Skip to content
This repository was archived by the owner on Nov 27, 2018. It is now read-only.

Commit c2b3dac

Browse files
author
Jim
committed
Initial Commit of CI dropbox API
0 parents commit c2b3dac

File tree

2 files changed

+565
-0
lines changed

2 files changed

+565
-0
lines changed

application/helpers/oauth_helper.php

Lines changed: 177 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,177 @@
1+
<?php if (!defined('BASEPATH')) exit('No direct script access allowed');
2+
3+
/*
4+
Copyright (C) 2011 by Jim Saunders
5+
6+
Permission is hereby granted, free of charge, to any person obtaining a copy
7+
of this software and associated documentation files (the "Software"), to deal
8+
in the Software without restriction, including without limitation the rights
9+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10+
copies of the Software, and to permit persons to whom the Software is
11+
furnished to do so, subject to the following conditions:
12+
13+
The above copyright notice and this permission notice shall be included in
14+
all copies or substantial portions of the Software.
15+
16+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22+
THE SOFTWARE.
23+
*/
24+
25+
/**
26+
* Defines the different OAuth Signing algorithms. You
27+
* should use this instead of writing them out each time.
28+
*/
29+
class OAUTH_ALGORITHMS
30+
{
31+
const HMAC_SHA1 = 'HMAC-SHA1';
32+
const RSA_SHA1 = 'RSA-SHA1';
33+
}
34+
35+
/**
36+
* Signs an array of oauth parameters according to the 1.0 spec using
37+
* the hmac-sha1 hasing algorithm
38+
*
39+
* @param string $method either GET or POST
40+
* @param string $baseurl the baseurl we are authenticating againts
41+
* @param string $secret the consumer secret key
42+
* @param array $parameters all parameters that need to be signed (NOTE: the token secret key should be added here)
43+
* @return string the signature
44+
*/
45+
function sign_hmac_sha1($method, $baseurl, $secret, array $parameters)
46+
{
47+
$data = $method.'&';
48+
$data .= urlencode($baseurl).'&';
49+
$oauth = '';
50+
ksort($parameters);
51+
//Put the token secret in if it does not exist. It
52+
//will be empty if it does not exist as per the spec.
53+
if(!array_key_exists('oauth_token_secret', $parameters))$parameters['oauth_token_secret'] = '';
54+
foreach($parameters as $key => $value)
55+
{
56+
//Don't include the token secret into the base string
57+
if(strtolower($key) != 'oauth_token_secret')$oauth .= "&{$key}={$value}";
58+
}
59+
$data .= urlencode(substr($oauth, 1));
60+
$secret .= '&'.$parameters['oauth_token_secret'];
61+
62+
return base64_encode(hash_hmac('sha1', $data, $secret, true));
63+
}
64+
65+
/**
66+
* Signs an array of oauth parameters according to the 1.0 spec using
67+
* the rsa-sha1 hasing algorithm
68+
*
69+
* @param string $method either GET or POST
70+
* @param string $baseurl the baseurl we are authenticating againts
71+
* @param string $certfile the location of your private certificate file
72+
* @param array $parameters all parameters that need to be signed
73+
* @return string the signature
74+
*/
75+
function sign_rsa_sha1($method, $baseurl, $certfile, array $parameters)
76+
{
77+
$fp = fopen($certfile, "r");
78+
$private = fread($fp, 8192);
79+
fclose($fp);
80+
81+
$data = $method.'&';
82+
$data .= urlencode($baseurl).'&';
83+
$oauth = '';
84+
ksort($parameters);
85+
86+
foreach($parameters as $key => $value)
87+
$oauth .= "&{$key}={$value}";
88+
$data .= urlencode(substr($oauth, 1));
89+
90+
$keyid = openssl_get_privatekey($private);
91+
openssl_sign($data, $signature, $keyid);
92+
openssl_free_key($keyid);
93+
94+
return base64_encode($signature);
95+
}
96+
97+
/**
98+
