From f23af18dc76c3d79754bcbfc05401a63339a9b97 Mon Sep 17 00:00:00 2001 From: Dac Chartrand Date: Fri, 1 Jun 2018 11:46:09 -0400 Subject: [PATCH] Support for SHA256 signature method Related https://github.com/IMSGlobal/LTI-Tool-Provider-Library-PHP/issues/17 --- src/ToolProvider/ToolProvider.php | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/ToolProvider/ToolProvider.php b/src/ToolProvider/ToolProvider.php index f4598e6..1956403 100644 --- a/src/ToolProvider/ToolProvider.php +++ b/src/ToolProvider/ToolProvider.php @@ -778,14 +778,21 @@ private function authenticate() try { $store = new OAuthDataStore($this); $server = new OAuth\OAuthServer($store); - $method = new OAuth\OAuthSignatureMethod_HMAC_SHA1(); - $server->add_signature_method($method); + $sha1 = new OAuth\OAuthSignatureMethod_HMAC_SHA1(); + $server->add_signature_method($sha1); + $sha256 = new OAuth\OAuthSignatureMethod_HMAC_SHA256(); + $server->add_signature_method($sha256); $request = OAuth\OAuthRequest::from_request(); $res = $server->verify_request($request); } catch (\Exception $e) { $this->ok = false; if (empty($this->reason)) { if ($this->debugMode) { + if (isset($request, $sha256) && $request->get_parameter('oauth_signature_method') === $sha256->get_name()) { + $method = $sha256; + } else { + $method = $sha1; + } $consumer = new OAuth\OAuthConsumer($this->consumer->getKey(), $this->consumer->secret); $signature = $request->build_signature($method, $consumer, false); $this->reason = $e->getMessage();