[orkut-developer] Help required for making signed requests

Tue, 22 Apr 2008 02:11:28 -0700 

Hi Arne,

I m using the sample php code at
http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSignedRequests

but every time I make a signed request from the application the
authentication fails.

I am using the Poor Man's PHP Key Cache. posted above by Johannes

my code is as below...

<?php
 error_reporting(E_ALL ^ E_NOTICE);

require_once("OAuth.php");
require("cert_file_accessor.php");

 //Determine the URL of the request
 $url = ( $_SERVER['HTTPS'] ? "https://"; : "http://"; ) .
        $_SERVER['HTTP_HOST'] .
        ($_SERVER['HTTP_PORT'] ? (":" . $_SERVER['HTTP_PORT']) :
"")  .
        $_SERVER['PHP_SELF'];

 //Orkut's public key certificate
 $cert_accessor = new CertFileAccessor('/certs', 'orkut');

 $cert = $cert_accessor-
>getPublicKey($_REQUEST['xoauth_signature_publickey']);


 //Compute the raw form of the signed request using the OAuth
library.
 $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url,
array_merge($_GET, $_POST));
 $sig = array(
   OAuthUtil::urlencodeRFC3986($req->get_normalized_http_method()),
   OAuthUtil::urlencodeRFC3986($req->get_normalized_http_url()),
   OAuthUtil::urlencodeRFC3986($req->get_signable_parameters()),
 );
 $raw = implode("&", $sig);

 //Get the signature passed in the query and urldecode it
 $signature = base64_decode($_GET["oauth_signature"]);

 //Pull the public key ID from the certificate
 $publickeyid = openssl_get_publickey($cert);

 //Check the computer signature against the one passed in the query
 $ok = openssl_verify($raw, $signature, $publickeyid);

 //Release the key resource
 openssl_free_key($publickeyid);

 //Pass JSON data back
 $payload = array();
 if ($ok == 1) {
   $payload["validated"] = "Success! The data was validated";
 } else {
   $payload["validated"] = "This request was spoofed";
 }

 //Include some extra information for debugging
 $payload["raw"] = $raw;
 $payload["query"] = $_GET;
 $payload["url"] = $url;
 $payload["getandpost"] = array_merge($_GET, $_POST);
 $payload["rawpost"] = file_get_contents('php://input');

 print($payload["validated"]);

 ?>


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Orkut Developer Forum" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to