function testSessionTokenVerifySignature()
 {
     $data = time();
     $token = $this->cryptoManager->createSessionToken($data, $this->privateKey);
     list($timestamp, $hash) = explode(':', $token, 2);
     // change data
     $timestamp += 100;
     $token = $timestamp . ':' . $hash;
     $this->assertFalse($this->cryptoManager->verifySessionToken($token, $this->privateKey));
 }
 /**
  * Validate a command request
  * - Validity of session token
  * - Session token expiration
  * - Client host address
  * - Encrypted data signature
  *
  * @param tx_caretakerinstance_CommandRequest $commandRequest
  * @return boolean
  */
 public function validateRequest(tx_caretakerinstance_CommandRequest $commandRequest)
 {
     $sessionToken = $commandRequest->getSessionToken();
     $timestamp = $this->cryptoManager->verifySessionToken($sessionToken, $this->privateKey);
     if (time() - $timestamp > $this->sessionTokenExpiration) {
         // Session token expired
         return FALSE;
     } elseif (strlen($this->clientHostAddressRestriction) && $commandRequest->getClientHostAddress() != $this->clientHostAddressRestriction) {
         // Client IP address is not allowed
         return FALSE;
     } elseif (!$this->cryptoManager->verifySignature($commandRequest->getDataForSignature(), $commandRequest->getSignature(), $this->clientPublicKey)) {
         // Signature didn't verify
         return FALSE;
     }
     return TRUE;
 }