3 * @copyright Copyright (C) 2010-2022, the Friendica project
5 * @license GNU AGPL version 3 or any later version
7 * This program is free software: you can redistribute it and/or modify
8 * it under the terms of the GNU Affero General Public License as
9 * published by the Free Software Foundation, either version 3 of the
10 * License, or (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU Affero General Public License for more details.
17 * You should have received a copy of the GNU Affero General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
22 namespace Friendica\Security\OAuth1\Signature;
24 use Friendica\Security\OAuth1\OAuthRequest;
25 use Friendica\Security\OAuth1\OAuthUtil;
28 * The HMAC-SHA1 signature method uses the HMAC-SHA1 signature algorithm as defined in [RFC2104]
29 * where the Signature Base String is the text and the key is the concatenated values (each first
30 * encoded per Parameter Encoding) of the Consumer Secret and Token Secret, separated by an '&'
31 * character (ASCII code 38) even if empty.
32 * - Chapter 9.2 ("HMAC-SHA1")
34 class OAuthSignatureMethod_HMAC_SHA1 extends OAuthSignatureMethod
42 * @param OAuthRequest $request
43 * @param \Friendica\Security\OAuth1\OAuthConsumer $consumer
44 * @param \Friendica\Security\OAuth1\OAuthToken $token
48 public function build_signature(OAuthRequest $request, \Friendica\Security\OAuth1\OAuthConsumer $consumer, \Friendica\Security\OAuth1\OAuthToken $token = null)
50 $base_string = $request->get_signature_base_string();
51 $request->base_string = $base_string;
55 ($token) ? $token->secret : "",
58 $key_parts = OAuthUtil::urlencode_rfc3986($key_parts);
59 $key = implode('&', $key_parts);
62 $r = base64_encode(hash_hmac('sha1', $base_string, $key, true));