1: <?php
 2: 
 3: /**
 4:  * Copyright 2016 LINE Corporation
 5:  *
 6:  * LINE Corporation licenses this file to you under the Apache License,
 7:  * version 2.0 (the "License"); you may not use this file except in compliance
 8:  * with the License. You may obtain a copy of the License at:
 9:  *
10:  *   https://www.apache.org/licenses/LICENSE-2.0
11:  *
12:  * Unless required by applicable law or agreed to in writing, software
13:  * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14:  * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15:  * License for the specific language governing permissions and limitations
16:  * under the License.
17:  */
18: 
19: namespace LINE\LINEBot;
20: 
21: use LINE\LINEBot\Exception\InvalidSignatureException;
22: 
23: /**
24:  * A validator class of signature.
25:  *
26:  * @package LINE\LINEBot
27:  */
28: class SignatureValidator
29: {
30:     /**
31:      * Validate request with signature.
32:      *
33:      * @param string $body Request body.
34:      * @param string $channelSecret Your channel secret.
35:      * @param string $signature Signature (probably retrieve from HTTP header).
36:      * @return bool Request is valid or not.
37:      * @throws InvalidSignatureException When empty signature is given.
38:      */
39:     public static function validateSignature($body, $channelSecret, $signature)
40:     {
41:         if (!isset($signature)) {
42:             throw new InvalidSignatureException('Signature must not be empty');
43:         }
44: 
45:         return hash_equals(base64_encode(hash_hmac('sha256', $body, $channelSecret, true)), $signature);
46:     }
47: }
48: