[orkut-developer] Re: (4/2/2008) IMPORTANT - Signed makeRequest update

Mon, 21 Apr 2008 09:16:26 -0700 

Hi Marc,

Heres the link for the cert file accessor

http://blog.springenwerk.com/2008/04/poor-man-php-key-cache-for-orkut-oauth.html

Hope it helps

Regards
Dinesh

On Mon, Apr 21, 2008 at 9:25 AM, Marc Wessely
<[EMAIL PROTECTED]> wrote:
> i man where can i get this cert file accessor from ?
>
> 2008/4/21 [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
>
>
>
> >
> > Hi Arne,
> >
> > I m using the sample php code at
> >
> http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSignedRequests
> >
> > but every time I make a signed request from the application the
> > authentication fails.
> >
> > I am using the Poor Man's PHP Key Cache. posted above by Johannes
> >
> > my code is as below...
> >
> > <?php
> >  error_reporting(E_ALL ^ E_NOTICE);
> >
> > require_once("OAuth.php");
> > require("cert_file_accessor.php");
> >
> >  //Determine the URL of the request
> >  $url = ( $_SERVER['HTTPS'] ? "https://"; : "http://"; ) .
> >         $_SERVER['HTTP_HOST'] .
> >         ($_SERVER['HTTP_PORT'] ? (":" . $_SERVER['HTTP_PORT']) :
> > "")  .
> >         $_SERVER['PHP_SELF'];
> >
> >  //Orkut's public key certificate
> >  $cert_accessor = new CertFileAccessor('/certs', 'orkut');
> >
> >  $cert = $cert_accessor-
> > >getPublicKey($_REQUEST['xoauth_signature_publickey']);
> >
> >
> >  //Compute the raw form of the signed request using the OAuth
> > library.
> >  $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url,
> > array_merge($_GET, $_POST));
> >  $sig = array(
> >    OAuthUtil::urlencodeRFC3986($req->get_normalized_http_method()),
> >    OAuthUtil::urlencodeRFC3986($req->get_normalized_http_url()),
> >    OAuthUtil::urlencodeRFC3986($req->get_signable_parameters()),
> >  );
> >  $raw = implode("&", $sig);
> >
> >  //Get the signature passed in the query and urldecode it
> >  $signature = base64_decode($_GET["oauth_signature"]);
> >
> >  //Pull the public key ID from the certificate
> >  $publickeyid = openssl_get_publickey($cert);
> >
> >  //Check the computer signature against the one passed in the query
> >  $ok = openssl_verify($raw, $signature, $publickeyid);
> >
> >  //Release the key resource
> >  openssl_free_key($publickeyid);
> >
> >  //Pass JSON data back
> >  $payload = array();
> >  if ($ok == 1) {
> >    $payload["validated"] = "Success! The data was validated";
> >  } else {
> >    $payload["validated"] = "This request was spoofed";
> >  }
> >
> >  //Include some extra information for debugging
> >  $payload["raw"] = $raw;
> >  $payload["query"] = $_GET;
> >  $payload["url"] = $url;
> >  $payload["getandpost"] = array_merge($_GET, $_POST);
> >  $payload["rawpost"] = file_get_contents('php://input');
> >
> >  print($payload["validated"]);
> >
> >  ?>
> >
> >
> >
> >
> > - Mak
> >
> >
> > On Apr 5, 12:11 am, "Arne Roomann-Kurrik (Google)"
> > <[EMAIL PROTECTED]> wrote:
> > > That's awesome.  Thanks for posting this!
> > >
> > > ~Arne
> > >
> > > On Apr 3, 2:45 am, jfahrenkrug <[EMAIL PROTECTED]> wrote:
> > >
> > > > Thank you for this update, Arne.
> > > > You know the OrkutValidatingSignedRequests page says we shouldn't
> > > > inline the Orkut public key but use a key cache instead.
> > > > I couldn't find a PHP key cache or something similar, so I rolled my
> > > > own Poor Man's PHP Key Cache.
> > > > It can be found
> here:http://blog.springenwerk.com/2008/04/poor-man-php-key-cache-for-orkut...
> > > > I hope this might be helpful to someone.
> > >
> > > > -- Johannes
> > >
> > > > On Apr 2, 7:44 pm, "Arne Roomann-Kurrik (Google)"
> > >
> > > > <[EMAIL PROTECTED]> wrote:
> > > > > We were getting reports that sending signed makeRequest calls with
> > > > > certain characters in the POST body of the request were causing
> errors
> > > > > for PHP developers following the instructions
> athttp://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig....
> > > > > Specifically, spaces included in the values of POST body parameters
> > > > > would cause the validation to fail.
> > >
> > > > > This was due to the use of an incorrect url encoding function in
> both
> > > > > the OAuth.php library and the sample code.  The OAuth library and
> the
> > > > > sample code on the wiki page have both been updated to correct this
> > > > > problem.
> > >
> > > > > If you are validating OAuth signatures using the wiki code and the
> > > > > OAuth.php library, please update your version of OAuth.php to the
> > > > > version hosted at:
> > > > >    http://oauth.googlecode.com/svn/code/php/OAuth.php
> > > > > and update your verification code to match the code listed at:
> > > > >
> http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig...
> > >
> > > > > Since there have been a few threads about problems with signed
> > > > > makeRequest, please use this thread to report any problems you are
> > > > > experiencing after this update.
> > >
> > > > > Thanks,
> > > > > ~Arne
> >
> >
>
>
>
>  >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Orkut Developer Forum" group.
To post to this group, send email to opensocial-orkut@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to