public function handle(GetResponseEvent $event)
{
$request = $event->getRequest();
$wsseHeader = $request->headers->get(self::WSSE_HEADER, false);
if (!$wsseHeader || 1 !== preg_match(self::WSSE_REGEX, $wsseHeader, $matches)) {
$event->setResponse(new Response('', Response::HTTP_FORBIDDEN, array('WWW-Authenticate' => 'WSSE realm="webservice", profile="ApplicationToken"')));
return;
}
$token = new TelenorUserToken($this->providerKey, $matches[2], $matches[3], $matches[4]);
$token->setUser($matches[1]);
try {
$authenticatedToken = $this->authenticationManager->authenticate($token);
$this->securityContext->setToken($authenticatedToken);
return;
} catch (NonceExpiredException $failed) {
$this->logger->debug("Nonce expired: " . $wsseHeader);
} catch (AuthenticationException $failed) {
$this->logger->debug("Authentication failed: " . $failed->getMessage());
}
$token = $this->securityContext->getToken();
if ($token instanceof TelenorUserToken) {
$this->securityContext->setToken(null);
}
$response = new Response("", Response::HTTP_UNAUTHORIZED, array(Headers::LOCATION => $this->router->generate('telenor.authentication.login')));
$event->setResponse($response);
}
/**
* @param TelenorUserToken $token
* @return bool true if token is not expired
* @throws NonceExpiredException if the token is expired
*/
private function validateIfTokenIsNotExpired(TelenorUserToken $token)
{
// Check created time is not in the future
if (strtotime($token->getCreated()) > time()) {
$this->logger->debug("WSSE Token generated for future time: " . $token->getCreated());
throw new NonceExpiredException("WSSE Token generated for future time: " . $token->getCreated());
}
// Expire timestamp after 5 minutes
if (time() - strtotime($token->getCreated()) > 300) {
$this->logger->debug("WSSE Token expired: " . $token->getCreated());
throw new NonceExpiredException("WSSE Token expired: " . $token->getCreated());
}
// Validate that the nonce is *not* used in the last 5 minutes
// if it has, this could be a replay attack
if (file_exists($this->cacheDir . '/' . $token->getNonce()) && (int) file_get_contents($this->cacheDir . '/' . $token->getNonce()) + 300 > time()) {
$this->logger->debug("Previously used nonce detected: " . $token->getNonce());
throw new NonceExpiredException("Previously used nonce detected: " . $token->getNonce());
}
return true;
}