Context Navigation

source: lib/oauth.c @ b2bc25c

Last change on this file since b2bc25c was b2bc25c, checked in by Wilmer van der Gaast <wilmer@…>, at 2010-04-25T23:21:00Z
Added a function that generates an OAuth Authorization: HTTP header.
Property mode set to `100644`
File size: 10.2 KB

Line
1	/***************************************************************************\
2	* *
3	* BitlBee - An IRC to IM gateway *
4	* Simple OAuth client (consumer) implementation. *
5	* *
6	* Copyright 2010 Wilmer van der Gaast <wilmer@gaast.net> *
7	* *
8	* This library is free software; you can redistribute it and/or *
9	* modify it under the terms of the GNU Lesser General Public *
10	* License as published by the Free Software Foundation, version *
11	* 2.1. *
12	* *
13	* This library is distributed in the hope that it will be useful, *
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
16	* Lesser General Public License for more details. *
17	* *
18	* You should have received a copy of the GNU Lesser General Public License *
19	* along with this library; if not, write to the Free Software Foundation, *
20	* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA *
21	* *
22	\***************************************************************************/
23
24	#include <glib.h>
25	#include <gmodule.h>
26	#include <stdlib.h>
27	#include <string.h>
28	#include "http_client.h"
29	#include "base64.h"
30	#include "misc.h"
31	#include "sha1.h"
32	#include "url.h"
33
34	#define CONSUMER_KEY "xsDNKJuNZYkZyMcu914uEA"
35	#define CONSUMER_SECRET "FCxqcr0pXKzsF9ajmP57S3VQ8V6Drk4o2QYtqMcOszo"
36	/* How can it be a secret if it's right here in the source code? No clue... */
37
38	#define HMAC_BLOCK_SIZE 64
39
40	struct oauth_info;
41	typedef void (oauth_cb)( struct oauth_info );
42
43	struct oauth_info
44	{
45	oauth_cb func;
46	void *data;
47
48	struct http_request *http;
49
50	char *auth_params;
51	char *token;
52
53	char *access_token;
54	};
55
56	static char oauth_sign( const char method, const char *url,
57	const char params, const char token_secret )
58	{
59	sha1_state_t sha1;
60	uint8_t hash[sha1_hash_size];
61	uint8_t key[HMAC_BLOCK_SIZE+1];
62	char *s;
63	int i;
64
65	/* Create K. If our current key is >64 chars we have to hash it,
66	otherwise just pad. */
67	memset( key, 0, HMAC_BLOCK_SIZE );
68	i = strlen( CONSUMER_SECRET ) + 1 + ( token_secret ? strlen( token_secret ) : 0 );
69	if( i > HMAC_BLOCK_SIZE )
70	{
71	sha1_init( &sha1 );
72	sha1_append( &sha1, (uint8_t*) CONSUMER_SECRET, strlen( CONSUMER_SECRET ) );
73	sha1_append( &sha1, (uint8_t*) "&", 1 );
74	if( token_secret )
75	sha1_append( &sha1, (uint8_t*) token_secret, strlen( token_secret ) );
76	sha1_finish( &sha1, key );
77	}
78	else
79	{
80	g_snprintf( (gchar*) key, HMAC_BLOCK_SIZE + 1, "%s&%s",
81	CONSUMER_SECRET, token_secret ? : "" );
82	}
83
84	/* Inner part: H(K XOR 0x36, text) */
85	sha1_init( &sha1 );
86
87	for( i = 0; i < HMAC_BLOCK_SIZE; i ++ )
88	key[i] ^= 0x36;
89	sha1_append( &sha1, key, HMAC_BLOCK_SIZE );
90
91	/* OAuth: text = method&url&params, all http_encoded. */
92	sha1_append( &sha1, (const uint8_t*) method, strlen( method ) );
93	sha1_append( &sha1, (const uint8_t*) "&", 1 );
94
95	s = g_new0( char, strlen( url ) * 3 + 1 );
96	strcpy( s, url );
97	http_encode( s );
98	sha1_append( &sha1, (const uint8_t*) s, strlen( s ) );
99	sha1_append( &sha1, (const uint8_t*) "&", 1 );
100	g_free( s );
101
102	s = g_new0( char, strlen( params ) * 3 + 1 );
103	strcpy( s, params );
104	http_encode( s );
105	sha1_append( &sha1, (const uint8_t*) s, strlen( s ) );
106	g_free( s );
107
