getSignString called two times on verify

Question

getSignString called two times on verify

Closed this issue 7 years ago · 1 comments

When Signature::verify is called the function getSignString() is called and sent to sign()

public function verify($signature, $data)
    {
        $signString = $this->getSignString($data);

        // Timing attack safe string comparison
        return hash_equals($signature, $this->sign($signString));
    }

In sign(), getSignString() is called again.

    public function sign($data)
    {
        $signString = $this->getSignString($data);

        return hash_hmac($this->getAlgo(), $signString, $this->getKey());
    }

Answer 1 · 2017-12-28T08:38:39.000Z

@adifaidz thanks