PHP OAuthUtil::split_header方法代码示例

 /**
  * attempt to build up a request from what was passed to the server
  */
 public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
 {
     $scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
     $http_url = $http_url ? $http_url : $scheme . '://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
     $http_method = $http_method ? $http_method : $_SERVER['REQUEST_METHOD'];
     // We weren't handed any parameters, so let's find the ones relevant to
     // this request.
     // If you run XML-RPC or similar you should use this to provide your own
     // parsed parameter-list
     if (!$parameters) {
         // Find request headers
         $request_headers = OAuthUtil::get_headers();
         // Parse the query-string to find GET parameters
         $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
         // It's a POST request of the proper content-type, so parse POST
         // parameters and add those overriding any duplicates from GET
         if ($http_method == "POST" && isset($request_headers['Content-Type']) && strstr($request_headers['Content-Type'], 'application/x-www-form-urlencoded')) {
             $post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
             $parameters = array_merge($parameters, $post_data);
         }
         // We have a Authorization-header with OAuth data. Parse the header
         // and add those overriding any duplicates from GET or POST
         if (isset($request_headers['Authorization']) && substr($request_headers['Authorization'], 0, 6) == 'OAuth ') {
             $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
             $parameters = array_merge($parameters, $header_parameters);
         }
     }
     return new OAuthRequest($http_method, $http_url, $parameters);
 }

 public function testSplitHeader()
 {
     $this->assertEquals(array('oauth_foo' => 'bar', 'oauth_baz' => 'bla,rgh'), OAuthUtil::split_header('OAuth realm="",oauth_foo=bar,oauth_baz="bla,rgh"'));
     $this->assertEquals(array(), OAuthUtil::split_header('OAuth realm="",foo=bar,baz="bla,rgh"'));
     $this->assertEquals(array('foo' => 'bar', 'baz' => 'bla,rgh'), OAuthUtil::split_header('OAuth realm="",foo=bar,baz="bla,rgh"', false));
     $this->assertEquals(array('oauth_foo' => 'hi there'), OAuthUtil::split_header('OAuth realm="",oauth_foo=hi+there,foo=bar,baz="bla,rgh"'));
 }

function handleOAuthBodyPOST($oauth_consumer_key, $oauth_consumer_secret) 
{
    $request_headers = OAuthUtil::get_headers();
    // print_r($request_headers);

    // Must reject application/x-www-form-urlencoded
    if ($request_headers['Content-type'] == 'application/x-www-form-urlencoded' ) {
        throw new Exception("OAuth request body signing must not use application/x-www-form-urlencoded");
    }

    if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
        $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);

        // echo("HEADER PARMS=\n");
        // print_r($header_parameters);
        $oauth_body_hash = $header_parameters['oauth_body_hash'];
        // echo("OBH=".$oauth_body_hash."\n");
    }

    if ( ! isset($oauth_body_hash)  ) {
        throw new Exception("OAuth request body signing requires oauth_body_hash body");
    }

    // Verify the message signature
    $store = new TrivialOAuthDataStore();
    $store->add_consumer($oauth_consumer_key, $oauth_consumer_secret);

    $server = new OAuthServer($store);

    $method = new OAuthSignatureMethod_HMAC_SHA1();
    $server->add_signature_method($method);
    $request = OAuthRequest::from_request();

    global $LastOAuthBodyBaseString;
    $LastOAuthBodyBaseString = $request->get_signature_base_string();
    // echo($LastOAuthBodyBaseString."\n");

    try {
        $server->verify_request($request);
    } catch (Exception $e) {
        $message = $e->getMessage();
        throw new Exception("OAuth signature failed: " . $message);
    }

    $postdata = file_get_contents('php://input');
    // echo($postdata);

    $hash = base64_encode(sha1($postdata, TRUE));

    if ( $hash != $oauth_body_hash ) {
        throw new Exception("OAuth oauth_body_hash mismatch");
    }

