If running on a node that has openssl built in, then this will be used for the SHA1 hashing.

Otherwise will fallback to the pure JS (original) SHA! implementation.

Readme.md

@@ -9,7 +9,7 @@ at connect-auth (http://github.com/ciaranj/connect-auth)
 
 Change History
 ==============
-* 0.8.4 - Fixed issue #14 (Parameter ordering ignored encodings).  Added support for repeated parameter names.
+* 0.8.4 - Fixed issue #14 (Parameter ordering ignored encodings).  Added support for repeated parameter names. Implements issue #15 (Use native SHA1 if available, 10x speed improvement!)
 * 0.8.3 - Fixed an issue where the auth header code depended on the Array's toString method (Yohei Sasaki) Updated the getOAuthRequestToken method so we can access google's OAuth secured methods. Also re-implemented and fleshed out the test suite.
 * 0.8.2 - The request returning methods will now write the POST body if provided (Chris Anderson), the code responsible for manipulating the headers is a bit safe now when working with other code (Paul McKellar) and tweaked the package.json to use index.js instead of main.js
 * 0.8.1 - Added mechanism to get hold of a signed Node Request object, ready for attaching response listeners etc. (Perfect for streaming APIs)

lib/oauth.js

@@ -165,10 +165,14 @@ exports.OAuth.prototype._createSignature= function(signatureBase, tokenSecret) {
      hash= this._encodeData(key);
    }
    else {
-     hash= sha1.HMACSHA1(key, signatureBase);
+       if( crypto.Hmac ) {
+         hash = crypto.createHmac("sha1", key).update(signatureBase).digest("base64");
+       }
+       else {
+         hash= sha1.HMACSHA1(key, signatureBase);  
+       }
    }
-
-   return hash;
+   return hash;    
 }
 exports.OAuth.prototype.NONCE_CHARS= ['a','b','c','d','e','f','g','h','i','j','k','l','m','n',
               'o','p','q','r','s','t','u','v','w','x','y','z','A','B',