public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$publicKey = $request->headers->get(self::AUTH_PUBLIC_KEY_TOKEN);
$token = new PublicKeyToken();
$token->setUser($publicKey);
$token->setPublicKey($publicKey);
$token->request = $request;
$token->setNonce($request->headers->get(self::AUTH_SIGNATURE_TOKEN));
try {
$token = $this->authenticationManager->authenticate($token);
if (null !== $this->logger) {
$this->logger->info(sprintf('PubliKey Authentication request succeed for public key "%s"', $token->getUsername()));
}
return $this->context->setToken($token);
} catch (SecurityException $e) {
if (null !== $this->logger) {
$this->logger->info(sprintf('PubliKey Authentication request failed for public key "%s": %s', $token->getUsername(), str_replace("\n", ' ', $e->getMessage())));
}
throw $e;
} catch (\Exception $e) {
if (null !== $this->logger) {
$this->logger->error($e->getMessage());
}
throw $e;
}
}
/**
* {@inheritdoc}
*/
public function authenticate(TokenInterface $token)
{
if (false === $this->supports($token)) {
return;
}
$publicKey = $token->getUsername();
if (null === ($nonce = $this->readNonceValue($token->getNonce()))) {
$this->onInvalidAuthentication();
}
$user = $this->userProvider->loadUserByPublicKey($publicKey);
if (null === $user) {
$this->onInvalidAuthentication();
}
$token->setUser($user);
$signature_encoder = new RequestSignatureEncoder();
if (false === $signature_encoder->isApiSignatureValid($token, $nonce[1])) {
$this->onInvalidAuthentication();
}
if (time() > $nonce[0] + $this->lifetime) {
$this->removeNonce($token->getNonce());
throw new SecurityException('Prior authentication expired', SecurityException::EXPIRED_AUTH);
}
$authenticatedToken = new PublicKeyToken($this->getRoles($user));
$authenticatedToken->setUser($user)->setNonce($token->getNonce())->setCreated(new \DateTime())->setLifetime($this->lifetime);
$this->writeNonceValue($authenticatedToken);
return $authenticatedToken;
}
