jeena/Bungloo
Archived
1
0
Fork 0
Code Issues Pull requests Projects Packages Wiki Activity Actions
This repository has been archived on 2025-08-18. You can view files and clone it, but you cannot make any changes to it's state, such as pushing and creating new issues, pull requests or comments.
Bungloo/WebKit/scripts/helper/Hmac.js
Jeena Paradies 422dbd34ff first auth test working
2013-05-22 02:40:52 +02:00

110 lines
3.7 KiB
JavaScript
Raw Blame History

define([
"lib/URI",
"lib/CryptoJS"
],
function(URI, CryptoJS) {
var Hmac = {};
Hmac.makeAuthHeader = function(url, http_method, mac_key, mac_key_id) {
debug("makeAuthHeader should not be used anymore, bug!")
url = URI(url);
var nonce = Hmac.makeid(8);
var time_stamp = parseInt((new Date).getTime() / 1000, 10);
var port = url.port();
if (!port) {
port = url.protocol() == "https" ? "443" : "80";
}
var normalizedRequestString = ""
+ time_stamp + '\n'
+ nonce + '\n'
+ http_method + '\n'
+ url.path() + url.search() + url.hash() + '\n'
+ url.hostname() + '\n'
+ port + '\n'
+ '\n' ;
var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, mac_key);
hmac.update(normalizedRequestString);
var hash = hmac.finalize();
var mac = hash.toString(CryptoJS.enc.Base64);
return 'MAC id="' + mac_key_id +
'", ts="' + time_stamp +
'", nonce="' + nonce +
'", mac="' + mac + '"';
}
Hmac.makeHawkAuthHeader = function(url, http_method, hawk_id, key, payload, app_id) {
url = URI(url);
var nonce = Hmac.makeid(8);
var time_stamp = parseInt((new Date).getTime() / 1000, 10);
var port = url.port();
if (!port) {
port = url.protocol() == "https" ? "443" : "80";
}
var normalizedRequestString = "hawk.1.header\n" // header
+ time_stamp + '\n' // ts
+ nonce + '\n' // nonce
+ http_method.toUpperCase() + '\n' // method
+ url.path() + url.search() + url.hash() + '\n' // request uri
+ url.hostname().toLowerCase() + '\n' // host
+ port + '\n' // port
+ Hmac.calculatePayloadHash(payload) + '\n' // hash
+ '\n' // ext (we don't use it)
var app = "";
if(app_id) {
app = ', app="' + app_id + "'";
normalizedRequestString += app_id + "\n" + // app
'\n'; // dlg should be empty
}
var hmac = CryptoJS.algo.HMAC.create(CryptoJS.algo.SHA256, key);
hmac.update(normalizedRequestString);
var hash = hmac.finalize();
var mac = hash.toString(CryptoJS.enc.Base64);
return 'Hawk id="' + hawk_id +
'", mac="' + mac +
'", ts="' + time_stamp +
'", nonce="' + nonce + '"' +
app
}
Hmac.calculatePayloadHash = function (payload) {
var hash = CryptoJS.algo.SHA256.create();
hash.update('hawk.1.payload\n');
hash.update('application/vnd.tent.post.v0+json\n');
hash.update(payload || '');
hash.update('\n');
return hash.finalize().toString(CryptoJS.enc.Base64);
},
Hmac.makeid = function(len) {
var text = "";
var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for( var i=0; i < len; i++ )
text += possible.charAt(Math.floor(Math.random() * possible.length));
return text;
}
return Hmac;
});
// its different for app authentication and user authentication:
// for apps its id: mac_key_id and secret: mac_key,
// for users its id: access_token and secret:mac_key
Reference in a new issue View git blame Copy permalink