ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
OAuthSignatureMethod.php
Go to the documentation of this file.
1 <?php
2 
3 namespace IMSGlobal\LTI\OAuth;
4 
16 abstract class OAuthSignatureMethod {
21  abstract public function get_name();
22 
33  abstract public function build_signature($request, $consumer, $token);
34 
43  public function check_signature($request, $consumer, $token, $signature) {
44 
45  $built = $this->build_signature($request, $consumer, $token);
46 
47  // Check for zero length, although unlikely here
48  if (strlen($built) == 0 || strlen($signature) == 0) {
49  return false;
50  }
51 
52  if (strlen($built) != strlen($signature)) {
53  return false;
54  }
55 
56  // Avoid a timing leak with a (hopefully) time insensitive compare
57  $result = 0;
58  for ($i = 0; $i < strlen($signature); $i++) {
59  $result |= ord($built{$i}) ^ ord($signature{$i});
60  }
61 
62  return $result == 0;
63 
64  }
65 
66 }
$result
$result
Definition: CleanUpTest.php:463
IMSGlobal\LTI\OAuth\OAuthSignatureMethod\build_signature
build_signature($request, $consumer, $token)
Build up the signature NOTE: The output of this function MUST NOT be urlencoded.
IMSGlobal\LTI\OAuth\OAuthSignatureMethod
Class to represent an OAuth Signature Method.
Definition: OAuthSignatureMethod.php:16
$consumer
$consumer
Definition: demo.php:30
IMSGlobal\LTI\OAuth\OAuthSignatureMethod\check_signature
check_signature($request, $consumer, $token, $signature)
Verifies that a given signature is correct.
Definition: OAuthSignatureMethod.php:43
IMSGlobal\LTI\OAuth\OAuthSignatureMethod\get_name
get_name()
Needs to return the name of the Signature Method (ie HMAC-SHA1)
$i
$i
Definition: disco.tpl.php:19