/** * Validate message signature * * @param ListenerMessage $msg Message object to operate on * * @throws ListenerSecurityException on security violation */ protected function doMessageSecurity(ListenerMessage $msg) { $login = $this->c->val('login'); $secret = $this->c->val('secret'); $signed = $login . $msg->getSignedString(); $control = strtoupper(hash_hmac('sha256', pack('A*', $signed), pack('A*', $secret))); if ($control != $msg->getSignature()) { throw new ListenerSecurityException(); } return true; }