ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Member Functions
OAuthSignatureMethod_RSA_SHA1 Class Reference

The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. More...

+ Inheritance diagram for OAuthSignatureMethod_RSA_SHA1:
+ Collaboration diagram for OAuthSignatureMethod_RSA_SHA1:

Public Member Functions

 get_name ()
 
 build_signature ($request, $consumer, $token)
 
 check_signature ($request, $consumer, $token, $signature)
 
- Public Member Functions inherited from OAuthSignatureMethod
 get_name ()
 Needs to return the name of the Signature Method (ie HMAC-SHA1) More...
 
 build_signature ($request, $consumer, $token)
 Build up the signature NOTE: The output of this function MUST NOT be urlencoded. More...
 
 check_signature ($request, $consumer, $token, $signature)
 Verifies that a given signature is correct. More...
 

Protected Member Functions

 fetch_public_cert (&$request)
 
 fetch_private_cert (&$request)
 

Detailed Description

The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5.

It is assumed that the Consumer has provided its RSA public key in a verified way to the Service Provider, in a manner which is beyond the scope of this specification.

  • Chapter 9.3 ("RSA-SHA1")

Definition at line 190 of file OAuth.php.

Member Function Documentation

◆ build_signature()

OAuthSignatureMethod_RSA_SHA1::build_signature (   $request,
  $consumer,
  $token 
)

Definition at line 209 of file OAuth.php.

References $ok.

209  {
210  $base_string = $request->get_signature_base_string();
211  $request->base_string = $base_string;
212 
213  // Fetch the private key cert based on the request
214  $cert = $this->fetch_private_cert($request);
215 
216  // Pull the private key ID from the certificate
217  $privatekeyid = openssl_get_privatekey($cert);
218 
219  // Sign using the key
220  $ok = openssl_sign($base_string, $signature, $privatekeyid);
221 
222  // Release the key resource
223  openssl_free_key($privatekeyid);
224 
225  return base64_encode($signature);
226  }
OAuthSignatureMethod_RSA_SHA1\fetch_private_cert
fetch_private_cert(&$request)

◆ check_signature()

OAuthSignatureMethod_RSA_SHA1::check_signature (   $request,
  $consumer,
  $token,
  $signature 
)

Definition at line 228 of file OAuth.php.

References $ok.

228  {
229  $decoded_sig = base64_decode($signature);
230 
231  $base_string = $request->get_signature_base_string();
232 
233  // Fetch the public key cert based on the request
234  $cert = $this->fetch_public_cert($request);
235 
236  // Pull the public key ID from the certificate
237  $publickeyid = openssl_get_publickey($cert);
238 
239  // Check the computed signature against the one passed in the query
240  $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
241 
242  // Release the key resource
243  openssl_free_key($publickeyid);
244 
245  return $ok == 1;
246  }
OAuthSignatureMethod_RSA_SHA1\fetch_public_cert
fetch_public_cert(&$request)

◆ fetch_private_cert()

OAuthSignatureMethod_RSA_SHA1::fetch_private_cert ( $request)
abstractprotected

◆ fetch_public_cert()

OAuthSignatureMethod_RSA_SHA1::fetch_public_cert ( $request)
abstractprotected

◆ get_name()

OAuthSignatureMethod_RSA_SHA1::get_name ( )

Definition at line 191 of file OAuth.php.

191  {
192  return "RSA-SHA1";
193  }
The documentation for this class was generated from the following file: