php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #59134 Can we get RSA-SHA1 support?
Submitted: 2010-03-29 00:42 UTC Modified: 2010-05-04 23:13 UTC
From: sam at digitalfusion dot co dot nz Assigned: datibbaw (profile)
Status: Closed Package: oauth (PECL)
PHP Version: 5.3.0 OS: OS X Server 10.6
Private report: No CVE-ID: None
 [2010-03-29 00:42 UTC] sam at digitalfusion dot co dot nz
Description:
------------
Xero (web based accounting package) have just made their 
implementation of Oauth 2 legged authentication, which 
requires RSA-SHA1 signing.

Would be great if this implementation could be achieved with 
this library.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-03-29 11:42 UTC] jawed@php.net
From my perspective, pecl/oauth would need to support a 
setRSACertificate() method (or something similar) which 
would take a single argument and pass the value along to openssl_get_privatekey(). From there, it's a matter of 
simply signing with openssl_sign() in place of hash_hmac.

We should look into adding this for pecl/oauth-1.0.

Thanks for the feedback!

- JJ
 [2010-03-29 23:02 UTC] datibbaw@php.net
Fixed in SVN, but not tested ;-)
 [2010-03-30 16:57 UTC] sam at digitalfusion dot co dot nz
Fantastic, I'll give it a whirl this afternoon.
 [2010-04-12 19:18 UTC] james at digitalfusion dot co dot nz
Build using process of 
checkout,phpize,configure,make,install appears to go 
cleanly, but php gives this error on loading:

PHP Startup: Unable to load dynamic library 
'/usr/local/php5/lib/php/extensions/no-debug-non-zts-
20060613/oauth.so' - (null) in Unknown on line 0

We are trying to replace 0.99.9 release with svn trunk 
version to test this. Noticed that trunk version does not 
seem to have a dependency on curl, unlike the release one, 
Trunk vers otool output:

otool -L /usr/lib/php/extensions/no-debug-non-zts-
20060613/oauth.so
/usr/lib/php/extensions/no-debug-non-zts-20060613/oauth.so:
	/usr/lib/libgcc_s.1.dylib (compatibility version 
1.0.0, current version 1.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 
1.0.0, current version 111.1.4)


Release vers output:
otool -L oauth.so 
oauth.so:
	/usr/lib/libcurl.4.dylib (compatibility version 
5.0.0, current version 5.0.0)
	/usr/lib/libgcc_s.1.dylib (compatibility version 
1.0.0, current version 1.0.0)
	/usr/lib/libSystem.B.dylib (compatibility version 
1.0.0, current version 111.1.4)


libraries do seem to exist.

Not sure where to go from here! Advice appreciated. Note 
this is on a 10.5.8 server, our dev machine. Ultimate 
deployment target is 10.6 server.

Thanks.
 [2010-04-12 21:02 UTC] jawed@php.net
I wasn't able to replicate this on Snow Leopard.

Here are my results with trunk:

$ /usr/local/bin/phpize && ./configure && sudo make install
$ /usr/local/bin/php -m
...
OAuth
...
$ cd examples/twitter
$ php updateStatus.php 
I think I got a valid request token, navigate your www 
client to:

https://twitter.com/oauth/authorize?oauth_token=----

Once you finish authorizing, hit ENTER or INTERRUPT to exit

^C
$ otool -L /usr/local/lib/php/extensions/debug-non-zts-
20090626/oauth.so 
/usr/local/lib/php/extensions/debug-non-zts-
20090626/oauth.so:
	/usr/lib/libSystem.B.dylib (compatibility version 
1.0.0, current version 125.0.1)
 [2010-04-27 06:08 UTC] sam at digitalfusion dot co dot nz
Ok, so we got the module installed and working, but now Apache is getting a 
segmentation fault when I run the fetch method after using the 
setRSACertificate method.

Here's the entries from Apache's log:
[Tue Apr 27 14:08:21 2010] [notice] child pid 29046 exit signal Segmentation 
fault (11)
[Tue Apr 27 14:08:21 2010] [notice] child pid 29045 exit signal Segmentation 
fault (11)
[Tue Apr 27 14:08:21 2010] [notice] child pid 28947 exit signal Segmentation 
fault (11)

And here is the exact code that will cause this:

// Create the object.
$oauth = new OAuth( XERO_DEV_KEY, XERO_DEV_KEY, OAUTH_SIG_METHOD_RSASHA1 );

// Add the key.
$oauth->setRSACertificate( file_get_contents( XERO_RSASHA1_PRIVATE ) );

// Fetch the details.
$oauth->fetch( API_XERO.'Organisation', null, OAUTH_HTTP_METHOD_GET );

The actual code I've written checks for the errors thrown by setRSACertificate, 
and as far as I can tell my certificate is valid (nothing is thrown when I set 
it, so I assume its working).
 [2010-04-27 08:32 UTC] datibbaw@php.net
Thank you for this bug report. To properly diagnose the problem, we
need a backtrace to see what is happening behind the scenes. To
find out how to generate a backtrace, please read
http://bugs.php.net/bugs-generating-backtrace.php for *NIX and
http://bugs.php.net/bugs-generating-backtrace-win32.php for Win32

Once you have generated a backtrace, please submit it to this bug
report and change the status back to "Open". Thank you for helping
us make PHP better.

Cannot reproduce on Apache 2.2.15 / PHP 5.2.13

Will require a backtrace of the whole Apache/PHP/Oauth stack

You can run apache in the foreground using -X and then attach gdb
 [2010-05-04 20:34 UTC] sam at digitalfusion dot co dot nz
Looks like this was caused by a bad php config. All sorted now 
- thanks.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Wed Oct 09 01:01:28 2024 UTC