couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dav...@apache.org
Subject [01/50] git commit: Move signature verification code into helper modules.
Date Fri, 17 Jan 2014 22:57:05 GMT 
Updated Branches:
  refs/heads/import [created] d50a78688


Move signature verification code into helper modules.


Project: http://git-wip-us.apache.org/repos/asf/couchdb-oauth/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-oauth/commit/d8be2369
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-oauth/tree/d8be2369
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-oauth/diff/d8be2369

Branch: refs/heads/import
Commit: d8be23693bf76637f13845cb3dc003480415431b
Parents: fb4ac88
Author: Tim Fletcher <tim@tfletcher.com>
Authored: Wed Feb 25 14:16:51 2009 +0000
Committer: Tim Fletcher <tim@tfletcher.com>
Committed: Wed Feb 25 14:16:51 2009 +0000

----------------------------------------------------------------------
 src/oauth.erl           |  8 ++++----
 src/oauth_hmac_sha1.erl |  5 ++++-
 src/oauth_plaintext.erl |  5 ++++-
 src/oauth_rsa_sha1.erl  | 10 +++++++++-
 4 files changed, 21 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-oauth/blob/d8be2369/src/oauth.erl
----------------------------------------------------------------------
diff --git a/src/oauth.erl b/src/oauth.erl
index 9b22aed..866655c 100644
--- a/src/oauth.erl
+++ b/src/oauth.erl
@@ -39,13 +39,13 @@ token_secret(Params) ->
 verify(Signature, HttpMethod, URL, Params, Consumer, TokenSecret) ->
   case signature_method(Consumer) of
     plaintext ->
-      Signature =:= signature(HttpMethod, URL, Params, Consumer, TokenSecret);
+      oauth_plaintext:verify(Signature, consumer_secret(Consumer), TokenSecret);
     hmac_sha1 ->
-      Signature =:= signature(HttpMethod, URL, Params, Consumer, TokenSecret);
+      BaseString = signature_base_string(HttpMethod, URL, Params),
+      oauth_hmac_sha1:verify(Signature, BaseString, consumer_secret(Consumer), TokenSecret);
     rsa_sha1 ->
       BaseString = signature_base_string(HttpMethod, URL, Params),
-      PublicKey = oauth_rsa_sha1:public_key(consumer_secret(Consumer)),
-      public_key:verify_signature(BaseString, sha, Signature, PublicKey)
+      oauth_rsa_sha1:verify(Signature, BaseString, consumer_secret(Consumer))
   end.
 
 signed_params(HttpMethod, URL, ExtraParams, Consumer, Token, TokenSecret) ->

http://git-wip-us.apache.org/repos/asf/couchdb-oauth/blob/d8be2369/src/oauth_hmac_sha1.erl
----------------------------------------------------------------------
diff --git a/src/oauth_hmac_sha1.erl b/src/oauth_hmac_sha1.erl
index ed232c4..69064ed 100644
--- a/src/oauth_hmac_sha1.erl
+++ b/src/oauth_hmac_sha1.erl
@@ -1,8 +1,11 @@
 -module(oauth_hmac_sha1).
 
--export([signature/3]).
+-export([signature/3, verify/4]).
 
 
 signature(BaseString, CS, TS) ->
   Key = oauth_uri:calate("&", [CS, TS]),
   base64:encode_to_string(crypto:sha_mac(Key, BaseString)).
+
+verify(Signature, BaseString, CS, TS) ->
+  Signature =:= signature(BaseString, CS, TS).

http://git-wip-us.apache.org/repos/asf/couchdb-oauth/blob/d8be2369/src/oauth_plaintext.erl
----------------------------------------------------------------------
diff --git a/src/oauth_plaintext.erl b/src/oauth_plaintext.erl
index 9f6e0f2..1aae8fc 100644
--- a/src/oauth_plaintext.erl
+++ b/src/oauth_plaintext.erl
@@ -1,7 +1,10 @@
 -module(oauth_plaintext).
 
--export([signature/2]).
+-export([signature/2, verify/3]).
 
 
 signature(CS, TS) ->
   oauth_uri:encode(oauth_uri:calate("&", [CS, TS])).
+
+verify(Signature, CS, TS) ->
+  Signature =:= signature(CS, TS).

http://git-wip-us.apache.org/repos/asf/couchdb-oauth/blob/d8be2369/src/oauth_rsa_sha1.erl
----------------------------------------------------------------------
diff --git a/src/oauth_rsa_sha1.erl b/src/oauth_rsa_sha1.erl
index 45a0ca5..c90ba21 100644
--- a/src/oauth_rsa_sha1.erl
+++ b/src/oauth_rsa_sha1.erl
@@ -1,6 +1,6 @@
 -module(oauth_rsa_sha1).
 
--export([signature/2, public_key/1]).
+-export([signature/2, verify/3]).
 
 -include_lib("public_key/include/public_key.hrl").
 
@@ -10,6 +10,14 @@ signature(BaseString, PrivateKeyPath) ->
   {ok, PrivateKey} = public_key:decode_private_key(Info),
   base64:encode_to_string(public_key:sign(list_to_binary(BaseString), PrivateKey)).
 
+verify(Signature, BaseString, PublicKey) ->
+  public_key:verify_signature(to_binary(BaseString), sha, base64:decode(Signature), public_key(PublicKey)).
+
+to_binary(Term) when is_list(Term) ->
+  list_to_binary(Term);
+to_binary(Term) when is_binary(Term) ->
+  Term.
+
 public_key(Path) when is_list(Path) ->
   {ok, [{cert, DerCert, not_encrypted}]} = public_key:pem_to_der(Path),
   {ok, Cert} = pubkey_cert_records:decode_cert(DerCert, otp),
Mime
View raw message