I dont think that is the prob... I had faced that prb earlier so I have hardcoded the path inside CertFileAccessor.php I get the certificate when I print the value of $cert
-Mak On Apr 23, 4:27 pm, jfahrenkrug <[EMAIL PROTECTED]> wrote: > Hi Makarand, > > I'm not Arne, but since I wrote the poor man's php key cache, I > spotted something in your code that MIGHT be the problem: > You code looks in /certs for the certificate file, that is a certs > directory right below your root, so your directory structure will look > something like > > /usr > /bin > /sbin > /etc > /certs > > it that's the case, then at least that part of your code is fine. If > not - and your certs dir is RELATIVE to your cert accessor php script, > you'll have to say > > $cert_accessor = new CertFileAccessor('certs', 'orkut'); > > instead of > > $cert_accessor = new CertFileAccessor('/certs', 'orkut'); > > If that's something you missed, this might help > > - Johannes > > --http://springenwerk.com > > On Apr 22, 11:11 am, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > wrote: > > > Hi Arne, > > > I m using the sample php code > > athttp://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSig... > > > but every time I make a signed request from the application the > > authentication fails. > > > I am using the Poor Man's PHP Key Cache. posted above by Johannes > > > my code is as below... > > > <?php > > error_reporting(E_ALL ^ E_NOTICE); > > > require_once("OAuth.php"); > > require("cert_file_accessor.php"); > > > //Determine the URL of the request > > $url = ( $_SERVER['HTTPS'] ? "https://" : "http://" ) . > > $_SERVER['HTTP_HOST'] . > > ($_SERVER['HTTP_PORT'] ? (":" . $_SERVER['HTTP_PORT']) : > > "") . > > $_SERVER['PHP_SELF']; > > > //Orkut's public key certificate > > $cert_accessor = new CertFileAccessor('/certs', 'orkut'); > > > $cert = $cert_accessor- > > > >getPublicKey($_REQUEST['xoauth_signature_publickey']); > > > //Compute the raw form of the signed request using the OAuth > > library. > > $req = new OAuthRequest($_SERVER["REQUEST_METHOD"], $url, > > array_merge($_GET, $_POST)); > > $sig = array( > > OAuthUtil::urlencodeRFC3986($req->get_normalized_http_method()), > > OAuthUtil::urlencodeRFC3986($req->get_normalized_http_url()), > > OAuthUtil::urlencodeRFC3986($req->get_signable_parameters()), > > ); > > $raw = implode("&", $sig); > > > //Get the signature passed in the query and urldecode it > > $signature = base64_decode($_GET["oauth_signature"]); > > > //Pull the public key ID from the certificate > > $publickeyid = openssl_get_publickey($cert); > > > //Check the computer signature against the one passed in the query > > $ok = openssl_verify($raw, $signature, $publickeyid); > > > //Release the key resource > > openssl_free_key($publickeyid); > > > //Pass JSON data back > > $payload = array(); > > if ($ok == 1) { > > $payload["validated"] = "Success! The data was validated"; > > } else { > > $payload["validated"] = "This request was spoofed"; > > } > > > //Include some extra information for debugging > > $payload["raw"] = $raw; > > $payload["query"] = $_GET; > > $payload["url"] = $url; > > $payload["getandpost"] = array_merge($_GET, $_POST); > > $payload["rawpost"] = file_get_contents('php://input'); > > > print($payload["validated"]); > > > ?> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-orkut@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---