple OAuth client (consumer) implementation. *
5	* *
6	* Copyright 2010 Wilmer van der Gaast <wilmer@gaast.net> *
7	* *
8	* This library is free software; you can redistribute it and/or *
9	* modify it under the terms of the GNU Lesser General Public *
10	* License as published by the Free Software Foundation, version *
11	* 2.1. *
12	* *
13	* This library is distributed in the hope that it will be useful, *
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
16	* Lesser General Public License for more details. *
17	* *
18	* You should have received a copy of the GNU Lesser General Public License *
19	* along with this library; if not, write to the Free Software Foundation, *
20	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA *
21	* *
22	\***************************************************************************/
23
24	#include <glib.h>
25	#include <gmodule.h>
26	#include <stdlib.h>
27	#include <string.h>
28	#include "http_client.h"
29	#include "base64.h"
30	#include "misc.h"
31	#include "sha1.h"
32	#include "url.h"
33	#include "oauth.h"
34
35	#define HMAC_BLOCK_SIZE 64
36
37	static char oauth_sign( const char method, const char *url,
38	const char params, struct oauth_info oi )
39	{
40	uint8_t hash[sha1_hash_size];
41	GString *payload = g_string_new( "" );
42	char *key;
43	char *s;
44
45	key = g_strdup_printf( "%s&%s", oi->sp->consumer_secret, oi->token_secret ? oi->token_secret : "" );
46
47	g_string_append_printf( payload, "%s&", method );
48
49	s = g_new0( char, strlen( url ) * 3 + 1 );
50	strcpy( s, url );
51	http_encode( s );
52	g_string_append_printf( payload, "%s&", s );
53	g_free( s );
54
55	s = g_new0( char, strlen( params ) * 3 + 1 );
56	strcpy( s, params );
57	http_encode( s );
58	g_string_append( payload, s );
59	g_free( s );
60
61	sha1_hmac( key, 0, payload->str, 0, hash );
62
63	g_free( key );
64	g_string_free( payload, TRUE );
65
66	/* base64_encode + HTTP escape it (both consumers
67	need it that away) and we're done. */
68	s = base64_encode( hash, sha1_hash_size );
69	s = g_realloc( s, strlen( s ) * 3 + 1 );
70	http_encode( s );
71
72	return s;
73	}
74
75	static char *oauth_nonce()
76	{
77	unsigned char bytes[21];
78	char ret = g_new0( char, sizeof( bytes) / 3 4 + 1 );
79
80	random_bytes( bytes, sizeof( bytes ) );
81	base64_encode_real( bytes, sizeof( bytes), (unsigned char*) ret, "0123456789"
82	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0A" );
83
84	return ret;
85	}
86
87	void oauth_params_add( GSList *params, const char key, const char *value )
88	{
89	char *item;
90
91	if( !key \|\| !value )
92	return;
93
94	item = g_strdup_printf( "%s=%s", key, value );
95	params = g_slist_insert_sorted( params, item, (GCompareFunc) strcmp );
96	}
97
98	void oauth_params_del( GSList *params, const char key )
99	{
100	int key_len = strlen( key );
101	GSList l, n;
102
103	if( params == NULL )
104	return;
105
106	for( l = *params; l; l = n )
107	{
108	n = l->next;
109
110	if( strncmp( (char*) l->data, key, key_len ) == 0 &&
111	((char*)l->data)[key_len] == '=' )
112	{
113	g_free( l->data );
114	params = g_slist_remove( params, l->data );
115	}
116	}
117	}
118
119	void oauth_params_set( GSList *params, const char key, const char *value )
120	{
121	oauth_params_del( params, key );
122	oauth_params_add( params, key, value );
123	}
124
125	const char oauth_params_get( GSList params, const char key )
126	{
127	int key_len = strlen( key );
128	GSList *l;
129
130	if( params == NULL )
131	return NULL;
132
133	for( l = *params; l; l = l->next )
134	{
135	if( strncmp( (char*) l->data, key, key_len ) == 0 &&
136	((char*)l->data)[key_len] == '=' )
137	return (const char*) l->data + key_len + 1;
138	}
139
140	return NULL;
141	}
142
143	void oauth_params_parse( GSList *params, char in )
144	{
145	char amp, eq, *s;
146
147	while( in && *in )
148	{
