You are here

abstract class OAuthSignatureMethod in OAuth 1.0 7.3

Same name and namespace in other branches
  1. 6.3 lib/OAuth.php \OAuthSignatureMethod
  2. 6 OAuth.php \OAuthSignatureMethod

A class for implementing a Signature Method See section 9 ("Signing Requests") in the spec

Hierarchy

Expanded class hierarchy of OAuthSignatureMethod

File

lib/OAuth.php, line 72
OAuth 1.0 server and client library.

View source
abstract class OAuthSignatureMethod {

  /**
   * Needs to return the name of the Signature Method (ie HMAC-SHA1)
   * @return string
   */
  public abstract function get_name();

  /**
   * Build up the signature
   * NOTE: The output of this function MUST NOT be urlencoded.
   * the encoding is handled in OAuthRequest when the final
   * request is serialized
   * @param OAuthRequest $request
   * @param OAuthConsumer $consumer
   * @param OAuthToken $token
   * @return string
   */
  public abstract function build_signature($request, $consumer, $token);

  /**
   * Verifies that a given signature is correct
   * @param OAuthRequest $request
   * @param OAuthConsumer $consumer
   * @param OAuthToken $token
   * @param string $signature
   * @return bool
   */
  public function check_signature($request, $consumer, $token, $signature) {
    $built = $this
      ->build_signature($request, $consumer, $token);

    // Check for zero length, although unlikely here
    if (strlen($built) == 0 || strlen($signature) == 0) {
      return false;
    }
    if (strlen($built) != strlen($signature)) {
      return false;
    }

    // Avoid a timing leak with a (hopefully) time insensitive compare
    $result = 0;
    for ($i = 0; $i < strlen($signature); $i++) {
      $result |= ord($built[$i]) ^ ord($signature[$i]);
    }
    return $result == 0;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
OAuthSignatureMethod::build_signature abstract public function Build up the signature NOTE: The output of this function MUST NOT be urlencoded. the encoding is handled in OAuthRequest when the final request is serialized 4
OAuthSignatureMethod::check_signature public function Verifies that a given signature is correct 1
OAuthSignatureMethod::get_name abstract public function Needs to return the name of the Signature Method (ie HMAC-SHA1) 4