/** * @param Otp $otp * @return OtpVerificationResult * @throws UntrustedSignatureException When the signature doesn't match the expected signature. * @throws RequestResponseMismatchException When the response data doesn't match the requested data (otp, nonce). */ public function verify(Otp $otp) { $nonce = $this->nonceGenerator->generateNonce(); $query = ['id' => $this->clientId, 'otp' => $otp->otp, 'nonce' => $nonce]; $query = $this->signer->sign($query); $httpResponse = $this->httpClient->get(['query' => $query]); $response = $this->parseYubicoResponse((string) $httpResponse->getBody()); if (!$this->signer->verifySignature($response)) { throw new UntrustedSignatureException('The response data signature doesn\'t match the expected signature.'); } if ($response['otp'] !== $otp->otp) { throw new RequestResponseMismatchException('The response OTP doesn\'t match the requested OTP.'); } if ($response['nonce'] !== $nonce) { throw new RequestResponseMismatchException('The response nonce doesn\'t match the requested nonce.'); } return new OtpVerificationResult($response['status']); }
public function testItSignsData() { $signer = new Signer(base64_encode('surfnet')); $signedData = $signer->sign(['otp' => '1234']); $this->assertSame(['otp' => '1234', 'h' => 'AxRja+fRxnocSbsXKz0LXEOBCjw='], $signedData); }