/** * Validate a command request * - Validity of session token * - Session token expiration * - Client host address * - Encrypted data signature * * @param tx_caretakerinstance_CommandRequest $commandRequest * @return boolean */ public function validateRequest(tx_caretakerinstance_CommandRequest $commandRequest) { $sessionToken = $commandRequest->getSessionToken(); $timestamp = $this->cryptoManager->verifySessionToken($sessionToken, $this->privateKey); if (time() - $timestamp > $this->sessionTokenExpiration) { // Session token expired return FALSE; } elseif (strlen($this->clientHostAddressRestriction) && $commandRequest->getClientHostAddress() != $this->clientHostAddressRestriction) { // Client IP address is not allowed return FALSE; } elseif (!$this->cryptoManager->verifySignature($commandRequest->getDataForSignature(), $commandRequest->getSignature(), $this->clientPublicKey)) { // Signature didn't verify return FALSE; } return TRUE; }
/** * Execute the given command request * * @param tx_caretakerinstance_CommandRequest $commandRequest * @return tx_caretakerinstance_CommandResult */ public function executeRequest($commandRequest) { $httpRequestResult = $this->executeHttpRequest($commandRequest->getServerUrl(), array('st' => $commandRequest->getSessionToken(), 'd' => $commandRequest->getData(), 's' => $commandRequest->getSignature())); if (is_array($httpRequestResult)) { if ($httpRequestResult['info']['http_code'] === 200) { $json = $this->securityManager->decodeResult($httpRequestResult['response']); // TODO: check if valid json if ($json) { return tx_caretakerinstance_CommandResult::fromJson($json); } else { if (!empty($httpRequestResult['response'])) { $json = json_decode($httpRequestResult['response'], TRUE); if ($json && $json['status'] == -1) { return $this->getCommandResult(tx_caretakerinstance_CommandResult::status_undefined, NULL, 'Error while executing remote command: ' . $json['message'] . ' (' . $json['exception']['code'] . ')'); } } return $this->getCommandResult(tx_caretakerinstance_CommandResult::status_undefined, NULL, 'Cant decode remote command result'); } } else { if ($httpRequestResult['info']['http_code'] === 0) { // seems to be a timeout return $this->getCommandResult(tx_caretakerinstance_CommandResult::status_undefined, NULL, 'No Response/Timeout (Total-Time: ' . $httpRequestResult['info']['total_time'] . ')'); } else { return $this->getCommandResult(tx_caretakerinstance_CommandResult::status_error, NULL, 'Invalid result: ' . $httpRequestResult['response'] . chr(10) . 'CURL Info: ' . var_export($httpRequestResult['info'], true)); } } } else { return $this->getCommandResult(tx_caretakerinstance_CommandResult::status_error, NULL, 'Invalid result request could not be executed' . chr(10) . 'CURL Info: ' . var_export($httpRequestResult['info'], true)); } }