libpurple/protocols/gg/oauth/oauth.c

   1 /* purple
   2  *
   3  * Purple is the legal property of its developers, whose names are too numerous
   4  * to list here.  Please refer to the COPYRIGHT file distributed with this
   5  * source distribution.
   6  *
   7  * Code adapted from libgadu (C) 2008 Wojtek Kaniewski <wojtekka@irc.pl>
   8  * (http://toxygen.net/libgadu/) during Google Summer of Code 2012
   9  * by Tomek Wasilczyk (http://www.wasilczyk.pl).
  10  *
  11  * This program is free software; you can redistribute it and/or modify
  12  * it under the terms of the GNU General Public License as published by
  13  * the Free Software Foundation; either version 2 of the License, or
  14  * (at your option) any later version.
  15  *
  16  * This program is distributed in the hope that it will be useful,
  17  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  19  * GNU General Public License for more details.
  20  *
  21  * You should have received a copy of the GNU General Public License
  22  * along with this program; if not, write to the Free Software
  23  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02111-1301  USA
  24  */
  25
  26 #include "oauth.h"
  27
  28 #include "oauth-parameter.h"
  29
  30 char *gg_oauth_static_nonce;            /* dla unit testów */
  31 char *gg_oauth_static_timestamp;        /* dla unit testów */
  32
  33 static void gg_oauth_generate_nonce(char *buf, int len)
  34 {
  35         const char charset[] = "0123456789";
  36
  37         if (buf == NULL || len < 1)
  38                 return;
  39
  40         while (len > 1) {
  41                 *buf++ = charset[(unsigned) (((float) sizeof(charset) - 1.0) * g_random_int() / (RAND_MAX + 1.0))];
  42                 len--;
  43         }
  44
  45         *buf = 0;
  46 }
  47
  48 static gchar *gg_hmac_sha1(const char *key, const char *message)
  49 {
  50         GHmac *hmac;
  51         guchar digest[20];
  52         gsize digest_len = 20;
  53
  54         hmac = g_hmac_new(G_CHECKSUM_SHA1, (guchar *)key, strlen(key));
  55         g_hmac_update(hmac, (guchar *)message, -1);
  56         g_hmac_get_digest(hmac, digest, &digest_len);
  57         g_hmac_unref(hmac);
  58
  59         return g_base64_encode(digest, sizeof(digest));
  60 }
  61
  62 static char *
  63 gg_oauth_generate_signature(const char *method, const char *url,
  64         const char *request, const char *consumer_secret,
  65         const char *token_secret)
  66 {
  67         char *text, *key, *res;
  68         gchar *url_e, *request_e, *consumer_secret_e, *token_secret_e;
  69
  70         url_e = g_uri_escape_string(url, "?", FALSE);
  71         g_strdelimit(url_e, "?", '\0');
  72         request_e = g_uri_escape_string(request, NULL, FALSE);
  73         text = g_strdup_printf("%s&%s&%s", method, url_e, request_e);
  74         g_free(url_e);
  75         g_free(request_e);
  76
  77         consumer_secret_e = g_uri_escape_string(consumer_secret, NULL, FALSE);
  78         token_secret_e = token_secret ? g_uri_escape_string(token_secret, NULL, FALSE) : NULL;
  79         key = g_strdup_printf("%s&%s", consumer_secret_e, token_secret ? token_secret_e : "");
  80         g_free(consumer_secret_e);
  81         g_free(token_secret_e);
  82
  83         res = gg_hmac_sha1(key, text);
  84
  85         g_free(key);
  86         g_free(text);
  87
  88         return res;
  89 }
  90
  91 char *
  92 gg_oauth_generate_header(const char *method, const char *url,
  93         const char *consumer_key, const char *consumer_secret,
  94         const char *token, const char *token_secret)
  95 {
  96         char *request, *signature, *res;
  97         char nonce[80], timestamp[16];
  98         gg_oauth_parameter_t *params = NULL;
  99
 100         if (gg_oauth_static_nonce == NULL)
 101                 gg_oauth_generate_nonce(nonce, sizeof(nonce));
 102         else {
 103                 strncpy(nonce, gg_oauth_static_nonce, sizeof(nonce) - 1);
 104                 nonce[sizeof(nonce) - 1] = 0;
 105         }
 106
 107         if (gg_oauth_static_timestamp == NULL)
 108                 snprintf(timestamp, sizeof(timestamp), "%ld", time(NULL));
 109         else {
 110                 strncpy(timestamp, gg_oauth_static_timestamp, sizeof(timestamp) - 1);
 111                 timestamp[sizeof(timestamp) - 1] = 0;
 112         }
 113
 114         gg_oauth_parameter_set(&params, "oauth_consumer_key", consumer_key);
 115         gg_oauth_parameter_set(&params, "oauth_nonce", nonce);
 116         gg_oauth_parameter_set(&params, "oauth_signature_method", "HMAC-SHA1");
 117         gg_oauth_parameter_set(&params, "oauth_timestamp", timestamp);
 118         gg_oauth_parameter_set(&params, "oauth_token", token);
 119         gg_oauth_parameter_set(&params, "oauth_version", "1.0");
 120
 121         request = gg_oauth_parameter_join(params, 0);
 122
 123         signature = gg_oauth_generate_signature(method, url, request, consumer_secret, token_secret);
 124
 125         g_free(request);
 126
 127         gg_oauth_parameter_free(params);
 128         params = NULL;
 129
 130         if (signature == NULL)
 131                 return NULL;
 132
 133         gg_oauth_parameter_set(&params, "oauth_version", "1.0");
 134         gg_oauth_parameter_set(&params, "oauth_nonce", nonce);
 135         gg_oauth_parameter_set(&params, "oauth_timestamp", timestamp);
 136         gg_oauth_parameter_set(&params, "oauth_consumer_key", consumer_key);
 137         gg_oauth_parameter_set(&params, "oauth_token", token);
 138         gg_oauth_parameter_set(&params, "oauth_signature_method", "HMAC-SHA1");
 139         gg_oauth_parameter_set(&params, "oauth_signature", signature);
 140
 141         g_free(signature);
 142
 143         res = gg_oauth_parameter_join(params, 1);
 144
 145         gg_oauth_parameter_free(params);
 146
 147         return res;
 148 }