From f83239a1a4fb8ffe963bd5c18df6eda650bcc61c Mon Sep 17 00:00:00 2001 From: MrCdK Date: Wed, 27 Aug 2014 04:38:26 +0200 Subject: [PATCH] Basic OAuth implementation. Only 1.0 right now and without access/request/refresh tokens. Doesn't support GET/POST params at the moment either. --- haxe/crypto/Hmac.hx | 85 +++++++++++ haxe/crypto/Sha256.hx | 197 +++++++++++++++++++++++++ lime/net/oauth/OAuthClient.hx | 47 ++++++ lime/net/oauth/OAuthConsumer.hx | 19 +++ lime/net/oauth/OAuthRequest.hx | 106 +++++++++++++ lime/net/oauth/OAuthSignatureMethod.hx | 9 ++ lime/net/oauth/OAuthToken.hx | 66 +++++++++ lime/net/oauth/OAuthVersion.hx | 9 ++ 8 files changed, 538 insertions(+) create mode 100644 haxe/crypto/Hmac.hx create mode 100644 haxe/crypto/Sha256.hx create mode 100644 lime/net/oauth/OAuthClient.hx create mode 100644 lime/net/oauth/OAuthConsumer.hx create mode 100644 lime/net/oauth/OAuthRequest.hx create mode 100644 lime/net/oauth/OAuthSignatureMethod.hx create mode 100644 lime/net/oauth/OAuthToken.hx create mode 100644 lime/net/oauth/OAuthVersion.hx diff --git a/haxe/crypto/Hmac.hx b/haxe/crypto/Hmac.hx new file mode 100644 index 000000000..2afc65ec2 --- /dev/null +++ b/haxe/crypto/Hmac.hx @@ -0,0 +1,85 @@ +/* + * Copyright (C)2005-2012 Haxe Foundation + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ +package haxe.crypto; + +enum HashMethod { + MD5; + SHA1; + SHA256; +} + +class Hmac { + + var method : HashMethod; + var blockSize : Int; + var length : Int; + + public function new( hashMethod : HashMethod ) { + method = hashMethod; + blockSize = switch ( hashMethod ) { + case MD5, SHA1, SHA256: 64; + } + length = switch ( hashMethod ) { + case MD5: 16; + case SHA1: 20; + case SHA256: 32; + } + } + + inline function doHash( b : haxe.io.Bytes ) : haxe.io.Bytes { + return switch ( method ) { + case MD5: Md5.make(b); + case SHA1: Sha1.make(b); + case SHA256: Sha256.make(b); + } + } + + function nullPad( s : haxe.io.Bytes, chunkLen : Int ) : haxe.io.Bytes { + var r = chunkLen - (s.length % chunkLen); + if(r == chunkLen && s.length != 0) + return s; + var sb = new haxe.io.BytesBuffer(); + sb.add(s); + for(x in 0...r) + sb.addByte(0); + return sb.getBytes(); + } + + public function make( key : haxe.io.Bytes, msg : haxe.io.Bytes ) : haxe.io.Bytes { + if(key.length > blockSize) { + key = doHash(key); + } + key = nullPad(key, blockSize); + + var Ki = new haxe.io.BytesBuffer(); + var Ko = new haxe.io.BytesBuffer(); + for (i in 0...key.length) { + Ko.addByte(key.get(i) ^ 0x5c); + Ki.addByte(key.get(i) ^ 0x36); + } + // hash(Ko + hash(Ki + message)) + Ki.add(msg); + Ko.add(doHash(Ki.getBytes())); + return doHash(Ko.getBytes()); + } + +} \ No newline at end of file diff --git a/haxe/crypto/Sha256.hx b/haxe/crypto/Sha256.hx new file mode 100644 index 000000000..97de5b981 --- /dev/null +++ b/haxe/crypto/Sha256.hx @@ -0,0 +1,197 @@ +/* + * Copyright (C)2005-2012 Haxe Foundation + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ +package haxe.crypto; + +class Sha256 { + + public static function encode( s:String ) : String { + #if php + return untyped __call__("hash", "sha256", s); + #else + var sh = new Sha256(); + var h = sh.doEncode(str2blks(s), s.length*8); + return sh.hex(h); + #end + } + + public static function make( b : haxe.io.Bytes ) : haxe.io.Bytes { + #if php + return haxe.io.Bytes.ofData(untyped __call__("hash", "sha256", b.getData(), true)); + #else + var h = new Sha256().doEncode(bytes2blks(b), b.length*8); + var out = haxe.io.Bytes.alloc(32); + var p = 0; + for( i in 0...8 ) { + out.set(p++,h[i]>>>24); + out.set(p++,(h[i]>>16)&0xFF); + out.set(p++,(h[i]>>8)&0xFF); + out.set(p++,h[i]&0xFF); + } + return out; + #end + } + + public function new() { + } + + function doEncode( m : Array, l : Int ) : Array { + var K : Array = [ + 0x428A2F98,0x71374491,0xB5C0FBCF,0xE9B5DBA5,0x3956C25B, + 0x59F111F1,0x923F82A4,0xAB1C5ED5,0xD807AA98,0x12835B01, + 0x243185BE,0x550C7DC3,0x72BE5D74,0x80DEB1FE,0x9BDC06A7, + 0xC19BF174,0xE49B69C1,0xEFBE4786,0xFC19DC6,0x240CA1CC, + 0x2DE92C6F,0x4A7484AA,0x5CB0A9DC,0x76F988DA,0x983E5152, + 0xA831C66D,0xB00327C8,0xBF597FC7,0xC6E00BF3,0xD5A79147, + 0x6CA6351,0x14292967,0x27B70A85,0x2E1B2138,0x4D2C6DFC, + 0x53380D13,0x650A7354,0x766A0ABB,0x81C2C92E,0x92722C85, + 0xA2BFE8A1,0xA81A664B,0xC24B8B70,0xC76C51A3,0xD192E819, + 0xD6990624,0xF40E3585,0x106AA070,0x19A4C116,0x1E376C08, + 0x2748774C,0x34B0BCB5,0x391C0CB3,0x4ED8AA4A,0x5B9CCA4F, + 0x682E6FF3,0x748F82EE,0x78A5636F,0x84C87814,0x8CC70208, + 0x90BEFFFA,0xA4506CEB,0xBEF9A3F7,0xC67178F2 + ]; + var HASH : Array = [ + 0x6A09E667,0xBB67AE85,0x3C6EF372,0xA54FF53A, + 0x510E527F,0x9B05688C,0x1F83D9AB,0x5BE0CD19 + ]; + + var W = new Array(); + W[64] = 0; + var a:Int,b:Int,c:Int,d:Int,e:Int,f:Int,g:Int,h:Int; + var T1, T2; + m[l >> 5] |= 0x80 << (24 - l % 32); + m[((l + 64 >> 9) << 4) + 15] = l; + var i : Int = 0; + while ( i < m.length ) { + a = HASH[0]; b = HASH[1]; c = HASH[2]; d = HASH[3]; e = HASH[4]; f = HASH[5]; g = HASH[6]; h = HASH[7]; + for ( j in 0...64 ) { + if (j < 16) + W[j] = m[j + i]; + else + W[j] = safeAdd(safeAdd(safeAdd(Gamma1256(W[j - 2]), W[j - 7]), Gamma0256(W[j - 15])), W[j - 16]); + T1 = safeAdd(safeAdd(safeAdd(safeAdd(h, Sigma1256(e)), Ch(e, f, g)), K[j]), W[j]); + T2 = safeAdd(Sigma0256(a), Maj(a, b, c)); + h = g; g = f; f = e; e = safeAdd(d, T1); d = c; c = b; b = a; a = safeAdd(T1, T2); + } + HASH[0] = safeAdd(a, HASH[0]); + HASH[1] = safeAdd(b, HASH[1]); + HASH[2] = safeAdd(c, HASH[2]); + HASH[3] = safeAdd(d, HASH[3]); + HASH[4] = safeAdd(e, HASH[4]); + HASH[5] = safeAdd(f, HASH[5]); + HASH[6] = safeAdd(g, HASH[6]); + HASH[7] = safeAdd(h, HASH[7]); + i += 16; + } + return HASH; + } + + /* + Convert a string to a sequence of 16-word blocks, stored as an array. + Append padding bits and the length, as described in the SHA1 standard. + */ + static function str2blks( s :String ) : Array { + var nblk = ((s.length + 8) >> 6) + 1; + var blks = new Array(); + + for (i in 0...nblk*16) + blks[i] = 0; + for (i in 0...s.length){ + var p = i >> 2; + blks[p] |= s.charCodeAt(i) << (24 - ((i & 3) << 3)); + } + var i = s.length; + var p = i >> 2; + blks[p] |= 0x80 << (24 - ((i & 3) << 3)); + blks[nblk * 16 - 1] = s.length * 8; + return blks; + } + + static function bytes2blks( b : haxe.io.Bytes ) : Array { + var nblk = ((b.length + 8) >> 6) + 1; + var blks = new Array(); + + for (i in 0...nblk*16) + blks[i] = 0; + for (i in 0...b.length){ + var p = i >> 2; + blks[p] |= b.get(i) << (24 - ((i & 3) << 3)); + } + var i = b.length; + var p = i >> 2; + blks[p] |= 0x80 << (24 - ((i & 3) << 3)); + blks[nblk * 16 - 1] = b.length * 8; + return blks; + } + + function S(X, n) { + return ( X >>> n ) | (X << (32 - n)); + } + + function R(X, n) { + return ( X >>> n ); + } + + function Ch(x, y, z) { + return ((x & y) ^ ((~x) & z)); + } + + function Maj(x, y, z) { + return ((x & y) ^ (x & z) ^ (y & z)); + } + + function Sigma0256(x) { + return (S(x, 2) ^ S(x, 13) ^ S(x, 22)); + } + + function