108	sha1_finish( &sha1, hash );
109
110	/* Final result: H(K XOR 0x5C, inner stuff) */
111	sha1_init( &sha1 );
112	for( i = 0; i < HMAC_BLOCK_SIZE; i ++ )
113	key[i] ^= 0x36 ^ 0x5c;
114	sha1_append( &sha1, key, HMAC_BLOCK_SIZE );
115	sha1_append( &sha1, hash, sha1_hash_size );
116	sha1_finish( &sha1, hash );
117
118	/* base64_encode it and we're done. */
119	return base64_encode( hash, sha1_hash_size );
120	}
121
122	static char *oauth_nonce()
123	{
124	unsigned char bytes[9];
125
126	random_bytes( bytes, sizeof( bytes ) );
127	return base64_encode( bytes, sizeof( bytes ) );
128	}
129
130	void oauth_params_add( GSList *params, const char key, const char *value )
131	{
132	char *item;
133
134	item = g_strdup_printf( "%s=%s", key, value );
135	params = g_slist_insert_sorted( params, item, (GCompareFunc) strcmp );
136	}
137
138	void oauth_params_del( GSList *params, const char key )
139	{
140	int key_len = strlen( key );
141	GSList l, n;
142
143	for( l = *params; l; l = n )
144	{
145	n = l->next;
146
147	if( strncmp( (char*) l->data, key, key_len ) == 0 &&
148	((char*)l->data)[key_len] == '=' )
149	{
150	g_free( l->data );
151	params = g_slist_remove( params, l->data );
152	}
153	}
154	}
155
156	void oauth_params_set( GSList *params, const char key, const char *value )
157	{
158	oauth_params_del( params, key );
159	oauth_params_add( params, key, value );
160	}
161
162	const char oauth_params_get( GSList params, const char key )
163	{
164	int key_len = strlen( key );
165	GSList *l;
166
167	for( l = *params; l; l = l->next )
168	{
169	if( strncmp( (char*) l->data, key, key_len ) == 0 &&
170	((char*)l->data)[key_len] == '=' )
171	return (const char*) l->data + key_len + 1;
172	}
173
174	return NULL;
175	}
176
177	GSList oauth_params_parse( char in )
178	{
179	GSList *ret = NULL;
180	char amp, eq;
181
182	while( in && *in )
183	{
184	eq = strchr( in, '=' );
185	if( !eq )
186	break;
187
188	*eq = '\0';
189	if( ( amp = strchr( eq + 1, '&' ) ) )
190	*amp = '\0';
191
192	oauth_params_add( &ret, in, eq + 1 );
193
194	*eq = '=';
195	if( amp == NULL )
196	break;
197
198	*amp = '&';
199	in = amp + 1;
200	}
201
202	return ret;
203	}
204
205	void oauth_params_free( GSList **params )
206	{
207	while( params && *params )
208	{
209	g_free( (*params)->data );
210	params = g_slist_remove( params, (*params)->data );
211	}
212	}
213
214	char oauth_params_string( GSList params )
215	{
216	GSList *l;
217	GString *str = g_string_new( "" );
218
219	for( l = params; l; l = l->next )
220	{
221	g_string_append( str, l->data );
222	if( l->next )
223	g_string_append_c( str, '&' );
224	}
225
226	return g_string_free( str, FALSE );
227	}
228
229	static void oauth_add_default_params( GSList **params )
230	{
231	char *s;
232
233	oauth_params_set( params, "oauth_consumer_key", CONSUMER_KEY );
234	oauth_params_set( params, "oauth_signature_method", "HMAC-SHA1" );
235
236	s = g_strdup_printf( "%d", (int) time( NULL ) );
237	oauth_params_set( params, "oauth_timestamp", s );
238	g_free( s );
239
240	s = oauth_nonce();
241	oauth_params_set( params, "oauth_nonce", s );
242	g_free( s );
243
244	oauth_params_set( params, "oauth_version", "1.0" );
245	}
246
247	static void oauth_post_request( const char url, GSList *params_, http_input_function func, void data )
248	{
249	GSList *params = NULL;
250	char s, params_s, *post;
251	void *req;
252	url_t url_p;
253
254	if( !url_set( &url_p, url ) )
255	{
256	oauth_params_free( params_ );
257	return NULL;
258	}
259
260	if( params_ )
261	params = *params_;
262
263	oauth_add_default_params( &params );
264
265	params_s = oauth_params_string( params );
