File indexing completed on 2025-01-26 05:29:42
0001 <?php 0002 /** 0003 * Zend Framework 0004 * 0005 * LICENSE 0006 * 0007 * This source file is subject to the new BSD license that is bundled 0008 * with this package in the file LICENSE.txt. 0009 * It is also available through the world-wide-web at this URL: 0010 * http://framework.zend.com/license/new-bsd 0011 * If you did not receive a copy of the license and are unable to 0012 * obtain it through the world-wide-web, please send an email 0013 * to license@zend.com so we can send you a copy immediately. 0014 * 0015 * @category Zend 0016 * @package Zend_Oauth 0017 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) 0018 * @license http://framework.zend.com/license/new-bsd New BSD License 0019 * @version $Id$ 0020 */ 0021 0022 /** Zend_Oauth */ 0023 // require_once 'Zend/Oauth.php'; 0024 0025 /** Zend_Oauth_Http */ 0026 // require_once 'Zend/Oauth/Http.php'; 0027 0028 /** 0029 * @category Zend 0030 * @package Zend_Oauth 0031 * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com) 0032 * @license http://framework.zend.com/license/new-bsd New BSD License 0033 */ 0034 class Zend_Oauth_Http_Utility 0035 { 0036 /** 0037 * Assemble all parameters for a generic OAuth request - i.e. no special 0038 * params other than the defaults expected for any OAuth query. 0039 * 0040 * @param string $url 0041 * @param Zend_Oauth_Config_ConfigInterface $config 0042 * @param null|array $serviceProviderParams 0043 * @return array 0044 */ 0045 public function assembleParams( 0046 $url, 0047 Zend_Oauth_Config_ConfigInterface $config, 0048 array $serviceProviderParams = null 0049 ) { 0050 $params = array( 0051 'oauth_consumer_key' => $config->getConsumerKey(), 0052 'oauth_nonce' => $this->generateNonce(), 0053 'oauth_signature_method' => $config->getSignatureMethod(), 0054 'oauth_timestamp' => $this->generateTimestamp(), 0055 'oauth_version' => $config->getVersion(), 0056 ); 0057 0058 if ($config->getToken()->getToken() != null) { 0059 $params['oauth_token'] = $config->getToken()->getToken(); 0060 } 0061 0062 0063 if ($serviceProviderParams !== null) { 0064 $params = array_merge($params, $serviceProviderParams); 0065 } 0066 0067 $params['oauth_signature'] = $this->sign( 0068 $params, 0069 $config->getSignatureMethod(), 0070 $config->getConsumerSecret(), 0071 $config->getToken()->getTokenSecret(), 0072 $config->getRequestMethod(), 0073 $url 0074 ); 0075 0076 return $params; 0077 } 0078 0079 /** 0080 * Given both OAuth parameters and any custom parametere, generate an 0081 * encoded query string. This method expects parameters to have been 0082 * assembled and signed beforehand. 0083 * 0084 * @param array $params 0085 * @param bool $customParamsOnly Ignores OAuth params e.g. for requests using OAuth Header 0086 * @return string 0087 */ 0088 public function toEncodedQueryString(array $params, $customParamsOnly = false) 0089 { 0090 if ($customParamsOnly) { 0091 foreach ($params as $key=>$value) { 0092 if (preg_match("/^oauth_/", $key)) { 0093 unset($params[$key]); 0094 } 0095 } 0096 } 0097 $encodedParams = array(); 0098 foreach ($params as $key => $value) { 0099 $encodedParams[] = self::urlEncode($key) 0100 . '=' 0101 . self::urlEncode($value); 0102 } 0103 return implode('&', $encodedParams); 0104 } 0105 0106 /** 0107 * Cast to authorization header 0108 * 0109 * @param array $params 0110 * @param null|string $realm 0111 * @param bool $excludeCustomParams 0112 * @return void 0113 */ 0114 public function toAuthorizationHeader(array $params, $realm = null, $excludeCustomParams = true) 0115 { 0116 $headerValue = array( 0117 'OAuth realm="' . $realm . '"', 0118 ); 0119 0120 foreach ($params as $key => $value) { 0121 if ($excludeCustomParams) { 0122 if (!preg_match("/^oauth_/", $key)) { 0123 continue; 0124 } 0125 } 0126 $headerValue[] = self::urlEncode($key) 0127 . '="' 0128 . self::urlEncode($value) . '"'; 0129 } 0130 return implode(",", $headerValue); 0131 } 0132 0133 /** 0134 * Sign request 0135 * 0136 * @param array $params 0137 * @param string $signatureMethod 0138 * @param string $consumerSecret 0139 * @param null|string $tokenSecret 0140 * @param null|string $method 0141 * @param null|string $url 0142 * @return string 0143 */ 0144 public function sign( 0145 array $params, $signatureMethod, $consumerSecret, $tokenSecret = null, $method = null, $url = null 0146 ) { 0147 $className = ''; 0148 $hashAlgo = null; 0149 $parts = explode('-', $signatureMethod); 0150 if (count($parts) > 1) { 0151 $className = 'Zend_Oauth_Signature_' . ucfirst(strtolower($parts[0])); 0152 $hashAlgo = $parts[1]; 0153 } else { 0154 $className = 'Zend_Oauth_Signature_' . ucfirst(strtolower($signatureMethod)); 0155 } 0156 0157 // require_once str_replace('_', '/', $className) . '.php'; 0158 $signatureObject = new $className($consumerSecret, $tokenSecret, $hashAlgo); 0159 return $signatureObject->sign($params, $method, $url); 0160 } 0161 0162 /** 0163 * Parse query string 0164 * 0165 * @param mixed $query 0166 * @return array 0167 */ 0168 public function parseQueryString($query) 0169 { 0170 $params = array(); 0171 if (empty($query)) { 0172 return array(); 0173 } 0174 0175 // Not remotely perfect but beats parse_str() which converts 0176 // periods and uses urldecode, not rawurldecode. 0177 $parts = explode('&', $query); 0178 foreach ($parts as $pair) { 0179 $kv = explode('=', $pair); 0180 $params[rawurldecode($kv[0])] = rawurldecode($kv[1]); 0181 } 0182 return $params; 0183 } 0184 0185 /** 0186 * Generate nonce 0187 * 0188 * @return string 0189 */ 0190 public function generateNonce() 0191 { 0192 return md5(uniqid(rand(), true)); 0193 } 0194 0195 /** 0196 * Generate timestamp 0197 * 0198 * @return int 0199 */ 0200 public function generateTimestamp() 0201 { 0202 return time(); 0203 } 0204 0205 /** 0206 * urlencode a value 0207 * 0208 * @param string $value 0209 * @return string 0210 */ 0211 public static function urlEncode($value) 0212 { 0213 $encoded = rawurlencode($value); 0214 $encoded = str_replace('%7E', '~', $encoded); 0215 return $encoded; 0216 } 0217 }