    return $postdata;
}

 /**
  * attempt to build up a request from what was passed to the server
  */
 public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
 {
     $scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
     $port = "";
     if ($_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" && strpos(':', $_SERVER['HTTP_HOST']) < 0) {
         $port = ':' . $_SERVER['SERVER_PORT'];
     }
     @$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $port . $_SERVER['REQUEST_URI'];
     @$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
     // We weren't handed any parameters, so let's find the ones relevant to
     // this request.
     // If you run XML-RPC or similar you should use this to provide your own
     // parsed parameter-list
     if (!$parameters) {
         // Find request headers
         $request_headers = OAuthUtil::get_headers();
         // Parse the query-string to find GET parameters
         $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
         $ourpost = $_POST;
         // Deal with magic_quotes
         // http://www.php.net/manual/en/security.magicquotes.disabling.php
         if (get_magic_quotes_gpc()) {
             $outpost = array();
             foreach ($_POST as $k => $v) {
                 $v = stripslashes($v);
                 $ourpost[$k] = $v;
             }
         }
         // Add POST Parameters if they exist
         $parameters = array_merge($parameters, $ourpost);
         // We have a Authorization-header with OAuth data. Parse the header
         // and add those overriding any duplicates from GET or POST
         if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
             $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
             $parameters = array_merge($parameters, $header_parameters);
         }
     }
     return new OAuthRequest($http_method, $http_url, $parameters);
 }

function handle_oauth_body_post($oauthconsumerkey, $oauthconsumersecret, $body, $requestheaders = null)
{
    if ($requestheaders == null) {
        $requestheaders = OAuthUtil::get_headers();
    }
    // Must reject application/x-www-form-urlencoded.
    if (isset($requestheaders['Content-type'])) {
        if ($requestheaders['Content-type'] == 'application/x-www-form-urlencoded') {
            throw new OAuthException("OAuth request body signing must not use application/x-www-form-urlencoded");
        }
    }
    if (@substr($requestheaders['Authorization'], 0, 6) == "OAuth ") {
        $headerparameters = OAuthUtil::split_header($requestheaders['Authorization']);
        $oauthbodyhash = $headerparameters['oauth_body_hash'];
    }
    if (!isset($oauthbodyhash)) {
        throw new OAuthException("OAuth request body signing requires oauth_body_hash body");
    }
    // Verify the message signature.
    $store = new TrivialOAuthDataStore();
    $store->add_consumer($oauthconsumerkey, $oauthconsumersecret);
    $server = new OAuthServer($store);
    $method = new OAuthSignatureMethod_HMAC_SHA1();
    $server->add_signature_method($method);
    $request = OAuthRequest::from_request();
    try {
        $server->verify_request($request);
    } catch (\Exception $e) {
        $message = $e->getMessage();
        throw new OAuthException("OAuth signature failed: " . $message);
    }
    $postdata = $body;
    $hash = base64_encode(sha1($postdata, true));
    if ($hash != $oauthbodyhash) {
        throw new OAuthException("OAuth oauth_body_hash mismatch");
    }
    return $postdata;
}

 /**
  * attempt to build up a request from what was passed to the server
  */
 public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
 {
     $scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
     @$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
     @$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
     if (!$parameters) {
         $request_headers = OAuthUtil::get_headers();
         // Parse the query-string to find GET parameters
         $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
         // It's a POST request of the proper content-type, so parse POST
         // parameters and add those overriding any duplicates from GET
         if ($http_method == "POST" and @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded")) {
             $post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
             $parameters = array_merge($parameters, $post_data);
         }
         // We have a Authorization-header with OAuth data. Parse the header
         // and add those overriding any duplicates from GET or POST
         if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
             $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
             $parameters = array_merge($parameters, $header_parameters);
         }
     }
     return new OAuthRequest($http_method, $http_url, $parameters);
 }

 public static function from_request($http_method = null, $http_url = null, $parameters = null)
 {
     $scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
     @$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
     @$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
     if (!$parameters) {
         $request_headers = OAuthUtil::get_headers();
         $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
         if ($http_method == "POST" && @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded")) {
             $post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
             $parameters = array_merge($parameters, $post_data);
         }
         if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
             $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
             $parameters = array_merge($parameters, $header_parameters);
         }
     }
     return new OAuthRequest($http_method, $http_url, $parameters);
 }

 /**
  * attempt to build up a request from what was passed to the server
  */
 public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
 {
     $scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
     @$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
     @$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
     // We weren't handed any parameters, so let's find the ones relevant to
     // this request.
     // If you run XML-RPC or similar you should use this to provide your own
     // parsed parameter-list
     if (!$parameters) {
         // Find request headers
         $request_headers = OAuthUtil::get_headers();
         // Parse the query-string to find GET parameters
         $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
         // It's a POST request of the proper content-type, so parse POST
         // parameters and add those overriding any duplicates from GET
         if ($http_method == "POST" && @strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded")) {
             $post_data = OAuthUtil::parse_parameters(file_get_contents(self::$POST_INPUT));
             $parameters = array_merge($parameters, $post_data);
         }
         // We have a Authorization-header with OAuth data. Parse the header
         // and add those overriding any duplicates from GET or POST
         if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
             $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
             $parameters = array_merge($parameters, $header_parameters);
         }
     }
     // fix for friendica redirect system
     // FIXME or don't, but figure out if this is absolutely necessary and act accordingly
     $http_url = substr($http_url, 0, strpos($http_url, $parameters['q']) + strlen($parameters['q']));
     unset($parameters['q']);
     return new OAuthRequest($http_method, $http_url, $parameters);
 }

