'secret1','key2'=>'secret2') * @param Zeed_OAuth_Token $token * @param Zeed_OAuth_Request $request */ public static function validate($consumers, Zeed_OAuth_Token $token = null, Zeed_OAuth_Request $request = null) { if (is_null($request)) { $request = Zeed_OAuth_Request::fromRequest(); } $consumerKey = @$request->getParameter("oauth_consumer_key"); if (! $consumerKey) { throw new Zeed_OAuth_Exception("No consumer key"); } if (!in_array($consumerKey, array_keys($consumers))) { throw new Zeed_OAuth_Exception("Invalid consumer key"); } // verify that timestamp is recentish $timestamp = @$request->getParameter('oauth_timestamp'); if (! $timestamp) { throw new Zeed_OAuth_Exception('Missing timestamp parameter. The parameter is required'); } $now = time(); if (abs($now - $timestamp) > self::$_timestampThreshold) { throw new Zeed_OAuth_Exception("Expired timestamp, yours $timestamp, ours $now"); } $consumer = new Zeed_OAuth_Consumer($consumerKey, $consumers[$consumerKey]); // verify that nonce is fresh $nonce = @$request->getParameter('oauth_nonce'); if (! $nonce) { throw new Zeed_OAuth_Exception('Missing nonce parameter. The parameter is required'); } $nonceKey = md5('zoi-'.$consumer.'-'.$token.'-'.$timestamp.'-'.$nonce); $cached = Zeed_Cache::instance()->load($nonceKey); if ($cached !== false) { throw new Zeed_OAuth_Exception('Replay attacks'); } else { Zeed_Cache::instance()->save(1,$nonceKey,array('zoi'),self::$_timestampThreshold*2); } // verify signature $signatureMethod = self::_getSignatureMethod($request); $signature = $request->getParameter('oauth_signature'); $validSig = $signatureMethod->checkSignature($request, $consumer, $token, $signature); if (! $validSig) { throw new Zeed_OAuth_Exception("Invalid signature"); } return $request->getParameters(); } /** * 获取签名方式 * * @param Zeed_OAuth_Request $request * @return Zeed_OAuth_Signature_Abstract */ protected static function _getSignatureMethod($request) { $signatureMethod = @$request->getParameter("oauth_signature_method"); if (! $signatureMethod) { throw new Zeed_OAuth_Exception('No signature method parameter. This parameter is required'); } if ('HMAC-SHA1' == $signatureMethod) { return new Zeed_OAuth_Signature_HMACSHA1(); } else { throw new Zeed_OAuth_Exception('Unsupported signature method'); } } } // End ^ Native EOL ^ encoding