/** * Matches the current request for an unverified signed request. * * This pattern will return TRUE if the request is not signed or * the signature of the request is invalid. * * @param \TYPO3\Flow\Mvc\RequestInterface $request The request that should be matched * @return boolean TRUE if the pattern matched, FALSE otherwise */ public function matchRequest(\TYPO3\Flow\Mvc\RequestInterface $request) { /** @var \TYPO3\Flow\Http\Request $httpRequest */ $httpRequest = $request->getHttpRequest(); if ($httpRequest->hasHeader('X-Request-Signature')) { $identifierAndSignature = explode(':', $httpRequest->getHeader('X-Request-Signature'), 2); if (count($identifierAndSignature) !== 2) { throw new \TYPO3\Flow\Exception('Invalid signature header format, expected "identifier:base64(signature)"', 1354287886); } $identifier = $identifierAndSignature[0]; $signature = base64_decode($identifierAndSignature[1]); $signData = $this->requestSigner->getSignatureContent($httpRequest); $publicKeyFingerprint = $this->publicKeyResolver->resolveFingerprintByIdentifier($identifier); if ($publicKeyFingerprint === NULL) { throw new \TYPO3\Flow\Exception('Cannot resolve identifier "' . $identifier . '"', 1354288898); } if ($this->rsaWalletService->verifySignature($signData, $signature, $publicKeyFingerprint)) { return FALSE; } else { $this->emitSignatureNotVerified($request, $identifier, $signData, $signature, $publicKeyFingerprint); } } else { $this->emitSignatureHeaderMissing($request); } return TRUE; }