lithium\security\validation\FormSignature::_signature PHP Method

FormSignature Class Documentation Show file Open project: unionofrad/lithium

_signature() protected static method

Will first derive a signing key from the secret key and current date, then calculate the HMAC over given data. This process is modelled after Amazon's _Message Signature Version 4_ but uses less key derivations as we don't have more information at our hands. During key derivation the strings li3,1 and li3,1_form are inserted. 1 denotes the version of our signature algorithm and should be raised when the algorithm is changed. Derivation is needed to not reveal the secret key. Note: As the current date (year, month, day) is used to increase key security by limiting its lifetime, a possible sideeffect is that a signature doen't verify if it is generated on day N and verified on day N+1.

See link: http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html

protected static _signature ( string $data ) : string
$data	string	The data to calculate the signature for.
return	string	The signature.

    protected static function _signature($data)
    {
        $string = static::$_classes['string'];
        if (empty(static::$_secret)) {
            $message = 'Form signature requires a secret key. ';
            $message .= 'Please see documentation on how to configure a key.';
            throw new ConfigException($message);
        }
        $key = 'li3,1' . static::$_secret;
        $key = $string::hash(date('YMD'), array('key' => $key, 'raw' => true));
        $key = $string::hash('li3,1_form', array('key' => $key, 'raw' => true));
        return $string::hash($data, array('key' => $key));
    }

FormSignature

_compile

_parse

_signature

check

config

key