/** * @param $data * @param $message * @return bool */ public function isValidRequest($data, $message) { $key = $this->config('acquia_connector.settings')->get('key'); if (!isset($data['authenticator']) || !isset($data['authenticator']['time']) || !isset($data['authenticator']['nonce'])) { return FALSE; } $string = $data['authenticator']['time'] . ':' . $data['authenticator']['nonce'] . ':' . $message; $hash = CryptConnector::acquiaHash($key, $string); if ($hash == $data['authenticator']['hash']) { return TRUE; } else { return FALSE; } }
/** * @param array $data * @return array */ protected function validateAuthenticator($data) { $fields = array('time' => 'is_numeric', 'identifier' => 'is_string', 'nonce' => 'is_string', 'hash' => 'is_string'); $result = $this->basicAuthenticator($fields, $data); if (!empty($result['error'])) { return $result; } if (strpos($data['authenticator']['identifier'], 'TEST_') !== 0) { return $this->errorResponse(self::ACQTEST_SUBSCRIPTION_NOT_FOUND, t('Subscription not found')); } switch ($data['authenticator']['identifier']) { case self::ACQTEST_ID: $key = self::ACQTEST_KEY; break; case self::ACQTEST_EXPIRED_ID: $key = self::ACQTEST_EXPIRED_KEY; break; case self::ACQTEST_503_ID: $key = self::ACQTEST_503_KEY; break; default: $key = self::ACQTEST_ERROR_KEY; break; } $hash = CryptConnector::acquiaHash($key, $data['authenticator']['time'] . ':' . $data['authenticator']['nonce']); $hash_simple = CryptConnector::acquiaHash($key, $data['authenticator']['time'] . ':' . $data['authenticator']['nonce']); if ($hash !== $data['authenticator']['hash'] && $hash_simple != $data['authenticator']['hash']) { return $this->errorResponse(self::ACQTEST_SUBSCRIPTION_VALIDATION_ERROR, t('HMAC validation error: ') . "{$hash} != {$data['authenticator']['hash']}"); } if ($key === self::ACQTEST_EXPIRED_KEY) { return $this->errorResponse(self::ACQTEST_SUBSCRIPTION_EXPIRED, t('Subscription expired.')); } // Record connections. $connections = \Drupal::config('acquia_connector.settings')->get('test_connections' . $data['authenticator']['identifier']); $connections++; \Drupal::configFactory()->getEditable('acquia_connector.settings')->set('test_connections' . $data['authenticator']['identifier'], $connections)->save(); if ($connections == 3 && $data['authenticator']['identifier'] == self::ACQTEST_503_ID) { // Trigger a 503 response on 3rd call to this (1st is // acquia.agent.subscription and 2nd is acquia.agent.validate) $this->headers->set("Status", "503 Server Error"); print ''; exit; } $result['error'] = FALSE; $result['body']['subscription_name'] = 'TEST_AcquiaConnectorTestID'; $result['body']['active'] = 1; $result['body']['href'] = 'http://acquia.com/network'; $result['body']['expiration_date']['value'] = '2023-10-08T06:30:00'; $result['body']['product'] = '91990'; $result['body']['derived_key_salt'] = $data['authenticator']['identifier'] . '_KEY_SALT'; $result['body']['update_service'] = 1; $result['body']['search_service_enabled'] = 1; if (isset($data['body']['rpc_version'])) { $result['body']['rpc_version'] = $data['body']['rpc_version']; } $result['secret']['data'] = $data; $result['secret']['nid'] = '91990'; $result['secret']['node'] = $data['authenticator']['identifier'] . '_NODE'; $result['secret']['key'] = $key; //$result['secret']['nonce'] = ''; $result['authenticator'] = $data['authenticator']; $result['authenticator']['hash'] = ''; $result['authenticator']['time'] += 1; $result['authenticator']['nonce'] = $data['authenticator']['nonce']; return $result; }
/** * Calculates a HMAC-SHA1 according to RFC2104 (http://www.ietf.org/rfc/rfc2104.txt). * * @param string $key * @param int $time * @param string $nonce * @param array $params * @return string */ protected function hash($key, $time, $nonce, $params = array()) { $string = $time . ':' . $nonce; return CryptConnector::acquiaHash($key, $string); }