Sigma1256(x) { + return (S(x, 6) ^ S(x, 11) ^ S(x, 25)); + } + + function Gamma0256(x) { + return (S(x, 7) ^ S(x, 18) ^ R(x, 3)); + } + + function Gamma1256(x) { + return (S(x, 17) ^ S(x, 19) ^ R(x, 10)); + } + + function safeAdd(x, y) { + var lsw = (x & 0xFFFF) + (y & 0xFFFF); + var msw = (x >> 16) + (y >> 16) + (lsw >> 16); + return (msw << 16) | (lsw & 0xFFFF); + } + + function hex( a : Array ){ + var str = ""; + var hex_chr = "0123456789abcdef"; + for( num in a ) { + var j = 7; + while( j >= 0 ) { + str += hex_chr.charAt( (num >>> (j<<2)) & 0xF ); + j--; + } + } + return str; + } + +} diff --git a/lime/net/oauth/OAuthClient.hx b/lime/net/oauth/OAuthClient.hx new file mode 100644 index 000000000..2d4c68b66 --- /dev/null +++ b/lime/net/oauth/OAuthClient.hx @@ -0,0 +1,47 @@ +package lime.net.oauth; + + +import haxe.crypto.Sha1; +import lime.net.URLRequestMethod; + + +class OAuthClient { + + public var version:OAuthVersion; + public var consumer:OAuthConsumer; + + + public function new (version:OAuthVersion, consumer:OAuthConsumer) { + + this.version = version; + this.consumer = consumer; + + } + + + public function createRequest (method:URLRequestMethod, url:String):OAuthRequest { + + var parameters = new Map(); + + parameters.set("oauth_version", Std.string(version)); + parameters.set("oauth_signature_method", Std.string(OAuthSignatureMethod.HMAC_SHA1)); + parameters.set("oauth_nonce", generateNonce ()); + parameters.set("oauth_timestamp", Std.string(Std.int(Date.now ().getTime () / 1000))); + parameters.set("oauth_consumer_key", consumer.key); + + var request = new OAuthRequest (version, method, url, parameters); + if(version == V1) request.sign (consumer, OAuthSignatureMethod.HMAC_SHA1); + request.requestHeaders.push(request.getHeader()); + return request; + + } + + + public function generateNonce ():String { + + return Sha1.encode(Std.string(Math.random())); + + } + + +} \ No newline at end of file diff --git a/lime/net/oauth/OAuthConsumer.hx b/lime/net/oauth/OAuthConsumer.hx new file mode 100644 index 000000000..8300c42a1 --- /dev/null +++ b/lime/net/oauth/OAuthConsumer.hx @@ -0,0 +1,19 @@ +package lime.net.oauth; + + +class OAuthConsumer { + + + public var key:String; + public var secret:String; + + + public function new (key:String, secret:String) { + + this.key = key; + this.secret = secret; + + } + + +} \ No newline at end of file diff --git a/lime/net/oauth/OAuthRequest.hx b/lime/net/oauth/OAuthRequest.hx new file mode 100644 index 000000000..b175a9484 --- /dev/null +++ b/lime/net/oauth/OAuthRequest.hx @@ -0,0 +1,106 @@ +package lime.net.oauth; #if !flash + + +import haxe.crypto.Base64; +import haxe.crypto.Hmac; +import haxe.io.Bytes; +import lime.net.URLRequestMethod; +import lime.net.URLRequestHeader; +import lime.net.URLRequest; +import lime.net.oauth.OAuthToken; + +using StringTools; + +class OAuthRequest extends URLRequest { + + public var version:OAuthVersion = V1; + public var parameters:Map; + + + public function new (version:OAuthVersion = V1, method:URLRequestMethod, url:String, parameters:Map) { + + super(url); + this.version = version; + this.method = method; + this.parameters = parameters; + + } + + + public function getHeader ():URLRequestHeader { + + var result = ""; + + switch(version) { + + case V1: + result = "OAuth "; + + var keys = parameters.keys(); + for(key in keys) { + result += '${key.urlEncode()}="${parameters.get(key).urlEncode()}"'; + if(keys.hasNext()) { + result += ", "; + } + } + + case