/** * Returns whether the OAuth request signature is valid * * @param $sites array * An array of valid sites for this client keyed by public key. * @return bool * TRUE if a valid signature, FALSE if invalid. */ public function validateOAuth($sites = array()) { $data = self::getRestParameters(); $header = self::getRestOAuthHeader(); // Validate the timestamp. $client_time = $header['oauth_timestamp']; $time = REQUEST_TIME; $offset = abs($time - $client_time); if ($offset > DrupalClient::TIME_OFFSET_MAX) { return FALSE; } $sent_signature = $header['oauth_signature']; unset($header['oauth_signature']); $url = Url::fromRoute('<current>', array(), array('absolute' => TRUE)); $base_string = implode('&', array($_SERVER['REQUEST_METHOD'], DrupalClient::rawurlencode($url->toString()), DrupalClient::rawurlencode(DrupalClient::httpBuildQuery($data + $header)))); if (!isset($sites[$header['oauth_consumer_key']]['privateKey'])) { return FALSE; } $privateKey = $sites[$header['oauth_consumer_key']]['privateKey']; $key = DrupalClient::rawurlencode($privateKey) . '&' . ''; $signature = rawurlencode(base64_encode(hash_hmac('sha1', $base_string, $key, TRUE))); return $signature === $sent_signature; }