1<?php 2 3namespace IMSGlobal\LTI\OAuth; 4 5/** 6 * Class to represent an %OAuth Signature Method 7 * 8 * @copyright Andy Smith 9 * @version 2008-08-04 10 * @license https://opensource.org/licenses/MIT The MIT License 11 */ 12/** 13 * A class for implementing a Signature Method 14 * See section 9 ("Signing Requests") in the spec 15 */ 16abstract class OAuthSignatureMethod { 17 /** 18 * Needs to return the name of the Signature Method (ie HMAC-SHA1) 19 * @return string 20 */ 21 abstract public function get_name(); 22 23 /** 24 * Build up the signature 25 * NOTE: The output of this function MUST NOT be urlencoded. 26 * the encoding is handled in OAuthRequest when the final 27 * request is serialized 28 * @param OAuthRequest $request 29 * @param OAuthConsumer $consumer 30 * @param OAuthToken $token 31 * @return string 32 */ 33 abstract public function build_signature($request, $consumer, $token); 34 35 /** 36 * Verifies that a given signature is correct 37 * @param OAuthRequest $request 38 * @param OAuthConsumer $consumer 39 * @param OAuthToken $token 40 * @param string $signature 41 * @return bool 42 */ 43 public function check_signature($request, $consumer, $token, $signature) { 44 45 $built = $this->build_signature($request, $consumer, $token); 46 47 // Check for zero length, although unlikely here 48 if (strlen($built) == 0 || strlen($signature) == 0) { 49 return false; 50 } 51 52 if (strlen($built) != strlen($signature)) { 53 return false; 54 } 55 56 // Avoid a timing leak with a (hopefully) time insensitive compare 57 $result = 0; 58 for ($i = 0; $i < strlen($signature); $i++) { 59 $result |= ord($built[$i]) ^ ord($signature[$i]); 60 } 61 62 return $result == 0; 63 64 } 65 66} 67