public function signRequest(array $data)
{
$data["mac_key"] = md5(mt_rand());
// TODO: make it more random
// TODO: $data["kid"] = ???
$data["mac_algorithm"] = self::MAC_ALGORITHM;
$data["ts"] = time();
$raw = base64_encode(json_encode($data));
return base64_encode(hash_hmac("sha256", $raw, $this->appSecret, true)) . "." . $raw;
}
public function parseRequest($request)
{
list($sig, $raw) = explode(".", $request, 2);
// decode the data
$sig = base64_decode($sig);
$data = json_decode(base64_decode($raw), true);
if (strtoupper($data["mac_algorithm"]) !== self::MAC_ALGORITHM) {
throw new \Exception("Unsupported MAC algorithm. Use " . self::MAC_ALGORITHM);
}
// check the signature by signing the data with application's secret
if ($sig !== hash_hmac("sha256", $raw, $this->appSecret, true)) {
throw new \Exception("Wrong signature!");
}
return $data;
}
}
$mac = new Mac("abc");
$signed_message = $mac->signRequest(array("access_token" => "jr5xkCAg4hGcls9FXMVIuQ"));
echo $signed_message;
var_dump($mac->parseRequest($signed_message));
