/**
* Validate the M3 request by ensuring the request was properly signed
* with the M3 secret key. The verification algorithm is as follows:
* <ol>
* <li>Ensure the request has a signature string (found in the context)</li>
* <li>Sort all request parameters via PHP ksort() method</li>
* <li>Build a single string with request parameter "name=value" pairs</li>
* <li>Append to the string the M3 secret key that is configured in the server</li>
* <li>Calculate an MD5 hashcode for the string</li>
* <li>Verify that the MD5 hashcode matches the signature string passed in with the request</li>
* </ol>
*/
public function validateSig()
{
$_sig = $this->getContext()->getSig();
$_request = $this->getContext()->getInitialRequest();
$_secret = M3_Util_Settings::getM3SecretKey();
if (!isset($_sig) || empty($_sig)) {
throw new Exception('M3 request rejected - it is missing a signature');
}
ksort($_request);
$_str = '';
foreach ($_request as $_k => $_v) {
if ($_k != 'sig') {
$_str .= "{$_k}={$_v}";
}
}
$_str .= $_secret;
$_md5sig = md5($_str);
if ($_md5sig != $_sig) {
$_emsg = 'M3 request rejected - incorrect signature';
error_log("{$_emsg}: _str=[{$_str}], _md5sig=[{$_md5sig}], _sig=[{$_sig}]");
throw new Exception($_emsg);
}
return;
}
protected function initClient()
{
unset($this->client);
$this->client = new M3_Client_RestClient(M3_Util_Settings::getRestServerUrl(), M3_Util_Settings::getM3SecretKey(), null);
$this->assertTrue(isset($this->client));
}
