/**
* Check if the request signature corresponds to the one calculated for the request.
*
* @param OAuthRequest request
* @param string base_string data to be signed, usually the base string, can be a request body
* @param string consumer_secret
* @param string token_secret
* @param string signature from the request, still urlencoded
* @return string
*/
public function verify(IOauthSignable $request, Secrets $secrets, $signature, $data = null)
{
$a = $request->oauthurldecode($signature);
$b = $request->oauthurldecode($this->signature($request, $request->getSignatureBaseString(), $secrets, $data));
// We have to compare the decoded values
$valA = base64_decode($a);
$valB = base64_decode($b);
// Crude binary comparison
return rawurlencode($valA) == rawurlencode($valB);
}
/**
* Verify the request
*
* @param string token_type the kind of token needed, defaults to 'access' (false, 'access', 'request')
* @exception OAuthException2 thrown when the request did not verify
* @return Secrets
*
*/
public function verifyExtended($token_type = self::TOKEN_TYPE_ACCESS)
{
$consumer_key = $this->request->get('oauth_consumer_key');
$token = $this->request->get('oauth_token');
//$user_id = false;
$secrets = array();
//requestToken
if ($consumer_key && ($token_type === false || $token)) {
if (\is_array($token)) {
$token = isset($token[0]) ? $token[0] : null;
if ($token_type === false) {
$token_type = self::TOKEN_TYPE_ACCESS;
}
}
$secrets = $this->getCurrentSecrets($token_type);
if (!$secrets) {
throw new OauthException('The consumer_key "' . $consumer_key . '" token "' . $token . '" combination does not exist or is not enabled.');
}
$this->store->checkServerNonce($this->request->oauthurldecode($consumer_key), $this->request->oauthurldecode($token), $this->request->getParam('oauth_timestamp', true), $this->request->getParam('oauth_nonce', true));
$oauth_sig = $this->request->get('oauth_signature');
if (empty($oauth_sig)) {
throw new OauthException('Verification of signature failed (no oauth_signature in request).');
}
//try {
$this->request->verifySignature($secrets, $token_type);
/*} catch (OauthException $e) {
throw new OauthException('Verification of signature failed (signature base string was "'.$this->request->getSignatureBaseString().'").'
. " with " . $secrets->consumer_secret." ".$secrets->token_secret." ".$token_type);
}*/
// Check the optional body signature
/*if ($this->request->get('xoauth_body_signature') && !($this->request->getContentType() == 'multipart/form-data')) {
$method = $this->request->get('xoauth_body_signature_method');
if (empty($method)) {
$method = $this->request->get('oauth_signature_method');
}
try {
$this->request->verifyDataSignature($secrets, $method, $this->request->get('xoauth_body_signature'), $this->request->getRequestBody());
} catch (OauthException $e) {
//\Foundation\Utils\Logger::log("bad-body", $this->request->getMethod() . \var_export($this->request->getRequestBody(), true));
throw new OauthException('Verification of body signature failed.');
}
}*/
// All ok - fetch the user associated with this request
/*if ($secrets->account_id){
$user_id = $secrets->account_id;
}*/
// Check if the consumer wants us to reset the ttl of this token
/*$ttl = $this->request->getParam('xoauth_token_ttl', true);
if (is_numeric($ttl)) {
$this->store->updateConsumerAccessTokenTtl($this->urldecode($token), $ttl); //TODO urldecode - co to asi tak má dělat?
}*/
} else {
throw new OauthException('Can\'t verify request, missing oauth_consumer_key or oauth_token ');
}
return $secrets;
}
/**
* Check if the request signature is the same as the one calculated for the request.
*
* @param IOauthSignable request
* @param string base_string
* @param string consumer_secret
* @param string token_secret
* @param string signature
* @return string
*/
public function verify(IOauthSignable $request, Secrets $secrets, $signature, $data = null)
{
$decoded_sig = base64_decode($request->oauthurldecode($signature));
// Fetch the public key cert based on the request
$cert = $this->fetch_public_cert($request, $secrets);
// Pull the public key ID from the certificate
$publickeyid = openssl_get_publickey($cert);
// Check the computed signature against the one passed in the query
$ok = openssl_verify($data !== null ? $data : $request->getSignatureBaseString(), $decoded_sig, $publickeyid);
// Release the key resource
openssl_free_key($publickeyid);
return $ok == 1;
}
/**
* Check if the request signature corresponds to the one calculated for the request.
*
* @param OAuthRequest request
* @param string base_string data to be signed, usually the base string, can be a request body
* @param string consumer_secret
* @param string token_secret
* @param string signature from the request, still urlencoded
* @return string
*/
public function verify(IOauthSignable $request, Secrets $secrets, $signature, $data = null)
{
$a = $request->oauthurldecode($signature);
$b = $request->oauthurldecode($this->signature($request, $secrets, $data));
return $request->oauthurldecode($a) == $request->oauthurldecode($b);
}