function oauth_get_params()
{
    global $CONFIG;
    // Find request headers
    $request_headers = OAuthUtil::get_headers();
    // start with an empty array
    $parameters = array();
    /***
     *** This next part is a hack. This ignores the QUERY_STRING because it
     *** gets messed up by the apache mod_rewrite rules for page views, and
     *** you end up with 'handler' and 'request' variables on the parameters
     *** stack. This in turn messes up OAuth's signature base string
     *** generation algorithm, causing things to fail. I have a feeling
     *** that this is going to bite me back some day, but I'm not sure 
     *** how or where, especially if this pam module gets called from
     *** somewhere other than the API chain in a way that makes any sense.
     ***/
    // parse query parameters
    $querystr = '';
    if ($_SERVER['REQUEST_URI']) {
        $qparts = explode('?', $_SERVER['REQUEST_URI'], 2);
        // split on the question mark to get the real query parameters before Apache mangles them
        if (count($qparts) == 2) {
            $querystr = $qparts[1];
        }
    }
    $parameters = OAuthUtil::parse_parameters($querystr);
    /***
     ***
     ***/
    // It's a POST request of the proper content-type, so parse POST
    // parameters and add those overriding any duplicates from GET
    if (@strstr($request_headers["Content-Type"], "application/x-www-form-urlencoded")) {
        $post_data = OAuthUtil::parse_parameters(file_get_contents(OAuthRequest::$POST_INPUT));
        $parameters = array_merge($parameters, $post_data);
    }
    // We have a Authorization-header with OAuth data. Parse the header
    // and add those overriding any duplicates from GET or POST
    if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
        $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
        $parameters = array_merge($parameters, $header_parameters);
    }
    return $parameters;
}

