lib/oauth/helper.rb in pelle-oauth-0.3.5 vs lib/oauth/helper.rb in pelle-oauth-0.3.6

@@ -1,7 +1,8 @@
 require 'openssl'
 require 'base64'
+require 'enumerator'
 
 module OAuth
   module Helper
     extend self
 
@@ -68,11 +69,32 @@
       end
 
       # convert into a Hash
       Hash[*params.flatten]
     end
-
+    
+    # A secure version of equals meant to avoid timing attacks as specified here
+    # http://codahale.com/a-lesson-in-timing-attacks/
+    def secure_equals(a,b)
+      return a==b unless a.is_a?(String)&&b.is_a?(String)
+      result = 0
+      bytes(a).zip(bytes(b)).each do |x,y|
+        result |= (x ^ y)
+      end
+      (result == 0) && (a.length == b.length)
+    end
+    
     def unescape(value)
       URI.unescape(value.gsub('+', '%2B'))
+    end
+    
+    # Creates a per byte enumerator for a string regardless of RUBY VERSION
+    def bytes(a)
+      return [] if a.nil?
+      if a.respond_to?(:bytes)
+        a.bytes
+      else
+        Enumerable::Enumerator.new(a, :each_byte)
+      end
     end
   end
 end
\ No newline at end of file