156 lines
4.6 KiB
PHP
156 lines
4.6 KiB
PHP
<?php
|
|
|
|
require_once("OAuth.php");
|
|
require_once("TrivialOAuthDataStore.php");
|
|
|
|
function getLastOAuthBodyBaseString()
|
|
{
|
|
global $LastOAuthBodyBaseString;
|
|
return $LastOAuthBodyBaseString;
|
|
}
|
|
|
|
function getOAuthKeyFromHeaders()
|
|
{
|
|
$request_headers = OAuthUtil::get_headers();
|
|
// print_r($request_headers);
|
|
|
|
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
|
|
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
|
|
|
|
// echo("HEADER PARMS=\n");
|
|
// print_r($header_parameters);
|
|
return $header_parameters['oauth_consumer_key'];
|
|
}
|
|
return false;
|
|
}
|
|
|
|
function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret)
|
|
{
|
|
$request_headers = OAuthUtil::get_headers();
|
|
// print_r($request_headers);
|
|
|
|
// Must reject application/x-www-form-urlencoded
|
|
$hdr = $request_headers['Content-type'];
|
|
if (!isset($hdr)) {
|
|
$hdr = $request_headers['Content-Type'];
|
|
}
|
|
if ($hdr == 'application/x-www-form-urlencoded') {
|
|
throw new Exception("OAuth request body signing must not use application/x-www-form-urlencoded");
|
|
}
|
|
|
|
if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
|
|
$header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
|
|
|
|
// echo("HEADER PARMS=\n");
|
|
// print_r($header_parameters);
|
|
$oauth_body_hash = $header_parameters['oauth_body_hash'];
|
|
// echo("OBH=".$oauth_body_hash."\n");
|
|
}
|
|
|
|
if (! isset($oauth_body_hash)) {
|
|
throw new Exception("OAuth request body signing requires oauth_body_hash body");
|
|
}
|
|
|
|
// Verify the message signature
|
|
$store = new TrivialOAuthDataStore();
|
|
$store->add_consumer($oauth_consumer_key, $oauth_consumer_secret);
|
|
|
|
$server = new OAuthServer($store);
|
|
|
|
$method = new OAuthSignatureMethod_HMAC_SHA1();
|
|
$server->add_signature_method($method);
|
|
$request = OAuthRequest::from_request();
|
|
|
|
global $LastOAuthBodyBaseString;
|
|
$LastOAuthBodyBaseString = $request->get_signature_base_string();
|
|
// echo($LastOAuthBodyBaseString."\n");
|
|
|
|
try {
|
|
$server->verify_request($request);
|
|
} catch (Exception $e) {
|
|
$message = $e->getMessage();
|
|
throw new Exception("OAuth signature failed: " . $message);
|
|
}
|
|
|
|
$postdata = file_get_contents('php://input');
|
|
// echo($postdata);
|
|
|
|
$hash = base64_encode(sha1($postdata, true));
|
|
|
|
if ($hash != $oauth_body_hash) {
|
|
throw new Exception("OAuth oauth_body_hash mismatch");
|
|
}
|
|
|
|
return $postdata;
|
|
}
|
|
|
|
function sendOAuthBodyPOST($method, $endpoint, $oauth_consumer_key, $oauth_consumer_secret, $content_type, $body)
|
|
{
|
|
$hash = base64_encode(sha1($body, true));
|
|
|
|
$parms = ['oauth_body_hash' => $hash];
|
|
|
|
$test_token = '';
|
|
$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
|
|
$test_consumer = new OAuthConsumer($oauth_consumer_key, $oauth_consumer_secret, null);
|
|
|
|
$acc_req = OAuthRequest::from_consumer_and_token($test_consumer, $test_token, $method, $endpoint, $parms);
|
|
$acc_req->sign_request($hmac_method, $test_consumer, $test_token);
|
|
|
|
// Pass this back up "out of band" for debugging
|
|
global $LastOAuthBodyBaseString;
|
|
$LastOAuthBodyBaseString = $acc_req->get_signature_base_string();
|
|
// echo($LastOAuthBodyBaseString."\m");
|
|
|
|
$header = $acc_req->to_header();
|
|
$header = $header . "\r\nContent-type: " . $content_type . "\r\n";
|
|
|
|
$params = ['http' => [
|
|
'method' => 'POST',
|
|
'content' => $body,
|
|
'header' => $header
|
|
]];
|
|
try {
|
|
$ctx = stream_context_create($params);
|
|
$fp = @fopen($endpoint, 'rb', false, $ctx);
|
|
} catch (Exception $e) {
|
|
$fp = false;
|
|
}
|
|
if ($fp) {
|
|
$response = @stream_get_contents($fp);
|
|
} else { // Try CURL
|
|
$headers = explode("\r\n", $header);
|
|
$response = sendXmlOverPost($endpoint, $body, $headers);
|
|
}
|
|
|
|
if ($response === false) {
|
|
throw new Exception("Problem reading data from $endpoint, $php_errormsg");
|
|
}
|
|
return $response;
|
|
}
|
|
|
|
function sendXmlOverPost($url, $xml, $header)
|
|
{
|
|
$ch = curl_init();
|
|
curl_setopt($ch, CURLOPT_URL, $url);
|
|
|
|
// For xml, change the content-type.
|
|
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
|
|
|
|
curl_setopt($ch, CURLOPT_POST, 1);
|
|
curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
|
|
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // ask for results to be returned
|
|
/*
|
|
if(CurlHelper::checkHttpsURL($url)) {
|
|
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
|
|
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
|
|
}
|
|
*/
|
|
|
|
// Send to remote and return data to caller.
|
|
$result = curl_exec($ch);
|
|
curl_close($ch);
|
|
return $result;
|
|
}
|