nsx_trOAuthSignatureMethod_RSA_SHA1

The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5.

Defined (1)

The class is defined in the following location(s).

/inc-cl/apis/OAuth.php  
  1. abstract class nsx_trOAuthSignatureMethod_RSA_SHA1 extends nsx_trOAuthSignatureMethod { 
  2. public function get_name() { 
  3. return "RSA-SHA1"; 
  4.  
  5. // Up to the SP to implement this lookup of keys. Possible ideas are: 
  6. // (1) do a lookup in a table of trusted certs keyed off of consumer 
  7. // (2) fetch via http using a url provided by the requester 
  8. // (3) some sort of specific discovery code based on request 
  9. // 
  10. // Either way should return a string representation of the certificate 
  11. protected abstract function fetch_public_cert(&$request); 
  12.  
  13. // Up to the SP to implement this lookup of keys. Possible ideas are: 
  14. // (1) do a lookup in a table of trusted certs keyed off of consumer 
  15. // 
  16. // Either way should return a string representation of the certificate 
  17. protected abstract function fetch_private_cert(&$request); 
  18.  
  19. public function build_signature($request, $consumer, $token) { 
  20. $base_string = $request->get_signature_base_string(); 
  21. $request->base_string = $base_string; 
  22.  
  23. // Fetch the private key cert based on the request 
  24. $cert = $this->fetch_private_cert($request); 
  25.  
  26. // Pull the private key ID from the certificate 
  27. $privatekeyid = openssl_get_privatekey($cert); 
  28.  
  29. // Sign using the key 
  30. $ok = openssl_sign($base_string, $signature, $privatekeyid); 
  31.  
  32. // Release the key resource 
  33. openssl_free_key($privatekeyid); 
  34.  
  35. return base64_encode($signature); 
  36.  
  37. public function check_signature($request, $consumer, $token, $signature) { 
  38. $decoded_sig = base64_decode($signature); 
  39.  
  40. $base_string = $request->get_signature_base_string(); 
  41.  
  42. // Fetch the public key cert based on the request 
  43. $cert = $this->fetch_public_cert($request); 
  44.  
  45. // Pull the public key ID from the certificate 
  46. $publickeyid = openssl_get_publickey($cert); 
  47.  
  48. // Check the computed signature against the one passed in the query 
  49. $ok = openssl_verify($base_string, $decoded_sig, $publickeyid); 
  50.  
  51. // Release the key resource 
  52. openssl_free_key($publickeyid); 
  53.  
  54. return $ok == 1;