public function OAuthSignatureMethod_RSA_SHA1::check_signature in OAuth 1.0 7.3
Same name and namespace in other branches
- 6.3 lib/OAuth.php \OAuthSignatureMethod_RSA_SHA1::check_signature()
- 6 OAuth.php \OAuthSignatureMethod_RSA_SHA1::check_signature()
Verifies that a given signature is correct
Parameters
OAuthRequest $request:
OAuthConsumer $consumer:
OAuthToken $token:
string $signature:
Return value
bool
Overrides OAuthSignatureMethod::check_signature
File
- lib/
OAuth.php, line 228 - OAuth 1.0 server and client library.
Class
- OAuthSignatureMethod_RSA_SHA1
- The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA…
Code
public function check_signature($request, $consumer, $token, $signature) {
$decoded_sig = base64_decode($signature);
$base_string = $request
->get_signature_base_string();
// Fetch the public key cert based on the request
$cert = $this
->fetch_public_cert($request);
// Pull the public key ID from the certificate
$publickeyid = openssl_get_publickey($cert);
// Check the computed signature against the one passed in the query
$ok = openssl_verify($base_string, $decoded_sig, $publickeyid);
// Release the key resource
openssl_free_key($publickeyid);
return $ok == 1;
}