public static function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret)
{
$request_headers = OAuthUtil::get_headers();
// print_r($request_headers);
// Must reject application/x-www-form-urlencoded
if ($request_headers['Content-Type'] == 'application/x-www-form-urlencoded') {
throw new \Exception("OAuth request body signing must not use application/x-www-form-urlencoded");
}
$oauth_signature_method = false;
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
// echo("HEADER PARMS=\n");
// print_r($header_parameters);
$oauth_body_hash = $header_parameters['oauth_body_hash'];
if (isset($header_parameters['oauth_signature_method'])) {
$oauth_signature_method = $header_parameters['oauth_signature_method'];
}
// echo("OBH=".$oauth_body_hash."\n");
}
if (!isset($oauth_body_hash)) {
throw new \Exception("OAuth request body signing requires oauth_body_hash body");
}
// Check the key and secret.
$retval = self::verifyKeyAndSecret($oauth_consumer_key, $oauth_consumer_secret);
if ($retval !== true) {
throw new \Exception("OAuth signature failed: " . $retval[0]);
}
$postdata = file_get_contents('php://input');
// echo($postdata);
if ($oauth_signature_method == 'HMAC-SHA256') {
$hash = base64_encode(hash('sha256', $postdata, TRUE));
} else {
$hash = base64_encode(sha1($postdata, TRUE));
}
global $LastOAuthBodyHashInfo;
$LastOAuthBodyHashInfo = "hdr_hash={$oauth_body_hash} body_len=" . strlen($postdata) . " body_hash={$hash} oauth_signature_method={$oauth_signature_method}";
if ($hash != $oauth_body_hash) {
throw new \Exception("OAuth oauth_body_hash mismatch");
}
return $postdata;
}
