/***************************************************************************\ * * * BitlBee - An IRC to IM gateway * * Simple OAuth client (consumer) implementation. * * * * Copyright 2010 Wilmer van der Gaast * * * * This library is free software; you can redistribute it and/or * * modify it under the terms of the GNU Lesser General Public * * License as published by the Free Software Foundation, version * * 2.1. * * * * This library is distributed in the hope that it will be useful, * * but WITHOUT ANY WARRANTY; without even the implied warranty of * * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * * Lesser General Public License for more details. * * * * You should have received a copy of the GNU Lesser General Public License * * along with this library; if not, write to the Free Software Foundation, * * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA * * * \***************************************************************************/ #include #include #include #include #include "http_client.h" #include "base64.h" #include "misc.h" #include "sha1.h" #include "url.h" #include "oauth.h" #define HMAC_BLOCK_SIZE 64 static char *oauth_sign( const char *method, const char *url, const char *params, struct oauth_info *oi ) { sha1_state_t sha1; uint8_t hash[sha1_hash_size]; uint8_t key[HMAC_BLOCK_SIZE+1]; char *s; int i; /* Create K. If our current key is >64 chars we have to hash it, otherwise just pad. */ memset( key, 0, HMAC_BLOCK_SIZE ); i = strlen( oi->sp->consumer_secret ) + 1 + ( oi->token_secret ? strlen( oi->token_secret ) : 0 ); if( i > HMAC_BLOCK_SIZE ) { sha1_init( &sha1 ); sha1_append( &sha1, (uint8_t*) oi->sp->consumer_secret, strlen( oi->sp->consumer_secret ) ); sha1_append( &sha1, (uint8_t*) "&", 1 ); if( oi->token_secret ) sha1_append( &sha1, (uint8_t*) oi->token_secret, strlen( oi->token_secret ) ); sha1_finish( &sha1, key ); } else { g_snprintf( (gchar*) key, HMAC_BLOCK_SIZE + 1, "%s&%s", oi->sp->consumer_secret, oi->token_secret ? oi->token_secret : "" ); } /* Inner part: H(K XOR 0x36, text) */ sha1_init( &sha1 ); for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) key[i] ^= 0x36; sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); /* OAuth: text = method&url¶ms, all http_encoded. */ sha1_append( &sha1, (const uint8_t*) method, strlen( method ) ); sha1_append( &sha1, (const uint8_t*) "&", 1 ); s = g_new0( char, strlen( url ) * 3 + 1 ); strcpy( s, url ); http_encode( s ); sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); sha1_append( &sha1, (const uint8_t*) "&", 1 ); g_free( s ); s = g_new0( char, strlen( params ) * 3 + 1 ); strcpy( s, params ); http_encode( s ); sha1_append( &sha1, (const uint8_t*) s, strlen( s ) ); g_free( s ); sha1_finish( &sha1, hash ); /* Final result: H(K XOR 0x5C, inner stuff) */ sha1_init( &sha1 ); for( i = 0; i < HMAC_BLOCK_SIZE; i ++ ) key[i] ^= 0x36 ^ 0x5c; sha1_append( &sha1, key, HMAC_BLOCK_SIZE ); sha1_append( &sha1, hash, sha1_hash_size ); sha1_finish( &sha1, hash ); /* base64_encode + HTTP escape it (both consumers need it that away) and we're done. */ s = base64_encode( hash, sha1_hash_size ); s = g_realloc( s, strlen( s ) * 3 + 1 ); http_encode( s ); return s; } static char *oauth_nonce() { unsigned char bytes[9]; random_bytes( bytes, sizeof( bytes ) ); return base64_encode( bytes, sizeof( bytes ) ); } void oauth_params_add( GSList **params, const char *key, const char *value ) { char *item; item = g_strdup_printf( "%s=%s", key, value ); *params = g_slist_insert_sorted( *params, item, (GCompareFunc) strcmp ); } void oauth_params_del( GSList **params, const char *key ) { int key_len = strlen( key ); GSList *l, *n; for( l = *params; l; l = n ) { n = l->next; if( strncmp( (char*) l->data, key, key_len ) == 0 && ((char*)l->data)[key_len] == '=' ) { g_free( l->data ); *params = g_slist_remove( *params, l->data ); } } } void oauth_params_set( GSList **params, const char *key, const char *value ) { oauth_params_del( params, key ); oauth_params_add( params, key, value ); } const char *oauth_params_get( GSList **params, const char *key ) { int key_len = strlen( key ); GSList *l; for( l = *params; l; l = l->next ) { if( strncmp( (char*) l->data, key, key_len ) == 0 && ((char*)l->data)[key_len] == '=' ) return (const char*) l->data + key_len + 1; } return NULL; } static void oauth_params_parse( GSList **params, char *in ) { char *amp, *eq, *s; while( in && *in ) { eq = strchr( in, '=' ); if( !eq ) break; *eq = '\0'; if( ( amp = strchr( eq + 1, '&' ) ) ) *amp = '\0'; s = g_strdup( eq + 1 ); http_decode( s ); oauth_params_add( params, in, s ); g_free( s ); *eq = '='; if( amp == NULL ) break; *amp = '&'; in = amp + 1; } } void oauth_params_free( GSList **params ) { while( params && *params ) { 
  /********************************************************************\
  * BitlBee -- An IRC to other IM-networks gateway                     *
  *                                                                    *
  * Copyright 2002-2004 Wilmer van der Gaast and others                *
  \********************************************************************/

/* SSL module                                                           */

/*
  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITH