php - Building a body signed oauth xml request for LTI Outcomes service

Question

im trying to figure out how to generate oauth_signature using oauth_body_hash as stated in section 4.3 here http://www.imsglobal.org/specs/ltiv1p1/implementation-guide#toc-5
i have to send an API call which has to be authorized using body hash

POST http://www.imsglobal.org/developers/BLTI/service_handle.php HTTP/1.0

Host: 127.0.0.1:80

Content-Length: 757

Authorization: OAuth realm="",oauth_version="1.0",

  oauth_nonce="29f90c047a44b2ece73d00a09364d49b",

  oauth_timestamp="1313350943",oauth_consumer_key="lmsng.school.edu",

  oauth_body_hash="v%2BxFnmDSHV%2Fj29qhxLwkFILrtPo%3D",

  oauth_signature_method="HMAC-SHA1",

  oauth_signature="8auRpRdPY2KRXUrOyz3HKCs92y8%3D"

Content-type: application/xml

 

<?xml version = "1.0" encoding = "UTF-8"?>

to generate Authorization value i need the following:
oauth_nonce which i use uniqid('', true) to generate
oauth_timestamp which i use strtotime("now") to generate
oauth_consumer_key which i already used to handle the LTI call
oauth_body_hash which i use base64_encode(sha1($xml, true)) to generate
oauth_signature_method which is HMAC-SHA1
now i just have to generate the oauth_signature

it says in the documentation that : The oauth_body_hash [OBH, 11] is computed using a SHA-1 hash of the body contents and added to the Authorization header. All of the OAuth parameters, HTTP method, and URL are signed like any other OAuth signed request. Other than in producing the body hash value, the actual POST data is not involved in the computation of the oauth_signature.

i dont understand how to generate the oauth_signature using oauth_body_hash

can some one please tell me how can i generate it using simple php without using classes? i found an identical question which can be found here Building a body signed oauth xml request for LTI Outcomes service using pecl oauth
but the solutions there are using classes which i cant do!

this is what i have tried so far but it still wont get authorized:

    $bodyHash = base64_encode(sha1($xml, true));
    $sig = base64_encode(hash_hmac("sha1", $xml, $lti_secret, true));
    $authorization_string = 'Authorization: OAuth '.
        'oauth_version="1.0",'.
        'oauth_nonce="'.uniqid('', true).'",'.
        'oauth_timestamp="'.strtotime("now").'",'.
        'oauth_body_hash="'.$bodyHash.'",'.
        'oauth_consumer_key="'.$lti_key.'",'.
        'oauth_signature_method="HMAC-SHA1",'.
        'oauth_signature="'.$sig.'"';