# hatena-auth.rb $Revision: 1 $
# Copyright (C) 2006 Michitaka Ohno <elpeo@mars.dti.ne.jp>
# You can redistribute it and/or modify it under GPL2.

require 'cgi'
require 'timeout'
require 'open-uri'
require 'digest/md5'
require 'rexml/document'

class HatenaAuth
	def initialize( api_key, secret_key )
		@api_key = api_key
		@secret_key = secret_key
	end

	def get_login_url
		"http://auth.hatena.ne.jp/auth?#{get_query_string}"
	end

	def get_logout_url
		"http://www.hatena.ne.jp/logout"
	end

	def get_user( cert )
		uri = "http://auth.hatena.ne.jp/api/auth.xml?#{get_query_string( 'cert' => cert )}"
		doc = nil
		timeout( 10 ) do
			begin
				open( uri.untaint ) do |f| 
					doc = REXML::Document::new( f.read ).root
				end
			rescue Exception
			end
		end
		return unless doc
		return if doc.elements.to_a( 'has_error' )[0].text != 'false'
		to_hash( doc.elements.to_a( 'user' )[0] )
	end

	private 

	def get_query_string( param = {} )
		h = param.dup
		h['api_key'] = @api_key
		h['api_sig'] = get_api_sig( h )
		h.map do |key,value|
			"#{key}=#{CGI::escape( value )}"
		end.join( '&' )
	end

	def get_api_sig( param )
		r = @secret_key.dup
		param.keys.sort.each do |key|
			r << key
			r << param[key]
		end
		Digest::MD5.hexdigest( r )
	end

	def to_hash( element )
		h = {}
		element.elements.each do |element|
			h[element.name] = element.text
		end
		h
	end
end