You are here

public function OAuthSignatureMethod_RSA_SHA1::check_signature in OAuth 1.0 7.3

Same name and namespace in other branches
  1. 6.3 lib/OAuth.php \OAuthSignatureMethod_RSA_SHA1::check_signature()
  2. 6 OAuth.php \OAuthSignatureMethod_RSA_SHA1::check_signature()

Verifies that a given signature is correct

Parameters

OAuthRequest $request:

OAuthConsumer $consumer:

OAuthToken $token:

string $signature:

Return value

bool

Overrides OAuthSignatureMethod::check_signature

File

lib/OAuth.php, line 228
OAuth 1.0 server and client library.

Class

OAuthSignatureMethod_RSA_SHA1
The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA…

Code

public function check_signature($request, $consumer, $token, $signature) {
  $decoded_sig = base64_decode($signature);
  $base_string = $request
    ->get_signature_base_string();

  // Fetch the public key cert based on the request
  $cert = $this
    ->fetch_public_cert($request);

  // Pull the public key ID from the certificate
  $publickeyid = openssl_get_publickey($cert);

  // Check the computed signature against the one passed in the query
  $ok = openssl_verify($base_string, $decoded_sig, $publickeyid);

  // Release the key resource
  openssl_free_key($publickeyid);
  return $ok == 1;
}