Basic OAuth implementation.

Only 1.0 right now and without access/request/refresh tokens.
Doesn't support GET/POST params at the moment either.

haxe/crypto/Hmac.hx

@@ -0,0 +1,85 @@
+/*
+ * Copyright (C)2005-2012 Haxe Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+package haxe.crypto;
+
+enum HashMethod {
+	MD5;
+	SHA1;
+	SHA256;
+}
+
+class Hmac {
+	
+	var method : HashMethod;
+	var blockSize : Int;
+	var length : Int;
+	
+	public function new( hashMethod : HashMethod ) {
+		method = hashMethod;
+		blockSize = switch ( hashMethod ) {
+			case MD5, SHA1, SHA256: 64;
+		}
+		length = switch ( hashMethod ) {
+			case MD5: 16;
+			case SHA1: 20;
+			case SHA256: 32;
+		}
+	}
+	
+	inline function doHash( b : haxe.io.Bytes ) : haxe.io.Bytes {
+		return switch ( method ) {
+			case MD5: Md5.make(b);
+			case SHA1: Sha1.make(b);
+			case SHA256: Sha256.make(b);
+		}
+	}
+	
+	function nullPad( s : haxe.io.Bytes, chunkLen : Int ) : haxe.io.Bytes {
+		var r = chunkLen - (s.length % chunkLen);
+		if(r == chunkLen && s.length != 0)
+			return s;
+		var sb = new haxe.io.BytesBuffer();
+		sb.add(s);
+		for(x in 0...r)
+			sb.addByte(0);
+		return sb.getBytes();
+	}
+	
+	public function make( key : haxe.io.Bytes, msg : haxe.io.Bytes ) : haxe.io.Bytes {
+		if(key.length > blockSize) {
+			key = doHash(key);
+		}
+		key = nullPad(key, blockSize);
+
+		var Ki = new haxe.io.BytesBuffer();
+		var Ko = new haxe.io.BytesBuffer();
+		for (i in 0...key.length) {
+			Ko.addByte(key.get(i) ^ 0x5c);
+			Ki.addByte(key.get(i) ^ 0x36);
+		}
+		// hash(Ko + hash(Ki + message))
+		Ki.add(msg);
+		Ko.add(doHash(Ki.getBytes()));
+		return doHash(Ko.getBytes());
+	}
+	
+}