V2: + // TODO + } + + return new URLRequestHeader("Authorization", result); + + } + + /** + * Signs the petition, only for OAuth 1.0 + */ + public function sign (consumer:OAuthConsumer, ?accessToken:OAuth1AccessToken, ?signatureMethod:OAuthSignatureMethod = HMAC_SHA1):Void { + + var key = consumer.secret.urlEncode() + "&"; + if(accessToken != null) { + key += accessToken.secret == null ? "" : accessToken.secret.urlEncode(); + } + var message = method + "&" + url.urlEncode() + "&" + messageParameters(); + var hash = new Hmac (SHA1); + var bytes = hash.make (Bytes.ofString (key), Bytes.ofString (message)); + + parameters.set("oauth_signature", Base64.encode (bytes)); + } + + // SIGNING FUNCTIONS + + /** + * Prepares the message parameters for the signing process + */ + private function messageParameters():String { + + var result = new Array(); + + // TODO add get params if GET + // TODO add data if POST + + for(key in parameters.keys()) { + + if(key == "realm") continue; + result.push( { k: key, v: parameters.get(key) } ); + + } + + + result.sort(OAuthSort); + + return result.map(function(p:KVPair) return p.k.urlEncode()+"="+p.v.urlEncode()).join("&").urlEncode(); + } + + /** + * Parameters are sorted by name, using lexicographical byte value ordering. + * If two or more parameters share the same name, they are sorted by their value. + */ + private function OAuthSort(a:KVPair, b:KVPair) { + return if(a.k < b.k) -1 else if (a.k > b.k) 1 else if (a.v < b.v) -1 else 1; + } + +} +#end +typedef KVPair = {k:String, v:String}; \ No newline at end of file diff --git a/lime/net/oauth/OAuthSignatureMethod.hx b/lime/net/oauth/OAuthSignatureMethod.hx new file mode 100644 index 000000000..4b0d1c7c5 --- /dev/null +++ b/lime/net/oauth/OAuthSignatureMethod.hx @@ -0,0 +1,9 @@ +package lime.net.oauth; + + +@:enum abstract OAuthSignatureMethod(String) { + + var PLAINTEXT = "PLAINTEXT"; + var HMAC_SHA1 = "HMAC-SHA1"; + var RSA_SHA1 = "RSA-SHA1"; +} \ No newline at end of file diff --git a/lime/net/oauth/OAuthToken.hx b/lime/net/oauth/OAuthToken.hx new file mode 100644 index 000000000..b764bf47f --- /dev/null +++ b/lime/net/oauth/OAuthToken.hx @@ -0,0 +1,66 @@ +package lime.net.oauth; + + +class RequestToken { + + public var token(default, null):String; + public var secret(default, null):String; + + public function new(token:String, secret:String) { + + this.token = token; + this.secret = secret; + + } + +} + +class AccessToken { + + public var token(default, null):String; + + public function new(token:String) { + + this.token = token; + + } + +} + +class OAuth1AccessToken extends AccessToken { + + public var secret(default, null):String; + + public function new(token:String, ?secret:String) { + + super(token); + this.secret = secret; + + } + +} + +class OAuth2AccessToken extends AccessToken { + + public var expires(default, null):Int = -1; + + public function new(token:String, ?expires:Int) { + + super(token); + this.expires = expires; + + } + +} + +class RefreshToken { + + public var token(default, null):String; + + public function new(token:String) { + + this.token = token; + + } + +} \ No newline at end of file diff --git a/lime/net/oauth/OAuthVersion.hx b/lime/net/oauth/OAuthVersion.hx new file mode 100644 index 000000000..dc11c3167 --- /dev/null +++ b/lime/net/oauth/OAuthVersion.hx @@ -0,0 +1,9 @@ +package lime.net.oauth; + + +@:enum abstract OAuthVersion(String) { + + var V1 = "1.0"; + var V2 = "2.0"; + +} \ No newline at end of file