149	eq = strchr( in, '=' );
150	if( !eq )
151	break;
152
153	*eq = '\0';
154	if( ( amp = strchr( eq + 1, '&' ) ) )
155	*amp = '\0';
156
157	s = g_strdup( eq + 1 );
158	http_decode( s );
159	oauth_params_add( params, in, s );
160	g_free( s );
161
162	*eq = '=';
163	if( amp == NULL )
164	break;
165
166	*amp = '&';
167	in = amp + 1;
168	}
169	}
170
171	void oauth_params_free( GSList **params )
172	{
173	while( params && *params )
174	{
175	g_free( (*params)->data );
176	params = g_slist_remove( params, (*params)->data );
177	}
178	}
179
180	char oauth_params_string( GSList params )
181	{
182	GSList *l;
183	GString *str = g_string_new( "" );
184
185	for( l = params; l; l = l->next )
186	{
187	char s, eq;
188
189	s = g_malloc( strlen( l->data ) * 3 + 1 );
190	strcpy( s, l->data );
191	if( ( eq = strchr( s, '=' ) ) )
192	http_encode( eq + 1 );
193	g_string_append( str, s );
194	g_free( s );
195
196	if( l->next )
197	g_string_append_c( str, '&' );
198	}
199
200	return g_string_free( str, FALSE );
201	}
202
203	void oauth_info_free( struct oauth_info *info )
204	{
205	if( info )
206	{
207	g_free( info->auth_url );
208	g_free( info->request_token );
209	g_free( info->token );
210	g_free( info->token_secret );
211	oauth_params_free( &info->params );
212	g_free( info );
213	}
214	}
215
216	static void oauth_add_default_params( GSList *params, const struct oauth_service sp )
217	{
218	char *s;
219
220	oauth_params_set( params, "oauth_consumer_key", sp->consumer_key );
221	oauth_params_set( params, "oauth_signature_method", "HMAC-SHA1" );
222
223	s = g_strdup_printf( "%d", (int) time( NULL ) );
224	oauth_params_set( params, "oauth_timestamp", s );
225	g_free( s );
226
227	s = oauth_nonce();
228	oauth_params_set( params, "oauth_nonce", s );
229	g_free( s );
230
231	oauth_params_set( params, "oauth_version", "1.0" );
232	}
233
234	static void oauth_post_request( const char url, GSList *params_, http_input_function func, struct oauth_info oi )
235	{
236	GSList *params = NULL;
237	char s, params_s, *post;
238	void *req;
239	url_t url_p;
240
241	if( !url_set( &url_p, url ) )
242	{
243	oauth_params_free( params_ );
244	return NULL;
245	}
246
247	if( params_ )
248	params = *params_;
249
250	oauth_add_default_params( &params, oi->sp );
251
252	params_s = oauth_params_string( params );
253	oauth_params_free( &params );
254
255	s = oauth_sign( "POST", url, params_s, oi );
256	post = g_strdup_printf( "%s&oauth_signature=%s", params_s, s );
257	g_free( params_s );
258	g_free( s );
259
260	s = g_strdup_printf( "POST %s HTTP/1.0\r\n"
261	"Host: %s\r\n"
262	"Content-Type: application/x-www-form-urlencoded\r\n"
263	"Content-Length: %zd\r\n"
264	"Connection: close\r\n"
265	"\r\n"
266	"%s", url_p.file, url_p.host, strlen( post ), post );
267	g_free( post );
268
269	req = http_dorequest( url_p.host, url_p.port, url_p.proto == PROTO_HTTPS,
270	s, func, oi );
271	g_free( s );
272
273	return req;
274	}
275
276	static void oauth_request_token_done( struct http_request *req );
277
278	struct oauth_info oauth_request_token( const struct oauth_service sp, oauth_cb func, void *data )
279	{
280	struct oauth_info *st = g_new0( struct oauth_info, 1 );
281	GSList *params = NULL;
282
283	st->func = func;
284	st->data = data;
285	st->sp = sp;
286
287	oauth_params_add( &params, "oauth_callback", "oob" );
288
289	if( !oauth_post_request( sp->url_request_token, &params, oauth_request_token_done, st ) )
290	{
291	oauth_info_free( st );
292	return NULL;
293	}
294
295	return st;
296	}
297
298	static void oauth_request_token_done( struct http_request *req )
299	{
300	struct oauth_info *st = req->data;
301
302	st->http = req;
303
304	if( req->status_code == 200 )
305	{
306	GSList *params = NULL;
307
308	st->auth_url = g_strdup_printf( "%s?%s", st->sp->url_authorize, req->reply_body );
309	oauth_params_parse( &params, req->reply_body );
