/**
* @param Otp $otp
* @return OtpVerificationResult
* @throws UntrustedSignatureException When the signature doesn't match the expected signature.
* @throws RequestResponseMismatchException When the response data doesn't match the requested data (otp, nonce).
*/
public function verify(Otp $otp)
{
$nonce = $this->nonceGenerator->generateNonce();
$query = ['id' => $this->clientId, 'otp' => $otp->otp, 'nonce' => $nonce];
$query = $this->signer->sign($query);
$httpResponse = $this->httpClient->get(['query' => $query]);
$response = $this->parseYubicoResponse((string) $httpResponse->getBody());
if (!$this->signer->verifySignature($response)) {
throw new UntrustedSignatureException('The response data signature doesn\'t match the expected signature.');
}
if ($response['otp'] !== $otp->otp) {
throw new RequestResponseMismatchException('The response OTP doesn\'t match the requested OTP.');
}
if ($response['nonce'] !== $nonce) {
throw new RequestResponseMismatchException('The response nonce doesn\'t match the requested nonce.');
}
return new OtpVerificationResult($response['status']);
}
public function testSignatureVerficationIgnoresUnknownResponseParams()
{
$signer = new Signer(base64_encode('surfnet'));
$signedData = ['otp' => '1234', 'UNKNOWN' => 'PARAM', 'h' => 'AxRja+fRxnocSbsXKz0LXEOBCjw='];
$this->assertTrue($signer->verifySignature($signedData));
}