[MediaWiki-commits] [Gerrit] Better support for RSA Key clients - change (mediawiki...OAuth)

Thu, 19 Sep 2013 15:34:08 -0700 

CSteipp has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/85128


Change subject: Better support for RSA Key clients
......................................................................

Better support for RSA Key clients

Allow the MWOAuthSignatureMethod_RSA_SHA1 method to support conumers
by getting the rsaKey off of the consumer, when generating signatures.

Change-Id: I78808d14c55b282b463fb018631b40abdf8991a9
---
M backend/MWOAuthSignatureMethod.php
1 file changed, 29 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/mediawiki/extensions/OAuth 
refs/changes/28/85128/1

diff --git a/backend/MWOAuthSignatureMethod.php 
b/backend/MWOAuthSignatureMethod.php
index aac6750..35a099e 100644
--- a/backend/MWOAuthSignatureMethod.php
+++ b/backend/MWOAuthSignatureMethod.php
@@ -12,6 +12,35 @@
        }
 
        /**
+        * This is only used by Consumers on their local systems to sign a
+        * request that will be sent to the server. This is identical to the one
+        * in the base class except it gets the key from the $consumer->secret
+        * instead of from the $request.
+        * @param OAuthRequest $request to generate the base string
+        * @param OAuthConsumer $consumer who's private key will sign the 
request
+        * @param OAuthToken $token - unused
+        * @return String representing the public certificate
+        */
+       public function build_signature( $request, $consumer, $token ) {
+               $base_string = $request->get_signature_base_string();
+               $request->base_string = $base_string;
+
+               // Fetch the private key from the consumer
+               $rsaKey = isset( $consumer->rsaKey ) ? $consumer->rsaKey : 
$consumer->secret;
+
+               // Pull the private key ID from the certificate
+               $privatekeyid = openssl_get_privatekey( $rsaKey );
+
+               // Sign using the key
+               $ok = openssl_sign( $base_string, $signature, $privatekeyid );
+
+               // Release the key resource
+               openssl_free_key( $privatekeyid );
+
+               return base64_encode( $signature );
+       }
+
+       /**
         * Get the public certificate, used to verify the request. In our case, 
we get
         * the Consumer's key, and lookup the registered cert from the 
datastore.
         * @param OAuthRequest request recieved by the server, that we're going 
to verify

-- 
To view, visit https://gerrit.wikimedia.org/r/85128
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I78808d14c55b282b463fb018631b40abdf8991a9
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/extensions/OAuth
Gerrit-Branch: master
Gerrit-Owner: CSteipp <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to