couchdb-glib

Merge lp:~rodrigo-moya/couchdb-glib/oauth-signing into lp:couchdb-glib

oauth-signing
Merge into trunk

Proposed by Rodrigo Moya on 2009-09-04

Status:	Superseded
Proposed branch:	lp:~rodrigo-moya/couchdb-glib/oauth-signing
Merge into:	lp:couchdb-glib
Diff against target:	None lines
To merge this branch:	bzr merge lp:~rodrigo-moya/couchdb-glib/oauth-signing
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
dobey (community)		2009-09-04	Needs Fixing on 2009-09-04
Review via email: mp+11187@code.launchpad.net

This proposal has been superseded by a proposal from 2009-09-08.

Revision history for this message

Rodrigo Moya (rodrigo-moya) wrote on 2009-09-04:

Added OAuth signing support

lp:~rodrigo-moya/couchdb-glib/oauth-signing updated on 2009-09-04

90. By Rodrigo Moya on 2009-09-04: Added missing 'return TRUE' in couchdb_enable_oauth
91. By Rodrigo Moya on 2009-09-04: Remove extra ;

Revision history for this message

dobey (dobey) wrote on 2009-09-04:

The oauth files will fail to dist here if oauth is not enabled. You should add a OAUTH_FILES variable, and assign OAUTH_SOURCES to it when enabled, and add OAUTH_FILES to extra dist, to ensure the files are always disted.

review: Needs Fixing

lp:~rodrigo-moya/couchdb-glib/oauth-signing updated on 2009-09-08

92. By Rodrigo Moya on 2009-09-04: Parse the signed URL returned by oauth_sign_url2 and create the Authorization header with that
93. By Rodrigo Moya on 2009-09-04: Decode the signature
94. By Rodrigo Moya on 2009-09-04: Make sure OAuth sources get disted
95. By Rodrigo Moya on 2009-09-04: No need to decode signature, and removed None keys in Authentication header
96. By Rodrigo Moya on 2009-09-07: Simplified URL parsing
97. By Rodrigo Moya on 2009-09-07: Added " to all values
98. By Rodrigo Moya on 2009-09-08: Added test programs
99. By Rodrigo Moya on 2009-09-08: Encode correctly the base_signature
100. By Rodrigo Moya on 2009-09-08: Added a better output for test-oauth program
101. By Rodrigo Moya on 2009-09-08: Add oauth_verifier and oauth_callback arguments and added couchdb connection code to test-oauth
102. By Rodrigo Moya on 2009-09-08: Add OAuth prefix to Authorization header (thanks to Jason Davies)

Unmerged revisions

102. By Rodrigo Moya on 2009-09-08: Add OAuth prefix to Authorization header (thanks to Jason Davies)
101. By Rodrigo Moya on 2009-09-08: Add oauth_verifier and oauth_callback arguments and added couchdb connection code to test-oauth
100. By Rodrigo Moya on 2009-09-08: Added a better output for test-oauth program
99. By Rodrigo Moya on 2009-09-08: Encode correctly the base_signature
98. By Rodrigo Moya on 2009-09-08: Added test programs
97. By Rodrigo Moya on 2009-09-07: Added " to all values
96. By Rodrigo Moya on 2009-09-07: Simplified URL parsing
95. By Rodrigo Moya on 2009-09-04: No need to decode signature, and removed None keys in Authentication header
94. By Rodrigo Moya on 2009-09-04: Make sure OAuth sources get disted
93. By Rodrigo Moya on 2009-09-04: Decode the signature

