在PHP中验证cURL请求

Question

我正在尝试使用暴雪的API从他们的JSON服务中检索数据（身份验证文档 - http://blizzard.github.io/api-wow-docs/#features/authentication）。我目前有以下功能，照顾我的cURL请求：

function get_json($url) { 
    $ch = curl_init(); 
    curl_setopt($ch, CURLOPT_HEADER, 0); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    curl_setopt($ch, CURLOPT_URL, $url); 
    $data = curl_exec($ch); 
    curl_close($ch); 
    return $data; 
} 

我已经查看了身份验证要求并获得了公钥和私钥。它们提供了这一解释过程：

UrlPath = <HTTP-Request-URI, from the port to the query string> 
    StringToSign = HTTP-Verb + "\n" + Date + "\n" + UrlPath + "\n"; 
    Signature = Base64(HMAC-SHA1(UTF-8-Encoding-Of(PrivateKey), StringToSign)); 
    Header = "Authorization: BNET" + " " + PublicKey + ":" + Signature; 

我曾尝试研究PHP处理卷曲的认证，但它只是让我感到困惑了。我的问题是如何在get_json函数中包含身份验证？

Answer 1

在http://sourceforge.net/projects/wowarmoryapi/

private function getByKeys($url,$region){ 
    $pubkey = $GLOBALS['wowarmory']['keys']['public']; 
    $privkey = $GLOBALS['wowarmory']['keys']['private']; 
    $url = preg_replace('/^http/', 'https', $url); 
    $date = date('D, d M Y G:i:s T',time()); 
    $stringtosign = "GET\n".$date."\n".$url."\n"; 
    $signature = base64_encode(hash_hmac('sha1', $stringtosign, $privkey,true)); 
    $header = array("Host: ".$this->regions[$region],"Date: ". $date,"\nAuthorization: BNET ". $pubkey.":". base64_encode(hash_hmac('sha1', "GET\n".$date."\n".$url."\n", $privkey, true))."\n"); 

    $ch = curl_init($url); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); 
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); 
    curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); 
    curl_setopt($ch, CURLOPT_TIMEOUT, 10); 
    curl_setopt($ch, CURLOPT_VERBOSE, true); 

    curl_setopt($ch, CURLOPT_HTTPHEADER, $header); 
    $response = curl_exec($ch); 
    $headers = curl_getinfo($ch); 
    return $response; 
}