root/sampleapps/testOauth.php
| Revision 84, 3.6 kB (checked in by plindner@…, 2 years ago) |
|---|
| Line | |
|---|---|
| 1 | <? |
| 2 | require_once("OAuth.php"); |
| 3 | |
| 4 | |
| 5 | //Determine the URL of the request |
| 6 | $url = ( $_SERVER['HTTPS'] ? "https://" : "http://" ) . |
| 7 | $_SERVER['HTTP_HOST'] . |
| 8 | ($_SERVER['HTTP_PORT'] ? (":" . $_SERVER['HTTP_PORT']) : "") . |
| 9 | $_SERVER['PHP_SELF']; |
| 10 | |
| 11 | |
| 12 | //Orkut's public key certificate |
| 13 | |
| 14 | $orkut_cert = <<<EOD |
| 15 | -----BEGIN CERTIFICATE----- |
| 16 | MIIDHDCCAoWgAwIBAgIJAMbTCksqLiWeMA0GCSqGSIb3DQEBBQUAMGgxCzAJBgNV |
| 17 | BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIG |
| 18 | A1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlh |
| 19 | bjAeFw0wODAxMDgxOTE1MjdaFw0wOTAxMDcxOTE1MjdaMGgxCzAJBgNVBAYTAlVT |
| 20 | MQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChML |
| 21 | R29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVscnlhbjCBnzAN |
| 22 | BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAseBXZ4NDhm24nX3sJRiZJhvy9eDZX12G |
| 23 | j4HWAMmhAcnm2iBgYpAigwhVHtOs+ZIUIdzQHvHeNd0ydc1Jg8e+C+Mlzo38OvaG |
| 24 | D3qwvzJ0LNn7L80c0XVrvEALdD9zrO+0XSZpTK9PJrl2W59lZlJFUk3pV+jFR8NY |
| 25 | eB/fto7AVtECAwEAAaOBzTCByjAdBgNVHQ4EFgQUv7TZGZaI+FifzjpTVjtPHSvb |
| 26 | XqUwgZoGA1UdIwSBkjCBj4AUv7TZGZaI+FifzjpTVjtPHSvbXqWhbKRqMGgxCzAJ |
| 27 | BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU |
| 28 | MBIGA1UEChMLR29vZ2xlIEluYy4xDjAMBgNVBAsTBU9ya3V0MQ4wDAYDVQQDEwVs |
| 29 | cnlhboIJAMbTCksqLiWeMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA |
| 30 | CETnhlEnCJVDXoEtSSwUBLP/147sqiu9a4TNqchTHJObwTwDPUMaU6XIs2OTMmFu |
| 31 | GeIYpkHXzTa9Q6IKlc7Bt2xkSeY3siRWCxvZekMxPvv7YTcnaVlZzHrVfAzqNsTG |
| 32 | P3J//C0j+8JWg6G+zuo5k7pNRKDY76GxxHPYamdLfwk= |
| 33 | -----END CERTIFICATE----- |
| 34 | EOD; |
| 35 | $hi5_cert = <<<EOD |
| 36 | -----BEGIN CERTIFICATE----- |
| 37 | MIIDHzCCAoigAwIBAgIQZMuxK+KKS5wF/rjXp3z/KTANBgkqhkiG9w0BAQUFADCB |
| 38 | hzELMAkGA1UEBhMCWkExIjAgBgNVBAgTGUZPUiBURVNUSU5HIFBVUlBPU0VTIE9O |
| 39 | TFkxHTAbBgNVBAoTFFRoYXd0ZSBDZXJ0aWZpY2F0aW9uMRcwFQYDVQQLEw5URVNU |
| 40 | IFRFU1QgVEVTVDEcMBoGA1UEAxMTVGhhd3RlIFRlc3QgQ0EgUm9vdDAeFw0wODAz |
| 41 | MjYwMDEyMDdaFw0wODA0MTYwMDEyMDdaMIGuMRcwFQYDVQQKEw5oaTVtb2R1bGVz |
| 42 | LmNvbTEZMBcGA1UECxMQRG9tYWluIFZhbGlkYXRlZDE7MDkGA1UECxMyR28gdG8g |
| 43 | aHR0cHM6Ly93d3cudGhhd3RlLmNvbS9yZXBvc2l0b3J5L2luZGV4Lmh0bWwxIjAg |
| 44 | BgNVBAsTGVRoYXd0ZSBTU0wxMjMgY2VydGlmaWNhdGUxFzAVBgNVBAMTDmhpNW1v |
| 45 | ZHVsZXMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZgdrYsECeGO/Y |
| 46 | srDfaO/vIyMq7+DYdAmImzwg35wnti3Dr3B6kS6OeRiBAIUTvdZXX3XitJFxVlDF |
| 47 | H/PbRimm0d3eQvSfW3+0xIhF9C3E9QFj6LWBz6bBlh5p0pSXygAZ9AXR1OMM2lDR |
| 48 | R9hwQp1YVjzJk3hYW2qD591auROQvwIDAQABo2MwYTAMBgNVHRMBAf8EAjAAMB0G |
| 49 | A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAyBggrBgEFBQcBAQQmMCQwIgYI |
| 50 | KwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0ZS5jb20wDQYJKoZIhvcNAQEFBQAD |
| 51 | gYEABdPtdX56mPwSfPMzgSLH7RueLZi5HXqW2krojWsOv3VFnayQKuzXdy5DZrMY |
| 52 | /tI2AUPXicvBW3GjTfSKmUNvsOXUIC8az3K3iTs1KKekUaidLRlaRZIO0FVEJH5u |
| 53 | gO9HqAcXxrx99/3agvAVTKAFBFJtiWD1i1LkYeqKrPQOPo8= |
| 54 | -----END CERTIFICATE----- |
| 55 | EOD; |
| 56 | |
| 57 | |
| 58 | |
| 59 | //Compute the raw form of the signed request using the OAuth library. |
| 60 | $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url, array_merge($_GET, $_POST)); |
| 61 | $sig = array( |
| 62 | urlencode($req->get_normalized_http_method()), |
| 63 | urlencode($req->get_normalized_http_url()), |
| 64 | urlencode($req->get_signable_parameters()), |
| 65 | ); |
| 66 | $raw = implode("&", $sig); |
| 67 | |
| 68 | //Get the signature passed in the query and urldecode it |
| 69 | $signature = base64_decode($_GET["oauth_signature"]); |
| 70 | |
| 71 | //Pull the public key ID from the certificate |
| 72 | $publickeyid = openssl_get_publickey($hi5_cert); |
| 73 | |
| 74 | //Check the computer signature against the one passed in the query |
| 75 | $ok = openssl_verify($raw, $signature, $publickeyid); |
| 76 | |
| 77 | //Release the key resource |
| 78 | openssl_free_key($publickeyid); |
| 79 | |
| 80 | //Pass JSON data back |
| 81 | |
| 82 | $payload = array(); |
| 83 | if ($ok == 1) { |
| 84 | $payload["validated"] = "Success! The data was validated"; |
| 85 | } else { |
| 86 | $payload["validated"] = "This request was spoofed"; |
| 87 | } |
| 88 | $payload["query"] = array_merge($_GET, $_POST); |
| 89 | print(json_encode($payload)); |
| 90 | ?> |
Note: See TracBrowser
for help on using the browser.
Download in other formats:
Powered by Trac 0.11
By Edgewall Software.
Visit the Trac open source project at
http://trac.edgewall.org/