/**
* Verifies that a given signature is correct.
*
* @param JacobKiers\OAuth\Request\RequestInterface $request
* @param JacobKiers\OAuth\Consumer\ConsumerInterface $consumer
* @param JacobKiers\OAuth\Token\TokenInterface $token
* @param string $signature
*
* @return bool
*/
public function checkSignature(RequestInterface $request, ConsumerInterface $consumer, TokenInterface $token, $signature)
{
$base_string = $request->getOAuthSignatureBaseString();
$decoded_sig = base64_decode($signature);
// Fetch the public key cert based on the request
$cert = $this->fetchPublicCert($request);
// Pull the public key ID from the certificate
$publickeyid = openssl_get_publickey($cert);
// Check the computed signature against the one passed in the query
$ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
// Release the key resource
openssl_free_key($publickeyid);
return $ok == 1;
}
/**
* Build up the signature.
*
* oauth_signature is set to the concatenated encoded values of the Consumer Secret and
* Token Secret, separated by a '&' character (ASCII code 38), even if either secret is
* empty. The result MUST be encoded again.
* - Chapter 9.4.1 ("Generating Signatures")
*
* Please note that the second encoding MUST NOT happen in the SignatureMethod, as
* OAuthRequest handles this!
*
* @param JacobKiers\OAuth\Request\RequestInterface $request
* @param JacobKiers\OAuth\Consumer\ConsumerInterface $consumer
* @param JacobKiers\OAuth\Token\TokenInterface $token
*
* @return string
*/
public function buildSignature(RequestInterface $request, ConsumerInterface $consumer, TokenInterface $token = null)
{
$base_string = $request->getOAuthSignatureBaseString();
$key = $this->getSignatureKey($consumer, $token);
return base64_encode(hash_hmac('sha1', $base_string, $key, true));
}
