private function generateAuthString($apiCred, $accessToken, $tokenSecret, $endpoint)
{
$key = $apiCred->getUserName();
$secret = $apiCred->getPassword();
$auth = new AuthSignature();
$response = $auth->genSign($key, $secret, $accessToken, $tokenSecret, 'POST', $endpoint);
$authString = "token=" . $accessToken . ",signature=" . $response['oauth_signature'] . ",timestamp=" . $response['oauth_timestamp'];
return $authString;
}
public function handle($httpConfig, $request, $options)
{
$credential = $request->getCredential();
if (isset($credential)) {
$thirdPartyAuth = $credential->getThirdPartyAuthorization();
if ($thirdPartyAuth && $thirdPartyAuth instanceof PPTokenAuthorization) {
$authSignature = AuthSignature::generateFullAuthString($credential->getUsername(), $credential->getPassword(), $thirdPartyAuth->getAccessToken(), $thirdPartyAuth->getTokenSecret(), $httpConfig->getMethod(), $httpConfig->getUrl());
if (isset($options['port']) && ($options['port'] == 'PayPalAPI' || $options['port'] == 'PayPalAPIAA')) {
$httpConfig->addHeader('X-PP-AUTHORIZATION', $authSignature);
} else {
$httpConfig->addHeader('X-PAYPAL-AUTHORIZATION', $authSignature);
}
}
if ($credential instanceof PPSignatureCredential) {
$handler = new PPSignatureAuthHandler($credential);
} else {
if ($credential instanceof PPCertificateCredential) {
$handler = new PPCertificateAuthHandler($credential);
} else {
throw new PPInvalidCredentialException();
}
}
$handler->handle($httpConfig, $request, $options);
}
}
public function handle($httpConfig, $request)
{
$credential = $request->getCredential();
if (!isset($credential)) {
return;
}
$thirdPartyAuth = $credential->getThirdPartyAuthorization();
if ($thirdPartyAuth && $thirdPartyAuth instanceof PPTokenAuthorization) {
$httpConfig->addHeader('X-PAYPAL-AUTHORIZATION', AuthSignature::generateFullAuthString($credential->getUsername(), $credential->getPassword(), $thirdPartyAuth->getAccessToken(), $thirdPartyAuth->getTokenSecret(), $httpConfig->getMethod(), $httpConfig->getUrl()));
}
switch ($request->getBindingType()) {
case 'NV':
if (!$thirdPartyAuth || !$thirdPartyAuth instanceof PPTokenAuthorization) {
$httpConfig->addHeader('X-PAYPAL-SECURITY-USERID', $credential->getUserName());
$httpConfig->addHeader('X-PAYPAL-SECURITY-PASSWORD', $credential->getPassword());
$httpConfig->addHeader('X-PAYPAL-SECURITY-SIGNATURE', $credential->getSignature());
if ($thirdPartyAuth) {
$httpConfig->addHeader('X-PAYPAL-SECURITY-SUBJECT', $thirdPartyAuth->getSubject());
}
}
break;
case 'SOAP':
if ($thirdPartyAuth && $thirdPartyAuth instanceof PPTokenAuthorization) {
$request->addBindingInfo('securityHeader', '<ns:RequesterCredentials/>');
} else {
$securityHeader = '<ns:RequesterCredentials><ebl:Credentials>';
$securityHeader .= '<ebl:Username>' . $credential->getUserName() . '</ebl:Username>';
$securityHeader .= '<ebl:Password>' . $credential->getPassword() . '</ebl:Password>';
$securityHeader .= '<ebl:Signature>' . $credential->getSignature() . '</ebl:Signature>';
if ($thirdPartyAuth && $thirdPartyAuth instanceof PPSubjectAuthorization) {
$securityHeader .= '<ebl:Subject>' . $thirdPartyAuth->getSubject() . '</ebl:Subject>';
}
$securityHeader .= '</ebl:Credentials></ns:RequesterCredentials>';
$request->addBindingInfo('securityHeader', $securityHeader);
}
break;
}
}
public static function generateFullAuthString($key, $secret, $token, $tokenSecret, $httpMethod, $endpoint)
{
$authSignature = new AuthSignature();
$response = $authSignature->genSign($key, $secret, $token, $tokenSecret, $httpMethod, $endpoint);
return "token=" . $token . ",signature=" . $response['oauth_signature'] . ",timestamp=" . $response['oauth_timestamp'];
}
