ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
Public Member Functions | Protected Member Functions
OAuthSignatureMethod_RSA_SHA1 Class Reference

The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. More...

+ Inheritance diagram for OAuthSignatureMethod_RSA_SHA1:
+ Collaboration diagram for OAuthSignatureMethod_RSA_SHA1:

Public Member Functions

 get_name ()
 
 build_signature ($request, $consumer, $token)
 
 check_signature ($request, $consumer, $token, $signature)
 
- Public Member Functions inherited from OAuthSignatureMethod
 get_name ()
 Needs to return the name of the Signature Method (ie HMAC-SHA1) More...
 
 build_signature ($request, $consumer, $token)
 Build up the signature NOTE: The output of this function MUST NOT be urlencoded. More...
 
 check_signature ($request, $consumer, $token, $signature)
 Verifies that a given signature is correct. More...
 

Protected Member Functions

 fetch_public_cert (&$request)
 
 fetch_private_cert (&$request)
 

Detailed Description

The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5.

It is assumed that the Consumer has provided its RSA public key in a verified way to the Service Provider, in a manner which is beyond the scope of this specification.

  • Chapter 9.3 ("RSA-SHA1")

Definition at line 207 of file OAuth.php.

Member Function Documentation

◆ build_signature()

OAuthSignatureMethod_RSA_SHA1::build_signature (   $request,
  $consumer,
  $token 
)

Definition at line 228 of file OAuth.php.

References $request.

229  {
230  $base_string = $request->get_signature_base_string();
231  $request->base_string = $base_string;
232 
233  // Fetch the private key cert based on the request
234  $cert = $this->fetch_private_cert($request);
235 
236  // Pull the private key ID from the certificate
237  $privatekeyid = openssl_get_privatekey($cert);
238 
239  // Sign using the key
240  openssl_sign($base_string, $signature, $privatekeyid);
241 
242  // Release the key resource
243  openssl_free_key($privatekeyid);
244 
245  return base64_encode($signature);
246  }
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32
OAuthSignatureMethod_RSA_SHA1\fetch_private_cert
fetch_private_cert(&$request)

◆ check_signature()

OAuthSignatureMethod_RSA_SHA1::check_signature (   $request,
  $consumer,
  $token,
  $signature 
)

Definition at line 248 of file OAuth.php.

References $ok, and $request.

249  {
250  $decoded_sig = base64_decode($signature);
251 
252  $base_string = $request->get_signature_base_string();
253 
254  // Fetch the public key cert based on the request
255  $cert = $this->fetch_public_cert($request);
256 
257  // Pull the public key ID from the certificate
258  $publickeyid = openssl_get_publickey($cert);
259 
260  // Check the computed signature against the one passed in the query
261  $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
262 
263  // Release the key resource
264  openssl_free_key($publickeyid);
265 
266  return $ok == 1;
267  }
OAuthSignatureMethod_RSA_SHA1\fetch_public_cert
fetch_public_cert(&$request)
$request
foreach($paths as $path) $request
Definition: asyncclient.php:32

◆ fetch_private_cert()

OAuthSignatureMethod_RSA_SHA1::fetch_private_cert ( $request)
abstractprotected

◆ fetch_public_cert()

OAuthSignatureMethod_RSA_SHA1::fetch_public_cert ( $request)
abstractprotected

◆ get_name()

OAuthSignatureMethod_RSA_SHA1::get_name ( )

Definition at line 209 of file OAuth.php.

References $request.

210  {
211  return "RSA-SHA1";
212  }
The documentation for this class was generated from the following file: