/**
* Returns the canonicalized custom headers.
*
* @param \Acquia\Hmac\RequestSignerInterface $requestSigner
* @param \Acquia\Hmac\Request\RequestInterface $request
*
* @return string
*/
protected function getCustomHeaders(RequestSignerInterface $requestSigner, RequestInterface $request)
{
$headers = $requestSigner->getCustomHeaders($request);
$canonicalizedHeaders = array();
foreach ($headers as $header => $value) {
$canonicalizedHeaders[] = strtolower($header) . ': ' . $value;
}
sort($canonicalizedHeaders);
return join("\n", $canonicalizedHeaders);
}
/**
* Signs the request, adds the HMAC hash to the authorization header.
*
* @param \Psr\Http\Message\RequestInterface $request
*
* @return \Psr\Http\Message\RequestInterface
*/
public function signRequest(RequestInterface $request)
{
if (!$request->hasHeader('Date')) {
$time = new \DateTime();
$time->setTimezone(new \DateTimeZone('GMT'));
$request = $request->withHeader('Date', $time->format('D, d M Y H:i:s \\G\\M\\T'));
}
if (!$request->hasHeader('Content-Type')) {
$request = $request->withHeader('Content-Type', $this->defaultContentType);
}
$authorization = $this->requestSigner->getAuthorization(new RequestWrapper($request), $this->id, $this->secretKey);
return $request->withHeader('Authorization', $authorization);
}
/**
* @param \Guzzle\Http\Message\Request $request
*/
public function signRequest(Request $request)
{
$requestWrapper = new RequestWrapper($request);
if (!$request->hasHeader('Date')) {
$time = new \DateTime();
$time->setTimezone(new \DateTimeZone('GMT'));
$request->setHeader('Date', $time->format(ClientInterface::HTTP_DATE));
}
if (!$request->hasHeader('Content-Type')) {
$request->setHeader('Content-Type', $this->defaultContentType);
}
$authorization = $this->requestSigner->getAuthorization($requestWrapper, $this->id, $this->secretKey);
$request->setHeader('Authorization', $authorization);
}
/**
* {inheritDoc}
*/
public function authenticate(Request\RequestInterface $request, KeyLoaderInterface $keyLoader)
{
// Get the signature passed through the HTTP request.
$passedSignature = $this->requestSigner->getSignature($request);
// Check whether the timestamp is valid.
$comparison = $passedSignature->compareTimestamp($this->expiry);
if (-1 == $comparison) {
throw new Exception\TimestampOutOfRangeException('Request is too old');
} elseif (1 == $comparison) {
throw new Exception\TimestampOutOfRangeException('Request is too far in the future');
}
// Load the API Key and sign the request.
if (!($key = $keyLoader->load($passedSignature->getId()))) {
throw new Exception\KeyNotFoundException('API key not found');
}
// Sign the request and check whether it matches the one that was
// passed. If it matches, the request is authenticated.
$requestSignature = $this->requestSigner->signRequest($request, $key->getSecret());
if (!$passedSignature->matches($requestSignature)) {
throw new Exception\InvalidSignatureException('Signature not valid');
}
return $key;
}
/**
* Signs the request with the appropriate headers.
*
* @param \Psr\Http\Message\RequestInterface $request
*
* @return \Psr\Http\Message\RequestInterface
*/
public function signRequest(RequestInterface $request)
{
return $this->requestSigner->signRequest($request, $this->customHeaders);
}
/**
* Returns the value of the "Timestamp" header.
*
* @param \Acquia\Hmac\RequestSignerInterface $requestSigner
* @param \Acquia\Hmac\Request\RequestInterface $request
*
* @return string
*/
protected function getTimestamp(RequestSignerInterface $requestSigner, RequestInterface $request)
{
return $requestSigner->getTimestamp($request);
}
