PHP implementation of HTTP Signatures draft specification; cryptographically sign and verify HTTP requests and responses.
See also:
- https://github.com/99designs/http-signatures-guzzle
- https://github.com/99designs/http-signatures-ruby
Add 99designs/http-signatures to your composer.json.
Configure a context with your algorithm, keys, headers to sign. This is best placed in an application startup file.
use HttpSignatures\Context;
$context = new Context(array(
'keys' => array('examplekey' => 'secret-key-here'),
'algorithm' => 'hmac-sha256',
'headers' => array('(request-target)', 'Date', 'Accept'),
));If there's only one key in the keys hash, that will be used for signing.
Otherwise, specify one via 'signingKeyId' => 'examplekey'.
A message is an HTTP request or response. A subset of the interface of
Symfony\Component\HttpFoundation\Request is expected; the ability to read
headers via $message->headers->get($name) and set them via
$message->headers->set($name, $value), and for signing requests, methods to
read the path, query string and request method.
use Symfony\Component\HttpFoundation\Request;
$message = Request::create('/path?query=123', 'GET');
$message->headers->replace(array(
'Date' => 'Wed, 30 Jul 2014 16:40:19 -0700',
'Accept' => 'llamas',
));$context->signer()->sign($message);Now $message contains the signature headers:
$message->headers->get('Signature');
# keyId="examplekey",algorithm="hmac-sha256",headers="...",signature="..."
$message->headers->get('Authorization');
# Signature keyId="examplekey",algorithm="hmac-sha256",headers="...",signature="..."$context->verifier()->isValid($message); // true or falsePull Requests are welcome.