* Assembles the auth params array into a string that can
99+
* be put into an http header request.
100+
*
101+
* @param array $authparams the oauth parameters
102+
* @return string the header authorization portion with trailing \r\n
103+
*/
104+
function build_auth_string(array $authparams)
105+
{
106+
$header = "Authorization: OAuth ";
107+
$auth = '';
108+
foreach($authparams AS $key=>$value)
109+
{
110+
//Don't include token secret
111+
if($key != 'oauth_token_secret')$auth .= ", {$key}=\"{$value}\"";
112+
}
113+
return $header.substr($auth, 2)."\r\n";
114+
}
115+
116+
/**
117+
* Assemble an associative array with oauth values
118+
*
119+
* @param string $baseurl the base url we are authenticating against.
120+
* @param string $key your consumer key
121+
* @param string $secret either your consumer secret key or the file location of your rsa private key.
122+
* @param array $extra additional oauth parameters that should be included (you must urlencode, if appropriate, before calling this function)
123+
* @param string $method either GET or POST
124+
* @param string $algo either HMAC-SHA1 or RSA-SHA1 (NOTE: this affects what you put in for the secret parameter)
125+
* @return array of all the oauth parameters
126+
*/
127+
function build_auth_array($baseurl, $key, $secret, $extra = array(), $method = 'GET', $algo = OAUTH_ALGORITHMS::RSA_SHA1)
128+
{
129+
$auth['oauth_consumer_key'] = $key;
130+
$auth['oauth_signature_method'] = $algo;
131+
$auth['oauth_timestamp'] = time();
132+
$auth['oauth_nonce'] = md5(uniqid(rand(), true));
133+
$auth['oauth_version'] = '1.0';
134+
135+
$auth = array_merge($auth, $extra);
136+
137+
//We want to remove any query parameters from the base url
138+
$urlsegs = explode("?", $baseurl);
139+
$baseurl = $urlsegs[0];
140+
141+
//If there are any query parameters we need to make sure they
142+
//get signed with the rest of the auth data.
143+
$signing = $auth;
144+
if(count($urlsegs) > 1)
145+
{
146+
preg_match_all("/([\w\-]+)\=([\w\d\-\%\.]+)\&?/", $urlsegs[1], $matches);
147+
$signing = $signing + array_combine($matches[1], $matches[2]);
148+
}
149+
150+
if(strtoupper($algo) == OAUTH_ALGORITHMS::HMAC_SHA1)$auth['oauth_signature'] = sign_hmac_sha1($method, $baseurl, $secret, $signing);
151+
else if(strtoupper($algo) == OAUTH_ALGORITHMS::RSA_SHA1)$auth['oauth_signature'] = sign_rsa_sha1 ($method, $baseurl, $secret, $signing);
152+
153+
$auth['oauth_signature'] = urlencode($auth['oauth_signature']);
154+
return $auth;
155+
}
156+
157+
/**
158+
* Creates the authorization portion of a header NOTE: This does not
159+
* create a complete http header. Also NOTE: the oauth_token parameter
160+
* should be passed in using the $extra array.
161+
*
162+
* @param string $baseurl the base url we are authenticating against.
163+
* @param string $key your consumer key
164+
* @param string $secret either your consumer secret key or the file location of your rsa private key.
165+
* @param array $extra additional oauth parameters that should be included (you must urlencode a parameter, if appropriate, before calling this function)
166+
* @param string $method either GET or POST
167+
* @param string $algo either HMAC-SHA1 or RSA-SHA1 (NOTE: this affects what you put in for the secret parameter)
168+
* @return string the header authorization portion with trailing \r\n
169+
*/
170+
function get_auth_header($baseurl, $key, $secret, $extra = array(), $method = 'GET', $algo = OAUTH_ALGORITHMS::RSA_SHA1)
171+
{
172+
$auth = build_auth_array($baseurl, $key, $secret, $extra, $method, $algo);
173+
return build_auth_string($auth);
174+
}
175+
176+
/* ./application/helpers/oauth_helper.php */
177+
?>

0 commit comments

Comments
 (0)