/** * {inheritDoc} */ public function authenticate(Request\RequestInterface $request, KeyLoaderInterface $keyLoader) { // Get the signature passed through the HTTP request. $passedSignature = $this->requestSigner->getSignature($request); // Check whether the timestamp is valid. $comparison = $passedSignature->compareTimestamp($this->expiry); if (-1 == $comparison) { throw new Exception\TimestampOutOfRangeException('Request is too old'); } elseif (1 == $comparison) { throw new Exception\TimestampOutOfRangeException('Request is too far in the future'); } // Load the API Key and sign the request. if (!($key = $keyLoader->load($passedSignature->getId()))) { throw new Exception\KeyNotFoundException('API key not found'); } // Sign the request and check whether it matches the one that was // passed. If it matches, the request is authenticated. $requestSignature = $this->requestSigner->signRequest($request, $key->getSecret()); if (!$passedSignature->matches($requestSignature)) { throw new Exception\InvalidSignatureException('Signature not valid'); } return $key; }
/** * Signs the request with the appropriate headers. * * @param \Psr\Http\Message\RequestInterface $request * * @return \Psr\Http\Message\RequestInterface */ public function signRequest(RequestInterface $request) { return $this->requestSigner->signRequest($request, $this->customHeaders); }