/**
* Run the request
*
* @param \Raml\SecurityScheme $securityscheme_obj The security scheme to process the call data for
* @param \V1\APICall $apicall_obj The APICall object
*
* @return mixed The object we just completed or an array describing the next step in the security process
*/
public function run(\Raml\SecurityScheme $securityscheme_obj, \V1\APICall $apicall_obj)
{
// If the customer enters an authorization header, then we bail out of the security call.
if (\V1\APIRequest::is_static() === false && !empty($custom_headers = \V1\APIRequest::get('configure.headers', null)) && !empty($custom_headers['Authorization'])) {
return true;
}
$this->apicall = $apicall_obj;
/**
* GATHER THE NEEDED DATA
*/
$credentials = $apicall_obj->get_credentials();
$settings = $securityscheme_obj->getSettings();
$api_def = $apicall_obj->get_api_def();
$api_url = $apicall_obj->get_url();
$method = $apicall_obj->get_method();
$this->credentials = $credentials;
// Digest URI
$parsed_url = parse_url($api_url);
$digest_uri = empty($parsed_url['path']) ? '/' : $parsed_url['path'];
if (!empty($parsed_url['query'])) {
$digest_uri .= '?' . $parsed_url['query'];
}
$algorithm = empty($settings['algorithm']) ? 'md5' : \Str::lower($settings['algorithm']);
// Make sure that we have the required data.
if (empty($credentials['DIGEST_USERNAME']) || empty($credentials['DIGEST_PASSWORD']) || empty($settings['realm'])) {
$this->error = true;
return;
}
$this->realm = $settings['realm'];
$this->username = $credentials['DIGEST_USERNAME'];
// Find our nonce.
if (empty($credentials['DIGEST_NONCE'])) {
// Beg for nonces
$this->parse_www_auth_remote($api_url);
if (is_array($this->www_data) && !empty($this->www_data['nonce'])) {
$this->nonce = $this->www_data['nonce'];
} else {
$this->error = true;
return;
}
} else {
$this->nonce = $credentials['DIGEST_NONCE'];
}
// We save this value in the DB.
$credentials['DIGEST_NONCE'] = $this->nonce;
// Figure out if we've used the current nonce before.
if (!empty($settings['qop'])) {
// We may have "auth" or "auth-int" or "auth,auth-int" or "auth-int,auth"
if (substr_count(\Str::lower($settings['qop']), 'auth-int') > 0) {
$this->qop = 'auth-int';
} else {
$this->qop = 'auth';
}
/**
* We have a qop, so we need to figure out how many times we've sent a request with
* the current nonce. (Including the current request)
*
* @link http://www.ietf.org/rfc/rfc2617.txt
* Look up "nonce-count"
*/
if (empty($credentials['DIGEST_NONCE_COUNT'])) {
$credentials['DIGEST_NONCE_COUNT'] = 0;
}
$this->nonce_count = ++$credentials['DIGEST_NONCE_COUNT'];
}
// Do we need to send the "opaque" param?
if (!empty($settings['opaque'])) {
// It stays the same for the requester forevermore.
if ($settings['opaque'] === 'same') {
// We have the value on file. (Dynamic calls only)
if (!empty($credentials['DIGEST_OPAQUE'])) {
$this->opaque = $credentials['DIGEST_OPAQUE'];
}
}
// If it isn't set to "same" or "changes," then we have a static value.
if ($settings['opaque'] !== 'changes') {
$this->opaque = $settings['opaque'];
}
// We couldn't find the value, so we pull it from the header data of a new request.
if (empty($this->opaque)) {
// If we never contacted the remote server, do that now.
if ($this->www_data === false) {
$this->parse_www_auth_remote($api_url);
}
if (is_array($this->www_data) && !empty($this->www_data['opaque'])) {
$this->opaque = $this->www_data['opaque'];
// We'll save it since it'll always be the same.
if ($settings['opaque'] === 'same') {
$credentials['DIGEST_OPAQUE'] = $this->opaque;
}
} else {
// We've called the remote server and it didn't have the data.
$this->error = true;
return;
}
}
}
/*
* Increment our nonce counter for the current request with the nonce. (Pardon me while I go get a
* bowl of de Chex.)
*/
$this->nonce_count = dechex($this->nonce_count);
/**
* Format the nonce count as specified in section 3.2.2 of the RFC2617.
*
* @link http://www.ietf.org/rfc/rfc2617.txt
*/
if (($padding = 8 - strlen($this->nonce_count)) > 0) {
$this->nonce_count = str_repeat(0, $padding) . $this->nonce_count;
}
// Reliable client nonce
$this->cnonce = \Utility::get_nonce();
/**
* START COMPILING THE HEADER
*/
// MD5
$this->ha1 = md5($credentials['DIGEST_USERNAME'] . ':' . $this->realm . ':' . $credentials['DIGEST_PASSWORD']);
// MD5-sess
if ($algorithm === 'md5-sess') {
$this->ha1 = md5($this->ha1 . ':' . $this->nonce . ':' . $this->cnonce);
}
\V1\Keyring::set_credentials($credentials);
// We've finished for now. We'll configure more just before we send the request.
}
