<?php

[0] Fix | Delete

[1] Fix | Delete

namespace Eher\OAuth\SignatureMethod;

[2] Fix | Delete

[3] Fix | Delete

/**

[4] Fix | Delete

* The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in

[5] Fix | Delete

* [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for

[6] Fix | Delete

* EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a

[7] Fix | Delete

* verified way to the Service Provider, in a manner which is beyond the scope of this

[8] Fix | Delete

* specification.

[9] Fix | Delete

* - Chapter 9.3 ("RSA-SHA1")

[10] Fix | Delete

*/

[11] Fix | Delete

abstract class RsaSha1 extends SignatureMethod {

[12] Fix | Delete

public function get_name() {

[13] Fix | Delete

return "RSA-SHA1";

[14] Fix | Delete

}

[15] Fix | Delete

[16] Fix | Delete

// Up to the SP to implement this lookup of keys. Possible ideas are:

[17] Fix | Delete

// (1) do a lookup in a table of trusted certs keyed off of consumer

[18] Fix | Delete

// (2) fetch via http using a url provided by the requester

[19] Fix | Delete

// (3) some sort of specific discovery code based on request

[20] Fix | Delete

//

[21] Fix | Delete

// Either way should return a string representation of the certificate

[22] Fix | Delete

protected abstract function fetch_public_cert(&$request);

[23] Fix | Delete

[24] Fix | Delete

// Up to the SP to implement this lookup of keys. Possible ideas are:

[25] Fix | Delete

// (1) do a lookup in a table of trusted certs keyed off of consumer

[26] Fix | Delete

//

[27] Fix | Delete

// Either way should return a string representation of the certificate

[28] Fix | Delete

protected abstract function fetch_private_cert(&$request);

[29] Fix | Delete

[30] Fix | Delete

public function build_signature($request, $consumer, $token) {

[31] Fix | Delete

$base_string = $request->get_signature_base_string();

[32] Fix | Delete

$request->base_string = $base_string;

[33] Fix | Delete

[34] Fix | Delete

// Fetch the private key cert based on the request

[35] Fix | Delete

$cert = $this->fetch_private_cert($request);

[36] Fix | Delete

[37] Fix | Delete

// Pull the private key ID from the certificate

[38] Fix | Delete

$privatekeyid = openssl_get_privatekey($cert);

[39] Fix | Delete

[40] Fix | Delete

// Sign using the key

[41] Fix | Delete

$ok = openssl_sign($base_string, $signature, $privatekeyid);

[42] Fix | Delete

[43] Fix | Delete

// Release the key resource

[44] Fix | Delete

openssl_free_key($privatekeyid);

[45] Fix | Delete

[46] Fix | Delete

return base64_encode($signature);

[47] Fix | Delete

}

[48] Fix | Delete

[49] Fix | Delete

public function check_signature($request, $consumer, $token, $signature) {

[50] Fix | Delete

$decoded_sig = base64_decode($signature);

[51] Fix | Delete

[52] Fix | Delete

$base_string = $request->get_signature_base_string();

[53] Fix | Delete

[54] Fix | Delete

// Fetch the public key cert based on the request

[55] Fix | Delete

$cert = $this->fetch_public_cert($request);

[56] Fix | Delete

[57] Fix | Delete

// Pull the public key ID from the certificate

[58] Fix | Delete

$publickeyid = openssl_get_publickey($cert);

[59] Fix | Delete

[60] Fix | Delete

// Check the computed signature against the one passed in the query

[61] Fix | Delete

$ok = openssl_verify($base_string, $decoded_sig, $publickeyid);

[62] Fix | Delete

[63] Fix | Delete

// Release the key resource

[64] Fix | Delete

openssl_free_key($publickeyid);

[65] Fix | Delete

[66] Fix | Delete

return $ok == 1;

[67] Fix | Delete

}

[68] Fix | Delete

}

[69] Fix | Delete

[70] Fix | Delete