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Rodrigo Moya

Ubuntu One hackers

couchdb-glib

Merge lp:~rodrigo-moya/couchdb-glib/oauth-signing into lp:couchdb-glib

Commit message

Description of the change

Unmerged revisions

Preview Diff

Subscribers

 === modified file 'configure.ac'
 --- configure.ac	2009-08-31 15:48:46 +0000
 +++ configure.ac	2009-09-04 09:28:53 +0000
@@ -18,6 +18,18 @@
  dnl glib-genmarshal
  AC_PATH_PROG(GLIB_GENMARSHAL, glib-genmarshal)
++dnl Check for oAuth dependencies
++have_oauth="no"
++AC_CHECK_HEADERS(unistd.h time.h string.h alloca.h stdio.h stdarg.h math.h openssl/hmac.h, have_oauth_headers="yes", have_oauth_headers="no")
++AC_CHECK_LIB(crypto, CRYPTO_free, have_oauth_libs="yes", have_oauth_libs="no")
++if test "x$have_oauth_headers" = "xyes" -a "x$have_oauth_libs" = "xyes"; then
++   AC_DEFINE(HAVE_OAUTH, 1, [Define to build OAUTH signing code])
++   have_oauth="yes"
++   OAUTH_LIBS="-lm -lcrypto"
++   AC_SUBST(OAUTH_LIBS)
++fi
++AM_CONDITIONAL(HAVE_OAUTH, test "x$have_oauth" = "xyes")
++
  dnl Look for needed modules
  PKG_CHECK_MODULES(COUCHDB_GLIB, glib-2.0 gobject-2.0 json-glib-1.0 >= 0.7.4 libsoup-2.4 libsoup-gnome-2.4 uuid)
  AC_SUBST(COUCHDB_GLIB_CFLAGS)
@@ -36,3 +48,13 @@
  couchdb-glib/Makefile
  tests/Makefile
  ])
++
++AC_MSG_NOTICE([
++
++ couchdb-glib configured:
++ ------------------------
++
++ version: $VERSION
++ oAuth:   $have_oauth
++
++])
 \ No newline at end of file
 === modified file 'couchdb-glib/Makefile.am'
 --- couchdb-glib/Makefile.am	2009-08-31 15:48:46 +0000
 +++ couchdb-glib/Makefile.am	2009-09-04 09:28:53 +0000
@@ -1,3 +1,11 @@
++if HAVE_OAUTH
++OAUTH_SOURCES = oauth.c oauth.h xmalloc.c xmalloc.h
++OAUTH_LIBS =
++else
++OAUTH_SOURCES =
++OAUTH_LIBS =
++endif
++
  INCLUDES =		\
  	$(COUCHDB_GLIB_CFLAGS)
@@ -20,10 +28,12 @@
  	couchdb-types.c			\
  	dbwatch.c			\
  	dbwatch.h			\
++	$(OAUTH_SOURCES)		\
  	utils.c				\
  	utils.h
  libcouchdb_glib_1_0_la_LIBADD =		\
  	$(COUCHDB_GLIB_LIBS)		\
++	$(OAUTH_LIBS)			\
  	-luuid
  libcouchdb_glib_1_0_la_LDFLAGS =	\
  	-version-info $(LIBCOUCHDBGLIB_CURRENT):$(LIBCOUCHDBGLIB_REVISION):$(LIBCOUCHDBGLIB_AGE)
 === modified file 'couchdb-glib/couchdb-glib.h'
 --- couchdb-glib/couchdb-glib.h	2009-08-31 15:48:46 +0000
 +++ couchdb-glib/couchdb-glib.h	2009-09-04 09:28:53 +0000
@@ -64,6 +64,13 @@
  void                 couchdb_listen_for_changes (CouchDB *couchdb, const char *dbname);
++gboolean             couchdb_enable_oauth (CouchDB *couchdb,
++					   const char *consumer_key,
++					   const char *consumer_secret,
++					   const char *token_key,
++					   const char *token_secret);
++void                 couchdb_disable_oauth (CouchDB *couchdb);
++
  /*
   * Documents API
   */
 === modified file 'couchdb-glib/couchdb.c'
 --- couchdb-glib/couchdb.c	2009-08-31 15:48:46 +0000
 +++ couchdb-glib/couchdb.c	2009-09-04 09:28:53 +0000
@@ -49,6 +49,13 @@
  	g_free (couchdb->hostname);
  	g_object_unref (couchdb->http_session);
++#ifdef HAVE_OAUTH
++	g_free (couchdb->oauth_consumer_key);
++	g_free (couchdb->oauth_consumer_secret);
++	g_free (couchdb->oauth_token_key);
++	g_free (couchdb->oauth_token_secret);
++#endif
++
  	G_OBJECT_CLASS (couchdb_parent_class)->finalize (object);
+ }
@@ -375,3 +382,42 @@
  	/* Free memory */
  	couchdb_database_info_unref (db_info);
+ }
++
++/**
++ * couchdb_enable_oauth:
++ * @couchdb: A #CouchDB object
++ * @consumer_key: Consumer key to use
++ * @consumer_secret: Consumer secret to use
++ * @token_key: Token key to use
++ * @token_secret: Token secret to use
++ *
++ * Enables oAuth signing of all requests for the given #CouchDB object.
++ *
++ * Return value: TRUE if oAuth is enabled in the library or FALSE if not.
++ */
++gboolean
++couchdb_enable_oauth (CouchDB *couchdb,
++		      const char *consumer_key,
++		      const char *consumer_secret,
++		      const char *token_key,
++		      const char *token_secret)
++{
++	g_return_val_if_fail (COUCHDB_IS (couchdb), FALSE);
++
++#ifdef HAVE_OAUTH
++	if (couchdb->oauth_enabled) {
++		g_free (couchdb->oauth_consumer_key);
++		g_free (couchdb->oauth_consumer_secret);
++		g_free (couchdb->oauth_token_key);
++		g_free (couchdb->oauth_token_secret);
++	}
++
++	couchdb->oauth_consumer_key = g_strdup (consumer_key);
++	couchdb->oauth_consumer_secret = g_strdup (consumer_secret);
++	couchdb->oauth_token_key = g_strdup (token_key);
++	couchdb->oauth_token_secret = g_strdup (token_secret);
++	couchdb->oauth_enabled = TRUE;
++#else
++	return FALSE;
++#endif
++}
 === added file 'couchdb-glib/oauth.c'
 --- couchdb-glib/oauth.c	1970-01-01 00:00:00 +0000
 +++ couchdb-glib/oauth.c	2009-09-04 09:28:53 +0000
@@ -0,0 +1,955 @@
++/*
++ * oAuth string functions in POSIX-C.
++ *
++ * Copyright 2007, 2008, 2009 Robin Gareus <robin@gareus.org>
++ *
++ * The base64 functions are by Jan-Henrik Haukeland, <hauk@tildeslash.com>
++ * and un/escape_url() was inspired by libcurl's curl_escape under ISC-license
++ * many thanks to Daniel Stenberg <daniel@haxx.se>.
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * of this software and associated documentation files (the "Software"), to deal
++ * in the Software without restriction, including without limitation the rights
++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
++ * copies of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
++ * THE SOFTWARE.
++ *
++ */
++#if HAVE_CONFIG_H
++# include <config.h>
++#endif
++
++#define WIPE_MEMORY ///< overwrite sensitve data before free()ing it.
++
++#include <stdio.h>
++#include <stdarg.h>
++#include <stdlib.h>
++#include <string.h>
++#include <time.h>
++#include <math.h>
++#include <ctype.h> // isxdigit
++#include <openssl/hmac.h>
++
++#include "xmalloc.h"
++#include "oauth.h"
++
++#ifndef WIN // getpid() on POSIX systems
++#include <sys/types.h>
++#include <unistd.h>
++#endif
++
++/**
++ * Base64 encode one byte
++ */
++char oauth_b64_encode(unsigned char u) {
++  if(u < 26)  return 'A'+u;
++  if(u < 52)  return 'a'+(u-26);
++  if(u < 62)  return '0'+(u-52);
++  if(u == 62) return '+';
++  return '/';
++}
++
++/**
++ * Decode a single base64 character.
++ */
++unsigned char oauth_b64_decode(char c) {
++  if(c >= 'A' && c <= 'Z') return(c - 'A');
++  if(c >= 'a' && c <= 'z') return(c - 'a' + 26);
++  if(c >= '0' && c <= '9') return(c - '0' + 52);
++  if(c == '+')             return 62;
++  return 63;
++}
++
++/**
++ * Return TRUE if 'c' is a valid base64 character, otherwise FALSE
++ */
++int oauth_b64_is_base64(char c) {
++  if((c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') ||
++     (c >= '0' && c <= '9') || (c == '+')             ||
++     (c == '/')             || (c == '=')) {
++    return 1;
++  }
++  return 0;
++}
++
++/**
++ * Base64 encode and return size data in 'src'. The caller must free the
++ * returned string.
++ *
++ * @param size The size of the data in src
++ * @param src The data to be base64 encode
++ * @return encoded string otherwise NULL
++ */
++char *oauth_encode_base64(int size, const unsigned char *src) {
++  int i;
++  char *out, *p;
++
++  if(!src) return NULL;
++  if(!size) size= strlen((char *)src);
++  out= (char*) xcalloc(sizeof(char), size*4/3+4);
++  p= out;
++
++  for(i=0; i<size; i+=3) {
++    unsigned char b1=0, b2=0, b3=0, b4=0, b5=0, b6=0, b7=0;
++    b1= src[i];
++    if(i+1<size) b2= src[i+1];
++    if(i+2<size) b3= src[i+2];
++
++    b4= b1>>2;
++    b5= ((b1&0x3)<<4)|(b2>>4);
++    b6= ((b2&0xf)<<2)|(b3>>6);
++    b7= b3&0x3f;
++
++    *p++= oauth_b64_encode(b4);
++    *p++= oauth_b64_encode(b5);
++
++    if(i+1<size) *p++= oauth_b64_encode(b6);
++    else *p++= '=';
++
++    if(i+2<size) *p++= oauth_b64_encode(b7);
++    else *p++= '=';
++  }
++  return out;
++}
++
++/**
++ * Decode the base64 encoded string 'src' into the memory pointed to by
++ * 'dest'.
++ *
++ * @param dest Pointer to memory for holding the decoded string.
++ * Must be large enough to recieve the decoded string.
++ * @param src A base64 encoded string.
++ * @return the length of the decoded string if decode
++ * succeeded otherwise 0.
++ */
++int oauth_decode_base64(unsigned char *dest, const char *src) {
++  if(src && *src) {
++    unsigned char *p= dest;
++    int k, l= strlen(src)+1;
++    unsigned char *buf= (unsigned char*) xcalloc(sizeof(unsigned char), l);
++
++    /* Ignore non base64 chars as per the POSIX standard */
++    for(k=0, l=0; src[k]; k++) {
++      if(oauth_b64_is_base64(src[k])) {
++        buf[l++]= src[k];
++      }
++    }
++
++    for(k=0; k<l; k+=4) {
++      char c1='A', c2='A', c3='A', c4='A';
++      unsigned char b1=0, b2=0, b3=0, b4=0;
++      c1= buf[k];
++
++      if(k+1<l) c2= buf[k+1];
++      if(k+2<l) c3= buf[k+2];
++      if(k+3<l) c4= buf[k+3];
++
++      b1= oauth_b64_decode(c1);
++      b2= oauth_b64_decode(c2);
++      b3= oauth_b64_decode(c3);
++      b4= oauth_b64_decode(c4);
++
++      *p++=((b1<<2)|(b2>>4) );
++
++      if(c3 != '=') *p++=(((b2&0xf)<<4)|(b3>>2) );
++      if(c4 != '=') *p++=(((b3&0x3)<<6)|b4 );
++    }
++    free(buf);
++    dest[p-dest]='\0';
++    return(p-dest);
++  }
++  return 0;
++}
++
++/**
++ * Escape 'string' according to RFC3986 and
++ * http://oauth.net/core/1.0/#encoding_parameters.
++ *
++ * @param string The data to be encoded
++ * @return encoded string otherwise NULL
++ * The caller must free the returned string.
++ */
++char *oauth_url_escape(const char *string) {
++  size_t alloc, newlen;
++  char *ns = NULL, *testing_ptr = NULL;
++  unsigned char in;
++  size_t strindex=0;
++  size_t length;
++
++  if (!string) return xstrdup("");
++
++  alloc = strlen(string)+1;
++  newlen = alloc;
++
++  ns = (char*) xmalloc(alloc);
++
++  length = alloc-1;
++  while(length--) {
++    in = *string;
++
++    switch(in){
++    case '0': case '1': case '2': case '3': case '4':
++    case '5': case '6': case '7': case '8': case '9':
++    case 'a': case 'b': case 'c': case 'd': case 'e':
++    case 'f': case 'g': case 'h': case 'i': case 'j':
++    case 'k': case 'l': case 'm': case 'n': case 'o':
++    case 'p': case 'q': case 'r': case 's': case 't':
++    case 'u': case 'v': case 'w': case 'x': case 'y': case 'z':
++    case 'A': case 'B': case 'C': case 'D': case 'E':
++    case 'F': case 'G': case 'H': case 'I': case 'J':
++    case 'K': case 'L': case 'M': case 'N': case 'O':
++    case 'P': case 'Q': case 'R': case 'S': case 'T':
++    case 'U': case 'V': case 'W': case 'X': case 'Y': case 'Z':
++    case '_': case '~': case '.': case '-':
++      ns[strindex++]=in;
++      break;
++    default:
++      newlen += 2; /* this'll become a %XX */
++      if(newlen > alloc) {
++        alloc *= 2;
++				testing_ptr = (char*) xrealloc(ns, alloc);
++				ns = testing_ptr;
++      }
++      snprintf(&ns[strindex], 4, "%%%02X", in);