266	oauth_params_free( params_ );
267
268	s = oauth_sign( "POST", url, params_s, NULL );
269	s = g_realloc( s, strlen( s ) * 3 + 1 );
270	http_encode( s );
271
272	post = g_strdup_printf( "%s&oauth_signature=%s", params_s, s );
273	g_free( params_s );
274	g_free( s );
275
276	s = g_strdup_printf( "POST %s HTTP/1.0\r\n"
277	"Host: %s\r\n"
278	"Content-Type: application/x-www-form-urlencoded\r\n"
279	"Content-Length: %zd\r\n"
280	"\r\n"
281	"%s", url_p.file, url_p.host, strlen( post ), post );
282	g_free( post );
283
284	req = http_dorequest( url_p.host, url_p.port, url_p.proto == PROTO_HTTPS,
285	s, func, data );
286	g_free( s );
287
288	return req;
289	}
290
291	static void oauth_request_token_done( struct http_request *req );
292
293	void oauth_request_token( const char url, oauth_cb func, void *data )
294	{
295	struct oauth_info *st = g_new0( struct oauth_info, 1 );
296	GSList *params = NULL;
297
298	st->func = func;
299	st->data = data;
300
301	oauth_params_add( &params, "oauth_callback", "oob" );
302
303	return oauth_post_request( url, NULL, oauth_request_token_done, st );
304	}
305
306	static void oauth_request_token_done( struct http_request *req )
307	{
308	struct oauth_info *st = req->data;
309
310	st->http = req;
311
312	if( req->status_code == 200 )
313	{
314	GSList *params;
315
316	st->auth_params = g_strdup( req->reply_body );
317	params = oauth_params_parse( st->auth_params );
318	st->token = g_strdup( oauth_params_get( &params, "oauth_token" ) );
319	oauth_params_free( &params );
320	}
321
322	//st->func( st );
323	}
324
325	static void oauth_access_token_done( struct http_request *req );
326
327	void oauth_access_token( const char url, const char pin, struct oauth_info st )
328	{
329	GSList *params = NULL;
330
331	oauth_params_add( &params, "oauth_token", st->token );
332	oauth_params_add( &params, "oauth_verifier", pin );
333
334	return oauth_post_request( url, &params, oauth_access_token_done, st );
335	}
336
337	static void oauth_access_token_done( struct http_request *req )
338	{
339	struct oauth_info *st = req->data;
340
341	if( req->status_code == 200 )
342	st->access_token = g_strdup( req->reply_body );
343
344	//st->func( st );
345	}
346
347	char oauth_http_header( char access_token, const char method, const char url )
348	{
349	GSList params, l;
350	char token_secret, sig, *params_s;
351	GString *ret = NULL;
352
353	params = oauth_params_parse( access_token );
354	if( params == NULL )
355	goto err;
356	token_secret = g_strdup( oauth_params_get( &params, "oauth_token_secret" ) );
357	if( token_secret == NULL )
358	goto err;
359	oauth_params_del( &params, "oauth_token_secret" );
360
361	oauth_add_default_params( &params );
362
363	params_s = oauth_params_string( params );
364	sig = oauth_sign( method, url, params_s, token_secret );
365	g_free( params_s );
366	sig = g_realloc( sig, strlen( sig ) * 3 + 1 );
367	http_encode( sig );
368
369	ret = g_string_new( "OAuth " );
370	for( l = params; l; l = l->next )
371	{
372	char *kv = l->data;
373	char *eq = strchr( kv, '=' );
374	char esc[strlen(kv)*3+1];
375
376	if( eq == NULL )
377	break; /* WTF */
378
379	strcpy( esc, eq + 1 );
380	http_encode( esc );
381
382	g_string_append_len( ret, kv, eq - kv + 1 );
383	g_string_append_c( ret, '"' );
384	g_string_append( ret, esc );
385	g_string_append( ret, "\", " );
386	}
387
388	g_string_append_printf( ret, "oauth_signature=\"%s\"", sig );
389
390	err:
391	oauth_params_free( &params );
392	g_free( sig );
393	g_free( token_secret );
394
395	return ret ? g_string_free( ret, FALSE ) : NULL;
396	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: