packages feed

hoauth 0.0.4 → 0.1.0

raw patch · 3 files changed

+43/−26 lines, 3 filesdep +RSAdep ~HUnitdep ~SHAdep ~base64-string

Dependencies added: RSA

Dependency ranges changed: HUnit, SHA, base64-string, bytestring, utf8-string

Files

hoauth.cabal view
@@ -1,5 +1,5 @@ name: hoauth-version: 0.0.4+version: 0.1.0 category: Network,Protocol,OAuth license: BSD3 license-file: LICENSE@@ -10,15 +10,15 @@ cabal-version: >= 1.6 tested-with: GHC==6.8.2,GHC==6.10.4 synopsis: A Haskell implementation of OAuth 1.0 protocol.-description: This library implements both PLAINTEXT and HMAC-SHA1 signatures-             as defined in the specification 1.0. Currently it supports only-             /consumer/ related functions, but there are plans to add support-             /service providers/ as well.+description: This library implements all PLAINTEXT, HMAC-SHA1 and RSA-SHA1+             signatures as defined in the specification 1.0. Currently it+             supports only /consumer/ related functions, but there are plans to+             add support /service providers/ as well.               More info at: <http://oauth.net/>  library-  build-depends: base>=3&&<=4,bytestring,SHA,base64-string,utf8-string+  build-depends: base>=3&&<=4,bytestring>=0.9.0.1,SHA>=1.4.0,RSA>=1.0.2,base64-string>=0.1,utf8-string>=0.3.3   exposed-modules: Network.Protocol.OAuth.Consumer,Network.Protocol.OAuth.Request,Network.Protocol.OAuth.Signature   hs-source-dirs: src/main/haskell   ghc-options: -Wall -fwarn-tabs@@ -28,7 +28,7 @@   Default: False  executable test_hoauth-  build-depends: base>=3&&<=4,bytestring,SHA,base64-string,HUnit+  build-depends: base>=3&&<=4,bytestring>=0.9.0.1,SHA>=1.4.0,RSA>=1.0.2,base64-string>=0.1,utf8-string>=0.3.3,HUnit>=1.2.0.0   ghc-options: -fno-ignore-asserts -fwarn-tabs   hs-source-dirs: src/main/haskell,src/test/haskell   main-is: Tests.hs
src/main/haskell/Network/Protocol/OAuth/Consumer.hs view
@@ -27,7 +27,7 @@ -- | A pure library that implements oauth authentication protocol as defined in <http://oauth.net/core/1.0a>. -- -- Refer to <http://oauth.net/> for more information about the oauth protocol.-module Network.Protocol.OAuth.Consumer (Token(),Consumer(..),request,response,oauth_token,oauth_token_secret,oauth_extra) where+module Network.Protocol.OAuth.Consumer (Token(),Consumer(..),request,response,oauth_token,oauth_token_secret,oauth_extra,plaintext_signature,hmacsha1_signature) where  import Network.Protocol.OAuth.Request as R import qualified Data.ByteString.Lazy as B@@ -49,6 +49,16 @@   | Authenticated String String Token   deriving (Show,Read,Eq) +-- | The PLAINTEXT signature for a given consumer+plaintext_signature :: Consumer -> S.Method+plaintext_signature (Authenticated _ s t) = S.PLAINTEXT s ((Just . oauth_token_secret) t)+plaintext_signature (Unauthenticated _ s) = S.PLAINTEXT s Nothing++-- | The HMAC-SHA1 signature for a given consumer +hmacsha1_signature :: Consumer -> S.Method+hmacsha1_signature (Authenticated _ s t) = S.HMAC_SHA1 s ((Just . oauth_token_secret) t)+hmacsha1_signature (Unauthenticated _ s) = S.HMAC_SHA1 s Nothing+ -- | Sign a request for oauth request. Use this either to sign requests with a proper Access token or to use the oauth protocol to get a token from service provider. -- -- The request you provide /must/ contain /oauth_nonce/ and /oauth_timestamp/ parameters properly defined.@@ -79,6 +89,6 @@                                     >>| _sign csec tsec met  _sign :: (S.Signer s,Show s) => String -> Maybe String -> s -> R.Request -> R.Request-_sign csec tsec met req = let sig = S.sign met csec tsec req+_sign csec tsec met req = let sig = S.sign met req                           in req >>+ ("oauth_signature",Just sig) 