++      strindex+=3;
++      break;
++    }
++    string++;
++  }
++  ns[strindex]=0;
++  return ns;
++}
++
++#ifndef ISXDIGIT
++# define ISXDIGIT(x) (isxdigit((int) ((unsigned char)x)))
++#endif
++
++/**
++ * Parse RFC3986 encoded 'string' back to  unescaped version.
++ *
++ * @param string The data to be unescaped
++ * @param olen unless NULL the length of the returned string is stored there.
++ * @return decoded string or NULL
++ * The caller must free the returned string.
++ */
++char *oauth_url_unescape(const char *string, size_t *olen) {
++  size_t alloc, strindex=0;
++  char *ns = NULL;
++  unsigned char in;
++  long hex;
++
++	if (!string) return NULL;
++  alloc = strlen(string)+1;
++  ns = (char*) xmalloc(alloc);
++
++  while(--alloc > 0) {
++    in = *string;
++    if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
++      char hexstr[3]; // '%XX'
++      hexstr[0] = string[1];
++      hexstr[1] = string[2];
++      hexstr[2] = 0;
++      hex = strtol(hexstr, NULL, 16);
++      in = (unsigned char)hex; /* hex is always < 256 */
++      string+=2;
++      alloc-=2;
++    }
++    ns[strindex++] = in;
++    string++;
++  }
++  ns[strindex]=0;
++  if(olen) *olen = strindex;
++  return ns;
++}
++
++/**
++ * returns base64 encoded HMAC-SHA1 signature for
++ * given message and key.
++ * both data and key need to be urlencoded.
++ *
++ * the returned string needs to be freed by the caller
++ *
++ * @param m message to be signed
++ * @param k key used for signing
++ * @return signature string.
++ */
++char *oauth_sign_hmac_sha1 (const char *m, const char *k) {
++  return(oauth_sign_hmac_sha1_raw (m, strlen(m), k, strlen(k)));
++}
++
++char *oauth_sign_hmac_sha1_raw (const char *m, const size_t ml, const char *k, const size_t kl) {
++  unsigned char result[EVP_MAX_MD_SIZE];
++  unsigned int resultlen = 0;
++
++  HMAC(EVP_sha1(), k, kl,
++      (unsigned char*) m, ml,
++      result, &resultlen);
++
++  return(oauth_encode_base64(resultlen, result));
++}
++
++/**
++ * returns plaintext signature for the given key.
++ *
++ * the returned string needs to be freed by the caller
++ *
++ * @param m message to be signed
++ * @param k key used for signing
++ * @return signature string
++ */
++char *oauth_sign_plaintext (const char *m, const char *k) {
++  return(oauth_url_escape(k));
++}
++
++#include <openssl/evp.h>
++#include <openssl/x509.h>
++#include <openssl/x509v3.h>
++#include <openssl/ssl.h>
++
++/**
++ * returns RSA-SHA1 signature for given data.
++ * the returned signature needs to be freed by the caller.
++ *
++ * @param m message to be signed
++ * @param k private-key PKCS and Base64-encoded
++ * @return base64 encoded signature string.
++ */
++char *oauth_sign_rsa_sha1 (const char *m, const char *k) {
++  unsigned char *sig = NULL;
++  unsigned char *passphrase = NULL;
++  unsigned int len=0;
++  EVP_MD_CTX md_ctx;
++
++  EVP_PKEY *pkey;
++  BIO *in;
++  in = BIO_new_mem_buf((unsigned char*) k, strlen(k));
++  pkey = PEM_read_bio_PrivateKey(in, NULL, 0, passphrase); // generate sign
++  BIO_free(in);
++
++  if (pkey == NULL) {
++  //fprintf(stderr, "liboauth/ssl: can not read private key\n");
++	  return xstrdup("liboauth/ssl: can not read private key");
++  }
++
++  len = EVP_PKEY_size(pkey);
++  sig = xmalloc((len+1)*sizeof(char));
++
++  EVP_SignInit(&md_ctx, EVP_sha1());
++  EVP_SignUpdate(&md_ctx, m, strlen(m));
++  if (EVP_SignFinal (&md_ctx, sig, &len, pkey)) {
++	  char *tmp;
++    sig[len] = '\0';
++		tmp = oauth_encode_base64(len,sig);
++		OPENSSL_free(sig);
++	  EVP_PKEY_free(pkey);
++		return tmp;
++  }
++  return xstrdup("liboauth/ssl: rsa-sha1 signing failed");
++}
++
++/**
++ * verify RSA-SHA1 signature.
++ *
++ * returns the output of EVP_VerifyFinal() for a given message,
++ * cert/pubkey and signature
++ *
++ * @param m message to be verified
++ * @param c public-key or x509 certificate
++ * @param s base64 encoded signature
++ * @return 1 for a correct signature, 0 for failure and -1 if some other error occurred
++ */
++int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) {
++  EVP_MD_CTX md_ctx;
++  EVP_PKEY *pkey;
++  BIO *in;
++  X509 *cert = NULL;
++	unsigned char *b64d;
++  int slen, err;
++
++  in = BIO_new_mem_buf((unsigned char*)c, strlen(c));
++  cert = PEM_read_bio_X509(in, NULL, 0, NULL);
++	if (cert)  {
++    pkey = (EVP_PKEY *) X509_get_pubkey(cert);
++		X509_free(cert);
++	} else {
++    pkey = PEM_read_bio_PUBKEY(in, NULL, 0, NULL);
++	}
++  BIO_free(in);
++  if (pkey == NULL) {
++  //fprintf(stderr, "could not read cert/pubkey.\n");
++	  return -2;
++  }
++
++  b64d= (unsigned char*) xmalloc(sizeof(char)*strlen(s));
++  slen = oauth_decode_base64(b64d, s);
++
++	EVP_VerifyInit(&md_ctx, EVP_sha1());
++	EVP_VerifyUpdate(&md_ctx, m, strlen(m));
++	err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey);
++	EVP_MD_CTX_cleanup(&md_ctx);
++	EVP_PKEY_free(pkey);
++	free(b64d);
++	return (err);
++}
++
++/**
++ * encode strings and concatenate with '&' separator.
++ * The number of strings to be concatenated must be
++ * given as first argument.
++ * all arguments thereafter must be of type (char *)
++ *
++ * @param len the number of arguments to follow this parameter
++ * @param ... string to escape and added (may be NULL)
++ *
++ * @return pointer to memory holding the concatenated
++ * strings - needs to be free(d) by the caller. or NULL
++ * in case we ran out of memory.
++ */
++char *oauth_catenc(int len, ...) {
++  va_list va;
++  int i;
++  char *rv = (char*) xmalloc(sizeof(char));
++  *rv='\0';
++  va_start(va, len);
++  for(i=0;i<len;i++) {
++    char *arg = va_arg(va, char *);
++    char *enc;
++    int len;
++    enc = oauth_url_escape(arg);
++    if(!enc) break;
++    len = strlen(enc) + 1 + ((i>0)?1:0);
++    if(rv) len+=strlen(rv);
++    rv=(char*) xrealloc(rv,len*sizeof(char));
++
++    if(i>0) strcat(rv, "&");
++    strcat(rv, enc);
++    free(enc);
++  }
++  va_end(va);
++  return(rv);
++}
++
++/**
++ * splits the given url into a parameter array.
++ * (see \ref oauth_serialize_url and \ref oauth_serialize_url_parameters for the reverse)
++ *
++ * NOTE: Request-parameters-values may include an ampersand character.
++ * However if unescaped this function will use them as parameter delimiter.
++ * If you need to make such a request, this function since version 0.3.5 allows
++ * to use the ASCII SOH (0x01) character as alias for '&' (0x26).
++ * (the motivation is convenience: SOH is /untypeable/ and much more
++ * unlikely to appear than '&' - If you plan to sign fancy URLs you
++ * should not split a query-string, but rather provide the parameter array
++ * directly to \ref oauth_serialize_url)
++ *
++ * @param url the url or query-string to parse.
++ * @param argv pointer to a (char *) array where the results are stored.
++ *  The array is re-allocated to match the number of parameters and each
++ *  parameter-string is allocated with strdup. - The memory needs to be freed
++ *  by the caller.
++ * @param qesc use query parameter escape (vs post-param-escape) - if set
++ *        to 1 all '+' are treated as spaces ' '
++ *
++ * @return number of parameter(s) in array.
++ */
++int oauth_split_post_paramters(const char *url, char ***argv, short qesc) {
++  int argc=0;
++  char *token, *tmp, *t1;
++  if (!argv) return 0;
++  if (!url) return 0;
++  t1=xstrdup(url);
++
++  // '+' represents a space, in a URL query string
++  while ((qesc&1) && (tmp=strchr(t1,'+'))) *tmp=' ';
++
++  tmp=t1;
++  while((token=strtok(tmp,"&?"))) {
++    if(!strncasecmp("oauth_signature=",token,16)) continue;
++    (*argv)=(char**) xrealloc(*argv,sizeof(char*)*(argc+1));
++    while (!(qesc&2) && (tmp=strchr(token,'\001'))) *tmp='&';
++		(*argv)[argc]=oauth_url_unescape(token, NULL);
++	  if (argc==0 && strstr(token, ":/")) {
++			// HTTP does not allow empty absolute paths, so the URL
++			// 'http://example.com' is equivalent to 'http://example.com/' and should
++			// be treated as such for the purposes of OAuth signing (rfc2616, section 3.2.1)
++			// see http://groups.google.com/group/oauth/browse_thread/thread/c44b6f061bfd98c?hl=en
++			char *slash=strstr(token, ":/");
++			while (slash && *(++slash) == '/')  ; // skip slashes eg /xxx:[\/]*/
++#if 0
++			// skip possibly unescaped slashes in the userinfo - they're not allowed by RFC2396 but have been seen.
++			// the hostname/IP may only contain alphanumeric characters - so we're safe there.
++			if (slash && strchr(slash,'@')) slash=strchr(slash,'@');
++#endif
++			if (slash && !strchr(slash,'/')) {
++#ifdef DEBUG_OAUTH
++			  fprintf(stderr, "\nliboauth: added trailing slash to URL: '%s'\n\n", token);
++#endif
++				free((*argv)[argc]);
++				(*argv)[argc]= (char*) xmalloc(sizeof(char)*(2+strlen(token)));
++				strcpy((*argv)[argc],token);
++				strcat((*argv)[argc],"/");
++		  }
++		}
++	  if (argc==0 && (tmp=strstr((*argv)[argc],":80/"))) {
++			  memmove(tmp, tmp+3, strlen(tmp+2));
++		}
++    tmp=NULL;
++    argc++;
++  }
++
++  free(t1);
++  return argc;
++}
++
++int oauth_split_url_parameters(const char *url, char ***argv) {
++  return oauth_split_post_paramters(url, argv, 1);
++}
++
++/**
++ * build a url query string from an array.
++ *
++ * @param argc the total number of elements in the array
++ * @param start element in the array at which to start concatenating.
++ * @param argv parameter-array to concatenate.
++ * @return url string needs to be freed by the caller.
++ *
++ */
++char *oauth_serialize_url (int argc, int start, char **argv) {
++	return oauth_serialize_url_sep( argc, start, argv, "&");
++}
++
++/**
++ * encode query parameters from an array.
++ *
++ * @param argc the total number of elements in the array
++ * @param start element in the array at which to start concatenating.
++ * @param argv parameter-array to concatenate.
++ * @param sep separator for parameters (usually "&")
++ * @return url string needs to be freed by the caller.
++ */
++char *oauth_serialize_url_sep (int argc, int start, char **argv, char *sep) {
++  char  *tmp, *t1;
++  int i;
++  int	first=0;
++	int seplen=strlen(sep);
++  char *query = (char*) xmalloc(sizeof(char));
++  *query='\0';
++  for(i=start; i< argc; i++) {
++    int len = 0;
++    if (query) len+=strlen(query);
++
++		if (i==start && i==0 && strstr(argv[i], ":/")) {
++      tmp=xstrdup(argv[i]);
++      len+=strlen(tmp);
++		} else if(!(t1=strchr(argv[i], '='))) {
++    // see http://oauth.net/core/1.0/#anchor14
++    // escape parameter names and arguments but not the '='
++      tmp=xstrdup(argv[i]);
++      tmp=(char*) xrealloc(tmp,(strlen(tmp)+2)*sizeof(char));
++      strcat(tmp,"=");
++      len+=strlen(tmp);
++    } else {
++      *t1=0;
++      tmp = oauth_url_escape(argv[i]);
++      *t1='=';
++      t1 = oauth_url_escape((t1+1));
