From eeaa68400f98aa96496d54bfe5ebe91061684d80 Mon Sep 17 00:00:00 2001 From: Michael Hogg Date: Fri, 28 Aug 2015 12:46:53 +0100 Subject: [PATCH 1/2] Fix bug: hash_hmac() should output raw binary data, not hexits --- src/TokenType/MAC.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/TokenType/MAC.php b/src/TokenType/MAC.php index 1eb3b930..0d026a2d 100644 --- a/src/TokenType/MAC.php +++ b/src/TokenType/MAC.php @@ -114,7 +114,14 @@ class MAC extends AbstractTokenType implements TokenTypeInterface $calculatedSignatureParts[] = $params->get('ext'); } - $calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), $macKey)); + $calculatedSignature = base64_encode( + hash_hmac( + 'sha256', + implode("\n", $calculatedSignatureParts), + $macKey, + true // raw_output: outputs raw binary data + ) + ); // Return the access token if the signature matches return ($this->hash_equals($calculatedSignature, $signature)) ? $accessToken : null; From 2d26c38d6cbdc172b9a6f75ef02ffea55c87fd2f Mon Sep 17 00:00:00 2001 From: Michael Hogg Date: Fri, 28 Aug 2015 13:11:20 +0100 Subject: [PATCH 2/2] Update unit test: testDetermineAccessTokenInHeaderValid() --- tests/unit/TokenType/MacTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/unit/TokenType/MacTest.php b/tests/unit/TokenType/MacTest.php index fce568fa..c05ccdb4 100644 --- a/tests/unit/TokenType/MacTest.php +++ b/tests/unit/TokenType/MacTest.php @@ -57,7 +57,7 @@ class MacTest extends \PHPUnit_Framework_TestCase $request->getPort(), 'ext' ]; - $calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), 'abcdef')); + $calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), 'abcdef', true)); $request->headers->set('Authorization', sprintf('MAC id="foo", nonce="foo", ts="%s", mac="%s", ext="ext"', $ts, $calculatedSignature));