function testSessionTokenVerifySignature() { $data = time(); $token = $this->cryptoManager->createSessionToken($data, $this->privateKey); list($timestamp, $hash) = explode(':', $token, 2); // change data $timestamp += 100; $token = $timestamp . ':' . $hash; $this->assertFalse($this->cryptoManager->verifySessionToken($token, $this->privateKey)); }
/** * Validate a command request * - Validity of session token * - Session token expiration * - Client host address * - Encrypted data signature * * @param tx_caretakerinstance_CommandRequest $commandRequest * @return boolean */ public function validateRequest(tx_caretakerinstance_CommandRequest $commandRequest) { $sessionToken = $commandRequest->getSessionToken(); $timestamp = $this->cryptoManager->verifySessionToken($sessionToken, $this->privateKey); if (time() - $timestamp > $this->sessionTokenExpiration) { // Session token expired return FALSE; } elseif (strlen($this->clientHostAddressRestriction) && $commandRequest->getClientHostAddress() != $this->clientHostAddressRestriction) { // Client IP address is not allowed return FALSE; } elseif (!$this->cryptoManager->verifySignature($commandRequest->getDataForSignature(), $commandRequest->getSignature(), $this->clientPublicKey)) { // Signature didn't verify return FALSE; } return TRUE; }