first auth test working

2013-05-22 02:40:52 +02:00 · 2013-05-22 02:40:52 +02:00 · 422dbd34ff
commit 422dbd34ff
parent 553462209b
4 changed files with 140 additions and 71 deletions
--- a/WebKit/scripts/helper/Hmac.js
+++ b/WebKit/scripts/helper/Hmac.js
@ -9,6 +9,8 @@ function(URI, CryptoJS) {

    Hmac.makeAuthHeader = function(url, http_method, mac_key, mac_key_id) {

+        debug("makeAuthHeader should not be used anymore, bug!")
+
        url = URI(url);
        var nonce = Hmac.makeid(8);
        var time_stamp = parseInt((new Date).getTime() / 1000, 10);
@ -38,6 +40,58 @@ function(URI, CryptoJS) {
                '", mac="' + mac + '"';
    }

+    Hmac.makeHawkAuthHeader = function(url, http_method, hawk_id, key, payload, app_id) {
+
+        url = URI(url);
+        var nonce = Hmac.makeid(8);
+        var time_stamp = parseInt((new Date).getTime() / 1000, 10);
+
+        var port = url.port();
+        if (!port) {
+            port = url.protocol() == "https" ? "443" : "80";
+        }
+
+        var normalizedRequestString = "hawk.1.header\n" // header
+                                    + time_stamp + '\n' // ts
+                                    + nonce + '\n' // nonce
+                                    + http_method.toUpperCase() + '\n' // method
+                                    + url.path() + url.search() + url.hash() + '\n' // request uri
+                                    + url.hostname().toLowerCase() + '\n' // host
+                                    + port + '\n' // port
+                                    + Hmac.calculatePayloadHash(payload) + '\n' // hash
+                                    + '\n' // ext (we don't use it)
+
+        var app = "";
+        if(app_id) {
+            app = ', app="' + app_id + "'";
+            normalizedRequestString +=  app_id + "\n" + // app
+                                        '\n'; // dlg should be empty
+        }
+
+
+        var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, key);
+        hmac.update(normalizedRequestString);
+        var hash = hmac.finalize();
+        var mac = hash.toString(CryptoJS.enc.Base64);
+
+
+
+        return 'Hawk id="' + hawk_id +
+                '", mac="' + mac +
+                '", ts="' + time_stamp +
+                '", nonce="' + nonce + '"' +
+                app
+    }
+
+    Hmac.calculatePayloadHash = function (payload) {
+        var hash = CryptoJS.algo.SHA256.create();
+        hash.update('hawk.1.payload\n');
+        hash.update('application/vnd.tent.post.v0+json\n');
+        hash.update(payload || '');
+        hash.update('\n');
+        return hash.finalize().toString(CryptoJS.enc.Base64);
+    },
+
    Hmac.makeid = function(len) {
        var text = "";
        var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";