OAuthSignatureMethod

A class for implementing a Signature Method See section 9 ("Signing Requests") in the spec.

Defined (1)

The class is defined in the following location(s).

/inc/extlib/OAuth.php  
  1. abstract class OAuthSignatureMethod { 
  2. /** 
  3. * Needs to return the name of the Signature Method (ie HMAC-SHA1) 
  4. * @return string 
  5. */ 
  6. abstract public function get_name(); 
  7.  
  8. /** 
  9. * Build up the signature 
  10. * NOTE: The output of this function MUST NOT be urlencoded. 
  11. * the encoding is handled in OAuthRequest when the final 
  12. * request is serialized 
  13. * @param OAuthRequest $request 
  14. * @param OAuthConsumer $consumer 
  15. * @param OAuthToken $token 
  16. * @return string 
  17. */ 
  18. abstract public function build_signature($request, $consumer, $token); 
  19.  
  20. /** 
  21. * Verifies that a given signature is correct 
  22. * @param OAuthRequest $request 
  23. * @param OAuthConsumer $consumer 
  24. * @param OAuthToken $token 
  25. * @param string $signature 
  26. * @return bool 
  27. */ 
  28. public function check_signature($request, $consumer, $token, $signature) { 
  29. $built = $this->build_signature($request, $consumer, $token); 
  30.  
  31. // Check for zero length, although unlikely here 
  32. if (strlen($built) == 0 || strlen($signature) == 0) { 
  33. return false; 
  34.  
  35. if (strlen($built) != strlen($signature)) { 
  36. return false; 
  37.  
  38. // Avoid a timing leak with a (hopefully) time insensitive compare 
  39. $result = 0; 
  40. for ($i = 0; $i < strlen($signature); $i++) { 
  41. $result |= ord($built{$i}) ^ ord($signature{$i}); 
  42.  
  43. return $result == 0;