++      tmp=(char*) xrealloc(tmp,(strlen(tmp)+strlen(t1)+2)*sizeof(char));
++      strcat(tmp,"=");
++      strcat(tmp,t1);
++      free(t1);
++      len+=strlen(tmp);
++    }
++		len+=seplen+1;
++    query=(char*) xrealloc(query,len*sizeof(char));
++    strcat(query, ((i==start||first)?"":sep));
++		first=0;
++    strcat(query, tmp);
++		if (i==start && i==0 && strstr(tmp, ":/")) {
++			strcat(query, "?");
++			first=1;
++		}
++    free(tmp);
++  }
++  return (query);
++}
++
++/**
++ * build a query parameter string from an array.
++ *
++ * This function is a shortcut for \ref oauth_serialize_url (argc, 1, argv).
++ * It strips the leading host/path, which is usually the first
++ * element when using oauth_split_url_parameters on an URL.
++ *
++ * @param argc the total number of elements in the array
++ * @param argv parameter-array to concatenate.
++ * @return url string needs to be freed by the caller.
++ */
++char *oauth_serialize_url_parameters (int argc, char **argv) {
++  return oauth_serialize_url(argc, 1, argv);
++}
++
++/**
++ * generate a random string between 15 and 32 chars length
++ * and return a pointer to it. The value needs to be freed by the
++ * caller
++ *
++ * @return zero terminated random string.
++ */
++char *oauth_gen_nonce() {
++  char *nc;
++  static int rndinit = 1;
++  const char *chars = "abcdefghijklmnopqrstuvwxyz"
++  	"ABCDEFGHIJKLMNOPQRSTUVWXYZ" "0123456789_";
++  unsigned int max = strlen( chars );
++  int i, len;
++
++  if(rndinit) {srand(time(NULL)
++#ifndef WIN // quick windows check.
++  	* getpid()
++#endif
++	); rndinit=0;} // seed random number generator - FIXME: we can do better ;)
++
++  len=15+floor(rand()*16.0/(double)RAND_MAX);
++  nc = (char*) xmalloc((len+1)*sizeof(char));
++  for(i=0;i<len; i++) {
++    nc[i] = chars[ rand() % max ];
++  }
++  nc[i]='\0';
++  return (nc);
++}
++
++/**
++ * string compare function for oauth parameters.
++ *
++ * used with qsort. needed to normalize request parameters.
++ * see http://oauth.net/core/1.0/#anchor14
++ */
++int oauth_cmpstringp(const void *p1, const void *p2) {
++  char *v1,*v2;
++  char *t1,*t2;
++  int rv;
++  // TODO: this is not fast - we should escape the
++  // array elements (once) before sorting.
++  v1=oauth_url_escape(* (char * const *)p1);
++  v2=oauth_url_escape(* (char * const *)p2);
++
++  // '=' signs are not "%3D" !
++  if ((t1=strstr(v1,"%3D"))) {
++    t1[0]='\0'; t1[1]='='; t1[2]='=';
++  }
++  if ((t2=strstr(v2,"%3D"))) {
++    t2[0]='\0'; t2[1]='='; t2[2]='=';
++  }
++
++  // compare parameter names
++  rv=strcmp(v1,v2);
++  if (rv!=0) {
++    if (v1) free(v1);
++    if (v2) free(v2);
++    return rv;
++  }
++
++  // if parameter names are equal, sort by value.
++  if (t1) t1[0]='=';
++  if (t2) t2[0]='=';
++  rv=strcmp(t1,t2);
++  if (v1) free(v1);
++  if (v2) free(v2);
++  return rv;
++}
++
++/**
++ * search array for parameter key.
++ * @param argv length of array to search
++ * @param argc parameter array to search
++ * @param key key of parameter to check.
++ *
++ * @return FALSE (0) if array does not contain a paramater with given key, TRUE (1) otherwise.
++ */
++int oauth_param_exists(char **argv, int argc, char *key) {
++	int i;
++	size_t l= strlen(key);
++	for (i=0;i<argc;i++)
++		if (strlen(argv[i])>l && !strncmp(argv[i],key,l) && argv[i][l] == '=') return 1;
++	return 0;
++}
++
++/**
++ * add query parameter to array
++ *
++ * @param argcp pointer to array length int
++ * @param argvp pointer to array values
++ * @param addparam parameter to add (eg. "foo=bar")
++ */
++void oauth_add_param_to_array(int *argcp, char ***argvp, const char *addparam) {
++  (*argvp)=(char**) xrealloc(*argvp,sizeof(char*)*((*argcp)+1));
++  (*argvp)[(*argcp)++]= (char*) xstrdup(addparam);
++}
++
++/**
++ *
++ */
++void oauth_add_protocol(int *argcp, char ***argvp,
++  OAuthMethod method,
++  const char *c_key, //< consumer key - posted plain text
++  const char *t_key //< token key - posted plain text in URL
++ ){
++  char oarg[1024];
++
++  // add oAuth specific arguments
++	if (!oauth_param_exists(*argvp,*argcp,"oauth_nonce")) {
++		char *tmp;
++		snprintf(oarg, 1024, "oauth_nonce=%s", (tmp=oauth_gen_nonce()));
++		oauth_add_param_to_array(argcp, argvp, oarg);
++		free(tmp);
++	}
++
++	if (!oauth_param_exists(*argvp,*argcp,"oauth_timestamp")) {
++		snprintf(oarg, 1024, "oauth_timestamp=%li", (long int) time(NULL));
++		oauth_add_param_to_array(argcp, argvp, oarg);
++	}
++
++	if (t_key) {
++    snprintf(oarg, 1024, "oauth_token=%s", t_key);
++		oauth_add_param_to_array(argcp, argvp, oarg);
++  }
++
++  snprintf(oarg, 1024, "oauth_consumer_key=%s", c_key);
++	oauth_add_param_to_array(argcp, argvp, oarg);
++
++  snprintf(oarg, 1024, "oauth_signature_method=%s",
++      method==0?"HMAC-SHA1":method==1?"RSA-SHA1":"PLAINTEXT");
++	oauth_add_param_to_array(argcp, argvp, oarg);
++
++	if (!oauth_param_exists(*argvp,*argcp,"oauth_version")) {
++		snprintf(oarg, 1024, "oauth_version=1.0");
++		oauth_add_param_to_array(argcp, argvp, oarg);
++	}
++
++#if 0 // oauth_version 1.0 Rev A
++	if (!oauth_param_exists(argv,argc,"oauth_callback")) {
++		snprintf(oarg, 1024, "oauth_callback=oob");
++		oauth_add_param_to_array(argcp, argvp, oarg);
++	}
++#endif
++
++}
++
++char *oauth_sign_url (const char *url, char **postargs,
++  OAuthMethod method,
++  const char *c_key, //< consumer key - posted plain text
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_key, //< token key - posted plain text in URL
++  const char *t_secret //< token secret - used as 2st part of secret-key
++  ) {
++  return oauth_sign_url2(url, postargs,
++    method, NULL,
++		c_key, c_secret,
++		t_key, t_secret);
++}
++
++char *oauth_sign_url2 (const char *url, char **postargs,
++  OAuthMethod method,
++  const char *http_method, //< HTTP request method
++  const char *c_key, //< consumer key - posted plain text
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_key, //< token key - posted plain text in URL
++  const char *t_secret //< token secret - used as 2st part of secret-key
++  ) {
++  int  argc;
++  char **argv = NULL;
++  char *rv;
++
++  if (postargs)
++    argc = oauth_split_post_paramters(url, &argv, 0);
++  else
++    argc = oauth_split_url_parameters(url, &argv);
++
++  rv=oauth_sign_array2(&argc, &argv, postargs,
++		method, http_method,
++    c_key, c_secret, t_key, t_secret);
++
++  oauth_free_array(&argc, &argv);
++	return(rv);
++}
++
++char *oauth_sign_array (int *argcp, char***argvp,
++  char **postargs,
++  OAuthMethod method,
++  const char *c_key, //< consumer key - posted plain text
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_key, //< token key - posted plain text in URL
++  const char *t_secret //< token secret - used as 2st part of secret-key
++  ) {
++  return oauth_sign_array2 (argcp, argvp,
++                            postargs, method,
++                            NULL,
++                            c_key, c_secret,
++                            t_key, t_secret);
++}
++
++char *oauth_sign_array2 (int *argcp, char***argvp,
++  char **postargs,
++  OAuthMethod method,
++  const char *http_method, //< HTTP request method
++  const char *c_key, //< consumer key - posted plain text
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_key, //< token key - posted plain text in URL
++  const char *t_secret //< token secret - used as 2st part of secret-key
++  ) {
++  char oarg[1024];
++  char *query;
++  char *okey, *odat, *sign;
++  char *result;
++  char *http_request_method;
++
++  if (!http_method) {
++    http_request_method = xstrdup(postargs?"POST":"GET");
++  } else {
++    int i;
++    http_request_method = xstrdup(http_method);
++    for (i=0;i<strlen(http_request_method);i++)
++      http_request_method[i]=toupper(http_request_method[i]);
++  }
++
++	// add OAuth protocol parameters
++	oauth_add_protocol(argcp, argvp, method, c_key, t_key);
++
++  // sort parameters
++  qsort(&(*argvp)[1], (*argcp)-1, sizeof(char *), oauth_cmpstringp);
++
++  // serialize URL
++  query= oauth_serialize_url_parameters(*argcp, *argvp);
++
++  // generate signature
++  okey = oauth_catenc(2, c_secret, t_secret);
++  odat = oauth_catenc(3, http_request_method, (*argvp)[0], query);
++  free(http_request_method);
++#ifdef DEBUG_OAUTH
++  fprintf (stderr, "\nliboauth: data to sign='%s'\n\n", odat);
++  fprintf (stderr, "\nliboauth: key='%s'\n\n", okey);
++#endif
++  switch(method) {
++    case OA_RSA:
++      sign = oauth_sign_rsa_sha1(odat,okey); // XXX okey needs to be RSA key!
++    	break;
++    case OA_PLAINTEXT:
++      sign = oauth_sign_plaintext(odat,okey);
++    	break;
++    default:
++      sign = oauth_sign_hmac_sha1(odat,okey);
++  }
++#ifdef WIPE_MEMORY
++	memset(okey,0, strlen(okey));
++	memset(odat,0, strlen(odat));
++#endif
++  free(odat);
++  free(okey);
++
++  // append signature to query args.
++  snprintf(oarg, 1024, "oauth_signature=%s",sign);
++	oauth_add_param_to_array(argcp, argvp, oarg);
++  free(sign);
++
++  // build URL params
++  result = oauth_serialize_url(*argcp, (postargs?1:0), *argvp);
++
++  if(postargs) {
++    *postargs = result;
++    result = xstrdup((*argvp)[0]);
++  }
++
++  if(query) free(query);
++
++  return result;
++}
++
++/**
++ * free array args
++ *
++ * @param argcp pointer to array length int
++ * @param argvp pointer to array values to be free()d
++ */
++void oauth_free_array(int *argcp, char ***argvp) {
++  int i;
++	for (i=0;i<(*argcp);i++) {
++		free((*argvp)[i]);
++	}
++  if(*argvp) free(*argvp);
++}
++
++/**
++ * http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html
++ */
++char *oauth_body_hash_file(char *filename) {
++  unsigned char fb[BUFSIZ];
++  EVP_MD_CTX ctx;
++  size_t len=0;
++  unsigned char *md;
++  FILE *F= fopen(filename, "r");
++  if (!F) return NULL;
++
++  EVP_MD_CTX_init(&ctx);
++  EVP_DigestInit(&ctx,EVP_sha1());
++  while (!feof(F) && (len=fread(fb,sizeof(char),BUFSIZ, F))>0) {
++    EVP_DigestUpdate(&ctx, fb, len);
++  }
++  fclose(F);
++  len=0;
++  md=(unsigned char*) calloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char));
++  EVP_DigestFinal(&ctx, md, &len);
++  EVP_MD_CTX_cleanup(&ctx);
++  return oauth_body_hash_encode(len, md);
++}
++
++char *oauth_body_hash_data(size_t length, const char *data) {
++  EVP_MD_CTX ctx;
++  size_t len=0;
++  unsigned char *md;
++  md=(unsigned char*) calloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char));
++  EVP_MD_CTX_init(&ctx);
++  EVP_DigestInit(&ctx,EVP_sha1());
++  EVP_DigestUpdate(&ctx, data, length);
++  EVP_DigestFinal(&ctx, md, &len);
++  EVP_MD_CTX_cleanup(&ctx);
++  return oauth_body_hash_encode(len, md);
++}
++
++/**
++ * base64 encode digest, free it and return a URL parameter
++ * with the oauth_body_hash
++ */
