1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace kalanis\kw_auth\Methods; |
4
|
|
|
|
5
|
|
|
|
6
|
|
|
use kalanis\kw_accounts\Interfaces\IAuthCert; |
7
|
|
|
use kalanis\kw_address_handler\Handler; |
8
|
|
|
use kalanis\kw_auth\Traits\TStamp; |
9
|
|
|
|
10
|
|
|
|
11
|
|
|
/** |
12
|
|
|
* Class UrlHash |
13
|
|
|
* @package kalanis\kw_auth\AuthMethods |
14
|
|
|
* Authenticate via hashed values |
15
|
|
|
* |
16
|
|
|
* query: |
17
|
|
|
* //dummy/u:whoami/?pass=asdf123ghjk456×tamp=123456&digest=poiuztrewq |
18
|
|
|
* |
19
|
|
|
* makes following call: |
20
|
|
|
* hash($algorithm = <md5 | sha256 | ...> , $key = 'mnbvcx987' . $data = '//dummy/u:whoami/?pass=asdf123ghjk456×tamp=123456&salt=789' , $signature = 'poiuztrewq' |
21
|
|
|
* |
22
|
|
|
* - it removed digest value and added locally stored salt |
23
|
|
|
*/ |
24
|
|
|
class UrlHash extends AMethods |
25
|
|
|
{ |
26
|
|
|
use TStamp; |
27
|
|
|
|
28
|
|
|
public const INPUT_NAME = 'name'; |
29
|
|
|
public const INPUT_NAME2 = 'user'; |
30
|
|
|
public const INPUT_STAMP = 'timestamp'; |
31
|
|
|
public const INPUT_DIGEST = 'digest'; |
32
|
|
|
public const INPUT_SALT = 'salt'; |
33
|
|
|
|
34
|
|
|
protected IAuthCert $certAuthenticator; |
35
|
|
|
protected Handler $uriHandler; |
36
|
|
|
protected string $algorithm = ''; |
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* @param IAuthCert $authenticator |
40
|
|
|
* @param AMethods|null $nextOne |
41
|
|
|
* @param Handler $uriHandler |
42
|
|
|
* @param string $algorithm for hash function |
43
|
|
|
* @link https://php.net/manual/en/function.hash.php |
44
|
|
|
*/ |
45
|
5 |
|
public function __construct(IAuthCert $authenticator, ?AMethods $nextOne, Handler $uriHandler, string $algorithm) |
46
|
|
|
{ |
47
|
5 |
|
parent::__construct($authenticator, $nextOne); |
48
|
5 |
|
$this->certAuthenticator = $authenticator; |
49
|
5 |
|
$this->uriHandler = $uriHandler; |
50
|
5 |
|
$this->algorithm = $algorithm; |
51
|
5 |
|
} |
52
|
|
|
|
53
|
5 |
|
public function process(\ArrayAccess $credentials): void |
54
|
|
|
{ |
55
|
5 |
|
$name = $credentials->offsetExists(static::INPUT_NAME) ? strval($credentials->offsetGet(static::INPUT_NAME)) : '' ; |
56
|
5 |
|
$name = $credentials->offsetExists(static::INPUT_NAME2) ? strval($credentials->offsetGet(static::INPUT_NAME2) ): $name ; |
57
|
5 |
|
$stamp = $credentials->offsetExists(static::INPUT_STAMP) ? intval(strval($credentials->offsetGet(static::INPUT_STAMP))) : 0 ; |
58
|
|
|
|
59
|
5 |
|
$wantedUser = $this->certAuthenticator->getDataOnly(strval($name)); |
60
|
5 |
|
$wantedCert = $this->certAuthenticator->getCertData(strval($name)); |
61
|
5 |
|
if ($wantedUser && $wantedCert && !empty($stamp) && $this->checkStamp($stamp)) { |
62
|
|
|
// now we have private salt from our storage, so it's time to check it |
63
|
|
|
|
64
|
|
|
// digest out, salt in |
65
|
1 |
|
$digest = strval($this->uriHandler->getParams()->offsetGet(static::INPUT_DIGEST)); |
66
|
1 |
|
$this->uriHandler->getParams()->offsetUnset(static::INPUT_DIGEST); |
67
|
1 |
|
$this->uriHandler->getParams()->offsetSet(static::INPUT_SALT, $wantedCert->getSalt()); |
68
|
1 |
|
$data = strval($this->uriHandler->getAddress()); |
69
|
|
|
|
70
|
|
|
// verify |
71
|
1 |
|
if (hash($this->algorithm, $wantedCert->getPubKey() . $data) == $digest) { |
72
|
|
|
// OK |
73
|
1 |
|
$this->loggedUser = $wantedUser; |
74
|
|
|
} |
75
|
|
|
} |
76
|
5 |
|
} |
77
|
|
|
|
78
|
5 |
|
public function remove(): void |
79
|
|
|
{ |
80
|
5 |
|
} |
81
|
|
|
} |
82
|
|
|
|