/src/OAuth/Server/Signature/Utility.php

https://github.com/boekkooi/Oauth_Server · PHP · 105 lines · 42 code · 9 blank · 54 comment · 8 complexity · 9b5237e63745a2095cf319336d8bb525 MD5 · raw file 

    

  1. <?php
    2. 

  2. namespace OAuth\Server\Signature;
    3. 

  3. 

  4. /**
    5. 

  5.  * @package OAuth_Server
    6. 

  6.  * @author Warnar Boekkooi
    7. 

  7.  *
    8. 

  8.  * The MIT License
    9. 

  9.  *
    10. 

  10.  * Copyright (c) 2010 Warnar Boekkooi
    11. 

  11.  *
    12. 

  12.  * Permission is hereby granted, free of charge, to any person obtaining a copy
    13. 

  13.  * of this software and associated documentation files (the \"Software\"), to deal
    14. 

  14.  * in the Software without restriction, including without limitation the rights
    15. 

  15.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    16. 

  16.  * copies of the Software, and to permit persons to whom the Software is
    17. 

  17.  * furnished to do so, subject to the following conditions:
    18. 

  18.  *
    19. 

  19.  * The above copyright notice and this permission notice shall be included in
    20. 

  20.  * all copies or substantial portions of the Software.
    21. 

  21.  *
    22. 

  22.  * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    23. 

  23.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    24. 

  24.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    25. 

  25.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    26. 

  26.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    27. 

  27.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    28. 

  28.  * THE SOFTWARE.
    29. 

  29. */
    30. 

  30. class Utility {
    31. 

  31. 	/**
    32. 

  32. 	 * Validate if the given signature method is a supported. 
    33. 

  33. 	 *
    34. 

  34. 	 * @param string $method The signature method.
    35. 

  35. 	 * @return bool TRUE if the method is supported else FALSE.
    36. 

  36. 	 */
    37. 

  37.     public function isValidSignatureMethod($method)
    38. 

  38.     {
    39. 

  39. 		// Validate given method
    40. 

  40. 		if (empty($method) || !in_array(strtoupper($method), array(
    41. 

  41. 				'HMAC-SHA1', 'HMAC-SHA256', 'PLAINTEXT'
    42. 

  42. 			))) {
    43. 

  43.             return false;
    44. 

  44. 		}
    45. 

  45.         return true;
    46. 

  46.     }
    47. 

  47. 

  48. 	/**
    49. 

  49. 	 * Get the class and hash algorithm belonging to the given signature method.
    50. 

  50. 	 *
    51. 

  51. 	 * @throws Zend_Oauth_Exception When a unsupported signature method is provided.
    52. 

  52. 	 * @param string $method The signature method.
    53. 

  53. 	 * @return array An array (0 => method class name, 1 => hash algorithm)
    54. 

  54. 	 */
    55. 

  55. 	protected function getSignatureInfo($method) {
    56. 

  56. 		if (empty($method) || !$this->isValidSignatureMethod($method)) {
    57. 

  57.             throw new \RuntimeException('Unsupported signature method: '
    58. 

  58.                 . $method
    59. 

  59.                 . '. Supported are HMAC-SHA1, PLAINTEXT and HMAC-SHA256');
    60. 

  60. 		}
    61. 

  61. 

  62. 		// Signature class
    63. 

  63.         $hashAlgorithm = null;
    64. 

  64.         $signatureMethod = strtoupper($method);
    65. 

  65.         $parts     = explode('-', $signatureMethod);
    66. 

  66.         if (count($parts) > 1) {
    67. 

  67.             $className = 'OAuth\Server\Signature\\' . ucfirst(strtolower($parts[0]));
    68. 

  68.             $hashAlgorithm  = $parts[1];
    69. 

  69.         } else {
    70. 

  70.             $className = 'OAuth\Server\Signature\\' . ucfirst(strtolower($signatureMethod));
    71. 

  71.         }
    72. 

  72. 

  73. 		return array($className, $hashAlgorithm);
    74. 

  74. 	}
    75. 

  75. 

  76. 	/**
    77. 

  77.      * Verify a requests signature.
    78. 

  78.      *
    79. 

  79. 	 * @param string $requestUrl
    80. 

  80.      * @param array $params
    81. 

  81.      * @param string $signatureMethod 
    82. 

  82.      * @param string $consumerSecret
    83. 

  83.      * @return boolean
    84. 

  84.      */
    85. 

  85.     public function verifySignature($requestUrl, array $params, $consumerSecret, $tokenSecret = null)
    86. 

  86. 	{
    87. 

  87. 		// Get the response method
    88. 

  88. 		$responseMethod = \Zend_Oauth::POST;
    89. 

  89. 

  90. 		// Get the signature class and algorithm based on the given oauth_signature_method
    91. 

  91. 		list($className, $hashAlgorithm) = $this->getSignatureInfo($params['oauth_signature_method']);
    92. 

  92. 

  93.         // Create the signature class and verify the send oauth_signature
    94. 

  94.         $signatureObject = new $className($consumerSecret, $tokenSecret, $hashAlgorithm);
    95. 

  95.         $rtn = $signatureObject->verify($params['oauth_signature'], $params, $responseMethod, $requestUrl);
    96. 

  96. 

  97. 		// Some consumers don't agree with the optional part of oauth_version so let's add this extra check in case the signature fails
    98. 

  98. 		if (!isset($params['oauth_version']) && $rtn === false) {
    99. 

  99. 			$params['oauth_version'] = '1.0';
    100. 

  100.         	$rtn = $signatureObject->verify($params['oauth_signature'], $params, $responseMethod, $requestUrl);
    101. 

  101. 		}
    102. 

  102. 

  103. 		return $rtn;
    104. 

  104.     }
    105. 

  105. }
    106.