/**
* HMAC-SHA 署名認証チェック
* Refer: http://www.soumu.go.jp/main_sosiki/joho_tsusin/top/ninshou-law/law-index.html
*
* @param string 実行処理名
* @param array リクエストパラメータ
* @return boolean 署名認証に成功した場合 true; 失敗した場合 false
*/
protected function checkApiSignature($operation_name, $arrParam, $arrApiConfig)
{
if (Utils::isBlank($arrParam['Signature'])) {
return false;
}
if (Utils::isBlank($arrParam['Timestamp'])) {
return false;
}
/*
$allow_account_id = static::getOperationSubConfig($operation_name, 'allow_account_id', $arrApiConfig);
if (!Utils::isBlank($allow_account_id) and) {
$arrAllowAccountIds = explode('|', $allow_account_id);
}
*/
$access_key = $arrParam['AccessKeyId'];
$secret_key = static::getApiSecretKey($access_key);
if (Utils::isBlank($secret_key)) {
return false;
}
// バイト順に並び替え
ksort($arrParam);
// 規定の文字列フォーマットを作成する
// Refer: https://images-na.ssl-images-amazon.com/images/G/09/associates/paapi/dg/index.html?Query_QueryAuth.html
$check_str = '';
foreach ($arrParam as $key => $val) {
switch ($key) {
case 'Signature':
break;
default:
$check_str .= '&' . Utils::encodeRFC3986($key) . '=' . Utils::encodeRFC3986($val);
break;
}
}
$check_str = substr($check_str, 1);
$check_str = strtoupper($_SERVER['REQUEST_METHOD']) . "\n" . strtolower($_SERVER['SERVER_NAME']) . "\n" . $_SERVER['PHP_SELF'] . "\n" . $check_str;
$signature = base64_encode(hash_hmac('sha256', $check_str, $secret_key, true));
if ($signature === $arrParam['Signature']) {
return true;
}
return false;
}
