diff options
| author | Christian Cleberg <hello@cleberg.net> | 2023-05-22 15:37:34 -0500 |
|---|---|---|
| committer | Christian Cleberg <hello@cleberg.net> | 2023-05-22 15:37:34 -0500 |
| commit | 17ff8aec3a0d2e0a520849c42c40a154a0831495 (patch) | |
| tree | 8860d29e9d0f9acd1535c7827045864fc31f8d01 /vendor/eher/oauth/src/Eher/OAuth/RsaSha1.php | |
| download | michelangelo-17ff8aec3a0d2e0a520849c42c40a154a0831495.tar.gz michelangelo-17ff8aec3a0d2e0a520849c42c40a154a0831495.tar.bz2 michelangelo-17ff8aec3a0d2e0a520849c42c40a154a0831495.zip | |
initial commit
Diffstat (limited to 'vendor/eher/oauth/src/Eher/OAuth/RsaSha1.php')
| -rw-r--r-- | vendor/eher/oauth/src/Eher/OAuth/RsaSha1.php | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/vendor/eher/oauth/src/Eher/OAuth/RsaSha1.php b/vendor/eher/oauth/src/Eher/OAuth/RsaSha1.php new file mode 100644 index 0000000..a749ce3 --- /dev/null +++ b/vendor/eher/oauth/src/Eher/OAuth/RsaSha1.php @@ -0,0 +1,70 @@ +<?php + +namespace Eher\OAuth\SignatureMethod; + +/** + * The RSA-SHA1 signature method uses the RSASSA-PKCS1-v1_5 signature algorithm as defined in + * [RFC3447] section 8.2 (more simply known as PKCS#1), using SHA-1 as the hash function for + * EMSA-PKCS1-v1_5. It is assumed that the Consumer has provided its RSA public key in a + * verified way to the Service Provider, in a manner which is beyond the scope of this + * specification. + * - Chapter 9.3 ("RSA-SHA1") + */ +abstract class RsaSha1 extends SignatureMethod { + public function get_name() { + return "RSA-SHA1"; + } + + // Up to the SP to implement this lookup of keys. Possible ideas are: + // (1) do a lookup in a table of trusted certs keyed off of consumer + // (2) fetch via http using a url provided by the requester + // (3) some sort of specific discovery code based on request + // + // Either way should return a string representation of the certificate + protected abstract function fetch_public_cert(&$request); + + // Up to the SP to implement this lookup of keys. Possible ideas are: + // (1) do a lookup in a table of trusted certs keyed off of consumer + // + // Either way should return a string representation of the certificate + protected abstract function fetch_private_cert(&$request); + + public function build_signature($request, $consumer, $token) { + $base_string = $request->get_signature_base_string(); + $request->base_string = $base_string; + + // Fetch the private key cert based on the request + $cert = $this->fetch_private_cert($request); + + // Pull the private key ID from the certificate + $privatekeyid = openssl_get_privatekey($cert); + + // Sign using the key + $ok = openssl_sign($base_string, $signature, $privatekeyid); + + // Release the key resource + openssl_free_key($privatekeyid); + + return base64_encode($signature); + } + + public function check_signature($request, $consumer, $token, $signature) { + $decoded_sig = base64_decode($signature); + + $base_string = $request->get_signature_base_string(); + + // Fetch the public key cert based on the request + $cert = $this->fetch_public_cert($request); + + // Pull the public key ID from the certificate + $publickeyid = openssl_get_publickey($cert); + + // Check the computed signature against the one passed in the query + $ok = openssl_verify($base_string, $decoded_sig, $publickeyid); + + // Release the key resource + openssl_free_key($publickeyid); + + return $ok == 1; + } +} |