public static function isSignatureValid(sspmod_janus_REST_Request $request)
{
if (is_null($request->getKey())) {
return false;
}
$config = sspmod_janus_DiContainer::getInstance()->getConfig();
$user = new sspmod_janus_User();
$user->setUserid($request->getKey());
if (!$user->load(sspmod_janus_User::USERID_LOAD)) {
return false;
}
sspmod_janus_DiContainer::preAuthenticate($user->getUserid(), 'RESTv1');
$shared_secret = $user->getSecret();
$data = $request->getRequestVars();
// Sort params
ksort($data);
$concat_string = '';
// Concat all params with values
foreach ($data as $key => $value) {
$concat_string .= $key . $value;
}
// Prepend shared secret
$prepend_secret = $shared_secret . $concat_string;
// Hash the string to the signature
$calculated_signature = hash('sha512', $prepend_secret);
return $request->getSignature() == $calculated_signature;
}