2018-01-28 12:17:19 -05:00
|
|
|
<?php
|
2021-09-13 14:51:12 -04:00
|
|
|
|
2018-01-28 12:17:19 -05:00
|
|
|
/**
|
|
|
|
* The MIT License
|
|
|
|
* Copyright (c) 2007 Andy Smith
|
|
|
|
*/
|
2021-09-13 14:51:12 -04:00
|
|
|
|
|
|
|
declare(strict_types=1);
|
|
|
|
|
2018-01-28 12:17:19 -05:00
|
|
|
namespace Abraham\TwitterOAuth;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* A class for implementing a Signature Method
|
|
|
|
* See section 9 ("Signing Requests") in the spec
|
|
|
|
*/
|
|
|
|
abstract class SignatureMethod
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Needs to return the name of the Signature Method (ie HMAC-SHA1)
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
abstract public function getName();
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Build up the signature
|
|
|
|
* NOTE: The output of this function MUST NOT be urlencoded.
|
|
|
|
* the encoding is handled in OAuthRequest when the final
|
|
|
|
* request is serialized
|
|
|
|
*
|
|
|
|
* @param Request $request
|
|
|
|
* @param Consumer $consumer
|
|
|
|
* @param Token $token
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
2021-09-13 14:51:12 -04:00
|
|
|
abstract public function buildSignature(
|
|
|
|
Request $request,
|
|
|
|
Consumer $consumer,
|
|
|
|
Token $token = null
|
|
|
|
);
|
2018-01-28 12:17:19 -05:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Verifies that a given signature is correct
|
|
|
|
*
|
|
|
|
* @param Request $request
|
|
|
|
* @param Consumer $consumer
|
|
|
|
* @param Token $token
|
|
|
|
* @param string $signature
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
2021-09-13 14:51:12 -04:00
|
|
|
public function checkSignature(
|
|
|
|
Request $request,
|
|
|
|
Consumer $consumer,
|
|
|
|
Token $token,
|
|
|
|
string $signature
|
|
|
|
): bool {
|
2018-01-28 12:17:19 -05:00
|
|
|
$built = $this->buildSignature($request, $consumer, $token);
|
|
|
|
|
|
|
|
// Check for zero length, although unlikely here
|
|
|
|
if (strlen($built) == 0 || strlen($signature) == 0) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (strlen($built) != strlen($signature)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Avoid a timing leak with a (hopefully) time insensitive compare
|
|
|
|
$result = 0;
|
|
|
|
for ($i = 0; $i < strlen($signature); $i++) {
|
2021-09-13 14:51:12 -04:00
|
|
|
$result |= ord($built[$i]) ^ ord($signature[$i]);
|
2018-01-28 12:17:19 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
return $result == 0;
|
|
|
|
}
|
|
|
|
}
|