4 * Copyright (c) 2007 Andy Smith
6 namespace Abraham\TwitterOAuth;
9 * A class for implementing a Signature Method
10 * See section 9 ("Signing Requests") in the spec
12 abstract class SignatureMethod
15 * Needs to return the name of the Signature Method (ie HMAC-SHA1)
19 abstract public function getName();
22 * Build up the signature
23 * NOTE: The output of this function MUST NOT be urlencoded.
24 * the encoding is handled in OAuthRequest when the final
25 * request is serialized
27 * @param Request $request
28 * @param Consumer $consumer
33 abstract public function buildSignature(Request $request, Consumer $consumer, Token $token = null);
36 * Verifies that a given signature is correct
38 * @param Request $request
39 * @param Consumer $consumer
41 * @param string $signature
45 public function checkSignature(Request $request, Consumer $consumer, Token $token, $signature)
47 $built = $this->buildSignature($request, $consumer, $token);
49 // Check for zero length, although unlikely here
50 if (strlen($built) == 0 || strlen($signature) == 0) {
54 if (strlen($built) != strlen($signature)) {
58 // Avoid a timing leak with a (hopefully) time insensitive compare
60 for ($i = 0; $i < strlen($signature); $i++) {
61 $result |= ord($built{$i}) ^ ord($signature{$i});