src/main/haskell/Network/Protocol/OAuth/Signature.hs view
@@ -33,6 +33,7 @@ import qualified Data.ByteString.Lazy as B import qualified Data.ByteString.Lazy.Char8 as B1 import qualified Codec.Binary.Base64.String as B2+import qualified Codec.Crypto.RSA as R1  -- | The signature method which will be used to sign requests. data Method =   @@ -40,7 +41,8 @@         SHOULD only be used over a secure channel such as /HTTPS/. It does         not use the Signature Base String.     -}-    PLAINTEXT +    PLAINTEXT String         -- ^ The consumer secret+              (Maybe String) -- ^ The token secret     {-| The 'HMAC_SHA1' signature method uses the /HMAC-SHA1/ signature         algorithm as defined in <http://tools.ietf.org/html/rfc2104> where         the Signature Base String is the text and the key is the@@ -48,8 +50,15 @@         the Consumer Secret and Token Secret, separated by an /&/ character         (ASCII code 38) even if empty.     -}-  | HMAC_SHA1 -  deriving (Eq)+  | HMAC_SHA1 String         -- ^ The consumer secret+              (Maybe String) -- ^ The token secret+    {-| The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature+        algorithm as defined in [RFC3447] section 8.2 (more simply known as+        PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. It is+        assumed that the Consumer has provided its RSA public key in a verified+        way to the Service Provider.+    -}+  | RSA_SHA1 R1.PrivateKey  -- | Functions to sign requests according oauth spec. class Signer a where@@ -58,28 +67,26 @@       at <http://oauth.net/core/1.0a#signing_process>.   -}   sign :: a                -- ^ The signature method to use-          -> String        -- ^ The consumer secret-          -> Maybe String  -- ^ The token secret           -> R.Request            -> String        -- ^ The signature  instance Signer Method where-  sign PLAINTEXT k (Just s) _ = k ++ "&" ++ s-  sign PLAINTEXT k Nothing  _ = k ++ "&"+  sign (PLAINTEXT k (Just s)) _ = k ++ "&" ++ s+  sign (PLAINTEXT k Nothing)  _ = k ++ "&" -  sign HMAC_SHA1 k Nothing  r = let secret = B.concat [R.encodes k, _froms "&"]-                                in (B2.encode . B1.unpack . S.bytestringDigest . S.hmacSha1 secret . _basestr) r-  sign HMAC_SHA1 k (Just s) r = let secret = B.concat [R.encodes k, _froms "&", R.encodes s]-                                in (B2.encode . B1.unpack . S.bytestringDigest . S.hmacSha1 secret . _basestr) r+  sign (HMAC_SHA1 k Nothing)  r = let secret = B.concat [R.encodes k, _froms "&"]+                                  in (B2.encode . B1.unpack . S.bytestringDigest . S.hmacSha1 secret . _basestr) r+  sign (HMAC_SHA1 k (Just s)) r = let secret = B.concat [R.encodes k, _froms "&", R.encodes s]+                                  in (B2.encode . B1.unpack . S.bytestringDigest . S.hmacSha1 secret . _basestr) r +  sign (RSA_SHA1 k) r           = (B2.encode . B1.unpack . R1.rsassa_pkcs1_v1_5_sign R1.ha_SHA1 k . _basestr) r+ instance Show Method where-  showsPrec _ PLAINTEXT = showString "PLAINTEXT"-  showsPrec _ HMAC_SHA1 = showString "HMAC-SHA1"+  showsPrec _ (PLAINTEXT _ _) = showString "PLAINTEXT" -instance Read Method where-  readsPrec _ ('P':'L':'A':'I':'N':'T':'E':'X':'T':r) = (PLAINTEXT,r) : []-  readsPrec _ ('H':'M':'A':'C':'-':'S':'H':'A':'1':r) = (HMAC_SHA1,r) : []-  readsPrec _ _                                       = []+  showsPrec _ (HMAC_SHA1 _ _) = showString "HMAC-SHA1"++  showsPrec _ (RSA_SHA1 _)    = showString "RSA-SHA1"  _basestr :: R.Request -> B.ByteString _basestr r = let endpoint' = (R.encodes . _endpoint) r