Permalink
Cannot retrieve contributors at this time
Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign up
Fetching contributors…
Cannot retrieve contributors at this time
| <?php | |
| namespace Shopello\API; | |
| class SignUri | |
| { | |
| /** | |
| * Sign a URI | |
| * | |
| * @param string $uri URI to Sign | |
| * @param string $secret Private Secret | |
| * @param string $paramName Name of URI Parameter to store the signature | |
| * @param array $params Variables to store inside of the signature | |
| * @return string Signed URI | |
| */ | |
| public function signUri($uri, $secret, $paramName, $params) | |
| { | |
| $join = (bool) parse_url($uri, PHP_URL_QUERY) ? '&' : '?'; | |
| return $uri.$join.$paramName.'='.$this->createSignature($secret, $params); | |
| } | |
| /** | |
| * Verify Signature and get Signed Data | |
| * | |
| * @param string $uri URI to Verify and Get Data from | |
| * @param string $secret Private Secret | |
| * @param string $paramName Name of URI Parameter to verify | |
| * @return array with valid data or false | |
| */ | |
| public function verifySignature($uri, $secret, $paramName) | |
| { | |
| $getParams = array(); | |
| parse_str(parse_url($uri, PHP_URL_QUERY), $getParams); | |
| if (!isset($getParams[$paramName])) { | |
| return false; | |
| } | |
| // Explode hash and data from eachother | |
| $parts = explode('.', $getParams[$paramName]); | |
| $data = array_pop($parts); | |
| // Decode the data | |
| $data = json_decode($this->base64UriDecode($data)); | |
| // Create a new signature based on the secret and data and compare it to the data | |
| // we're verifying, if it is correct, return the signed data. | |
| if ($this->createSignature($secret, $data) === $getParams[$paramName]) { | |
| return $data; | |
| } | |
| return false; | |
| } | |
| /** | |
| * Create Signature | |
| * | |
| * @param string $secret Private Secret | |
| * @param array $params Variables to store inside of the signature | |
| * @return string URI Signature | |
| */ | |
| private function createSignature($secret, $params) | |
| { | |
| $tokenData = $this->base64UriEncode(json_encode($params)); | |
| $hash = $this->hash($secret.$tokenData); | |
| return $hash.'.'.$tokenData; | |
| } | |
| /** | |
| * Internal Hashing method, it hashes and cuts of some data at the end of the | |
| * string to return it for usage | |
| */ | |
| private function hash($data) | |
| { | |
| $hash = hash('sha256', $data); | |
| return substr($hash, -12); | |
| } | |
| /** | |
| * URL Safe base64 encode | |
| */ | |
| private function base64UriEncode($data) | |
| { | |
| return rtrim(strtr(base64_encode($data), '+/', '-_'), '='); | |
| } | |
| /** | |
| * URL Safe base64 decode | |
| */ | |
| private function base64UriDecode($data) | |
| { | |
| return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT)); | |
| } | |
| } |