Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.3.x will end 7 October 2024 (12 months).
  • Bug fixes for security issues in 4.3.x will end 21 April 2025 (18 months).
  • PHP version: minimum PHP 8.0.0 Note: minimum PHP version has increased since Moodle 4.1. PHP 8.2.x is supported too.
   1  <?php
   2  
   3  namespace IMSGlobal\LTI\OAuth;
   4  
   5  /**
   6   * Class to represent an %OAuth Signature Method
   7   *
   8   * @copyright  Andy Smith
   9   * @version 2008-08-04
  10   * @license https://opensource.org/licenses/MIT The MIT License
  11   */
  12  /**
  13   * A class for implementing a Signature Method
  14   * See section 9 ("Signing Requests") in the spec
  15   */
  16  abstract class OAuthSignatureMethod {
  17      /**
  18       * Needs to return the name of the Signature Method (ie HMAC-SHA1)
  19       * @return string
  20       */
  21      abstract public function get_name();
  22  
  23      /**
  24       * Build up the signature
  25       * NOTE: The output of this function MUST NOT be urlencoded.
  26       * the encoding is handled in OAuthRequest when the final
  27       * request is serialized
  28       * @param OAuthRequest $request
  29       * @param OAuthConsumer $consumer
  30       * @param OAuthToken $token
  31       * @return string
  32       */
  33      abstract public function build_signature($request, $consumer, $token);
  34  
  35      /**
  36       * Verifies that a given signature is correct
  37       * @param OAuthRequest $request
  38       * @param OAuthConsumer $consumer
  39       * @param OAuthToken $token
  40       * @param string $signature
  41       * @return bool
  42       */
  43      public function check_signature($request, $consumer, $token, $signature) {
  44  
  45          $built = $this->build_signature($request, $consumer, $token);
  46  
  47          // Check for zero length, although unlikely here
  48          if (strlen($built) == 0 || strlen($signature) == 0) {
  49              return false;
  50          }
  51  
  52          if (strlen($built) != strlen($signature)) {
  53              return false;
  54          }
  55  
  56          // Avoid a timing leak with a (hopefully) time insensitive compare
  57          $result = 0;
  58          for ($i = 0; $i < strlen($signature); $i++) {
  59              $result |= ord($built[$i]) ^ ord($signature[$i]);
  60          }
  61  
  62          return $result == 0;
  63  
  64      }
  65  
  66  }