added support for RSA-SHA1 signatures

LittleCodeGeek · LittleCodeGeek · commit 57d747ebccdb · 2017-12-16T09:46:30.000-05:00
diff --git a/lib/passport-http-oauth/strategies/consumer.js b/lib/passport-http-oauth/strategies/consumer.js
@@ -302,6 +302,14 @@ ConsumerStrategy.prototype.authenticate = function(req) {
         if (tokenSecret) { key += utils.encode(tokenSecret); }
         var computedSignature = utils.hmacsha256(key, base);
 
+        if (signature !== computedSignature) {
+          return self.fail(self._challenge('signature_invalid'));
+        }
+      } else if (signatureMethod === 'RSA-SHA1') {
+        var key = utils.encode(consumerSecret) + '&';
+        if (tokenSecret) { key += utils.encode(tokenSecret); }
+        var computedSignature = utils.rsasha1(key, base);
+
         if (signature !== computedSignature) {
           return self.fail(self._challenge('signature_invalid'));
         }
diff --git a/lib/passport-http-oauth/strategies/utils.js b/lib/passport-http-oauth/strategies/utils.js
@@ -198,6 +198,18 @@ exports.hmacsha256 = function(key, text) {
   return crypto.createHmac('sha256', key).update(text).digest('base64')
 }
 
+/**
+ * Generate RSA-SHA1 signature.
+ *
+ * @param {String} key
+ * @param {String} text
+ * @return {String}
+ * @api private
+ */
+exports.rsasha1 = function(key, text) {
+  return crypto.createSign('RSA-SHA1').update(text).sign(key, 'base64')
+}
+
 /**
  * Generate PLAINTEXT signature.
  *
