2017 © Pedro Peláez
 

library psr7-hmac

An HMAC authentication library built on top of the PSR-7 specification

image

uma/psr7-hmac

An HMAC authentication library built on top of the PSR-7 specification

  • Sunday, May 13, 2018
  • by 1ma
  • Repository
  • 1 Watchers
  • 21 Stars
  • 7,666 Installations
  • PHP
  • 2 Dependents
  • 0 Suggesters
  • 2 Forks
  • 3 Open issues
  • 11 Versions
  • 23 % Grown

The README.md

Psr7Hmac

An HMAC authentication library built on top of the PSR-7 specification., (*1)

.github/workflows/phpunit.yml Code Coverage Scrutinizer Code Quality Total Downloads, (*2)

Releases

Latest Stable Version, (*3)

If you want to build an HMAC-authenticated API based on Symfony check out UMAPsr7HmacBundle, which provides a convenient integration of this library with Symfony's Security Component., (*4)

Library API

/**
 * @param string $secret
 */
Signer::__construct($secret);

/**
 * @param RequestInterface $request
 *
 * @return RequestInterface
 */
Signer::sign(RequestInterface $request);

/**
 * @param InspectorInterface|null $inspector
 */
Verifier::__construct(InspectorInterface $inspector = null);

/**
 * @param RequestInterface $request
 * @param string           $secret
 *
 * @return bool
 */
Verifier::verify(RequestInterface $request, $secret);

Demo Script

<?php

require_once __DIR__.'/vendor/autoload.php';

use UMA\Psr7Hmac\Signer;
use UMA\Psr7Hmac\Verifier;


//// CLIENT SIDE
$psr7request = new \Zend\Diactoros\Request('http://www.example.com/index.html', 'GET');
// GET /index.html HTTP/1.1
// host: www.example.com

$signer = new Signer('secret');

$signedRequest = $signer->sign($psr7request);
// GET /index.html HTTP/1.1
// host: www.example.com
// authorization: HMAC-SHA256 63IQ8RWDbC9p4ipNrkJz0e0UeGiBrR96zkNdujE5cl8=
// signed-headers: host,signed-headers


//// SERVER SIDE
$verifier = new Verifier();

var_dump($verifier->verify($signedRequest, 'secret'));
// true

var_dump($verifier->verify($signedRequest, 'another secret'));
// false

// Headers added after calling sign() do not break the verification, as
// they are not included in the signed-headers list.
var_dump($verifier->verify($signedRequest->withHeader('User-Agent', 'PHP/5.x'), 'secret'));
// true

// Changes made to any chunk of data that was present at the time of the
// signature are still detected, though. In this example a signed header
// is omitted from the Signed-Headers list.
var_dump($verifier->verify($signedRequest->withHeader('Signed-Headers', 'host,signed-headers'), 'secret'));
// false

// The verification also fails if any single part of the request is
// removed altogether after signing it.
var_dump($verifier->verify($signedRequest->withoutHeader('Signed-Headers'), 'secret'));
// false

External Resources

Disclaimer

The code included in this library has not been reviewed by any cryptographer or security specialist, nor I claim to be one. If you intend to use in your own projects you are advised to read the documentation, understand the code and report back any issues you shall find., (*5)

The Versions

13/05 2018

dev-master

9999999-dev https://github.com/1ma/Psr7Hmac

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

http psr7 hmac

13/05 2018

v0.6.1

0.6.1.0 https://github.com/1ma/Psr7Hmac

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

http psr7 hmac

17/04 2017

v0.6.0

0.6.0.0 https://github.com/1ma/Psr7Hmac

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

http psr7 hmac

13/09 2016

v0.5.1

0.5.1.0 https://github.com/1ma/Psr7Hmac

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

http psr7 hmac

18/06 2016

v0.5.0

0.5.0.0 https://github.com/1ma/Psr7Hmac

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

http psr7 hmac

14/06 2016

v0.4.0

0.4.0.0 https://github.com/1ma/Psr7Hmac

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

http psr7 hmac

05/06 2016

v0.3.0

0.3.0.0 https://github.com/1ma/Psr7Hmac

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

http psr7 hmac

31/05 2016

v0.2.0

0.2.0.0 https://github.com/1ma/Psr7Hmac

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

http psr7 hmac

29/05 2016

v0.1.2

0.1.2.0

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

by Marcel Hernandez

28/05 2016

v0.1.1

0.1.1.0

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

by Marcel Hernandez

28/05 2016

v0.1.0

0.1.0.0

An HMAC authentication library built on top of the PSR-7 specification

  Sources   Download

MIT

The Requires

 

The Development Requires

by Marcel Hernandez