/** * {@inheritdoc} */ public function authenticate(TokenInterface $token) { if (false === $this->supports($token)) { return; } $publicKey = $token->getUsername(); if (null === ($nonce = $this->readNonceValue($token->getNonce()))) { $this->onInvalidAuthentication(); } $user = $this->userProvider->loadUserByPublicKey($publicKey); if (null === $user) { $this->onInvalidAuthentication(); } $token->setUser($user); $signature_encoder = new RequestSignatureEncoder(); if (false === $signature_encoder->isApiSignatureValid($token, $nonce[1])) { $this->onInvalidAuthentication(); } if (time() > $nonce[0] + $this->lifetime) { $this->removeNonce($token->getNonce()); throw new SecurityException('Prior authentication expired', SecurityException::EXPIRED_AUTH); } $authenticatedToken = new PublicKeyToken($this->getRoles($user)); $authenticatedToken->setUser($user)->setNonce($token->getNonce())->setCreated(new \DateTime())->setLifetime($this->lifetime); $this->writeNonceValue($authenticatedToken); return $authenticatedToken; }