/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
if (false === $this->supports($token)) {
return;
}
$publicKey = $token->getUsername();
if (null === ($nonce = $this->readNonceValue($token->getNonce()))) {
$this->onInvalidAuthentication();
}
$user = $this->userProvider->loadUserByPublicKey($publicKey);
if (null === $user) {
$this->onInvalidAuthentication();
}
$token->setUser($user);
$signature_encoder = new RequestSignatureEncoder();
if (false === $signature_encoder->isApiSignatureValid($token, $nonce[1])) {
$this->onInvalidAuthentication();
}
if (time() > $nonce[0] + $this->lifetime) {
$this->removeNonce($token->getNonce());
throw new SecurityException('Prior authentication expired', SecurityException::EXPIRED_AUTH);
}
$authenticatedToken = new PublicKeyToken($this->getRoles($user));
$authenticatedToken->setUser($user)->setNonce($token->getNonce())->setCreated(new \DateTime())->setLifetime($this->lifetime);
$this->writeNonceValue($authenticatedToken);
return $authenticatedToken;
}
