/** * Checks if $params are correct by signing with $association->secret. * * The format of the $params array is: * <code> * array( * 'openid.assoc_handle' => HANDLE, * 'openid.signed' => SIGNED, * 'openid.sig' => SIG, * 'openid.mode' => 'id_res' * ); * </code> * where HANDLE, SIGNED and SIG are parameters returned from the provider in * the id_res step of OpenID authentication. In addition, the $params array * must contain the values present in SIG. * * @param ezcAuthenticationOpenidAssociation $association The OpenID association used for signing $params * @param array(string=>string) $params OpenID parameters for id_res mode * @return bool */ protected function checkSignatureSmart(ezcAuthenticationOpenidAssociation $association, array $params) { $sig = $params['openid.sig']; $signed = explode(',', $params['openid.signed']); ksort($signed); for ($i = 0; $i < count($signed); $i++) { $data[$signed[$i]] = isset($params['openid.' . $signed[$i]]) ? $params['openid.' . $signed[$i]] : null; } $serialized = ''; foreach ($data as $key => $value) { $serialized .= "{$key}:{$value}\n"; } $key = base64_decode($association->secret); if (strlen($key) > 64) { $key = ezcAuthenticationMath::sha1($key); } $key = str_pad($key, 64, chr(0x0)); $hashed = ezcAuthenticationMath::sha1(($key ^ str_repeat(chr(0x36), 64)) . $serialized); $hashed = ezcAuthenticationMath::sha1(($key ^ str_repeat(chr(0x5c), 64)) . $hashed); $hashed = base64_encode($hashed); return $sig === $hashed; }