on getNonce () {
	<<Changes
		<<2/11/09; 7:24:02 PM by DW
			<<Created. Nonce means number used once, however it seems that OAuth wants them to be strings. Also the strings must only be unique for a specific timeframe, but they don't say what the timeframe is. With a 10 character random string of alpha and numeric characters, the chances are slim we'll ever repeat a string, even without a timeframe.
	return (string.getrandompassword (10))}
<<bundle //test code
	<<local (i, tc = clock.ticks ())
	<<for i = 1 to 1000 //takes 68 ticks
		<<getnonce ()
	<<dialog.alert (clock.ticks () - tc)


on getRequestToken (endpoint, consumerkey, consumersecret) {
	<<Changes
		<<2/11/09; 7:13:12 PM by DW
			<<Created. 
				<<http://term.ie/oauth/example/request_token.php?oauth_version=1.0&oauth_nonce=e07128e1d8db58f9f40750e7c45414d5&oauth_timestamp=1234408263&oauth_consumer_key=key&oauth_signature_method=HMAC-SHA1&oauth_signature=1YOcXRF22pOexWpyD3RjpvxCggI%3D
	local (params);
	new (tabletype, @params);
	params.oauth_version = "1.0";
	params.oauth_nonce = OAuth.getNonce ();
	params.oauth_timestamp = OAuth.getTimeStamp ();
	params.oauth_consumer_key = consumerKey;
	params.oauth_signature_method = "HMAC-SHA1";
	params.oauth_token = ""; //we haven't got one yet
	scratchpad.requestparams = params;
	params.oauth_signature = OAuth.getSignature (@params, endpoint, consumersecret);
	local (url = endpoint + "?");
	for adr in @params {
		url = url + nameof (adr^) + "=" + string.urlencode (adr^) + "&"};
	url = string.delete (url, sizeof (url), 1);
	scratchpad.urlrequesttoken = url;
	local (s = tcp.httpreadurl (url));
	wp.newtextobject (s, @scratchpad.tokenresult); edit (@scratchpad.tokenresult)};
bundle { //test code
	local (endpoint = "http://term.ie/oauth/example/request_token.php");
	local (consumerkey = "key", consumersecret = "secret");
	getRequestToken (endpoint, consumerkey, consumersecret)}


on getSignature (adrparams, url, consumerSecret, tokenSecret="", method="GET") {
	<<Changes
		<<2/11/09; 7:50:52 PM by DW
			<<Created. 
			<<http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html
	on hmac (data, key) {
		<<Changes
			<<3/27/06; 5:57:47 PM by LMO
				<<Initial implementation, stolen from Digest::HMAC in Perl
		local (BLOCK_SIZE=64);
		on sha1 (data) {
			<<See: http://www.spicynoodles.net/projects/crypto.html
			return (crypto.hashSHA1(data, false))};
		local(k_ipad, k_opad, i);
		if string.length (key) > BLOCK_SIZE {
			key = sha1 (key)};
		for i = 0 to BLOCK_SIZE-1 {
			if i < string.length(key) {
				<<XOR characters of the key
				k_char = string.nthChar(key, i+1);
				k_ipad = k_ipad + char(bit.logicalXor(k_char, char(0x36)));
				k_opad = k_opad + char(bit.logicalXor(k_char, char(0x5c)))}
			else {
				<<Pad out the rest of the block size length
				k_ipad = k_ipad + char(0x36);
				k_opad = k_opad + char(0x5c)}};
		return (sha1 (k_opad + sha1 (k_ipad + data)))};
	local (s = "");
	for adr in adrparams {
		s = s + nameof (adr^) + "=" + string.urlencode (adr^) + "&"};
	if sizeof (s) > 0 {
		s = string.delete (s, sizeof (s), 1)}; //drop the trailing ampersand
	s = method + "&" + string.urlencode (url) + "&" + string.urlencode (s);
	wp.newtextobject (s, @scratchpad.sigparamstring); edit (@scratchpad.sigparamstring);
	local (key = string.urlencode (consumerSecret) + "&" + string.urlencode (tokenSecret));
	s = base64.encode (hmac (s, key), 255);
	clipboard.putvalue (s);
	wp.newtextobject (s, @scratchpad.sig); edit (@scratchpad.sig);
	return (s)};
bundle { //test code
	dialog.alert (getSignature (@scratchpad.requestparams, "http://term.ie/oauth/example/request_token.php", "secret"))}


on getTimeStamp () {
	<<Changes
		<<2/11/09; 8:53:17 PM by DW
			<<In GMT!
		<<2/11/09; 7:20:16 PM by DW
			<<Created. Return a Unix timestamp, the number of seconds since January 1, 1970.
	local (now = clock.now () - date.getcurrenttimezone ());
	return (number (now - date.set (1, 1, 1970, 0, 0, 0)))}
<<bundle //test code
	<<local (i)
	<<window.about ()
	<<for i = 1 to 10
		<<msg (gettimestamp ())
		<<clock.waitseconds (1)