Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
Total | |
0.00% |
0 / 13 |
|
0.00% |
0 / 2 |
CRAP | |
0.00% |
0 / 1 |
OAuthSignatureMethod | |
0.00% |
0 / 13 |
|
0.00% |
0 / 2 |
42 | |
0.00% |
0 / 1 |
__construct | |
0.00% |
0 / 1 |
|
0.00% |
0 / 1 |
2 | |||
get_name | n/a |
0 / 0 |
n/a |
0 / 0 |
0 | |||||
build_signature | n/a |
0 / 0 |
n/a |
0 / 0 |
0 | |||||
check_signature | |
0.00% |
0 / 12 |
|
0.00% |
0 / 1 |
30 |
1 | <?php |
2 | // vim: foldmethod=marker |
3 | /** |
4 | * The MIT License |
5 | * |
6 | * Copyright (c) 2007 Andy Smith |
7 | * |
8 | * Permission is hereby granted, free of charge, to any person obtaining a copy |
9 | * of this software and associated documentation files ( the "Software" ), to deal |
10 | * in the Software without restriction, including without limitation the rights |
11 | * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell |
12 | * copies of the Software, and to permit persons to whom the Software is |
13 | * furnished to do so, subject to the following conditions: |
14 | * |
15 | * The above copyright notice and this permission notice shall be included in |
16 | * all copies or substantial portions of the Software. |
17 | * |
18 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR |
19 | * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, |
20 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE |
21 | * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER |
22 | * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, |
23 | * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN |
24 | * THE SOFTWARE. |
25 | */ |
26 | |
27 | namespace MediaWiki\Extension\OAuth\Lib; |
28 | |
29 | use MediaWiki\Extension\OAuth\Lib\OAuthConsumer; |
30 | use MediaWiki\Extension\OAuth\Lib\OAuthRequest; |
31 | use MediaWiki\Extension\OAuth\Lib\OAuthToken; |
32 | use MediaWiki\Logger\LoggerFactory; |
33 | use Psr\Log\LoggerInterface; |
34 | |
35 | /** |
36 | * A class for implementing a Signature Method |
37 | * See section 9 ( "Signing Requests" ) in the spec |
38 | */ |
39 | abstract class OAuthSignatureMethod { |
40 | |
41 | /** @var LoggerInterface */ |
42 | protected $logger; |
43 | |
44 | public function __construct() { |
45 | $this->logger = LoggerFactory::getInstance( 'OAuth' ); |
46 | } |
47 | |
48 | /** |
49 | * Needs to return the name of the Signature Method ( ie HMAC-SHA1 ) |
50 | * @return string |
51 | */ |
52 | abstract public function get_name(); |
53 | |
54 | /** |
55 | * Build up the signature |
56 | * NOTE: The output of this function MUST NOT be urlencoded. |
57 | * the encoding is handled in OAuthRequest when the final |
58 | * request is serialized |
59 | * @param OAuthRequest $request |
60 | * @param OAuthConsumer $consumer |
61 | * @param OAuthToken $token |
62 | * @return string |
63 | */ |
64 | abstract public function build_signature( $request, $consumer, $token ); |
65 | |
66 | /** |
67 | * Verifies that a given signature is correct |
68 | * @param OAuthRequest $request |
69 | * @param OAuthConsumer $consumer |
70 | * @param OAuthToken $token |
71 | * @param string|null $signature |
72 | * @return bool |
73 | */ |
74 | public function check_signature( $request, $consumer, $token, $signature ) { |
75 | $signature = $signature ?? ''; |
76 | $this->logger->debug( __METHOD__ . ": Expecting: '$signature'" ); |
77 | $built = $this->build_signature( $request, $consumer, $token ); |
78 | $this->logger->debug( __METHOD__ . ": Built: '$built'" ); |
79 | // Check for zero length, although unlikely here |
80 | if ( strlen( $built ) == 0 || strlen( $signature ) == 0 ) { |
81 | return false; |
82 | } |
83 | |
84 | if ( strlen( $built ) != strlen( $signature ) ) { |
85 | return false; |
86 | } |
87 | |
88 | // Avoid a timing leak with a ( hopefully ) time insensitive compare |
89 | $result = 0; |
90 | for ( $i = 0; $i < strlen( $signature ); $i++ ) { |
91 | $result |= ord( $built[$i] ) ^ ord( $signature[$i] ); |
92 | } |
93 | |
94 | return $result == 0; |
95 | } |
96 | } |