forked from jessedearing/f1api-php
-
Notifications
You must be signed in to change notification settings - Fork 1
/
f1_signer.php
154 lines (137 loc) · 7.03 KB
/
f1_signer.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<?php
//require_once 'Util.php';
/**
* Copyright 2009 Fellowship Technologies
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and limitations under the License.
*
* Library to sign the requests
*
* @author Jaskaran Singh (Jas)
*/
/**
* CHANGED: Renamed file to f1_signer
*/
class RequestSigner {
/*
* Creates the oauth_signature value to be included in the Authorization header
*/
public static function buildSignature($consumerSecret, $tokenSecret, $httpMethod, $url, $oAuthOptions, &$debugInfo = array()) {
$requestSignerDebugInfo = array();
$base_string = RequestSigner::getSignatureBaseString($httpMethod, $url, $oAuthOptions, $requestSignerDebugInfo);
$requestSignerDebugInfo['signature_base_string'] = $base_string;
$debugInfo['request_signer'] = $requestSignerDebugInfo;
$key_parts = array(
$consumerSecret,
$tokenSecret
);
$key_parts = Util::urlencode_rfc3986($key_parts);
$key = implode('&', $key_parts);
return base64_encode( hash_hmac('sha1', $base_string, $key, true));
}
/**
* The Signature Base String is a consistent reproducible concatenation of the
* request elements into a single string. The string is used as an input in hashing or signing algorithms.
*
* The base string => $httpMethod&urlencode($url without query params)&urlencode(normalized_request_parameters)
* (Basically HTTP method(GET/POST etc), the URL(scheme://host/path, doesnt include the query string), and the norlalized request parameters
* each urlencoded and then concated with &.)
*/
/**
* CHANGED: getSignatureBaseString() to static method
*/
private static function getSignatureBaseString($httpMethod, $url, $oAuthOptions, &$debugInfo) {
// Get the Query String parameters. Example if the request is http://photos.example.net/photos.aspx?file=vacation.jpg&size=original
// then get the query string and create an array from it in form of key value pairs
// $qsArray Key Value
// file vacation.jpg
// size original
$parts = parse_url($url);
if(isset($parts['query'])) {
$qs = $parts['query'];
}
else {
$qs = '';
}
parse_str($qs, $qsArray);
$signable_options = array_merge($oAuthOptions, $qsArray);
$signable_parameters = RequestSigner::getNormalizedRequestParameters($signable_options);
$normalized_url = Util::getNormalizedHttpUrl($url);
$debug = array();
$debug['HTTP Method'] = $httpMethod;
$debug['Normalized Url'] = $normalized_url;
$debug['Signable Parameters'] = $signable_parameters;
$debug['Query parameters'] = $qs;
$debugInfo['signature_base_string_parts'] = $debug;
$parts = array(
$httpMethod, // GET or POST
$normalized_url, // return "$scheme://$host$path";
$signable_parameters
);
// Url encode each of http method, Url(without query string), and the normalized parameters (oauth parameters, along with query string parameters)
$parts = Util::urlencode_rfc3986($parts);
// After url encoding, concatenate them with an &
return implode('&', $parts);
}
/*
* Returns Normalized Request Parameter string
* @params: Parameters that need to be included in the normalized string
* params is an array. params contain all the Parameters that need to be used to generating the normalized parameter string
* The Parameters that need to be passed in are:
* -- Parameters in the OAUTH Authorization Header (eg: oauth_consumer_key,oauth_nonce, oauth_signature_method, oauth_timestamp etc.)
* NOTE: realm and oauth_signature are not used
* -- Parameters included in HTTP POST request body ( WITH CONTENT-TYPE OF application/x-www-form-urlencoded )
* -- HTTP GET parameters added to URLs in the query post (eg: for http://www.example.com/resource?id=123&name=jas
* the params array will include 2 entries with id=>123 and name=>jas)
* These are the following steps followed to generate the normalized request parameter string
* 1. Encode all the parameters in the $params array (Specifically encode all the keys and values in the $params array)
* 2. Sort all the entries in the parameters array
* 3. Concatenate the sorted entried into a single string. a) For each key in the array, key is seperated from the value by an '=' character (creating a name value pair of form name=value)
* EVEN IF THE VALUE IS EMPTY. b) Each name value pair is seperated by an '&' character
*
* Example: User used HTTP GET to requrest an image
* http://photos.example.net/photos.aspx?file=vacation.jpg&size=original
* params will contain: Key value
* oauth_consumer_key 7
oauth_nonce d9678981968d24da32602222727a8c1f
oauth_signature_method HMAC-SHA1
oauth_timestamp 1241025870
oauth_version 1.0
* oauth_token 61344b1a-0e88-4ccc-8854-cc6219d83642
* file vacation.jpg
* size original
*/
private static function getNormalizedRequestParameters($params) {
// Remove oauth_signature if present
if (isset($params['oauth_signature'])) {
unset($params['oauth_signature']);
}
// STEP 1: Urlencode both keys and values
$keys = Util::urlencode_rfc3986(array_keys($params));
$values = Util::urlencode_rfc3986(array_values($params));
$params = array_combine($keys, $values);
// STEP 2: Sort by keys (natsort)
uksort($params, 'strcmp');
// STEP 3. Concatenate the sorted entried into a single string
// 3a) Generate key=value pairs
$pairs = array();
foreach ($params as $key=>$value ) {
if (is_array($value)) {
// If the value is an array, it's because there are multiple
// with the same key, sort them, then add all the pairs
natsort($value);
foreach ($value as $v2) {
$pairs[] = $key . '=' . $v2;
}
} else {
$pairs[] = $key . '=' . $value;
}
}
// 3b) Return the pairs, concated with &
return implode('&', $pairs);
}
}
?>