Пример #1
0
 public function testLoadAndFail()
 {
     $key = new Key();
     $key->generate();
     $data_to_sign = "On the whole, I'd rather be in Philadelphia";
     $signature = 'This is not the correct signature';
     $this->assertFalse($key->verify($data_to_sign, $signature));
 }
Пример #2
0
 /**
  * Verify a HMAC for a request.
  *
  * Verifying a HMAC for a request requires knowledge of a key that is shared between
  * the client and server and should not be disclosed to any third party.
  *
  * The request data *should* contain a nonce generated on the client and it
  * *should* contain a nonce generated on the server.  The client nonce should
  * never have been used before (generated and used once, then discarded), and
  * the server nonce should have been used exactly once before (generated by
  * the server, used once and then discarded).  These nonces ensure that the
  * request data is unique even for identical requests.
  *
  * An exception is thrown if the signature did not verify or was not present.
  *
  * @param array  $request_data
  * @param string $ip_address
  *
  * @throws SignatureException
  * @throws NonceException
  *
  * @return void
  */
 public function verifyHMAC(array $request_data, $ip_address = '127.0.0.1')
 {
     if (empty($request_data['hmac'])) {
         throw new SignatureException('No HMAC was present on the request data');
     }
     // Get the data that needs to be verified.
     $supplied_hmac = $request_data['hmac'];
     unset($request_data['hmac']);
     $data_to_verify = http_build_query($request_data);
     // Verify the client nonce if present.  This will normally be created at
     // the time that the HMAC is created.
     if (empty($request_data['cnonce'])) {
         throw new NonceException('No client nonce was present in signature verification');
     }
     $this->verifyClientNonce($request_data['cnonce']);
     // Create the shared key object
     $sharedKey = new Key();
     $sharedKey->setSharedKey($this->sharedKey);
     // Verify the signature.
     $verify = $sharedKey->verify($data_to_verify, $supplied_hmac);
     if (!$verify) {
         throw new SignatureException('The HMAC on the request data did not verify');
     }
     // Verify the server nonce if present.  Note that the client must request
     // this.
     if (!empty($request_data['snonce'])) {
         $this->verifyServerNonce($request_data['snonce'], $ip_address);
     }
 }