/** * HMAC-SHA 署名認証チェック * Refer: http://www.soumu.go.jp/main_sosiki/joho_tsusin/top/ninshou-law/law-index.html * * @param string 実行処理名 * @param array リクエストパラメータ * @return boolean 署名認証に成功した場合 true; 失敗した場合 false */ protected function checkApiSignature($operation_name, $arrParam, $arrApiConfig) { if (Utils::isBlank($arrParam['Signature'])) { return false; } if (Utils::isBlank($arrParam['Timestamp'])) { return false; } /* $allow_account_id = static::getOperationSubConfig($operation_name, 'allow_account_id', $arrApiConfig); if (!Utils::isBlank($allow_account_id) and) { $arrAllowAccountIds = explode('|', $allow_account_id); } */ $access_key = $arrParam['AccessKeyId']; $secret_key = static::getApiSecretKey($access_key); if (Utils::isBlank($secret_key)) { return false; } // バイト順に並び替え ksort($arrParam); // 規定の文字列フォーマットを作成する // Refer: https://images-na.ssl-images-amazon.com/images/G/09/associates/paapi/dg/index.html?Query_QueryAuth.html $check_str = ''; foreach ($arrParam as $key => $val) { switch ($key) { case 'Signature': break; default: $check_str .= '&' . Utils::encodeRFC3986($key) . '=' . Utils::encodeRFC3986($val); break; } } $check_str = substr($check_str, 1); $check_str = strtoupper($_SERVER['REQUEST_METHOD']) . "\n" . strtolower($_SERVER['SERVER_NAME']) . "\n" . $_SERVER['PHP_SELF'] . "\n" . $check_str; $signature = base64_encode(hash_hmac('sha256', $check_str, $secret_key, true)); if ($signature === $arrParam['Signature']) { return true; } return false; }