++char *oauth_body_hash_encode(size_t len, unsigned char *digest) {
++  char *sign=oauth_encode_base64(len,digest);
++  char *sig_url = malloc(17+strlen(sign));
++  sprintf(sig_url,"oauth_body_hash=%s", sign);
++  free(sign);
++  free(digest);
++  return sig_url;
++}
++
++
++/**
++ * xep-0235 - TODO
++ */
++char *oauth_sign_xmpp (const char *xml,
++  OAuthMethod method,
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_secret //< token secret - used as 2st part of secret-key
++	) {
++
++  return NULL;
++}
++
++// vi: sts=2 sw=2 ts=2
 === added file 'couchdb-glib/oauth.h'
 --- couchdb-glib/oauth.h	1970-01-01 00:00:00 +0000
 +++ couchdb-glib/oauth.h	2009-09-04 09:28:53 +0000
@@ -0,0 +1,539 @@
++/**
++ *  @brief oAuth.net implementation in POSIX-C.
++ *  @file oauth.h
++ *  @author Robin Gareus <robin@gareus.org>
++ *
++ * Copyright 2007, 2008, 2009 Robin Gareus <robin@gareus.org>
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * of this software and associated documentation files (the "Software"), to deal
++ * in the Software without restriction, including without limitation the rights
++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
++ * copies of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
++ * THE SOFTWARE.
++ *
++ */
++#ifndef _OAUTH_H
++#define _OAUTH_H      1
++
++#ifndef DOXYGEN_IGNORE
++// liboauth version
++#define LIBOAUTH_VERSION "0.5.3"
++#define LIBOAUTH_VERSION_MAJOR  0
++#define LIBOAUTH_VERSION_MINOR  5
++#define LIBOAUTH_VERSION_MICRO  3
++
++//interface revision number
++//http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
++#define LIBOAUTH_CUR  3
++#define LIBOAUTH_REV  0
++#define LIBOAUTH_AGE  3
++#endif
++
++#ifdef __GNUC__
++#    define OA_GCC_VERSION_AT_LEAST(x,y) (__GNUC__ > x || __GNUC__ == x && __GNUC_MINOR__ >= y)
++#else
++#    define OA_GCC_VERSION_AT_LEAST(x,y) 0
++#endif
++
++#ifndef attribute_deprecated
++#if OA_GCC_VERSION_AT_LEAST(3,1)
++#    define attribute_deprecated __attribute__((deprecated))
++#else
++#    define attribute_deprecated
++#endif
++#endif
++
++/** \enum OAuthMethod
++ * signature method to used for signing the request.
++ */
++typedef enum {
++	OA_HMAC=0, ///< use HMAC-SHA1 request signing method
++	OA_RSA, ///< use RSA signature (not implemented)
++	OA_PLAINTEXT ///< use plain text signature (for testing only)
++	} OAuthMethod;
++
++/**
++ * Base64 encode and return size data in 'src'. The caller must free the
++ * returned string.
++ *
++ * @param size The size of the data in src
++ * @param src The data to be base64 encode
++ * @return encoded string otherwise NULL
++ */
++char *oauth_encode_base64(int size, const unsigned char *src);
++
++/**
++ * Decode the base64 encoded string 'src' into the memory pointed to by
++ * 'dest'.
++ *
++ * @param dest Pointer to memory for holding the decoded string.
++ * Must be large enough to recieve the decoded string.
++ * @param src A base64 encoded string.
++ * @return the length of the decoded string if decode
++ * succeeded otherwise 0.
++ */
++int oauth_decode_base64(unsigned char *dest, const char *src);
++
++/**
++ * Escape 'string' according to RFC3986 and
++ * http://oauth.net/core/1.0/#encoding_parameters.
++ *
++ * @param string The data to be encoded
++ * @return encoded string otherwise NULL
++ * The caller must free the returned string.
++ */
++char *oauth_url_escape(const char *string);
++
++/**
++ * Parse RFC3986 encoded 'string' back to  unescaped version.
++ *
++ * @param string The data to be unescaped
++ * @param olen unless NULL the length of the returned string is stored there.
++ * @return decoded string or NULL
++ * The caller must free the returned string.
++ */
++char *oauth_url_unescape(const char *string, size_t *olen);
++
++
++/**
++ * returns base64 encoded HMAC-SHA1 signature for
++ * given message and key.
++ * both data and key need to be urlencoded.
++ *
++ * the returned string needs to be freed by the caller
++ *
++ * @param m message to be signed
++ * @param k key used for signing
++ * @return signature string.
++ */
++char *oauth_sign_hmac_sha1 (const char *m, const char *k);
++
++/**
++ * same as \ref oauth_sign_hmac_sha1 but allows
++ * to specify length of message and key (in case they contain null chars).
++ *
++ * @param m message to be signed
++ * @param ml length of message
++ * @param k key used for signing
++ * @param kl length of key
++ * @return signature string.
++ */
++char *oauth_sign_hmac_sha1_raw (const char *m, const size_t ml, const char *k, const size_t kl);
++
++/**
++ * returns plaintext signature for the given key.
++ *
++ * the returned string needs to be freed by the caller
++ *
++ * @param m message to be signed
++ * @param k key used for signing
++ * @return signature string
++ */
++char *oauth_sign_plaintext (const char *m, const char *k);
++
++/**
++ * returns RSA-SHA1 signature for given data.
++ * the returned signature needs to be freed by the caller.
++ *
++ * @param m message to be signed
++ * @param k private-key PKCS and Base64-encoded
++ * @return base64 encoded signature string.
++ */
++char *oauth_sign_rsa_sha1 (const char *m, const char *k);
++
++/**
++ * verify RSA-SHA1 signature.
++ *
++ * returns the output of EVP_VerifyFinal() for a given message,
++ * cert/pubkey and signature.
++ *
++ * @param m message to be verified
++ * @param c public-key or x509 certificate
++ * @param s base64 encoded signature
++ * @return 1 for a correct signature, 0 for failure and -1 if some other error occurred
++ */
++int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s);
++
++/**
++ * url-escape strings and concatenate with '&' separator.
++ * The number of strings to be concatenated must be
++ * given as first argument.
++ * all arguments thereafter must be of type (char *)
++ *
++ * @param len the number of arguments to follow this parameter
++ *
++ * @return pointer to memory holding the concatenated
++ * strings - needs to be free(d) by the caller. or NULL
++ * in case we ran out of memory.
++ */
++char *oauth_catenc(int len, ...);
++
++/**
++ * splits the given url into a parameter array.
++ * (see \ref oauth_serialize_url and \ref oauth_serialize_url_parameters for the reverse)
++ * (see \ref oauth_split_post_paramters for a more generic version)
++ *
++ * @param url the url or query-string to parse; may be NULL
++ * @param argv pointer to a (char *) array where the results are stored.
++ *  The array is re-allocated to match the number of parameters and each
++ *  parameter-string is allocated with strdup. - The memory needs to be freed
++ *  by the caller.
++ *
++ * @return number of parameter(s) in array.
++ */
++int oauth_split_url_parameters(const char *url, char ***argv);
++
++/**
++ * splits the given url into a parameter array.
++ * (see \ref oauth_serialize_url and \ref oauth_serialize_url_parameters for the reverse)
++ *
++ * @param url the url or query-string to parse.
++ * @param argv pointer to a (char *) array where the results are stored.
++ *  The array is re-allocated to match the number of parameters and each
++ *  parameter-string is allocated with strdup. - The memory needs to be freed
++ *  by the caller.
++ * @param qesc use query parameter escape (vs post-param-escape) - if set
++ *        to 1 all '+' are treated as spaces ' '
++ *
++ * @return number of parameter(s) in array.
++ */
++int oauth_split_post_paramters(const char *url, char ***argv, short qesc);
++
++/**
++ * build a url query string from an array.
++ *
++ * @param argc the total number of elements in the array
++ * @param start element in the array at which to start concatenating.
++ * @param argv parameter-array to concatenate.
++ * @return url string needs to be freed by the caller.
++ *
++ */
++char *oauth_serialize_url (int argc, int start, char **argv);
++
++/**
++ * encode query parameters from an array.
++ *
++ * @param argc the total number of elements in the array
++ * @param start element in the array at which to start concatenating.
++ * @param argv parameter-array to concatenate.
++ * @param sep separator for parameters (usually "&")
++ * @return url string needs to be freed by the caller.
++ */
++char *oauth_serialize_url_sep (int argc, int start, char **argv, char *sep);
++
++/**
++ * build a query parameter string from an array.
++ *
++ * This function is a shortcut for \ref oauth_serialize_url (argc, 1, argv).
++ * It strips the leading host/path, which is usually the first
++ * element when using oauth_split_url_parameters on an URL.
++ *
++ * @param argc the total number of elements in the array
++ * @param argv parameter-array to concatenate.
++ * @return url string needs to be freed by the caller.
++ */
++char *oauth_serialize_url_parameters (int argc, char **argv);
++
++/**
++ * generate a random string between 15 and 32 chars length
++ * and return a pointer to it. The value needs to be freed by the
++ * caller
++ *
++ * @return zero terminated random string.
++ */
++char *oauth_gen_nonce();
++
++/**
++ * string compare function for oauth parameters.
++ *
++ * used with qsort. needed to normalize request parameters.
++ * see http://oauth.net/core/1.0/#anchor14
++ */
++int oauth_cmpstringp(const void *p1, const void *p2);
++
++
++/**
++ * search array for parameter key.
++ * @param argv length of array to search
++ * @param argc parameter array to search
++ * @param key key of parameter to check.
++ *
++ * @return FALSE (0) if array does not contain a paramater with given key, TRUE (1) otherwise.
++ */
++int oauth_param_exists(char **argv, int argc, char *key);
++
++/**
++ * add query parameter to array
++ *
++ * @param argcp pointer to array length int
++ * @param argvp pointer to array values
++ * @param addparam parameter to add (eg. "foo=bar")
++ */
++void oauth_add_param_to_array(int *argcp, char ***argvp, const char *addparam);
++
++/**
++ * free array args
++ *
++ * @param argcp pointer to array length int
++ * @param argvp pointer to array values to be free()d
++ */
++void oauth_free_array(int *argcp, char ***argvp);
++
++/**
++ * calculate oAuth-signature for a given HTTP request URL, parameters and oauth-tokens.
++ *
++ * if 'postargs' is NULL a "GET" request is signed and the
++ * signed URL is returned. Else this fn will modify 'postargs'
++ * to point to memory that contains the signed POST-variables
++ * and returns the base URL.
++ *
++ * both, the return value and (if given) 'postargs' need to be freed
++ * by the caller.
++ *
++ * @param url The request URL to be signed. append all GET or POST
++ * query-parameters separated by either '?' or '&' to this parameter.
++ *
++ * @param postargs This parameter points to an area where the return value
++ * is stored. If 'postargs' is NULL, no value is stored.
++ *
++ * @param method specify the signature method to use. It is of type
