/** * {@inheritDoc} */ public function signResponse(ResponseInterface $response) { $authHeader = AuthorizationHeader::createFromRequest($this->request); $parts = [$authHeader->getNonce(), $this->request->getHeaderLine('X-Authorization-Timestamp'), (string) $response->getBody()]; $message = implode("\n", $parts); $signature = $this->digest->sign($message, $this->key->getSecret()); /** @var \Psr\Http\Message\ResponseInterface $response */ $response = $response->withHeader('X-Server-Authorization-HMAC-SHA256', $signature); return $response; }
/** * Builds an AuthorizationHeader object. * * @param \Psr\Http\Message\RequestInterface $request * The request being signed. * @param string[] $customHeaders * A list of custom header names. The values of the headers will be * extracted from the request. * * @return \Acquia\Hmac\AuthorizationHeader * The compiled authorizatio header object. */ protected function buildAuthorizationHeader(RequestInterface $request, array $customHeaders = []) { $authHeaderBuilder = new AuthorizationHeaderBuilder($request, $this->key, $this->digest); $authHeaderBuilder->setRealm($this->realm); $authHeaderBuilder->setId($this->key->getId()); $authHeaderBuilder->setCustomHeaders($customHeaders); return $authHeaderBuilder->getAuthorizationHeader(); }
/** * Ensures a response can be authenticated. */ public function testIsAuthentic() { $realm = 'Pipet service'; $nonce = 'd1954337-5319-4821-8427-115542e08d10'; $timestamp = 1432075982; $signature = 'LusIUHmqt9NOALrQ4N4MtXZEFE03MjcDjziK+vVqhvQ='; $requestHeaders = ['X-Authorization-Timestamp' => $timestamp]; $request = new Request('GET', 'http://example.com', $requestHeaders); $authHeaderBuilder = new AuthorizationHeaderBuilder($request, $this->authKey); $authHeaderBuilder->setRealm($realm); $authHeaderBuilder->setId($this->authKey->getId()); $authHeaderBuilder->setNonce($nonce); $authHeader = $authHeaderBuilder->getAuthorizationHeader(); $requestSigner = new MockRequestSigner($this->authKey, $realm, new Digest(), $authHeader); $signedRequest = $requestSigner->signRequest($request); $responseHeaders = ['X-Server-Authorization-HMAC-SHA256' => $signature]; $response = new Response(200, $responseHeaders); $authenticator = new ResponseAuthenticator($signedRequest, $this->authKey); $this->assertTrue($authenticator->isAuthentic($response)); }
/** * Ensures the correct headers are generated when signing a request. */ public function testSignRequest() { $headers = ['Content-Type' => 'text/plain', 'X-Authorization-Timestamp' => $this->timestamp]; $request = new Request('GET', 'https://example.acquiapipet.net/v1.0/task-status/133?limit=10', $headers); $digest = new Digest(); $authHeaderBuilder = new AuthorizationHeaderBuilder($request, $this->authKey, $digest); $authHeaderBuilder->setRealm($this->realm); $authHeaderBuilder->setId($this->authKey->getId()); $authHeaderBuilder->setNonce('d1954337-5319-4821-8427-115542e08d10'); $authHeader = $authHeaderBuilder->getAuthorizationHeader(); $signer = new MockRequestSigner($this->authKey, $this->realm, $digest, $authHeader); $signedRequest = $signer->signRequest($request); $this->assertFalse($signedRequest->hasHeader('X-Authorization-Content-SHA256')); $this->assertTrue($signedRequest->hasHeader('X-Authorization-Timestamp')); $this->assertEquals($this->timestamp, $signedRequest->getHeaderLine('X-Authorization-Timestamp')); $this->assertTrue($signedRequest->hasHeader('Authorization')); $this->assertContains('signature="MRlPr/Z1WQY2sMthcaEqETRMw4gPYXlPcTpaLWS2gcc="', $signedRequest->getHeaderLine('Authorization')); // Ensure that we can get the AuthorizationHeader back from the request. $signedAuthRequest = $signer->getAuthorizedRequest($signedRequest); $this->assertContains('signature="MRlPr/Z1WQY2sMthcaEqETRMw4gPYXlPcTpaLWS2gcc="', $signedAuthRequest->getHeaderLine('Authorization')); }
/** * Generate a signature from the request. * * @throws \Acquia\Hmac\Exception\MalformedRequestException * When a required header is missing. * * @return string * The generated signature. */ protected function generateSignature() { if (!$this->request->hasHeader('X-Authorization-Timestamp')) { throw new MalformedRequestException('X-Authorization-Timestamp header missing from request.', null, 0, $this->request); } $parts = [strtoupper($this->request->getMethod()), $this->request->getUri()->getHost(), $this->request->getUri()->getPath(), $this->request->getUri()->getQuery(), $this->serializeAuthorizationParameters()]; $parts = array_merge($parts, $this->normalizeCustomHeaders()); $parts[] = $this->request->getHeaderLine('X-Authorization-Timestamp'); $body = (string) $this->request->getBody(); if (strlen($body)) { if ($this->request->hasHeader('Content-Type')) { $parts[] = $this->request->getHeaderLine('Content-Type'); } $parts[] = $this->digest->hash((string) $body); } return $this->digest->sign(implode("\n", $parts), $this->key->getSecret()); }