1 <?php

     2 

     3 /*

     4  * This file is part of the Symfony package.

     5  *

     6  * (c) Fabien Potencier <fabien@symfony.com>

     7  *

     8  * For the full copyright and license information, please view the LICENSE

     9  * file that was distributed with this source code.

    10  */

    11 

    12 namespace Symfony\Component\Security\Http\EntryPoint;

    13 

    14 use Symfony\Component\Security\Core\Exception\AuthenticationException;

    15 use Symfony\Component\Security\Http\EntryPoint\AuthenticationEntryPointInterface;

    16 use Symfony\Component\Security\Core\Exception\NonceExpiredException;

    17 use Symfony\Component\HttpFoundation\Response;

    18 use Symfony\Component\HttpFoundation\Request;

    19 use Symfony\Component\HttpKernel\Log\LoggerInterface;

    20 

    21 /**

    22  * DigestAuthenticationEntryPoint starts an HTTP Digest authentication.

    23  *

    24  * @author Fabien Potencier <fabien@symfony.com>

    25  */

    26 class DigestAuthenticationEntryPoint implements AuthenticationEntryPointInterface

    27 {

    28     private $key;

    29     private $realmName;

    30     private $nonceValiditySeconds;

    31     private $logger;

    32 

    33     public function __construct($realmName, $key, $nonceValiditySeconds = 300, LoggerInterface $logger = null)

    34     {

    35         $this->realmName = $realmName;

    36         $this->key = $key;

    37         $this->nonceValiditySeconds = $nonceValiditySeconds;

    38         $this->logger = $logger;

    39     }

    40 

    41     public function start(Request $request, AuthenticationException $authException = null)

    42     {

    43         $expiryTime = microtime(true) + $this->nonceValiditySeconds * 1000;

    44         $signatureValue = md5($expiryTime.':'.$this->key);

    45         $nonceValue = $expiryTime.':'.$signatureValue;

    46         $nonceValueBase64 = base64_encode($nonceValue);

    47 

    48         $authenticateHeader = sprintf('Digest realm="%s", qop="auth", nonce="%s"', $this->realmName, $nonceValueBase64);

    49 

    50         if ($authException instanceof NonceExpiredException) {

    51             $authenticateHeader = $authenticateHeader.', stale="true"';

    52         }

    53 

    54         if (null !== $this->logger) {

    55             $this->logger->debug(sprintf('WWW-Authenticate header sent to user agent: "%s"', $authenticateHeader));

    56         }

    57 

    58         $response = new Response();

    59         $response->headers->set('WWW-Authenticate', $authenticateHeader);

    60         $response->setStatusCode(401, $authException ? $authException->getMessage() : null);

    61 

    62         return $response;

    63     }

    64 }