++ * \ref OAuthMethod and most likely \ref OA_HMAC.
++ *
++ * @param http_method The HTTP request method to use (ie "GET", "PUT",..)
++ * If NULL is given as 'http_method' this defaults to "GET" when
++ * 'postargs' is also NULL and when postargs is not NULL "POST" is used.
++ *
++ * @param c_key consumer key
++ * @param c_secret consumer secret
++ * @param t_key token key
++ * @param t_secret token secret
++ *
++ * @return the signed url or NULL if an error occurred.
++ *
++ */
++char *oauth_sign_url2 (const char *url, char **postargs,
++  OAuthMethod method,
++  const char *http_method, //< HTTP request method
++  const char *c_key, //< consumer key - posted plain text
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_key, //< token key - posted plain text in URL
++  const char *t_secret //< token secret - used as 2st part of secret-key
++  );
++
++/**
++ * @deprecated Use oauth_sign_url2() instead.
++ */
++char *oauth_sign_url (const char *url, char **postargs,
++  OAuthMethod method,
++  const char *c_key, //< consumer key - posted plain text
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_key, //< token key - posted plain text in URL
++  const char *t_secret //< token secret - used as 2st part of secret-key
++  ) attribute_deprecated;
++
++/**
++ * same as /ref oauth_sign_url
++ * with the url already split into parameter array
++ *
++ * @param argcp pointer to array length int
++ * @param argvp pointer to array values
++ * (argv[0]="http://example.org:80/" argv[1]="first=QueryParamater" ..)
++ *
++ * @param postargs This parameter points to an area where the return value
++ * is stored. If 'postargs' is NULL, no value is stored.
++ *
++ * @param method specify the signature method to use. It is of type
++ * \ref OAuthMethod and most likely \ref OA_HMAC.
++ *
++ * @param http_method The HTTP request method to use (ie "GET", "PUT",..)
++ * If NULL is given as 'http_method' this defaults to "GET" when
++ * 'postargs' is also NULL and when postargs is not NULL "POST" is used.
++ *
++ * @param c_key consumer key
++ * @param c_secret consumer secret
++ * @param t_key token key
++ * @param t_secret token secret
++ *
++ * @return the signed url or NULL if an error occurred.
++ */
++char *oauth_sign_array2 (int *argcp, char***argvp,
++  char **postargs,
++  OAuthMethod method,
++  const char *http_method, //< HTTP request method
++  const char *c_key, //< consumer key - posted plain text
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_key, //< token key - posted plain text in URL
++  const char *t_secret //< token secret - used as 2st part of secret-key
++  );
++
++/**
++ * @deprecated Use oauth_sign_array2() instead.
++ */
++char *oauth_sign_array (int *argcp, char***argvp,
++  char **postargs,
++  OAuthMethod method,
++  const char *c_key, //< consumer key - posted plain text
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_key, //< token key - posted plain text in URL
++  const char *t_secret //< token secret - used as 2st part of secret-key
++  ) attribute_deprecated;
++
++
++/**
++ * calculate body hash (sha1sum) of given file and return
++ * a oauth_body_hash=xxxx parameter to be added to the request.
++ * The returned string needs to be freed by the calling function.
++ *
++ * see
++ * http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html
++ *
++ * @param filename the filename to calculate the hash for
++ *
++ * @return URL oauth_body_hash parameter string
++ */
++char *oauth_body_hash_file(char *filename);
++
++/**
++ * calculate body hash (sha1sum) of given data and return
++ * a oauth_body_hash=xxxx parameter to be added to the request.
++ * The returned string needs to be freed by the calling function.
++ * The returned string is not yet url-escaped and suitable to be
++ * passed as argument to \ref oauth_catenc.
++ *
++ * see
++ * http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/drafts/4/spec.html
++ *
++ * @param length length of the data parameter in bytes
++ * @param data to calculate the hash for
++ *
++ * @return URL oauth_body_hash parameter string
++ */
++char *oauth_body_hash_data(size_t length, const char *data);
++
++/**
++ * base64 encode digest, free it and return a URL parameter
++ * with the oauth_body_hash. The returned hash needs to be freed by the
++ * calling function. The returned string is not yet url-escaped and
++ * thus suitable to be passed to \ref oauth_catenc.
++ *
++ * @param len length of the digest to encode
++ * @param digest hash value to encode
++ *
++ * @return URL oauth_body_hash parameter string
++ */
++char *oauth_body_hash_encode(size_t len, unsigned char *digest);
++
++/**
++ * xep-0235 - TODO
++ */
++char *oauth_sign_xmpp (const char *xml,
++  OAuthMethod method,
++  const char *c_secret, //< consumer secret - used as 1st part of secret-key
++  const char *t_secret //< token secret - used as 2st part of secret-key
++  );
++
++/**
++ * do a HTTP GET request, wait for it to finish
++ * and return the content of the reply.
++ * (requires libcurl or a command-line HTTP client)
++ *
++ * If compiled <b>without</b> libcurl this function calls
++ * a command-line executable defined in the environment variable
++ * OAUTH_HTTP_GET_CMD - it defaults to
++ * <tt>curl -sA 'liboauth-agent/0.1' '%%u'</tt>
++ * where %%u is replaced with the URL and query parameters.
++ *
++ * bash & wget example:
++ * <tt>export OAUTH_HTTP_CMD="wget -q -U 'liboauth-agent/0.1' '%%u' "</tt>
++ *
++ * WARNING: this is a tentative function. it's convenient and handy for testing
++ * or developing oAuth code. But don't rely on this function
++ * to become a stable part of this API. It does not do
++ * much error checking or handling for one thing..
++ *
++ * NOTE: \a u and \a q are just concatenated with a '?' in between,
++ * unless \a q is NULL. in which case only \a u will be used.
++ *
++ * @param u base url to get
++ * @param q query string to send along with the HTTP request or NULL.
++ * @return  In case of an error NULL is returned; otherwise a pointer to the
++ * replied content from HTTP server. latter needs to be freed by caller.
++ */
++char *oauth_http_get (const char *u, const char *q);
++
++
++/**
++ * do a HTTP POST request, wait for it to finish
++ * and return the content of the reply.
++ * (requires libcurl or a command-line HTTP client)
++ *
++ * If compiled <b>without</b> libcurl this function calls
++ * a command-line executable defined in the environment variable
++ * OAUTH_HTTP_CMD - it defaults to
++ * <tt>curl -sA 'liboauth-agent/0.1' -d '%%p' '%%u'</tt>
++ * where %%p is replaced with the postargs and %%u is replaced with
++ * the URL.
++ *
++ * bash & wget example:
++ * <tt>export OAUTH_HTTP_CMD="wget -q -U 'liboauth-agent/0.1' --post-data='%%p' '%%u' "</tt>
++ *
++ * NOTE: This function uses the curl's default HTTP-POST Content-Type:
++ * application/x-www-form-urlencoded which is the only option allowed
++ * by oauth core 1.0 spec. Experimental code can use the Environment variable
++ * to transmit custom HTTP headers or parameters.
++ *
++ * WARNING: this is a tentative function. it's convenient and handy for testing
++ * or developing oAuth code. But don't rely on this function
++ * to become a stable part of this API. It does not do
++ * much error checking for one thing..
++ *
++ * @param u url to query
++ * @param p postargs to send along with the HTTP request.
++ * @return replied content from HTTP server. needs to be freed by caller.
++ */
++char *oauth_http_post (const char *u, const char *p);
++
++/**
++ * http post raw data from file.
++ * the returned string needs to be freed by the caller
++ * (requires libcurl)
++ *
++ * see dislaimer: /ref oauth_http_post
++ *
++ * @param u url to retrieve
++ * @param fn filename of the file to post along
++ * @param len length of the file in bytes. set to '0' for autodetection
++ * @param customheader specify custom HTTP header (or NULL for default)
++ * @return returned HTTP reply or NULL on error
++ */
++char *oauth_post_file (const char *u, const char *fn, size_t len, const char *customheader);
++
++/**
++ * http post raw data
++ * the returned string needs to be freed by the caller
++ * (requires libcurl)
++ *
++ * see dislaimer: /ref oauth_http_post
++ *
++ * @param u url to retrieve
++ * @param data data to post
++ * @param len length of the data in bytes.
++ * @param customheader specify custom HTTP header (or NULL for default)
++ * @return returned HTTP reply or NULL on error
++ */
++char *oauth_post_data (const char *u, const char *data, size_t len, const char *customheader);
++
++#endif
++/* vi:set ts=8 sts=2 sw=2: */
 === added file 'couchdb-glib/oauth_http.c'
 --- couchdb-glib/oauth_http.c	1970-01-01 00:00:00 +0000
 +++ couchdb-glib/oauth_http.c	2009-09-04 09:28:53 +0000
@@ -0,0 +1,504 @@
++/*
++ * oAuth string functions in POSIX-C.
++ *
++ * Copyright 2007, 2008 Robin Gareus <robin@gareus.org>
++ *
++ * Permission is hereby granted, free of charge, to any person obtaining a copy
++ * of this software and associated documentation files (the "Software"), to deal
++ * in the Software without restriction, including without limitation the rights
++ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
++ * copies of the Software, and to permit persons to whom the Software is
++ * furnished to do so, subject to the following conditions:
++ *
++ * The above copyright notice and this permission notice shall be included in
++ * all copies or substantial portions of the Software.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
++ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
++ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
++ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
++ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
++ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
++ * THE SOFTWARE.
++ *
++ */
++#if HAVE_CONFIG_H
++# include <config.h>
++#endif
++
++#include <stdio.h>
++#include <stdarg.h>
++#include <stdlib.h>
++#include <string.h>
++
++#include "xmalloc.h"
++#include "oauth.h"
++
++#define OAUTH_USER_AGENT "liboauth-agent/" VERSION
++
++#ifdef HAVE_CURL
++#include <curl/curl.h>
++#include <sys/stat.h>
++
++struct MemoryStruct {
++  char *data;
++  size_t size;
++};
++
++static size_t
++WriteMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data) {
++  size_t realsize = size * nmemb;
++  struct MemoryStruct *mem = (struct MemoryStruct *)data;
++
++  mem->data = (char *)xrealloc(mem->data, mem->size + realsize + 1);
++  if (mem->data) {
++    memcpy(&(mem->data[mem->size]), ptr, realsize);
++    mem->size += realsize;
++    mem->data[mem->size] = 0;
++  }
++  return realsize;
++}
++
++static size_t
++ReadMemoryCallback(void *ptr, size_t size, size_t nmemb, void *data) {
++  struct MemoryStruct *mem = (struct MemoryStruct *)data;
