/mod/oauth_api/vendors/oauth/library/signature_method/OAuthSignatureMethod_HMAC_SHA1.php

https://github.com/wangaiying/elgg4ysu · PHP · 115 lines · 49 code · 14 blank · 52 comment · 3 complexity · 3682b81a2619b085632e77315a001bd8 MD5 · raw file 

    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * OAuth signature implementation using HMAC-SHA1
    5. 

  5.  * 
    6. 

  6.  * @version $Id$
    7. 

  7.  * @author Marc Worrell <marcw@pobox.com>
    8. 

  8.  * @date  Sep 8, 2008 12:21:19 PM
    9. 

  9.  * 
    10. 

  10.  * The MIT License
    11. 

  11.  * 
    12. 

  12.  * Copyright (c) 2007-2008 Mediamatic Lab
    13. 

  13.  * 
    14. 

  14.  * Permission is hereby granted, free of charge, to any person obtaining a copy
    15. 

  15.  * of this software and associated documentation files (the "Software"), to deal
    16. 

  16.  * in the Software without restriction, including without limitation the rights
    17. 

  17.  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    18. 

  18.  * copies of the Software, and to permit persons to whom the Software is
    19. 

  19.  * furnished to do so, subject to the following conditions:
    20. 

  20.  * 
    21. 

  21.  * The above copyright notice and this permission notice shall be included in
    22. 

  22.  * all copies or substantial portions of the Software.
    23. 

  23.  * 
    24. 

  24.  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    25. 

  25.  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    26. 

  26.  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    27. 

  27.  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    28. 

  28.  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    29. 

  29.  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    30. 

  30.  * THE SOFTWARE.
    31. 

  31.  */
    32. 

  32. 

  33. 

  34. require_once dirname(__FILE__).'/OAuthSignatureMethod.class.php';
    35. 

  35. 

  36. 

  37. class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod
    38. 

  38. {
    39. 

  39. 	public function name ()
    40. 

  40. 	{
    41. 

  41. 		return 'HMAC-SHA1';
    42. 

  42. 	}
    43. 

  43. 

  44. 

  45. 	/**
    46. 

  46. 	 * Calculate the signature using HMAC-SHA1
    47. 

  47. 	 * This function is copyright Andy Smith, 2007.
    48. 

  48. 	 * 
    49. 

  49. 	 * @param OAuthRequest request
    50. 

  50. 	 * @param string base_string
    51. 

  51. 	 * @param string consumer_secret
    52. 

  52. 	 * @param string token_secret
    53. 

  53. 	 * @return string  
    54. 

  54. 	 */
    55. 

  55. 	function signature ( $request, $base_string, $consumer_secret, $token_secret )
    56. 

  56. 	{
    57. 

  57. 		$key = $request->urlencode($consumer_secret).'&'.$request->urlencode($token_secret);
    58. 

  58. 		if (function_exists('hash_hmac'))
    59. 

  59. 		{
    60. 

  60. 			$signature = base64_encode(hash_hmac("sha1", $base_string, $key, true));
    61. 

  61. 		}
    62. 

  62. 		else
    63. 

  63. 		{
    64. 

  64. 		    $blocksize	= 64;
    65. 

  65. 		    $hashfunc	= 'sha1';
    66. 

  66. 		    if (strlen($key) > $blocksize)
    67. 

  67. 		    {
    68. 

  68. 		        $key = pack('H*', $hashfunc($key));
    69. 

  69. 		    }
    70. 

  70. 		    $key	= str_pad($key,$blocksize,chr(0x00));
    71. 

  71. 		    $ipad	= str_repeat(chr(0x36),$blocksize);
    72. 

  72. 		    $opad	= str_repeat(chr(0x5c),$blocksize);
    73. 

  73. 		    $hmac 	= pack(
    74. 

  74. 		                'H*',$hashfunc(
    75. 

  75. 		                    ($key^$opad).pack(
    76. 

  76. 		                        'H*',$hashfunc(
    77. 

  77. 		                            ($key^$ipad).$base_string
    78. 

  78. 		                        )
    79. 

  79. 		                    )
    80. 

  80. 		                )
    81. 

  81. 		            );
    82. 

  82. 			$signature = base64_encode($hmac);
    83. 

  83. 		}
    84. 

  84. 		return $request->urlencode($signature);
    85. 

  85. 	}
    86. 

  86. 

  87. 

  88. 	/**
    89. 

  89. 	 * Check if the request signature corresponds to the one calculated for the request.
    90. 

  90. 	 * 
    91. 

  91. 	 * @param OAuthRequest request
    92. 

  92. 	 * @param string base_string	data to be signed, usually the base string, can be a request body
    93. 

  93. 	 * @param string consumer_secret
    94. 

  94. 	 * @param string token_secret
    95. 

  95. 	 * @param string signature		from the request, still urlencoded
    96. 

  96. 	 * @return string
    97. 

  97. 	 */
    98. 

  98. 	public function verify ( $request, $base_string, $consumer_secret, $token_secret, $signature )
    99. 

  99. 	{
    100. 

  100. 		$a = $request->urldecode($signature);
    101. 

  101. 		$b = $request->urldecode($this->signature($request, $base_string, $consumer_secret, $token_secret));
    102. 

  102. 

  103. 		// We have to compare the decoded values
    104. 

  104. 		$valA  = base64_decode($a);
    105. 

  105. 		$valB  = base64_decode($b);
    106. 

  106. 

  107. 		// Crude binary comparison
    108. 

  108. 		return rawurlencode($a) == rawurlencode($b);
    109. 

  109. 	}
    110. 

  110. }
    111. 

  111. 

  112. 

  113. /* vi:set ts=4 sts=4 sw=4 binary noeol: */
    114. 

  114. 

  115. ?>
    116.