 /**
  * HTTP リクエストが mixi から送信された正当なものであるかどうかを検証します。
  * mixi モバイルアプリを実装する上で、このメソッドはリクエスト毎に必ず実行して下さい。
  * 
  * @param int $type 署名方式。Mars_OAuthProvider::SIGNATURE_* 定数を指定。
  * @throws Mars_UnsupportedException サポートされていない署名形式が指定された場合に発生。
  * @link http://developer.mixi.co.jp/appli/spec/mob/validate-oauth-signature OAuth Signature の検証方法について
  * @link http://developer.mixi.co.jp/appli/spec/mob/for_partners/photo_upload_api アプリからフォトアップロード機能について
  * @link http://developer.mixi.co.jp/appli/spec/mob/for_partners/lifecycle_event ライフサイクルイベントについて
  * @see Mars_OAuthProvider::isAuthorizaed()
  * @author Naomichi Yamakita <yamakita@dtx.co.jp>
  */
 public function isAuthorized($type = self::SIGNATURE_HMAC)
 {
     $result = FALSE;
     switch ($type) {
         case self::SIGNATURE_HMAC:
             $authorization = $this->request->getHeader('Authorization');
             // Authorization ヘッダに含まれるパラメータを連想配列に変換
             preg_match_all('/([a-z_]+)="([^"]+)"/', $authorization, $matches);
             if (sizeof($matches[0])) {
                 $attributes = array_combine($matches[1], $matches[2]);
                 $parameters = array();
                 $parameters['oauth_nonce'] = $attributes['oauth_nonce'];
                 $parameters['oauth_signature_method'] = $attributes['oauth_signature_method'];
                 $parameters['oauth_timestamp'] = $attributes['oauth_timestamp'];
                 $parameters['oauth_version'] = $attributes['oauth_version'];
                 $parameters['opensocial_app_id'] = Mars_MixiMobileApp::getApplicationId();
                 $parameters['opensocial_owner_id'] = Mars_MixiMobileApp::getOwnerId();
                 $parameters += $this->request->getQuery();
                 $method = $this->request->getRequestMethod();
                 $uri = $this->request->getURL(FALSE);
                 $request = OAuthRequest::from_consumer_and_token($this->_consumer, NULL, $method, $uri, $parameters);
                 $request->sign_request(new OAuthSignatureMethod_HMAC_SHA1(), $this->_consumer, NULL);
                 $buildSignature = @$request->get_parameter('oauth_signature');
                 $requestSignature = urldecode($attributes['oauth_signature']);
                 if ($buildSignature === $requestSignature) {
                     $result = TRUE;
                 }
             }
             break;
         case self::SIGNATURE_RSA_PC:
             $request = OAuthRequest::from_request(NULL, NULL, array_merge($_GET, $_POST));
             // 不正なリクエスト時に 'Undefined index: oauth_signature' エラーが起こる不具合 (r525 で確認済み) があるため、エラー制御演算子を付けておく
             $signature = @$request->get_parameter('oauth_signature');
             if (!is_null($signature)) {
                 $signatureMethod = new Mars_MixiPCSignature();
                 $result = $signatureMethod->check_signature($request, NULL, NULL, $signature);
             }
             break;
         case self::SIGNATURE_RSA_TOUCH:
             $request = OAuthRequest::from_request(NULL, NULL, array_merge($_GET, $_POST));
             $signature = @$request->get_parameter('oauth_signature');
             if (!is_null($signature)) {
                 $signatureMethod = new Mars_MixiTouchSignature();
                 $result = $signatureMethod->check_signature($request, NULL, NULL, $signature);
             }
             break;
         case self::SIGNATURE_RSA_PHOTO_UPLOAD:
             $request = OAuthRequest::from_request();
             $signature = @$request->get_parameter('oauth_signature');
             if (!is_null($signature)) {
                 $signatureMethod = new Mars_MixiFileUploadSignature();
                 $result = $signatureMethod->check_signature($request, NULL, NULL, $signature);
             }
             break;
         case self::SIGNATURE_RSA_LIFECYCLE_EVENT:
             if ($this->request->getParameter('opensocial_owner_id') !== NULL) {
                 break;
             }
             if ($this->request->getParameter('opensocial_viewer_id') !== NULL) {
                 break;
             }
             // ライフサイクルイベントは mixi から POST リクエストが送信される
             // (OAuth の仕様上は POST データを署名生成のアルゴリズムに使用することが規定されているが、mixi アプリが仕様に準拠していないため QueryString のみを使用する)
             $requestHeaders = OAuthUtil::get_headers();
             $parameters = OAuthUtil::parse_parameters($this->request->getEnvironment('QUERY_STRING'));
             if (isset($requestHeaders['Authorization']) && substr($requestHeaders['Authorization'], 0, 6) == 'OAuth ') {
                 $headerParameters = OAuthUtil::split_header($requestHeaders['Authorization'], FALSE);
                 $parameters = array_merge($parameters, $headerParameters);
                 $request = OAuthRequest::from_request(NULL, NULL, $parameters);
                 $signature = $request->get_parameter('oauth_signature');
                 if (!is_null($signature)) {
                     $signatureMethod = new Mars_MixiLifecycleEventSignature();
                     $result = $signatureMethod->check_signature($request, NULL, NULL, $signature);
                 }
             }
             break;
         default:
             $message = sprintf('Signature format is not supported. [%s]', $type);
             throw new Mars_UnsupportedException($message);
             break;
     }
     return $result;
 }

 /**
  * attempt to build up a request from what was passed to the server
  */
 public static function from_request($http_method = NULL, $http_url = NULL, $parameters = NULL)
 {
     $scheme = !isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on" ? 'http' : 'https';
     //    $port = "";
     //    if ( $_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" ) {
     //      $port =  ':' . $_SERVER['SERVER_PORT'] ;
     //    }
     @$http_url or $http_url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
     @$http_method or $http_method = $_SERVER['REQUEST_METHOD'];
     // We weren't handed any parameters, so let's find the ones relevant to
     // this request.
     // If you run XML-RPC or similar you should use this to provide your own
     // parsed parameter-list
     if (!$parameters) {
         // Find request headers
         $request_headers = OAuthUtil::get_headers();
         // Parse the query-string to find GET parameters
         $parameters = OAuthUtil::parse_parameters($_SERVER['QUERY_STRING']);
         // Add POST Parameters if they exist
         $parameters = array_merge($parameters, $_POST);
         // We have a Authorization-header with OAuth data. Parse the header
         // and add those overriding any duplicates from GET or POST
         if (@substr($request_headers['Authorization'], 0, 6) == "OAuth ") {
             $header_parameters = OAuthUtil::split_header($request_headers['Authorization']);
             $parameters = array_merge($parameters, $header_parameters);
         }
     }
     return new OAuthRequest($http_method, $http_url, $parameters);
 }