++  size_t realsize = size * nmemb;
++  if (realsize > mem->size) realsize = mem->size;
++  memcpy(ptr, mem->data, realsize);
++  mem->size -= realsize;
++  mem->data += realsize;
++  return realsize;
++}
++
++/**
++ * cURL http post function.
++ * the returned string (if not NULL) needs to be freed by the caller
++ *
++ * @param u url to retrieve
++ * @param p post parameters
++ * @return returned HTTP
++ */
++char *oauth_curl_post (const char *u, const char *p) {
++  CURL *curl;
++  CURLcode res;
++
++  struct MemoryStruct chunk;
++  chunk.data=NULL;
++  chunk.size = 0;
++
++  curl = curl_easy_init();
++  if(!curl) return NULL;
++  curl_easy_setopt(curl, CURLOPT_URL, u);
++  curl_easy_setopt(curl, CURLOPT_POSTFIELDS, p);
++  curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk);
++  curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
++  curl_easy_setopt(curl, CURLOPT_USERAGENT, OAUTH_USER_AGENT);
++  res = curl_easy_perform(curl);
++  if (res) {
++    return NULL;
++  }
++
++  curl_easy_cleanup(curl);
++  return (chunk.data);
++}
++
++/**
++ * cURL http get function.
++ * the returned string (if not NULL) needs to be freed by the caller
++ *
++ * @param u url to retrieve
++ * @param q optional query parameters
++ * @return returned HTTP
++ */
++char *oauth_curl_get (const char *u, const char *q) {
++  CURL *curl;
++  CURLcode res;
++  char *t1=NULL;
++  struct MemoryStruct chunk;
++
++  if (q) {
++    t1=xmalloc(sizeof(char)*(strlen(u)+strlen(q)+2));
++    strcat(t1,u); strcat(t1,"?"); strcat(t1,q);
++  }
++
++  chunk.data=NULL;
++  chunk.size = 0;
++
++  curl = curl_easy_init();
++  if(!curl) return NULL;
++  curl_easy_setopt(curl, CURLOPT_URL, q?t1:u);
++  curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk);
++  curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
++  curl_easy_setopt(curl, CURLOPT_USERAGENT, OAUTH_USER_AGENT);
++  res = curl_easy_perform(curl);
++  if (q) free(t1);
++  if (res) {
++    return NULL;
++  }
++
++  curl_easy_cleanup(curl);
++  return (chunk.data);
++}
++
++/**
++ * cURL http post raw data from file.
++ * the returned string needs to be freed by the caller
++ *
++ * @param u url to retrieve
++ * @param fn filename of the file to post along
++ * @param len length of the file in bytes. set to '0' for autodetection
++ * @param customheader specify custom HTTP header (or NULL for default)
++ * @return returned HTTP or NULL on error
++ */
++char *oauth_curl_post_file (const char *u, const char *fn, size_t len, const char *customheader) {
++  CURL *curl;
++  CURLcode res;
++  struct curl_slist *slist=NULL;
++  struct MemoryStruct chunk;
++  FILE *f;
++
++  chunk.data=NULL;
++  chunk.size=0;
++
++  if (customheader)
++    slist = curl_slist_append(slist, customheader);
++  else
++    slist = curl_slist_append(slist, "Content-Type: image/jpeg;");
++
++  if (!len) {
++    struct stat statbuf;
++    if (stat(fn, &statbuf) == -1) return(NULL);
++    len = statbuf.st_size;
++  }
++
++  f = fopen(fn,"r");
++  if (!f) return NULL;
++
++  curl = curl_easy_init();
++  if(!curl) return NULL;
++  curl_easy_setopt(curl, CURLOPT_URL, u);
++  curl_easy_setopt(curl, CURLOPT_POST, 1);
++  curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, len);
++  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist);
++  curl_easy_setopt(curl, CURLOPT_READDATA, f);
++  curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk);
++  curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
++  curl_easy_setopt(curl, CURLOPT_USERAGENT, OAUTH_USER_AGENT);
++  res = curl_easy_perform(curl);
++  if (res) {
++    // error
++    return NULL;
++  }
++  fclose(f);
++
++  curl_easy_cleanup(curl);
++  return (chunk.data);
++}
++
++/**
++ * http post raw data.
++ * the returned string needs to be freed by the caller
++ *
++ * more documentation in oauth.h
++ *
++ * @param u url to retrieve
++ * @param data data to post along
++ * @param len length of the file in bytes. set to '0' for autodetection
++ * @param customheader specify custom HTTP header (or NULL for default)
++ * @return returned HTTP reply or NULL on error
++ */
++char *oauth_curl_post_data (const char *u, const char *data, size_t len, const char *customheader) {
++  CURL *curl;
++  CURLcode res;
++  struct curl_slist *slist=NULL;
++  struct MemoryStruct chunk;
++  struct MemoryStruct rdnfo;
++
++  chunk.data=NULL;
++  chunk.size=0;
++  rdnfo.data=(char *)data;
++  rdnfo.size=len;
++
++  if (customheader)
++    slist = curl_slist_append(slist, customheader);
++  else
++    slist = curl_slist_append(slist, "Content-Type: image/jpeg;");
++
++  curl = curl_easy_init();
++  if(!curl) return NULL;
++  curl_easy_setopt(curl, CURLOPT_URL, u);
++  curl_easy_setopt(curl, CURLOPT_POST, 1);
++  curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, len);
++  curl_easy_setopt(curl, CURLOPT_HTTPHEADER, slist);
++  curl_easy_setopt(curl, CURLOPT_READDATA, (void *)&rdnfo);
++  curl_easy_setopt(curl, CURLOPT_READFUNCTION, ReadMemoryCallback);
++  curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&chunk);
++  curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, WriteMemoryCallback);
++  curl_easy_setopt(curl, CURLOPT_USERAGENT, OAUTH_USER_AGENT);
++  res = curl_easy_perform(curl);
++  if (res) {
++    // error
++    return NULL;
++  }
++
++  curl_easy_cleanup(curl);
++  return (chunk.data);
++}
++#endif // no cURL.
++
++// command line presets and ENV variable name
++#define _OAUTH_ENV_HTTPCMD "OAUTH_HTTP_CMD"
++#define _OAUTH_DEF_HTTPCMD "curl -sA '"OAUTH_USER_AGENT"' -d '%p' '%u' "
++// alternative: "wget -q -U 'liboauth-agent/0.1' --post-data='%p' '%u' "
++
++#define _OAUTH_ENV_HTTPGET "OAUTH_HTTP_GET_CMD"
++#define _OAUTH_DEF_HTTPGET "curl -sA '"OAUTH_USER_AGENT"' '%u' "
++// alternative: "wget -q -U 'liboauth-agent/0.1' '%u' "
++
++#include <stdio.h>
++
++/**
++ *  escape URL for use in String Quotes (aka shell single quotes).
++ *  the returned string needs to be free()d by the calling function
++ *
++ * WARNING: this function only escapes single-quotes (')
++ *
++ *
++ * RFC2396 defines the following
++ *  reserved    = ";" | "/" | "?" | ":" | "@" | "&" | "=" | "+" | "$" | ","
++ *  besides alphanum the following are allowed as unreserved:
++ *  mark        = "-" | "_" | "." | "!" | "~" | "*" | "'" | "(" | ")"
++ *
++ *  checking  `echo '-_.!~*()'` it seems we
++ *  just need to escape the tick (') itself from "'" to "'\''"
++ *
++ *  In C shell, the "!" character may need a backslash before it.
++ *  It depends on the characters next to it. If it is surrounded by spaces,
++ *  you don't need to use a backslash.
++ *  (here: we'd always need to escape it for c shell)
++ * @todo: escape  '!' for c-shell curl/wget commandlines
++ *
++ * @param cmd URI string or parameter to be escaped
++ * @return escaped parameter
++ */
++char *oauth_escape_shell (const char *cmd) {
++  char *esc = xstrdup(cmd);
++  char *tmp = esc;
++  int idx;
++  while ((tmp=strchr(tmp,'\''))) {
++    idx = tmp-esc;
++    esc=xrealloc(esc,(strlen(esc)+5)*sizeof(char));
++    memmove(esc+idx+4,esc+idx+1, strlen(esc+idx));
++    esc[idx+1]='\\'; esc[idx+2]='\''; esc[idx+3]='\'';
++    tmp=esc+(idx+4);
++  }
++
++// TODO escape '!' if CSHELL ?!
++
++  return esc;
++}
++
++/**
++ * execute command via shell and return it's output.
++ * This is used to call 'curl' or 'wget'.
++ * the command is uses <em>as is</em> and needs to be propery escaped.
++ *
++ * @param cmd the commandline to execute
++ * @return stdout string that needs to be freed or NULL if there's no output
++ */
++char *oauth_exec_shell (const char *cmd) {
++#ifdef DEBUG_OAUTH
++  printf("DEBUG: executing: %s\n",cmd);
++#endif
++  FILE *in = popen (cmd, "r");
++  size_t len = 0;
++  size_t alloc = 0;
++  char *data = NULL;
++  int rcv = 1;
++  while (in && rcv > 0 && !feof(in)) {
++    alloc +=1024;
++    data = xrealloc(data, alloc * sizeof(char));
++    rcv = fread(data, sizeof(char), 1024, in);
++    len += rcv;
++  }
++  pclose(in);
++#ifdef DEBUG_OAUTH
++  printf("DEBUG: read %i bytes\n",len);
++#endif
++  data[len]=0;
++#ifdef DEBUG_OAUTH
++  if (data) printf("DEBUG: return: %s\n",data);
++  else printf("DEBUG: NULL data\n");
++#endif
++  return (data);
++}
++
++/**
++ * send POST via a command line HTTP client,  wait for it to finish
++ * and return the content of the reply. requires a command-line HTTP client
++ *
++ * see \ref  oauth_http_post
++ *
++ * @param u url to query
++ * @param p postargs to send along with the HTTP request.
++ * @return  In case of an error NULL is returned; otherwise a pointer to the
++ * replied content from HTTP server. latter needs to be freed by caller.
++ */
++char *oauth_exec_post (const char *u, const char *p) {
++  char cmd[BUFSIZ];
++  char *t1,*t2;
++  char *cmdtpl = getenv(_OAUTH_ENV_HTTPCMD);
++  if (!cmdtpl) cmdtpl = xstrdup (_OAUTH_DEF_HTTPCMD);
++  else cmdtpl = xstrdup (cmdtpl); // clone getenv() string.
++
++  // add URL and post param - error if no '%p' or '%u' present in definition
++  t1=strstr(cmdtpl, "%p");
++  t2=strstr(cmdtpl, "%u");
++  if (!t1 || !t2) {
++	fprintf(stderr, "\nliboauth: invalid HTTP command. set the '%s' environement variable.\n\n",_OAUTH_ENV_HTTPCMD);
++	return(NULL);
++  }
++  // TODO: check if there are exactly two '%' in cmdtpl
++  *(++t1)= 's'; *(++t2)= 's';
++  if (t1>t2) {
++    t1=oauth_escape_shell(u);
++    t2=oauth_escape_shell(p);
++  } else {
++    t1=oauth_escape_shell(p);
++    t2=oauth_escape_shell(u);
++  }
++  snprintf(cmd, BUFSIZ, cmdtpl, t1, t2);
++  free(cmdtpl);
++  free(t1); free(t2);
++  return oauth_exec_shell(cmd);
++}
++
++/**
++ * send GET via a command line HTTP client
++ * and return the content of the reply..
++ * requires a command-line HTTP client.
++ *
++ * Note: u and q are just concatenated with a '?' in between unless q is NULL. in which case only u will be used.
++ *
++ * see \ref  oauth_http_get
++ *
++ * @param u base url to get
++ * @param q query string to send along with the HTTP request.
++ * @return  In case of an error NULL is returned; otherwise a pointer to the
++ * replied content from HTTP server. latter needs to be freed by caller.
++ */
++char *oauth_exec_get (const char *u, const char *q) {
++  char cmd[BUFSIZ];
++  char *cmdtpl, *t1, *e1;
++
++  if (!u) return (NULL);
++
++  cmdtpl = getenv(_OAUTH_ENV_HTTPGET);
++  if (!cmdtpl) cmdtpl = xstrdup (_OAUTH_DEF_HTTPGET);
++  else cmdtpl = xstrdup (cmdtpl); // clone getenv() string.
++
++  // add URL and post param - error if no '%p' or '%u' present in definition
++  t1=strstr(cmdtpl, "%u");
++  if (!t1) {
++	fprintf(stderr, "\nliboauth: invalid HTTP command. set the '%s' environement variable.\n\n",_OAUTH_ENV_HTTPGET);
++	return(NULL);
++  }
++  *(++t1)= 's';
++
