static char * challenge (SoupAuthDomain *domain, SoupMessage *msg) { GString *str; str = g_string_new ("Digest "); soup_header_g_string_append_param_quoted (str, "realm", soup_auth_domain_get_realm (domain)); g_string_append_printf (str, ", nonce=\"%lu%lu\"", (unsigned long) msg, (unsigned long) time (0)); g_string_append_printf (str, ", qop=\"auth\""); g_string_append_printf (str, ", algorithm=MD5"); return g_string_free (str, FALSE); }
static char * soup_auth_digest_get_authorization (SoupAuth *auth, SoupMessage *msg) { SoupAuthDigestPrivate *priv = SOUP_AUTH_DIGEST_GET_PRIVATE (auth); char response[33], *token; char *url, *algorithm; GString *out; SoupURI *uri; uri = soup_message_get_uri (msg); g_return_val_if_fail (uri != NULL, NULL); url = soup_uri_to_string (uri, TRUE); soup_auth_digest_compute_response (msg->method, url, priv->hex_a1, priv->qop, priv->nonce, priv->cnonce, priv->nc, response); out = g_string_new ("Digest "); soup_header_g_string_append_param_quoted (out, "username", priv->user); g_string_append (out, ", "); soup_header_g_string_append_param_quoted (out, "realm", auth->realm); g_string_append (out, ", "); soup_header_g_string_append_param_quoted (out, "nonce", priv->nonce); g_string_append (out, ", "); soup_header_g_string_append_param_quoted (out, "uri", url); g_string_append (out, ", "); algorithm = soup_auth_digest_get_algorithm (priv->algorithm); g_string_append_printf (out, "algorithm=%s", algorithm); g_free (algorithm); g_string_append (out, ", "); soup_header_g_string_append_param_quoted (out, "response", response); if (priv->opaque) { g_string_append (out, ", "); soup_header_g_string_append_param_quoted (out, "opaque", priv->opaque); } if (priv->qop) { char *qop = soup_auth_digest_get_qop (priv->qop); g_string_append (out, ", "); soup_header_g_string_append_param_quoted (out, "cnonce", priv->cnonce); g_string_append_printf (out, ", nc=%.8x, qop=%s", priv->nc, qop); g_free (qop); } g_free (url); priv->nc++; token = g_string_free (out, FALSE); soup_message_add_header_handler (msg, "got_headers", soup_auth_is_for_proxy (auth) ? "Proxy-Authentication-Info" : "Authentication-Info", G_CALLBACK (authentication_info_cb), auth); return token; }
static gchar* _make_authorization_header( GSignondSessionData *session_data, SoupURI* uri, GError** error ) { GString* header = g_string_new("OAuth "); const gchar* realm = gsignond_dictionary_get_string(session_data, "Realm"); if (realm != NULL) { gchar* realm_e = _percent_encode(realm); soup_header_g_string_append_param_quoted (header, "realm", realm_e); g_free(realm_e); g_string_append (header, ", "); } const gchar* callback_uri = gsignond_dictionary_get_string(session_data, "Callback"); if (callback_uri != NULL) { gchar* callback_uri_e = _percent_encode(callback_uri); soup_header_g_string_append_param_quoted (header, "oauth_callback", callback_uri_e); g_free(callback_uri_e); g_string_append (header, ", "); } const gchar* oauth_verifier = gsignond_dictionary_get_string(session_data, "_OauthVerifier"); if (oauth_verifier != NULL) { gchar* oauth_verifier_e = _percent_encode(oauth_verifier); soup_header_g_string_append_param_quoted (header, "oauth_verifier", oauth_verifier_e); g_free(oauth_verifier_e); g_string_append (header, ", "); } const gchar* oauth_consumer_key = gsignond_dictionary_get_string(session_data, "ConsumerKey"); if (oauth_consumer_key == NULL) { *error = g_error_new(GSIGNOND_ERROR, GSIGNOND_ERROR_MISSING_DATA, "Client did not supply ConsumerKey"); g_string_free(header, TRUE); return NULL; } gchar* oauth_consumer_key_e = _percent_encode(oauth_consumer_key); soup_header_g_string_append_param_quoted (header, "oauth_consumer_key", oauth_consumer_key_e); g_free(oauth_consumer_key_e); g_string_append (header, ", "); const gchar* oauth_temp_token = gsignond_dictionary_get_string(session_data, "_OauthTemporaryToken"); if (oauth_temp_token != NULL) { gchar* oauth_temp_token_e = _percent_encode(oauth_temp_token); soup_header_g_string_append_param_quoted (header, "oauth_token", oauth_temp_token_e); g_free(oauth_temp_token_e); g_string_append (header, ", "); } const gchar* oauth_signature_method = gsignond_dictionary_get_string(session_data, "SignatureMethod"); if (g_strcmp0(oauth_signature_method, "PLAINTEXT") == 0) { gchar* secret_key = _make_secret_key(session_data); gchar* secret_key_e = _percent_encode(secret_key); g_free(secret_key); soup_header_g_string_append_param_quoted(header, "oauth_signature", secret_key_e); g_free(secret_key_e); g_string_append (header, ", "); } else if (g_strcmp0(oauth_signature_method, "HMAC-SHA1") == 0) { gchar* nonce = gsignond_oauth_plugin_generate_random_data(20); gchar* nonce_e = _percent_encode(nonce); gchar* timestamp = _get_timestamp(); gchar* base_string = _make_base_string(session_data, uri, nonce, timestamp); gchar* key = _make_secret_key(session_data); gchar* signature = _make_hmacsha1_base64_signature(base_string, key); gchar* signature_e = _percent_encode(signature); soup_header_g_string_append_param_quoted(header, "oauth_nonce", nonce_e); g_string_append (header, ", "); soup_header_g_string_append_param_quoted(header, "oauth_timestamp", timestamp); g_string_append (header, ", "); soup_header_g_string_append_param_quoted(header, "oauth_signature", signature_e); g_string_append (header, ", "); g_free(signature_e); g_free(signature); g_free(key); g_free(base_string); g_free(timestamp); g_free(nonce_e); g_free(nonce); } else if (g_strcmp0(oauth_signature_method, "RSA-SHA1") == 0) { const gchar* key = gsignond_dictionary_get_string(session_data, "RSAPrivateKey"); if (key == NULL) { *error = g_error_new(GSIGNOND_ERROR, GSIGNOND_ERROR_MISSING_DATA, "Client did not supply RSAPrivateKey"); g_string_free(header, TRUE); return NULL; } gchar* nonce = gsignond_oauth_plugin_generate_random_data(160); gchar* nonce_e = _percent_encode(nonce); gchar* timestamp = _get_timestamp(); gchar* base_string = _make_base_string(session_data, uri, nonce, timestamp); gchar* signature = _make_rsasha1_base64_signature(base_string, key); if (signature == NULL) { *error = g_error_new(GSIGNOND_ERROR, GSIGNOND_ERROR_MISSING_DATA, "Invalid RSA private key"); g_string_free(header, TRUE); g_free(base_string); g_free(timestamp); g_free(nonce_e); g_free(nonce); return NULL; } gchar* signature_e = _percent_encode(signature); soup_header_g_string_append_param_quoted(header, "oauth_nonce", nonce_e); g_string_append (header, ", "); soup_header_g_string_append_param_quoted(header, "oauth_timestamp", timestamp); g_string_append (header, ", "); soup_header_g_string_append_param_quoted(header, "oauth_signature", signature_e); g_string_append (header, ", "); g_free(signature_e); g_free(signature); g_free(base_string); g_free(timestamp); g_free(nonce_e); g_free(nonce); } else { *error = g_error_new(GSIGNOND_ERROR, GSIGNOND_ERROR_MISSING_DATA, "Unknown oauth1 signature method"); g_string_free(header, TRUE); return NULL; } soup_header_g_string_append_param_quoted(header, "oauth_signature_method", oauth_signature_method); g_string_append (header, ", "); soup_header_g_string_append_param_quoted(header, "oauth_version", "1.0"); return g_string_free(header, FALSE); }