haxe/crypto/Sha256.hx

@@ -0,0 +1,197 @@
+/*
+ * Copyright (C)2005-2012 Haxe Foundation
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a
+ * copy of this software and associated documentation files (the "Software"),
+ * to deal in the Software without restriction, including without limitation
+ * the rights to use, copy, modify, merge, publish, distribute, sublicense,
+ * and/or sell copies of the Software, and to permit persons to whom the
+ * Software is furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+ * DEALINGS IN THE SOFTWARE.
+ */
+package haxe.crypto;
+
+class Sha256 {
+	
+	public static function encode( s:String ) : String {
+		#if php
+		return untyped __call__("hash", "sha256", s);
+		#else
+		var sh = new Sha256();
+		var h = sh.doEncode(str2blks(s), s.length*8);
+		return sh.hex(h);
+		#end
+	}
+
+	public static function make( b : haxe.io.Bytes ) : haxe.io.Bytes {
+		#if php
+		return haxe.io.Bytes.ofData(untyped __call__("hash", "sha256", b.getData(), true));
+		#else
+		var h = new Sha256().doEncode(bytes2blks(b), b.length*8);
+		var out = haxe.io.Bytes.alloc(32);
+		var p = 0;
+		for( i in 0...8 ) {
+			out.set(p++,h[i]>>>24);
+			out.set(p++,(h[i]>>16)&0xFF);
+			out.set(p++,(h[i]>>8)&0xFF);
+			out.set(p++,h[i]&0xFF);
+		}
+		return out;
+		#end
+	}
+	
+	public function new() {
+	}
+	
+	function doEncode( m : Array<Int>, l : Int ) : Array<Int> {
+		var K : Array<Int> = [
+			0x428A2F98,0x71374491,0xB5C0FBCF,0xE9B5DBA5,0x3956C25B,
+			0x59F111F1,0x923F82A4,0xAB1C5ED5,0xD807AA98,0x12835B01,
+			0x243185BE,0x550C7DC3,0x72BE5D74,0x80DEB1FE,0x9BDC06A7,
+			0xC19BF174,0xE49B69C1,0xEFBE4786,0xFC19DC6,0x240CA1CC,
+			0x2DE92C6F,0x4A7484AA,0x5CB0A9DC,0x76F988DA,0x983E5152,
+			0xA831C66D,0xB00327C8,0xBF597FC7,0xC6E00BF3,0xD5A79147,
+			0x6CA6351,0x14292967,0x27B70A85,0x2E1B2138,0x4D2C6DFC,
+			0x53380D13,0x650A7354,0x766A0ABB,0x81C2C92E,0x92722C85,
+			0xA2BFE8A1,0xA81A664B,0xC24B8B70,0xC76C51A3,0xD192E819,
+			0xD6990624,0xF40E3585,0x106AA070,0x19A4C116,0x1E376C08,
+			0x2748774C,0x34B0BCB5,0x391C0CB3,0x4ED8AA4A,0x5B9CCA4F,
+			0x682E6FF3,0x748F82EE,0x78A5636F,0x84C87814,0x8CC70208,
+			0x90BEFFFA,0xA4506CEB,0xBEF9A3F7,0xC67178F2
+		];
+		var HASH : Array<Int> = [
+			0x6A09E667,0xBB67AE85,0x3C6EF372,0xA54FF53A,
+			0x510E527F,0x9B05688C,0x1F83D9AB,0x5BE0CD19
+		];
+
+		var W = new Array<Int>();
+		W[64] = 0;
+		var a:Int,b:Int,c:Int,d:Int,e:Int,f:Int,g:Int,h:Int;
+		var T1, T2;
+		m[l >> 5] |= 0x80 << (24 - l % 32);
+		m[((l + 64 >> 9) << 4) + 15] = l;
+		var i : Int = 0;
+		while ( i < m.length ) {
+			a = HASH[0]; b = HASH[1]; c = HASH[2]; d = HASH[3]; e = HASH[4]; f = HASH[5]; g = HASH[6]; h = HASH[7];
+			for ( j in 0...64 ) {
+				if (j < 16)
+					W[j] = m[j + i];
+				else
+					W[j] = safeAdd(safeAdd(safeAdd(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]);
+				T1 = safeAdd(safeAdd(safeAdd(safeAdd(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]);
+				T2 = safeAdd(Sigma0256(a), Maj(a, b, c));
+				h = g; g = f; f = e; e = safeAdd(d, T1); d = c; c = b; b = a; a = safeAdd(T1, T2);
+			}
+			HASH[0] = safeAdd(a, HASH[0]);
+			HASH[1] = safeAdd(b, HASH[1]);
+			HASH[2] = safeAdd(c, HASH[2]);
+			HASH[3] = safeAdd(d, HASH[3]);
+			HASH[4] = safeAdd(e, HASH[4]);
+			HASH[5] = safeAdd(f, HASH[5]);
+			HASH[6] = safeAdd(g, HASH[6]);
+			HASH[7] = safeAdd(h, HASH[7]);
+			i += 16;
+		}
+		return HASH;
+	}
+	
+	/*
+		Convert a string to a sequence of 16-word blocks, stored as an array.
+		Append padding bits and the length, as described in the SHA1 standard.
+	 */
+	static function str2blks( s :String ) : Array<Int> {
+		var nblk = ((s.length + 8) >> 6) + 1;
+		var blks = new Array<Int>();
+
+		for (i in 0...nblk*16)
+			blks[i] = 0;
+		for (i in 0...s.length){
+			var p = i >> 2;
+			blks[p] |= s.charCodeAt(i) << (24 - ((i & 3) << 3));
+		}
+		var i = s.length;
+		var p = i >> 2;
+		blks[p] |= 0x80 << (24 - ((i & 3) << 3));
+		blks[nblk * 16 - 1] = s.length * 8;
+		return blks;
+	}
+
+	static function bytes2blks( b : haxe.io.Bytes ) : Array<Int> {
+		var nblk = ((b.length + 8) >> 6) + 1;
+		var blks = new Array<Int>();
+
+		for (i in 0...nblk*16)
+			blks[i] = 0;
+		for (i in 0...b.length){
+			var p = i >> 2;
+			blks[p] |= b.get(i) << (24 - ((i & 3) << 3));
+		}
+		var i = b.length;
+		var p = i >> 2;
+		blks[p] |= 0x80 << (24 - ((i & 3) << 3));
+		blks[nblk * 16 - 1] = b.length * 8;
+		return blks;
+	}
+
+	function S(X, n) {
+		return ( X >>> n ) | (X << (32 - n));
+	}
+	
+	function R(X, n) {
+		return ( X >>> n );
+	}
+	
+	function Ch(x, y, z) {
+		return ((x & y) ^ ((~x) & z));
+	}
+	
+	function Maj(x, y, z) {
+		return ((x & y) ^ (x & z) ^ (y & z));
+	}
+	
+	function Sigma0256(x) {
+		return (S(x, 2) ^ S(x, 13) ^ S(x, 22));
+	}
+	
+	function Sigma1256(x) {
+		return (S(x, 6) ^ S(x, 11) ^ S(x, 25));
+	}
+	
+	function Gamma0256(x) {
+		return (S(x, 7) ^ S(x, 18) ^ R(x, 3));
+	}
+	
+	function Gamma1256(x) {
+		return (S(x, 17) ^ S(x, 19) ^ R(x, 10));
+	}
+	
+	function safeAdd(x, y) {
+		var lsw = (x & 0xFFFF) + (y & 0xFFFF);
+		var msw = (x >> 16) + (y >> 16) + (lsw >> 16);
+		return (msw << 16) | (lsw & 0xFFFF);
+	}
+	
+	function hex( a : Array<Int> ){
+		var str = "";
+		var hex_chr = "0123456789abcdef";
+		for( num in a ) {
+			var j = 7;
+			while( j >= 0 ) {
+				str += hex_chr.charAt( (num >>> (j<<2)) & 0xF );
+				j--;
+			}
+		}
+		return str;
+	}
+
+}