++  e1 = oauth_escape_shell(u);
++  if (q) {
++    char *e2;
++    e2 = oauth_escape_shell(q);
++    t1=xmalloc(sizeof(char)*(strlen(e1)+strlen(e2)+2));
++    strcat(t1,e1); strcat(t1,"?"); strcat(t1,e2);
++    free(e2);
++  }
++  snprintf(cmd, BUFSIZ, cmdtpl, q?t1:e1);
++  free(cmdtpl);
++  free(e1);
++  if (q) free(t1);
++  return oauth_exec_shell(cmd);
++}
++
++/**
++ * do a HTTP GET request, wait for it to finish
++ * and return the content of the reply.
++ * (requires libcurl or a command-line HTTP client)
++ *
++ * more documentation in oauth.h
++ *
++ * @param u base url to get
++ * @param q query string to send along with the HTTP request or NULL.
++ * @return  In case of an error NULL is returned; otherwise a pointer to the
++ * replied content from HTTP server. latter needs to be freed by caller.
++ */
++char *oauth_http_get (const char *u, const char *q) {
++#ifdef HAVE_CURL
++  return oauth_curl_get(u,q);
++#else // no cURL.
++  return oauth_exec_get(u,q);
++#endif
++}
++
++/**
++ * do a HTTP POST request, wait for it to finish
++ * and return the content of the reply.
++ * (requires libcurl or a command-line HTTP client)
++ *
++ * more documentation in oauth.h
++ *
++ * @param u url to query
++ * @param p postargs to send along with the HTTP request.
++ * @return  In case of an error NULL is returned; otherwise a pointer to the
++ * replied content from HTTP server. latter needs to be freed by caller.
++ */
++char *oauth_http_post (const char *u, const char *p) {
++#ifdef HAVE_CURL
++  return oauth_curl_post(u,p);
++#else // no cURL.
++  return oauth_exec_post(u,p);
++#endif
++}
++
++/**
++ * http post raw data from file.
++ * the returned string needs to be freed by the caller
++ *
++ * more documentation in oauth.h
++ *
++ * @param u url to retrieve
++ * @param fn filename of the file to post along
++ * @param len length of the file in bytes. set to '0' for autodetection
++ * @param customheader specify custom HTTP header (or NULL for default)
++ * @return returned HTTP reply or NULL on error
++ */
++char *oauth_post_file (const char *u, const char *fn, const size_t len, const char *customheader){
++#ifdef HAVE_CURL
++  return oauth_curl_post_file (u, fn, len, customheader);
++#else
++  fprintf(stderr, "\nliboauth: oauth_post_file requires libcurl. libcurl is not available.\n\n");
++  return (NULL);
++#endif
++}
++
++/**
++ * http post raw data.
++ * the returned string needs to be freed by the caller
++ *
++ * more documentation in oauth.h
++ *
++ * @param u url to retrieve
++ * @param data data to post along
++ * @param len length of the file in bytes. set to '0' for autodetection
++ * @param customheader specify custom HTTP header (or NULL for default)
++ * @return returned HTTP reply or NULL on error
++ */
++char *oauth_post_data (const char *u, const char *data, size_t len, const char *customheader) {
++#ifdef HAVE_CURL
++  return oauth_curl_post_data (u, data, len, customheader);
++#else
++  fprintf(stderr, "\nliboauth: oauth_post_data requires libcurl. libcurl is not available.\n\n");
++  return (NULL);
++#endif
++}
++/* vi:set ts=8 sts=2 sw=2: */
 === modified file 'couchdb-glib/utils.c'
 --- couchdb-glib/utils.c	2009-08-17 22:26:51 +0000
 +++ couchdb-glib/utils.c	2009-09-04 09:28:53 +0000
@@ -24,6 +24,10 @@
  #include <libsoup/soup-session-async.h>
  #include "couchdb-glib.h"
  #include "utils.h"
++#ifdef HAVE_OAUTH
++#include <time.h>
++#include "oauth.h"
++#endif
  static JsonParser *
  parse_json_response (SoupMessage *http_message, GError **error)
@@ -72,6 +76,41 @@
  	return error;
+ }
++#ifdef HAVE_OAUTH
++static void
++add_oauth_signature (CouchDB *couchdb, SoupMessage *http_message, const char *method, const char *url)
++{
++	char *signature;;
++
++	signature = oauth_sign_url2 (url, NULL, OA_HMAC, method,
++				     couchdb->oauth_consumer_key,
++				     couchdb->oauth_consumer_secret,
++				     couchdb->oauth_token_key,
++				     couchdb->oauth_token_secret);
++	if (signature != NULL) {
++		char *header, *nonce;
++
++		nonce = oauth_gen_nonce ();
++		header = g_strdup_printf ("OAuth realm = \"\", oauth_version=\"1.0\", "
++					  "oauth_signature=\"%s\", oauth_token=\"%s\", "
++					  "oauth_nonce=\"%s\", oauth_timestamp=\"%ld\", "
++					  "oauth_signature_method=\"HMAC-SHA1\", "
++					  "oauth_consumer_key=\"%s\", oauth_verifier=\"None\", "
++					  "oauth_callback=\"None\"",
++					  signature,
++			                  couchdb->oauth_token_key,
++					  nonce,
++					  time (NULL),
++					  couchdb->oauth_consumer_key);
++		soup_message_headers_append (http_message->request_headers, "Authorization", header);
++
++		g_free (header);
++		free (nonce);
++		free (signature);
++	}
++}
++#endif
++
  JsonParser *
  send_message_and_parse (CouchDB *couchdb, const char *method, const char *url, const char *body, GError **error)
+ {
@@ -85,12 +124,17 @@
  					  body, strlen (body));
+ 	}
++#ifdef HAVE_OAUTH
++	if (couchdb->oauth_enabled)
++		add_oauth_signature (couchdb, http_message, method, url);
++#endif
++
  	g_debug ("Sending %s to %s...", method, url);
  	status = soup_session_send_message (couchdb->http_session, http_message);
  	if (SOUP_STATUS_IS_SUCCESSFUL (status)) {
  	       	parser = parse_json_response (http_message, error);
  	} else {
--		g_set_error (error, COUCHDB_ERROR, status, http_message->reason_phrase);
++		g_set_error (error, COUCHDB_ERROR, status, "%s", http_message->reason_phrase);
+ 	}
  	return parser;
 === modified file 'couchdb-glib/utils.h'
 --- couchdb-glib/utils.h	2009-08-31 15:48:46 +0000
 +++ couchdb-glib/utils.h	2009-09-04 09:28:53 +0000
@@ -22,6 +22,7 @@
  #ifndef __UTILS_H__
  #define __UTILS_H__
++#include "config.h"
  #include <libsoup/soup-session-async.h>
  #include <json-glib/json-glib.h>
@@ -32,6 +33,14 @@
  	SoupSession *http_session;
  	GHashTable *db_watchlist;
++
++#ifdef HAVE_OAUTH
++	gboolean oauth_enabled;
++	char *oauth_consumer_key;
++	char *oauth_consumer_secret;
++	char *oauth_token_key;
++	char *oauth_token_secret;
++#endif
  };
  struct _CouchDBDocument {
 === added file 'couchdb-glib/xmalloc.c'
 --- couchdb-glib/xmalloc.c	1970-01-01 00:00:00 +0000
 +++ couchdb-glib/xmalloc.c	2009-09-04 09:28:53 +0000
@@ -0,0 +1,151 @@
++/* xmalloc.c -- malloc with out of memory checking
++   Copyright (C) 1990, 91, 92, 93, 94, 95, 96, 99 Free Software Foundation, Inc.
++
++   This program is free software; you can redistribute it and/or modify
++   it under the terms of the GNU General Public License as published by
++   the Free Software Foundation; either version 2, or (at your option)
++   any later version.
++
++   This program is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++   GNU General Public License for more details.
++
++   You should have received a copy of the GNU General Public License
++   along with this program; if not, write to the Free Software Foundation,
++   Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
++
++#if HAVE_CONFIG_H
++# include <config.h>
++#endif
++
++#ifndef USE_LGPL
++// TODO better use #define in header file?!
++#include <string.h>
++#include <stdlib.h>
++void *xmalloc (size_t n) {return malloc(n);}
++void *xcalloc (size_t n, size_t s) {return calloc(n,s);}
++void *xrealloc (void *p, size_t n) {return realloc(p,n);}
++char *xstrdup (const char *p) {return strdup(p);}
++
++#else // LGPL LICENSED CODE
++#if __STDC__
++# define VOID void
++#else
++# define VOID char
++#endif
++
++#include <stdio.h>		/* for stderr */
++
++#if STDC_HEADERS
++
++#include <sys/types.h>
++#include <string.h>		/* for strlen etc. */
++#include <stdlib.h>
++
++#else  /* !STDC_HEADERS */
++
++extern size_t strlen ();
++extern char *strcpy ();
++
++VOID *calloc ();
++VOID *malloc ();
++VOID *realloc ();
++void free ();
++#endif
++
++#if ENABLE_NLS
++# include <libintl.h>
++# define _(Text) gettext (Text)
++#else
++# define textdomain(Domain)
++# define _(Text) Text
++#endif
++
++/* Prototypes for functions defined here.  */
++#if defined (__STDC__) && __STDC__
++static VOID *fixup_null_alloc (size_t n);
++VOID *xmalloc (size_t n);
++VOID *xcalloc (size_t n, size_t s);
++VOID *xrealloc (VOID *p, size_t n);
++char *xstrdup (const char *p);
++#endif
++
++
++static VOID *
++fixup_null_alloc (n)
++     size_t n;
++{
++  VOID *p;
++
++  p = 0;
++  if (n == 0)
++    p = malloc ((size_t) 1);
++  if (p == 0)
++    {
++      /* possible revisions: release some memory and re-try, print
++	 more information (e.g. line number of input file) */
++      fprintf(stderr, _("liboauth: Memory exhausted"));
++      exit(1);
++    }
++  return p;
++}
++
++/* Allocate N bytes of memory dynamically, with error checking.  */
++
++VOID *
++xmalloc (n)
++     size_t n;
++{
++  VOID *p;
++
++  p = malloc (n);
++  if (p == 0)
++    p = fixup_null_alloc (n);
++  return p;
++}
++
++/* Allocate memory for N elements of S bytes, with error checking.  */
++
++VOID *
++xcalloc (n, s)
++     size_t n, s;
++{
++  VOID *p;
++
++  p = calloc (n, s);
++  if (p == 0)
++    p = fixup_null_alloc (n);
++  return p;
++}
++
++/* Change the size of an allocated block of memory P to N bytes,
++   with error checking.
++   If P is NULL, run xmalloc.  */
++
++VOID *
++xrealloc (p, n)
++     VOID *p;
++     size_t n;
++{
++  if (p == 0)
++    return xmalloc (n);
++  p = realloc (p, n);
++  if (p == 0)
++    p = fixup_null_alloc (n);
++  return p;
++}
++
++/* Make a copy of a string in a newly allocated block of memory. */
++
++char *
++xstrdup (str)
++     const char *str;
++{
++  VOID *p;
++
++  p = xmalloc (strlen (str) + 1);
++  strcpy (p, str);
++  return p;
++}
++#endif
 === added file 'couchdb-glib/xmalloc.h'
 --- couchdb-glib/xmalloc.h	1970-01-01 00:00:00 +0000
 +++ couchdb-glib/xmalloc.h	2009-09-04 09:28:53 +0000
@@ -0,0 +1,12 @@
++/* Prototypes for functions defined in xmalloc.c  */
++
++void *xmalloc (size_t n);
++void *xcalloc (size_t n, size_t s);
++void *xrealloc (void *p, size_t n);
++char *xstrdup (const char *p);
++
++/* POSIX prototypes - avoid compiler warnings with '-posix' */
++int strncasecmp(const char *s1, const char *s2, size_t n);
++int snprintf(char *str, size_t size, const char *format, ...);
++FILE *popen(const char *command, const char *type);
++int pclose(FILE *stream);
 === modified file 'tests/Makefile.am'
 --- tests/Makefile.am	2009-08-05 14:32:15 +0000
 +++ tests/Makefile.am	2009-09-04 09:28:53 +0000
@@ -9,12 +9,14 @@
  test_list_databases_SOURCES = test-list-databases.c
  test_list_databases_LDADD = 	\
  	$(COUCHDB_GLIB_LIBS)	\
++	$(OAUTH_LIBS)		\
  	-luuid			\
  	$(top_builddir)/couchdb-glib/libcouchdb-glib-1.0.la
  test_couchdb_glib_SOURCES = test-couchdb-glib.c
  test_couchdb_glib_LDADD = 	\
  	$(COUCHDB_GLIB_LIBS)	\
++	$(OAUTH_LIBS)		\
  	-luuid			\
  	$(top_builddir)/couchdb-glib/libcouchdb-glib-1.0.la