Re: public certificate key

Mon, 14 Jul 2008 09:17:10 -0700 

Hey Karsten,
Don't worry i didn't miss the patch, been hecticly busy this weekend with trying to get basic atom support done; I'll make sure to commit it tonight 

        -- Chris

On Jul 14, 2008, at 4:46 PM, Karsten Beyer wrote:


Hi,
for the php version:

https://issues.apache.org/jira/browse/SHINDIG-447


Summary: the proxy is called with the signOwner and signViewer  
parameters.
They are both included in the signature base_string. Then the  
application

page is called without these paramters. So signatures will not match.

Patch for /php/src/gadgets/oauth/OAuth.php against current trunk:

Index: .
===================================================================
--- . (revision 676605)
+++ . (working copy)
@@ -292,8 +292,7 @@
 $parameters = is_array($parameters) ? $parameters : array();
 $defaults = array("oauth_nonce" => OAuthRequest::generate_nonce(),
 "oauth_timestamp" => OAuthRequest::generate_timestamp(),
- "oauth_consumer_key" => $consumer->key, 'synd' => 'partuza',
- 'container' => 'partuza');
+ "oauth_consumer_key" => $consumer->key);
 $parameters = array_merge($defaults, $parameters);
 if (isset($token)) {
 $parameters['oauth_token'] = $token;
@@ -393,6 +392,9 @@
 $parts = parse_url($this->http_url);
 parse_str(@$parts['query'], $params);
 foreach ($params as $key => $value) {
+ if ($key == "signOwner" || $key == "signViewer") {
+ continue;
+ }
 $this->parameters[$key] = $value;
 }
 $parts = array($this->get_normalized_http_method(),
$this->get_normalized_http_url(),


This fixes it with a (very extremely ugly) hack (patch for some  
other bug
(hard-coded partuza container name) included, as this patch was not  
yet

committed).


I will try to understand the complete oauth signing process later in  
the
week and try to supply a "acceptable" patch, as this is a show- 
stopper right

now for our planned end-of-july release plans...


However with above patch applied, i can successfully validate a  
signature

with the linked method from google.

Best Regards

Karsten Beyer


On Mon, Jul 14, 2008 at 4:34 PM, Gonzalo Aune  
<[EMAIL PROTECTED]> wrote:



I was trying to run the example in the Java and the PHP side without
success, anyone could run this example?.

G.-


On Mon, Jul 14, 2008 at 11:30 AM, xin zhang <[EMAIL PROTECTED]>  
wrote:



Hi,

I am trying the example from


http://code.google.com/p/opensocial-resources/wiki/OrkutValidatingSignedRequestsonshindig 
, how to generate the public certificate key for shindig?


Thanks






























					Reply via email to