lime/net/oauth/OAuthClient.hx

@@ -0,0 +1,47 @@
+package lime.net.oauth;
+
+
+import haxe.crypto.Sha1;
+import lime.net.URLRequestMethod;
+
+
+class OAuthClient {
+	
+	public var version:OAuthVersion;
+	public var consumer:OAuthConsumer;
+	
+	
+	public function new (version:OAuthVersion, consumer:OAuthConsumer) {
+		
+		this.version = version;
+		this.consumer = consumer;
+		
+	}
+	
+	
+	public function createRequest (method:URLRequestMethod, url:String):OAuthRequest {
+		
+		var parameters = new Map<String, String>();
+		
+		parameters.set("oauth_version", Std.string(version));
+		parameters.set("oauth_signature_method", Std.string(OAuthSignatureMethod.HMAC_SHA1));
+		parameters.set("oauth_nonce", generateNonce ());
+		parameters.set("oauth_timestamp", Std.string(Std.int(Date.now ().getTime () / 1000)));
+		parameters.set("oauth_consumer_key", consumer.key);
+		
+		var request = new OAuthRequest (version, method, url, parameters);
+		if(version == V1) request.sign (consumer, OAuthSignatureMethod.HMAC_SHA1);
+		request.requestHeaders.push(request.getHeader());
+		return request;
+		
+	}
+	
+	
+	public function generateNonce ():String {
+		
+		return Sha1.encode(Std.string(Math.random()));
+		
+	}
+	
+	
+}

lime/net/oauth/OAuthConsumer.hx

@@ -0,0 +1,19 @@
+package lime.net.oauth;
+
+
+class OAuthConsumer {
+	
+	
+	public var key:String;
+	public var secret:String;
+	
+	
+	public function new (key:String, secret:String) {
+		
+		this.key = key;
+		this.secret = secret;
+		
+	}
+	
+	
+}

