/** * Matches the current request for an unverified signed request. * * This pattern will return TRUE if the request is not signed or * the signature of the request is invalid. * * @param \TYPO3\Flow\Mvc\RequestInterface $request The request that should be matched * @return boolean TRUE if the pattern matched, FALSE otherwise */ public function matchRequest(\TYPO3\Flow\Mvc\RequestInterface $request) { /** @var \TYPO3\Flow\Http\Request $httpRequest */ $httpRequest = $request->getHttpRequest(); if ($httpRequest->hasHeader('X-Request-Signature')) { $identifierAndSignature = explode(':', $httpRequest->getHeader('X-Request-Signature'), 2); if (count($identifierAndSignature) !== 2) { throw new \TYPO3\Flow\Exception('Invalid signature header format, expected "identifier:base64(signature)"', 1354287886); } $identifier = $identifierAndSignature[0]; $signature = base64_decode($identifierAndSignature[1]); $signData = $this->requestSigner->getSignatureContent($httpRequest); $publicKeyFingerprint = $this->publicKeyResolver->resolveFingerprintByIdentifier($identifier); if ($publicKeyFingerprint === NULL) { throw new \TYPO3\Flow\Exception('Cannot resolve identifier "' . $identifier . '"', 1354288898); } if ($this->rsaWalletService->verifySignature($signData, $signature, $publicKeyFingerprint)) { return FALSE; } else { $this->emitSignatureNotVerified($request, $identifier, $signData, $signature, $publicKeyFingerprint); } } else { $this->emitSignatureHeaderMissing($request); } return TRUE; }
/** * Destroy the given global session * * @param \Flowpack\SingleSignOn\Client\Domain\Model\SsoClient $ssoClient * @param $sessionId * @return void */ public function destroySession(SsoClient $ssoClient, $sessionId) { $serviceUri = new Uri($this->serviceBaseUri . '/session/' . urlencode($sessionId) . '/destroy'); $serviceUri->setQuery(http_build_query(array('clientIdentifier' => $ssoClient->getServiceBaseUri()))); $request = \TYPO3\Flow\Http\Request::create($serviceUri, 'DELETE'); $request->setContent(''); $signedRequest = $this->requestSigner->signRequest($request, $ssoClient->getPublicKeyFingerprint(), $ssoClient->getPublicKeyFingerprint()); // TODO Send request asynchronously $response = $this->requestEngine->sendRequest($signedRequest); if ($response->getStatusCode() !== 200 && $response->getStatusCode() !== 404) { throw new Exception('Unexpected status code for destroy session when calling "' . (string) $serviceUri . '": "' . $response->getStatus() . '"', 1354132939); } }