1 | /***************************************************************************\ |
---|
2 | * * |
---|
3 | * BitlBee - An IRC to IM gateway * |
---|
4 | * Simple OAuth client (consumer) implementation. * |
---|
5 | * * |
---|
6 | * Copyright 2010 Wilmer van der Gaast <wilmer@gaast.net> * |
---|
7 | * * |
---|
8 | * This library is free software; you can redistribute it and/or * |
---|
9 | * modify it under the terms of the GNU Lesser General Public * |
---|
10 | * License as published by the Free Software Foundation, version * |
---|
11 | * 2.1. * |
---|
12 | * * |
---|
13 | * This library is distributed in the hope that it will be useful, * |
---|
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * |
---|
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * |
---|
16 | * Lesser General Public License for more details. * |
---|
17 | * * |
---|
18 | * You should have received a copy of the GNU Lesser General Public License * |
---|
19 | * along with this library; if not, write to the Free Software Foundation, * |
---|
20 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * |
---|
21 | * * |
---|
22 | \***************************************************************************/ |
---|
23 | |
---|
24 | #include <glib.h> |
---|
25 | #include <gmodule.h> |
---|
26 | #include <stdlib.h> |
---|
27 | #include <string.h> |
---|
28 | #include "base64.h" |
---|
29 | #include "misc.h" |
---|
30 | #include "sha1.h" |
---|
31 | |
---|
32 | #define CONSUMER_KEY "xsDNKJuNZYkZyMcu914uEA" |
---|
33 | #define CONSUMER_SECRET "FCxqcr0pXKzsF9ajmP57S3VQ8V6Drk4o2QYtqMcOszo" |
---|
34 | /* How can it be a secret if it's right here in the source code? No clue... */ |
---|
35 | |
---|
36 | #define HMAC_BLOCK_SIZE 64 |
---|
37 | |
---|
38 | struct oauth_state |
---|
39 | { |
---|
40 | }; |
---|
41 | |
---|
42 | static char *oauth_sign( const char *method, const char *url, |
---|
43 | const char *params, const char *token_secret ) |
---|
44 | { |
---|
45 | sha1_state_t sha1; |
---|
46 | uint8_t hash[sha1_hash_size]; |
---|
47 | uint8_t key[HMAC_BLOCK_SIZE+1]; |
---|
48 | char *s; |
---|
49 | int i; |
---|
50 | |
---|
51 | /* Create K. If our current key is >64 chars we have to hash it, |
---|
52 | otherwise just pad. */ |
---|
53 | memset( key, 0, HMAC_BLOCK_SIZE ); |
---|
54 | i = strlen( CONSUMER_SECRET ) + 1 + token_secret ? strlen( token_secret ) : 0; |
---|
55 | if( i > HMAC_BLOCK_SIZE ) |
---|
56 | { |
---|
57 | sha1_init( &sha1 ); |
---|
58 | sha1_append( &sha1, CONSUMER_SECRET, strlen( CONSUMER_SECRET ) ); |
---|
59 | sha1_append( &sha1, "&", 1 ); |
---|
60 | if( token_secret ) |
---|
61 | sha1_append( &sha1, token_secret, strlen( token_secret ) ); |
---|
62 | sha1_finish( &sha1, key ); |
---|
63 | } |
---|
64 | else |
---|
65 | { |
---|
66 | g_snprintf( key, HMAC_BLOCK_SIZE + 1, "%s&%s", |
---|
67 | CONSUMER_SECRET, token_secret ? : "" ); |
---|
68 | } |
---|
69 | |
---|
70 | /* Inner part: H(K XOR 0x36, text) */ |
---|
71 | sha1_init( &sha1 ); |
---|
72 | |
---|
73 | for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) |
---|
74 | key[i] ^= 0x36; |
---|
75 | sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); |
---|
76 | |
---|
77 | /* OAuth: text = method&url¶ms, all http_encoded. */ |
---|
78 | sha1_append( &sha1, (const uint8_t*) method, strlen( method ) ); |
---|
79 | sha1_append( &sha1, (const uint8_t*) "&", 1 ); |
---|
80 | |
---|
81 | s = g_new0( char, strlen( url ) * 3 + 1 ); |
---|
82 | strcpy( s, url ); |
---|
83 | http_encode( s ); |
---|
84 | sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); |
---|
85 | sha1_append( &sha1, (const uint8_t*) "&", 1 ); |
---|
86 | g_free( s ); |
---|
87 | |
---|
88 | s = g_new0( char, strlen( params ) * 3 + 1 ); |
---|
89 | strcpy( s, params ); |
---|
90 | http_encode( s ); |
---|
91 | sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); |
---|
92 | g_free( s ); |
---|
93 | |
---|
94 | sha1_finish( &sha1, hash ); |
---|
95 | |
---|
96 | /* Final result: H(K XOR 0x5C, inner stuff) */ |
---|
97 | sha1_init( &sha1 ); |
---|
98 | for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) |
---|
99 | key[i] ^= 0x36 ^ 0x5c; |
---|
100 | sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); |
---|
101 | sha1_append( &sha1, hash, sha1_hash_size ); |
---|
102 | sha1_finish( &sha1, hash ); |
---|
103 | |
---|
104 | /* base64_encode it and we're done. */ |
---|
105 | return base64_encode( hash, sha1_hash_size ); |
---|
106 | } |
---|