/**
* Builds an AuthorizationHeader object.
*
* @param \Psr\Http\Message\RequestInterface $request
* The request being signed.
* @param string[] $customHeaders
* A list of custom header names. The values of the headers will be
* extracted from the request.
*
* @return \Acquia\Hmac\AuthorizationHeader
* The compiled authorizatio header object.
*/
protected function buildAuthorizationHeader(RequestInterface $request, array $customHeaders = [])
{
$authHeaderBuilder = new AuthorizationHeaderBuilder($request, $this->key, $this->digest);
$authHeaderBuilder->setRealm($this->realm);
$authHeaderBuilder->setId($this->key->getId());
$authHeaderBuilder->setCustomHeaders($customHeaders);
return $authHeaderBuilder->getAuthorizationHeader();
}
/**
* Ensures a response can be authenticated.
*/
public function testIsAuthentic()
{
$realm = 'Pipet service';
$nonce = 'd1954337-5319-4821-8427-115542e08d10';
$timestamp = 1432075982;
$signature = 'LusIUHmqt9NOALrQ4N4MtXZEFE03MjcDjziK+vVqhvQ=';
$requestHeaders = ['X-Authorization-Timestamp' => $timestamp];
$request = new Request('GET', 'http://example.com', $requestHeaders);
$authHeaderBuilder = new AuthorizationHeaderBuilder($request, $this->authKey);
$authHeaderBuilder->setRealm($realm);
$authHeaderBuilder->setId($this->authKey->getId());
$authHeaderBuilder->setNonce($nonce);
$authHeader = $authHeaderBuilder->getAuthorizationHeader();
$requestSigner = new MockRequestSigner($this->authKey, $realm, new Digest(), $authHeader);
$signedRequest = $requestSigner->signRequest($request);
$responseHeaders = ['X-Server-Authorization-HMAC-SHA256' => $signature];
$response = new Response(200, $responseHeaders);
$authenticator = new ResponseAuthenticator($signedRequest, $this->authKey);
$this->assertTrue($authenticator->isAuthentic($response));
}
/**
* Ensures the correct headers are generated when signing a request.
*/
public function testSignRequest()
{
$headers = ['Content-Type' => 'text/plain', 'X-Authorization-Timestamp' => $this->timestamp];
$request = new Request('GET', 'https://example.acquiapipet.net/v1.0/task-status/133?limit=10', $headers);
$digest = new Digest();
$authHeaderBuilder = new AuthorizationHeaderBuilder($request, $this->authKey, $digest);
$authHeaderBuilder->setRealm($this->realm);
$authHeaderBuilder->setId($this->authKey->getId());
$authHeaderBuilder->setNonce('d1954337-5319-4821-8427-115542e08d10');
$authHeader = $authHeaderBuilder->getAuthorizationHeader();
$signer = new MockRequestSigner($this->authKey, $this->realm, $digest, $authHeader);
$signedRequest = $signer->signRequest($request);
$this->assertFalse($signedRequest->hasHeader('X-Authorization-Content-SHA256'));
$this->assertTrue($signedRequest->hasHeader('X-Authorization-Timestamp'));
$this->assertEquals($this->timestamp, $signedRequest->getHeaderLine('X-Authorization-Timestamp'));
$this->assertTrue($signedRequest->hasHeader('Authorization'));
$this->assertContains('signature="MRlPr/Z1WQY2sMthcaEqETRMw4gPYXlPcTpaLWS2gcc="', $signedRequest->getHeaderLine('Authorization'));
// Ensure that we can get the AuthorizationHeader back from the request.
$signedAuthRequest = $signer->getAuthorizedRequest($signedRequest);
$this->assertContains('signature="MRlPr/Z1WQY2sMthcaEqETRMw4gPYXlPcTpaLWS2gcc="', $signedAuthRequest->getHeaderLine('Authorization'));
}
