Home Explore Help
Sign In
Atenea
/
sgi
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: dc4c9a5235
Branches Tags
sgi
/
moodle
/
ims-blti
/
OAuthBody.php

OAuthBody.php 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152 
  1. <?php
    2. 

  2. 

  3. require_once("OAuth.php");
    4. 

  4. require_once("TrivialOAuthDataStore.php");
    5. 

  5. 

  6. function getLastOAuthBodyBaseString() {
    7. 

  7.     global $LastOAuthBodyBaseString;
    8. 

  8.     return $LastOAuthBodyBaseString;
    9. 

  9. }
    10. 

  10. 

  11. function getOAuthKeyFromHeaders() 
    12. 

  12. {
    13. 

  13.     $request_headers = OAuthUtil::get_headers();
    14. 

  14.     // print_r($request_headers);
    15. 

  15. 

  16.     if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
    17. 

  17.         $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
    18. 

  18. 

  19.         // echo("HEADER PARMS=\n");
    20. 

  20.         // print_r($header_parameters);
    21. 

  21.         return $header_parameters['oauth_consumer_key'];
    22. 

  22.     }
    23. 

  23.     return false;
    24. 

  24. }
    25. 

  25.  
    26. 

  26. function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret) 
    27. 

  27. {
    28. 

  28.     $request_headers = OAuthUtil::get_headers();
    29. 

  29.     // print_r($request_headers);
    30. 

  30. 

  31.     // Must reject application/x-www-form-urlencoded
    32. 

  32.     $hdr = $request_headers['Content-type'];
    33. 

  33.     if ( !isset($hdr) ) $hdr = $request_headers['Content-Type'];
    34. 

  34.     if ($hdr == 'application/x-www-form-urlencoded' ) {
    35. 

  35.         throw new Exception("OAuth request body signing must not use application/x-www-form-urlencoded");
    36. 

  36.     }
    37. 

  37. 

  38.     if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
    39. 

  39.         $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
    40. 

  40. 

  41.         // echo("HEADER PARMS=\n");
    42. 

  42.         // print_r($header_parameters);
    43. 

  43.         $oauth_body_hash = $header_parameters['oauth_body_hash'];
    44. 

  44.         // echo("OBH=".$oauth_body_hash."\n");
    45. 

  45.     }
    46. 

  46. 

  47.     if ( ! isset($oauth_body_hash)  ) {
    48. 

  48.         throw new Exception("OAuth request body signing requires oauth_body_hash body");
    49. 

  49.     }
    50. 

  50. 

  51.     // Verify the message signature
    52. 

  52.     $store = new TrivialOAuthDataStore();
    53. 

  53.     $store->add_consumer($oauth_consumer_key, $oauth_consumer_secret);
    54. 

  54. 

  55.     $server = new OAuthServer($store);
    56. 

  56. 

  57.     $method = new OAuthSignatureMethod_HMAC_SHA1();
    58. 

  58.     $server->add_signature_method($method);
    59. 

  59.     $request = OAuthRequest::from_request();
    60. 

  60. 

  61.     global $LastOAuthBodyBaseString;
    62. 

  62.     $LastOAuthBodyBaseString = $request->get_signature_base_string();
    63. 

  63.     // echo($LastOAuthBodyBaseString."\n");
    64. 

  64. 

  65.     try {
    66. 

  66.         $server->verify_request($request);
    67. 

  67.     } catch (Exception $e) {
    68. 

  68.         $message = $e->getMessage();
    69. 

  69.         throw new Exception("OAuth signature failed: " . $message);
    70. 

  70.     }
    71. 

  71. 

  72.     $postdata = file_get_contents('php://input');
    73. 

  73.     // echo($postdata);
    74. 

  74. 

  75.     $hash = base64_encode(sha1($postdata, TRUE));
    76. 

  76. 

  77.     if ( $hash != $oauth_body_hash ) {
    78. 

  78.         throw new Exception("OAuth oauth_body_hash mismatch");
    79. 

  79.     }
    80. 

  80. 

  81.     return $postdata;
    82. 

  82. }
    83. 

  83. 

  84. function sendOAuthBodyPOST($method, $endpoint, $oauth_consumer_key, $oauth_consumer_secret, $content_type, $body)
    85. 

  85. {
    86. 

  86.     $hash = base64_encode(sha1($body, TRUE));
    87. 

  87. 

  88.     $parms = array('oauth_body_hash' => $hash);
    89. 

  89. 

  90.     $test_token = '';
    91. 

  91.     $hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
    92. 

  92.     $test_consumer = new OAuthConsumer($oauth_consumer_key, $oauth_consumer_secret, NULL);
    93. 

  93. 

  94.     $acc_req = OAuthRequest::from_consumer_and_token($test_consumer, $test_token, $method, $endpoint, $parms);
    95. 

  95.     $acc_req->sign_request($hmac_method, $test_consumer, $test_token);
    96. 

  96. 

  97.     // Pass this back up "out of band" for debugging
    98. 

  98.     global $LastOAuthBodyBaseString;
    99. 

  99.     $LastOAuthBodyBaseString = $acc_req->get_signature_base_string();
    100. 

  100.     // echo($LastOAuthBodyBaseString."\m");
    101. 

  101. 

  102.     $header = $acc_req->to_header();
    103. 

  103.     $header = $header . "\r\nContent-type: " . $content_type . "\r\n";
    104. 

  104. 

  105.     $params = array('http' => array(
    106. 

  106.         'method' => 'POST',
    107. 

  107.         'content' => $body,
    108. 

  108.         'header' => $header
    109. 

  109.         ));
    110. 

  110.     try {
    111. 

  111.         $ctx = stream_context_create($params);
    112. 

  112.         $fp = @fopen($endpoint, 'rb', false, $ctx);
    113. 

  113.     } catch (Exception $e) {
    114. 

  114.         $fp = false;
    115. 

  115.     }
    116. 

  116.     if ($fp) {
    117. 

  117.         $response = @stream_get_contents($fp);
    118. 

  118.     } else {  // Try CURL
    119. 

  119.         $headers = explode("\r\n",$header);
    120. 

  120.         $response = sendXmlOverPost($endpoint, $body, $headers);
    121. 

  121.     }
    122. 

  122. 

  123.     if ($response === false) {
    124. 

  124.         throw new Exception("Problem reading data from $endpoint, $php_errormsg");
    125. 

  125.     }
    126. 

  126.     return $response;
    127. 

  127. }
    128. 

  128. 

  129. function sendXmlOverPost($url, $xml, $header) {
    130. 

  130.   $ch = curl_init();
    131. 

  131.   curl_setopt($ch, CURLOPT_URL, $url);
    132. 

  132. 

  133.   // For xml, change the content-type.
    134. 

  134.   curl_setopt ($ch, CURLOPT_HTTPHEADER, $header);
    135. 

  135. 

  136.   curl_setopt($ch, CURLOPT_POST, 1);
    137. 

  137.   curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
    138. 

  138. 

  139.   curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // ask for results to be returned
    140. 

  140. /*
    141. 

  141.   if(CurlHelper::checkHttpsURL($url)) { 
    142. 

  142.     curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
    143. 

  143.     curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
    144. 

  144.   }
    145. 

  145. */
    146. 

  146. 

  147.   // Send to remote and return data to caller.
    148. 

  148.   $result = curl_exec($ch);
    149. 

  149.   curl_close($ch);
    150. 

  150.   return $result;
    151. 

  151. }
    152. 

  152.