public function sign(Request $request, ApiKey $apiKey) { date_default_timezone_set(self::TIME_ZONE); $date = new \DateTime(); $timeStamp = $date->format(self::TIMESTAMP_FORMAT); $dateStamp = $date->format(self::DATE_FORMAT); $nonce = UUID::generate(UUID::UUID_RANDOM, UUID::FMT_STRING); $parsedUrl = parse_url($request->getResourceUrl()); // SAuthc1 requires that we sign the Host header so we // have to have it in the request by the time we sign. $hostHeader = $parsedUrl['host']; if (!RequestUtils::isDefaultPort($parsedUrl)) { $hostHeader .= ':' . $parsedUrl['port']; } $requestHeaders = $request->getHeaders(); unset($requestHeaders[self::STORMPATH_DATE_HEADER]); unset($requestHeaders[self::AUTHORIZATION_HEADER]); $requestHeaders[self::HOST_HEADER] = $hostHeader; $requestHeaders[self::STORMPATH_DATE_HEADER] = $timeStamp; $request->setHeaders($requestHeaders); $method = $request->getMethod(); $canonicalResourcePath = $this->canonicalizeResourcePath($parsedUrl['path']); $canonicalQueryString = $this->canonicalizeQueryString($request); $canonicalHeaderString = $this->canonicalizeHeaders($request); $signedHeadersString = $this->getSignedHeaders($request); $requestPayloadHashHex = $this->toHex($this->hashText($this->getRequestPayload($request))); $canonicalRequest = $method . self::NL . $canonicalResourcePath . self::NL . $canonicalQueryString . self::NL . $canonicalHeaderString . self::NL . $signedHeadersString . self::NL . $requestPayloadHashHex; $id = $apiKey->getId() . '/' . $dateStamp . '/' . $nonce . '/' . self::ID_TERMINATOR; $canonicalRequestHashHex = $this->toHex($this->hashText($canonicalRequest)); $stringToSign = self::ALGORITHM . self::NL . $timeStamp . self::NL . $id . self::NL . $canonicalRequestHashHex; // SAuthc1 uses a series of derived keys, formed by hashing different pieces of data $kSecret = $this->toUTF8(self::AUTHENTICATION_SCHEME . $apiKey->getSecret()); $kDate = $this->internalSign($dateStamp, $kSecret, self::DEFAULT_ALGORITHM); $kNonce = $this->internalSign($nonce, $kDate, self::DEFAULT_ALGORITHM); $kSigning = $this->internalSign(self::ID_TERMINATOR, $kNonce, self::DEFAULT_ALGORITHM); $signature = $this->internalSign($this->toUTF8($stringToSign), $kSigning, self::DEFAULT_ALGORITHM); $signatureHex = $this->toHex($signature); $authorizationHeader = self::AUTHENTICATION_SCHEME . ' ' . $this->createNameValuePair(self::SAUTHC1_ID, $id) . ', ' . $this->createNameValuePair(self::SAUTHC1_SIGNED_HEADERS, $signedHeadersString) . ', ' . $this->createNameValuePair(self::SAUTHC1_SIGNATURE, $signatureHex); $requestHeaders[self::AUTHORIZATION_HEADER] = $authorizationHeader; $request->setHeaders($requestHeaders); }
public static function generateNonce() { return UUID::v4(); }
/** * Generate the url for ID Site. * * @param array $options * @return string * @throws InvalidCallbackUriException */ public function createIdSiteUrl(array $options = array()) { if (!isset($options['callbackUri'])) { throw new InvalidCallbackUriException('Please provide a \'callbackUri\' in the $options array.'); } $p = parse_url($this->href); $base = $p['scheme'] . '://' . $p['host']; $apiId = $this->getDataStore()->getApiKey()->getId(); $apiSecret = $this->getDataStore()->getApiKey()->getSecret(); $token = array('jti' => UUID::v4(), 'iat' => microtime(true), 'iss' => $apiId, 'sub' => $this->href, 'state' => isset($options['state']) ? $options['state'] : '', 'path' => isset($options['path']) ? $options['path'] : '/', 'cb_uri' => $options['callbackUri']); if (isset($options['organizationNameKey'])) { $token['onk'] = $options['organizationNameKey']; } if (isset($options['showOrganizationField'])) { $token['sof'] = true; } if (isset($options['useSubDomain'])) { $token['usd'] = true; } $jwt = JWT::encode($token, $apiSecret); $redirectUrl = $base . "/sso"; if (isset($options['logout'])) { $redirectUrl .= "/logout"; } return $redirectUrl . "?jwtRequest={$jwt}"; }
protected function generateResponseUrl() { $jwt = array(); $jwt['iss'] = 'https://stormpath.com'; $jwt['sub'] = self::$account->href; $jwt['aud'] = UUID::v4(); $jwt['exp'] = time() + 60; $jwt['iat'] = time(); $jwt['jti'] = UUID::v4(); $jwt['irt'] = UUID::v4(); $jwt['state'] = ""; $jwt['isNewSub'] = false; $jwt['status'] = "AUTHENTICATED"; $apiSecret = Client::getInstance()->getDataStore()->getApiKey()->getSecret(); $token = JWT::encode($jwt, $apiSecret); return 'https://stormpath.com?jwtResponse=' . $token; }