lime/net/oauth/OAuthRequest.hx

@@ -0,0 +1,106 @@
+package lime.net.oauth; #if !flash
+
+
+import haxe.crypto.Base64;
+import haxe.crypto.Hmac;
+import haxe.io.Bytes;
+import lime.net.URLRequestMethod;
+import lime.net.URLRequestHeader;
+import lime.net.URLRequest;
+import lime.net.oauth.OAuthToken;
+
+using StringTools;
+
+class OAuthRequest extends URLRequest {
+	
+	public var version:OAuthVersion = V1;
+	public var parameters:Map<String, String>;
+	
+	
+	public function new (version:OAuthVersion = V1, method:URLRequestMethod, url:String, parameters:Map<String, String>) {
+		
+		super(url);
+		this.version = version;
+		this.method = method;
+		this.parameters = parameters;
+		
+	}
+	
+	
+	public function getHeader ():URLRequestHeader {
+		
+		var result = "";
+
+		switch(version) {
+
+			case V1:
+				result = "OAuth ";
+
+				var keys = parameters.keys();
+				for(key in keys) {
+					result += '${key.urlEncode()}="${parameters.get(key).urlEncode()}"';
+					if(keys.hasNext()) {
+						result += ", ";
+					}
+				}
+
+			case V2:
+				// TODO
+		}
+
+		return new URLRequestHeader("Authorization", result);
+		
+	}
+	
+	/**
+	 * Signs the petition, only for OAuth 1.0
+	 */
+	public function sign (consumer:OAuthConsumer, ?accessToken:OAuth1AccessToken, ?signatureMethod:OAuthSignatureMethod = HMAC_SHA1):Void {
+		
+		var key = consumer.secret.urlEncode() + "&";
+		if(accessToken != null) {
+			key += accessToken.secret == null ? "" : accessToken.secret.urlEncode();
+		}
+		var message = method + "&" + url.urlEncode() + "&" + messageParameters();
+		var hash = new Hmac (SHA1);
+		var bytes = hash.make (Bytes.ofString (key), Bytes.ofString (message));
+
+		parameters.set("oauth_signature", Base64.encode (bytes));
+	}
+	
+	// SIGNING FUNCTIONS
+
+	/**
+	 * Prepares the message parameters for the signing process
+	 */
+	private function messageParameters():String {
+
+		var result = new Array<KVPair>();
+
+		// TODO add get params if GET
+		// TODO add data if POST
+
+		for(key in parameters.keys()) {
+
+			if(key == "realm") continue;
+			result.push( { k: key, v: parameters.get(key) } );
+
+		}
+
+
+		result.sort(OAuthSort);
+
+		return result.map(function(p:KVPair) return p.k.urlEncode()+"="+p.v.urlEncode()).join("&").urlEncode();
+	}
+
+	/**
+	 * Parameters are sorted by name, using lexicographical byte value ordering.
+	 * If two or more parameters share the same name, they are sorted by their value.
+	 */
+	private function OAuthSort(a:KVPair, b:KVPair) {
+		return if(a.k < b.k) -1 else if (a.k > b.k) 1 else if (a.v < b.v) -1 else 1;
+	}
+	
+}
+#end
+typedef KVPair = {k:String, v:String};

lime/net/oauth/OAuthSignatureMethod.hx

@@ -0,0 +1,9 @@
+package lime.net.oauth;
+
+
+@:enum abstract OAuthSignatureMethod(String) {
+	
+	var PLAINTEXT = "PLAINTEXT";
+	var HMAC_SHA1 = "HMAC-SHA1";
+	var RSA_SHA1 = "RSA-SHA1";
+}

lime/net/oauth/OAuthToken.hx

@@ -0,0 +1,66 @@
+package lime.net.oauth;
+
+
+class RequestToken {
+
+	public var token(default, null):String;
+	public var secret(default, null):String;
+
+	public function new(token:String, secret:String) {
+
+		this.token = token;
+		this.secret = secret;
+
+	}
+
+}
+
+class AccessToken {
+
+	public var token(default, null):String;
+
+	public function new(token:String) {
+
+		this.token = token;
+
+	}
+
+}
+
+class OAuth1AccessToken extends AccessToken {
+
+	public var secret(default, null):String;
+
+	public function new(token:String, ?secret:String) {
+
+		super(token);
+		this.secret = secret;
+
+	}
+
+}
+
+class OAuth2AccessToken extends AccessToken {
+
+	public var expires(default, null):Int = -1;
+
+	public function new(token:String, ?expires:Int) {
+
+		super(token);
+		this.expires = expires;
+
+	}
+
+}
+
+class RefreshToken {
+
+	public var token(default, null):String;
+
+	public function new(token:String) {
+
+		this.token = token;
+
+	}
+
+}

lime/net/oauth/OAuthVersion.hx

@@ -0,0 +1,9 @@
+package lime.net.oauth;
+
+
+@:enum abstract OAuthVersion(String) {
+	
+	var V1 = "1.0";
+	var V2 = "2.0";
+	
+}