310	st->request_token = g_strdup( oauth_params_get( &params, "oauth_token" ) );
311	st->token_secret = g_strdup( oauth_params_get( &params, "oauth_token_secret" ) );
312	oauth_params_free( &params );
313	}
314
315	st->stage = OAUTH_REQUEST_TOKEN;
316	st->func( st );
317	}
318
319	static void oauth_access_token_done( struct http_request *req );
320
321	gboolean oauth_access_token( const char pin, struct oauth_info st )
322	{
323	GSList *params = NULL;
324
325	oauth_params_add( &params, "oauth_token", st->request_token );
326	oauth_params_add( &params, "oauth_verifier", pin );
327
328	return oauth_post_request( st->sp->url_access_token, &params, oauth_access_token_done, st ) != NULL;
329	}
330
331	static void oauth_access_token_done( struct http_request *req )
332	{
333	struct oauth_info *st = req->data;
334
335	st->http = req;
336
337	if( req->status_code == 200 )
338	{
339	oauth_params_parse( &st->params, req->reply_body );
340	st->token = g_strdup( oauth_params_get( &st->params, "oauth_token" ) );
341	g_free( st->token_secret );
342	st->token_secret = g_strdup( oauth_params_get( &st->params, "oauth_token_secret" ) );
343	}
344
345	st->stage = OAUTH_ACCESS_TOKEN;
346	if( st->func( st ) )
347	{
348	/* Don't need these anymore, but keep the rest. */
349	g_free( st->auth_url );
350	st->auth_url = NULL;
351	g_free( st->request_token );
352	st->request_token = NULL;
353	oauth_params_free( &st->params );
354	}
355	}
356
357	char oauth_http_header( struct oauth_info oi, const char method, const char url, char *args )
358	{
359	GSList params = NULL, l;
360	char sig = NULL, params_s, *s;
361	GString *ret = NULL;
362
363	oauth_params_add( &params, "oauth_token", oi->token );
364	oauth_add_default_params( &params, oi->sp );
365
366	/* Start building the OAuth header. 'key="value", '... */
367	ret = g_string_new( "OAuth " );
368	for( l = params; l; l = l->next )
369	{
370	char *kv = l->data;
371	char *eq = strchr( kv, '=' );
372	char esc[strlen(kv)*3+1];
373
374	if( eq == NULL )
375	break; /* WTF */
376
377	strcpy( esc, eq + 1 );
378	http_encode( esc );
379
380	g_string_append_len( ret, kv, eq - kv + 1 );
381	g_string_append_c( ret, '"' );
382	g_string_append( ret, esc );
383	g_string_append( ret, "\", " );
384	}
385
386	/* Now, before generating the signature, add GET/POST arguments to params
387	since they should be included in the base signature string (but not in
388	the HTTP header). */
389	if( args )
390	oauth_params_parse( &params, args );
391	if( ( s = strchr( url, '?' ) ) )
392	{
393	s = g_strdup( s + 1 );
394	oauth_params_parse( &params, s );
395	g_free( s );
396	}
397
398	/* Append the signature and we're done! */
399	params_s = oauth_params_string( params );
400	sig = oauth_sign( method, url, params_s, oi );
401	g_string_append_printf( ret, "oauth_signature=\"%s\"", sig );
402	g_free( params_s );
403
404	oauth_params_free( &params );
405	g_free( sig );
406
407	return ret ? g_string_free( ret, FALSE ) : NULL;
408	}
409
410	char oauth_to_string( struct oauth_info oi )
411	{
412	GSList *params = NULL;
413	char *ret;
414
415	oauth_params_add( &params, "oauth_token", oi->token );
416	oauth_params_add( &params, "oauth_token_secret", oi->token_secret );
417	ret = oauth_params_string( params );
418	oauth_params_free( &params );
419
420	return ret;
421	}
422
423	struct oauth_info oauth_from_string( char in, const struct oauth_service *sp )
424	{
425	struct oauth_info *oi = g_new0( struct oauth_info, 1 );
426	GSList *params = NULL;
427
428	oauth_params_parse( &params, in );
429	oi->token = g_strdup( oauth_params_get( &params, "oauth_token" ) );
430	oi->token_secret = g_strdup( oauth_params_get( &params, "oauth_token_secret" ) );
431	oauth_params_free( &params );
432	oi->sp = sp;
433
434	return oi;
435	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: