I m not passing any brackets or curly braces....
my client side code...
function makeSignedRequest() {
var params = {};
params[gadgets.io.RequestParameters.AUTHORIZATION] =
gadgets.io.AuthorizationType.SIGNED;
params[gadgets.io.RequestParameters.CONTENT_TYPE] =
gadgets.io.ContentType.JSON;
var url = "http://orkut.games2win.com/oauth_example1.php?ts="; +
getTimeStamp();
gadgets.io.makeRequest(url, response, params);
};
the values that I get in the php code are....
validated = This request was spoofed
URL = https://orkut.games2win.com/oauth_example1.php
oauth_signature=E7F0rs9wLnFlOttkZGaQpeBIIYAj49QTm/
Ut0BOZBfOhefklCLjF3tIYKEM0Qtrk+CPcjFe1RSpZeYWZcE0+3qb
+w0xhY2nFQ7teKApQPVIEi7xiHQiHsqDdmVgfK6JMXeIQ2gcAR5PLtmV0xZgXp0f4HF3Gs/
pxdhNaTPH9g4g=
signature=\u0013?t??p.qe:?ddf???H!?#??\u0013??-?\u0013?\u0005?y?%\b????
\u0018(C4B???#?W?E*Yy??pM>???Laci?C?^(\nP=R\u0004??b\u001d\b????X\u001f
+?L]?\u0010?\u0007\u0000G??etR(\u0017?G?\u001c]??qv\u0013ZL??
publickeyid=Resource id #2
raw=GET&https%3A%2F%2Forkut.games2win.com
%2Foauth_example1.php&oauth_consumer_key%3Dorkut.com%26oauth_nonce
%3D8104f8aa6b742798%26oauth_signature_method%3DRSA-
SHA1%26oauth_timestamp%3D1209038902%26oauth_token%3D
%26opensocial_app_id%3D05904239808270021689%26opensocial_owner_id
%3D16324206019715107757%26opensocial_viewer_id
%3D16324206019715107757%26ts%3D211%26xoauth_signature_publickey%3Dpub.
1199819524.-1556113204990931254.cer
- Mak
On Apr 24, 2:44 am, "Arne Roomann-Kurrik" <[EMAIL PROTECTED]>
wrote:
> Hm, I'll take a look at it. By any chance are you passing brackets ([]) or
> curly braces ({}) in the parameter keys you are posting to the server?
>
> I see that the OAuth PHP library was recently updated to include RSA-SHA1
> code. I'll try to rewrite the validation sample to take this into account
> soon.
>
> ~Arne
>
> On Wed, Apr 23, 2008 at 7:25 AM, [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> wrote:
>
>
>
>
>
>
>
>
>
> > I dont think that is the prob...
> > I had faced that prb earlier so I have hardcoded the path inside
> > CertFileAccessor.php
> > I get the certificate when I print the value of $cert
>
> > -Mak
>
> > On Apr 23, 4:27 pm, jfahrenkrug <[EMAIL PROTECTED]> wrote:
> > > Hi Makarand,
>
> > > I'm not Arne, but since I wrote the poor man's php key cache, I
> > > spotted something in your code that MIGHT be the problem:
> > > You code looks in /certs for the certificate file, that is a certs
> > > directory right below your root, so your directory structure will look
> > > something like
>
> > > /usr
> > > /bin
> > > /sbin
> > > /etc
> > > /certs
>
> > > it that's the case, then at least that part of your code is fine. If
> > > not - and your certs dir is RELATIVE to your cert accessor php script,
> > > you'll have to say
>
> > > $cert_accessor = new CertFileAccessor('certs', 'orkut');
>
> > > instead of
>
> > > $cert_accessor = new CertFileAccessor('/certs', 'orkut');
>
> > > If that's something you missed, this might help
>
> > > - Johannes
>
> > > --http://springenwerk.com
>
> > > On Apr 22, 11:11 am, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> > > wrote:
>
> > > > Hi Arne,
>
> > > > I m using the sample php code athttp://
> > code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig...
>
> > > > but every time I make a signed request from the application the
> > > > authentication fails.
>
> > > > I am using the Poor Man's PHP Key Cache. posted above by Johannes
>
> > > > my code is as below...
>
> > > > <?php
> > > > error_reporting(E_ALL ^ E_NOTICE);
>
> > > > require_once("OAuth.php");
> > > > require("cert_file_accessor.php");
>
> > > > //Determine the URL of the request
> > > > $url = ( $_SERVER['HTTPS'] ? "https://"; : "http://"; ) .
> > > > $_SERVER['HTTP_HOST'] .
> > > > ($_SERVER['HTTP_PORT'] ? (":" . $_SERVER['HTTP_PORT']) :
> > > > "") .
> > > > $_SERVER['PHP_SELF'];
>
> > > > //Orkut's public key certificate
> > > > $cert_accessor = new CertFileAccessor('/certs', 'orkut');
>
> > > > $cert = $cert_accessor-
>
> > > > >getPublicKey($_REQUEST['xoauth_signature_publickey']);
>
> > > > //Compute the raw form of the signed request using the OAuth
> > > > library.
> > > > $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url,
> > > > array_merge($_GET, $_POST));
> > > > $sig = array(
> > > > OAuthUtil::urlencodeRFC3986($req->get_normalized_http_method()),
> > > > OAuthUtil::urlencodeRFC3986($req->get_normalized_http_url()),
> > > > OAuthUtil::urlencodeRFC3986($req->get_signable_parameters()),
> > > > );
> > > > $raw = implode("&", $sig);
>
> > > > //Get the signature passed in the query and urldecode it
> > > > $signature = base64_decode($_GET["oauth_signature"]);
>
> > > > //Pull the public key ID from the certificate
> > > > $publickeyid = openssl_get_publickey($cert);
>
> > > > //Check the computer signature against the one passed in the query
> > > > $ok = openssl_verify($raw, $signature, $publickeyid);
>
> > > > //Release the key resource
> > > > openssl_free_key($publickeyid);
>
> > > > //Pass JSON data back
> > > > $payload = array();
> > > > if ($ok == 1) {
> > > > $payload["validated"] = "Success! The data was validated";
> > > > } else {
> > > > $payload["validated"] = "This request was spoofed";
> > > > }
>
> > > > //Include some extra information for debugging
> > > > $payload["raw"] = $raw;
> > > > $payload["query"] = $_GET;
> > > > $payload["url"] = $url;
> > > > $payload["getandpost"] = array_merge($_GET, $_POST);
> > > > $payload["rawpost"] = file_get_contents('php://input');
>
> > > > print($payload["validated"]);
>
> > > > ?>
>
> --
> OpenSocial IRC - irc://irc.freenode.net/opensocial
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Orkut Developer Forum" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---
