/**
* Checks for a valid nonce file according to the WSE.
*
* @param string $digest The digest string send by the client
* @param string $nonce The nonce file
* @param string $created The creation date of the nonce
* @param string $secret The secret (ie password) to be check
*
* @return boolean
*
* @throws \BackBee\Security\Exception\SecurityException
*/
protected function checkNonce(BBUserToken $token, $secret)
{
$digest = $token->getDigest();
$nonce = $token->getNonce();
$created = $token->getCreated();
if (time() - strtotime($created) > 300) {
throw new SecurityException('Request expired', SecurityException::EXPIRED_TOKEN);
}
if (md5($nonce . $created . $secret) !== $digest) {
throw new SecurityException('Invalid authentication informations', SecurityException::INVALID_CREDENTIALS);
}
$value = $this->readNonceValue($nonce);
if (null !== $value && $value[0] + $this->lifetime < time()) {
throw new SecurityException('Prior authentication expired', SecurityException::EXPIRED_AUTH);
}
return true;
}
