When i embed the certificate directly into the code it works. But it could be nice using this cert_file_accessor - has johannes confirmend that it works perfect?
Also i think that maybe its more efficient embedding it into code/storing on server, i mean does this code from johannes every time check for xoauth_signature_publickey? I guess thats not really efficient as google told they will announce early when the publickey will change! marc. 2008/4/22 [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > > Not working for me either...I always get "This request was spoofed" > when I use the sample php code > > On Apr 21, 11:52 pm, "Marc Wessely" <[EMAIL PROTECTED]> > wrote: > > sorry did not work for me... > > > > what might be the problem, did you debug if its getting the proper > > certificate?? > > > > 2008/4/21 Dinesh Kumar Subramanian <[EMAIL PROTECTED]>: > > > > > > > > > Hi Marc, > > > > > Heres the link for the cert file accessor > > > > >http://blog.springenwerk.com/2008/04/poor-man-php-key-cache-for-orkut. > .. > > > > > Hope it helps > > > > > Regards > > > Dinesh > > > > > On Mon, Apr 21, 2008 at 9:25 AM, Marc Wessely > > > <[EMAIL PROTECTED]> wrote: > > > > i man where can i get this cert file accessor from ? > > > > > > 2008/4/21 [EMAIL PROTECTED] <[EMAIL PROTECTED]>: > > > > > > > Hi Arne, > > > > > > > I m using the sample php code at > > > > >http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig. > .. > > > > > > > but every time I make a signed request from the application the > > > > > authentication fails. > > > > > > > I am using the Poor Man's PHP Key Cache. posted above by Johannes > > > > > > > my code is as below... > > > > > > > <?php > > > > > error_reporting(E_ALL ^ E_NOTICE); > > > > > > > require_once("OAuth.php"); > > > > > require("cert_file_accessor.php"); > > > > > > > //Determine the URL of the request > > > > > $url = ( $_SERVER['HTTPS'] ? "https://"; : "http://"; ) . > > > > > $_SERVER['HTTP_HOST'] . > > > > > ($_SERVER['HTTP_PORT'] ? (":" . $_SERVER['HTTP_PORT']) : > > > > > "") . > > > > > $_SERVER['PHP_SELF']; > > > > > > > //Orkut's public key certificate > > > > > $cert_accessor = new CertFileAccessor('/certs', 'orkut'); > > > > > > > $cert = $cert_accessor- > > > > > >getPublicKey($_REQUEST['xoauth_signature_publickey']); > > > > > > > //Compute the raw form of the signed request using the OAuth > > > > > library. > > > > > $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url, > > > > > array_merge($_GET, $_POST)); > > > > > $sig = array( > > > > > > OAuthUtil::urlencodeRFC3986($req->get_normalized_http_method()), > > > > > OAuthUtil::urlencodeRFC3986($req->get_normalized_http_url()), > > > > > OAuthUtil::urlencodeRFC3986($req->get_signable_parameters()), > > > > > ); > > > > > $raw = implode("&", $sig); > > > > > > > //Get the signature passed in the query and urldecode it > > > > > $signature = base64_decode($_GET["oauth_signature"]); > > > > > > > //Pull the public key ID from the certificate > > > > > $publickeyid = openssl_get_publickey($cert); > > > > > > > //Check the computer signature against the one passed in the > query > > > > > $ok = openssl_verify($raw, $signature, $publickeyid); > > > > > > > //Release the key resource > > > > > openssl_free_key($publickeyid); > > > > > > > //Pass JSON data back > > > > > $payload = array(); > > > > > if ($ok == 1) { > > > > > $payload["validated"] = "Success! The data was validated"; > > > > > } else { > > > > > $payload["validated"] = "This request was spoofed"; > > > > > } > > > > > > > //Include some extra information for debugging > > > > > $payload["raw"] = $raw; > > > > > $payload["query"] = $_GET; > > > > > $payload["url"] = $url; > > > > > $payload["getandpost"] = array_merge($_GET, $_POST); > > > > > $payload["rawpost"] = file_get_contents('php://input'); > > > > > > > print($payload["validated"]); > > > > > > > ?> > > > > > > > - Mak > > > > > > > On Apr 5, 12:11 am, "Arne Roomann-Kurrik (Google)" > > > > > <[EMAIL PROTECTED]> wrote: > > > > > > That's awesome. Thanks for posting this! > > > > > > > > ~Arne > > > > > > > > On Apr 3, 2:45 am, jfahrenkrug <[EMAIL PROTECTED]> wrote: > > > > > > > > > Thank you for this update, Arne. > > > > > > > You know the OrkutValidatingSignedRequests page says we > shouldn't > > > > > > > inline the Orkut public key but use a key cache instead. > > > > > > > I couldn't find a PHP key cache or something similar, so I > rolled > > > my > > > > > > > own Poor Man's PHP Key Cache. > > > > > > > It can be found > > > > here: > > >http://blog.springenwerk.com/2008/04/poor-man-php-key-cache-for-orkut. > .. > > > > > > > I hope this might be helpful to someone. > > > > > > > > > -- Johannes > > > > > > > > > On Apr 2, 7:44 pm, "Arne Roomann-Kurrik (Google)" > > > > > > > > > <[EMAIL PROTECTED]> wrote: > > > > > > > > We were getting reports that sending signed makeRequest > calls > > > with > > > > > > > > certain characters in the POST body of the request were > causing > > > > errors > > > > > > > > for PHP developers following the instructions > > > > athttp:// > > > code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig.... > > > > > > > > Specifically, spaces included in the values of POST body > > > parameters > > > > > > > > would cause the validation to fail. > > > > > > > > > > This was due to the use of an incorrect url encoding > function in > > > > both > > > > > > > > the OAuth.php library and the sample code. The OAuth > library > > > and > > > > the > > > > > > > > sample code on the wiki page have both been updated to > correct > > > this > > > > > > > > problem. > > > > > > > > > > If you are validating OAuth signatures using the wiki code > and > > > the > > > > > > > > OAuth.php library, please update your version of OAuth.php > to > > > the > > > > > > > > version hosted at: > > > > > > > > http://oauth.googlecode.com/svn/code/php/OAuth.php > > > > > > > > and update your verification code to match the code listed > at: > > > > > > > http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig... > > > > > > > > > > Since there have been a few threads about problems with > signed > > > > > > > > makeRequest, please use this thread to report any problems > you > > > are > > > > > > > > experiencing after this update. > > > > > > > > > > Thanks, > > > > > > > > ~Arne > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---
