diff --git a/src/o0globals.h b/src/o0globals.h index d93e48f..71a0fa2 100644 --- a/src/o0globals.h +++ b/src/o0globals.h @@ -60,6 +60,7 @@ const char O2_OAUTH2_INTERVAL[] = "interval"; // OAuth signature types const char O2_SIGNATURE_TYPE_HMAC_SHA1[] = "HMAC-SHA1"; +const char O2_SIGNATURE_TYPE_HMAC_SHA256[] = "HMAC-SHA256"; const char O2_SIGNATURE_TYPE_PLAINTEXT[] = "PLAINTEXT"; // Parameter values diff --git a/src/o1.cpp b/src/o1.cpp index 999072a..10e88e6 100644 --- a/src/o1.cpp +++ b/src/o1.cpp @@ -27,7 +27,7 @@ #include "o0settingsstore.h" O1::O1(QObject *parent, QNetworkAccessManager *manager, O0AbstractStore *store): O0BaseAuth(parent, store) { - setSignatureMethod(O2_SIGNATURE_TYPE_HMAC_SHA1); + setSignatureMethod(O2_SIGNATURE_TYPE_HMAC_SHA256); manager_ = manager ? manager : new QNetworkAccessManager(this); qRegisterMetaType("QNetworkReply::NetworkError"); @@ -164,7 +164,7 @@ QByteArray O1::sign(const QList &oauthParams, const QList= 0x050100 - return QMessageAuthenticationCode::hash(baseString, secret, QCryptographicHash::Sha1).toBase64(); + return QMessageAuthenticationCode::hash(baseString, secret, QCryptographicHash::Sha256).toBase64(); #else return hmacSha1(secret, baseString); #endif @@ -202,7 +202,7 @@ void O1::decorateRequest(QNetworkRequest &req, const QList & QByteArray O1::generateSignature(const QList headers, const QNetworkRequest &req, const QList &signingParameters, QNetworkAccessManager::Operation operation) { QByteArray signature; - if (signatureMethod() == O2_SIGNATURE_TYPE_HMAC_SHA1) { + if (signatureMethod() == O2_SIGNATURE_TYPE_HMAC_SHA256) { signature = sign(headers, signingParameters, req.url(), operation, clientSecret(), tokenSecret()); } else if (signatureMethod() == O2_SIGNATURE_TYPE_PLAINTEXT) { signature = clientSecret().toLatin1() + "&" + tokenSecret().toLatin1();