Add support for v01 MAC tokens

3 files changed, 52 insertions, 13 deletions

diff --git a/oauthlib/oauth2/draft25/__init__.py b/oauthlib/oauth2/draft25/__init__.py
index 99794a9..e224337 100644
--- a/oauthlib/oauth2/draft25/__init__.py
+++ b/oauthlib/oauth2/draft25/__init__.py
@@ -32,6 +32,8 @@ class Client(object):
             token_type='Bearer',
             access_token=None,
             refresh_token=None,
+            mac_key=None,
+            mac_algorithm=None,
             **kwargs):
         """Initialize a client with commonly used attributes."""
 
@@ -40,6 +42,8 @@ class Client(object):
         self.token_type = token_type
         self.access_token = access_token
         self.refresh_token = refresh_token
+        self.mac_key = mac_key
+        self.mac_algorithm = mac_algorithm
 
     @property
     def token_types(self):
@@ -58,7 +62,7 @@ class Client(object):
         }
 
     def add_token(self, uri, http_method='GET', body=None, headers=None,
-            token_placement=None):
+            token_placement=None, **kwargs):
         """Add token to the request uri, body or authorization header.
 
         The access token type provides the client with the information
@@ -97,7 +101,7 @@ class Client(object):
             raise ValueError("Missing access token.")
 
         return self.token_types[self.token_type](uri, http_method, body,
-                    headers, token_placement)
+                    headers, token_placement, **kwargs)
 
     def prepare_refresh_body(self, body='', refresh_token=None, scope=None):
         """Prepare an access token request, using a refresh token.
@@ -139,14 +143,14 @@ class Client(object):
         return uri, headers, body
 
     def _add_mac_token(self, uri, http_method='GET', body=None,
-            headers=None, token_placement=AUTH_HEADER):
+            headers=None, token_placement=AUTH_HEADER, ext=None, **kwargs):
         """Add a MAC token to the request authorization header.
 
         Warning: MAC token support is experimental as the spec is not yet stable.
         """
-        headers = prepare_mac_header(self.access_token, uri, self.key, http_method,
-                        headers=headers, body=body, ext=self.ext,
-                        hash_algorithm=self.hash_algorithm)
+        headers = prepare_mac_header(self.access_token, uri, self.mac_key, http_method,
+                        headers=headers, body=body, ext=ext,
+                        hash_algorithm=self.mac_algorithm, **kwargs)
         return uri, headers, body
 
     def _populate_attributes(self, response):
@@ -167,6 +171,12 @@ class Client(object):
         if 'code' in response:
             self.code = response.get('code')
 
+        if 'mac_key' in response:
+            self.mac_key = response.get('mac_key')
+
+        if 'mac_algorithm' in response:
+            self.mac_algorithm = response.get('mac_algorithm')
+
     def prepare_request_uri(self, *args, **kwargs):
         """Abstract method used to create request URIs."""
         raise NotImplementedError("Must be implemented by inheriting classes.")
diff --git a/oauthlib/oauth2/draft25/tokens.py b/oauthlib/oauth2/draft25/tokens.py
index 1fc719f..cb58036 100644
--- a/oauthlib/oauth2/draft25/tokens.py
+++ b/oauthlib/oauth2/draft25/tokens.py
@@ -10,6 +10,7 @@ This module contains methods for adding two types of access tokens to requests.
 
 """
 from binascii import b2a_base64
+import datetime
 import hashlib
 import hmac
 try:
@@ -18,11 +19,13 @@ except ImportError:
     from urllib.parse import urlparse
 
 from oauthlib.common import add_params_to_uri, add_params_to_qs, unicode_type
+from oauthlib import common
 from . import utils
 
 
 def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None,
-        body=None, ext='', hash_algorithm='hmac-sha-1'):
+        body=None, ext='', hash_algorithm='hmac-sha-1', issue_time=None,
+        draft=0):
     """Add an `MAC Access Authentication`_ signature to headers.
 
     Unlike OAuth 1, this HMAC signature does not require inclusion of the request
@@ -46,6 +49,8 @@ def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None,
     :param http_method: HTTP Request method.
     :param key: MAC given provided by token endpoint.
     :param algorithm: HMAC algorithm provided by token endpoint.
+    :param issue_time: Time when the MAC credentials were issues as a datetime object.
+    :param draft: MAC authentication specification version.
     :return: headers dictionary with the authorization field added.
     """
     http_method = http_method.upper()
@@ -53,10 +58,18 @@ def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None,
 
     if hash_algorithm.lower() == 'hmac-sha-1':
         h = hashlib.sha1
-    else:
+    elif hash_algorithm.lower() == 'hmac-sha-256':
         h = hashlib.sha256
+    else:
+        raise ValueError('unknown hash algorithm')
+
+    if draft == 0:
+        nonce = nonce or '{0}:{1}'.format(utils.generate_age(issue_time),
+                                          common.generate_nonce())
+    else:
+        ts = common.generate_timestamp()
+        nonce = common.generate_nonce()
 
-    nonce = nonce or '{0}:{1}'.format(utils.generate_nonce(), utils.generate_timestamp())
     sch, net, path, par, query, fra = urlparse(uri)
 
     if query:
@@ -65,20 +78,25 @@ def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None,
         request_uri = path
 
     # Hash the body/payload
-    if body is not None:
+    if body is not None and draft == 0:
         bodyhash = b2a_base64(h(body.encode('utf-8')).digest())[:-1].decode('utf-8')
     else:
         bodyhash = ''
 
     # Create the normalized base string
     base = []
-    base.append(nonce)
+    if draft == 0:
+        base.append(nonce)
+    else:
+        base.append(ts)
+        base.append(nonce)
     base.append(http_method.upper())
     base.append(request_uri)
     base.append(host)
     base.append(port)
-    base.append(bodyhash)
-    base.append(ext)
+    if draft == 0:
+        base.append(bodyhash)
+    base.append(ext or '')
     base_string = '\n'.join(base) + '\n'
 
     # hmac struggles with unicode strings - http://bugs.python.org/issue5285
@@ -89,6 +107,8 @@ def prepare_mac_header(token, uri, key, http_method, nonce=None, headers=None,
 
     header = []
     header.append('MAC id="%s"' % token)
+    if draft != 0:
+        header.append('ts="%s"' % ts)
     header.append('nonce="%s"' % nonce)
     if bodyhash:
         header.append('bodyhash="%s"' % bodyhash)
diff --git a/oauthlib/oauth2/draft25/utils.py b/oauthlib/oauth2/draft25/utils.py
index fdc4859..82cd8a0 100644
--- a/oauthlib/oauth2/draft25/utils.py
+++ b/oauthlib/oauth2/draft25/utils.py
@@ -8,6 +8,7 @@ oauthlib.utils
 This module contains utility methods used by various parts of the OAuth 2 spec.
 """
 
+import datetime
 try:
     from urllib import quote
 except ImportError:
@@ -65,3 +66,11 @@ def escape(u):
     if not isinstance(u, unicode_type):
         raise ValueError('Only unicode objects are escapable.')
     return quote(u.encode('utf-8'), safe=b'~')
+
+
+def generate_age(issue_time):
+    """Generate a age parameter for MAC authentication draft 00."""
+    td = datetime.datetime.now() - issue_time
+    age = (td.microseconds + (td.seconds + td.days * 24 * 3600) * 10**6) / 10**6
+    return unicode_type(age)
+