HmacStateSigner
HMAC-SHA256 {@see StateSignerInterface}: signs the canonical JSON of `{algorithm, issuedAt, expiresAt, nonce, claims}` concatenated with the caller-supplied `$payload`, over `$secret`. Verification recomputes the same HMAC and compares with {@see hash_equals()}, additionally rejecting a signature that has expired, is not yet valid, or whose `claims` don't match every `$requiredClaims` entry. This is the primitive {@see SignedXhtmlStateTransferCodec} wraps to make the client-echoed `<milpa-state>` envelope tamper-evident.
HmacStateSigner::__construct()
public function __construct(string $secret, int $ttlSeconds = 300, int $clockSkewSeconds = 30):Parameters
| Name | Type | Description |
|---|---|---|
| $secret | string | |
| $ttlSeconds | int | |
| $clockSkewSeconds | int |
HmacStateSigner::sign()
public function sign(string $payload, array $claims = []): Milpa\Live\ValueObjects\StateSignatureSigns `$payload` with a freshly generated nonce and an expiry `$ttlSeconds` from now, binding `$claims` into the signature so a verifier can pin them via `$requiredClaims`.
Parameters
| Name | Type | Description |
|---|---|---|
| $payload | string | |
| $claims | array |
HmacStateSigner::verify()
public function verify(string $payload, Milpa\Live\ValueObjects\StateSignature $signature, array $requiredClaims = []): boolVerifies `$signature` was produced by {@see sign()} for the exact same `$payload`, has not expired (within clock-skew tolerance), and — when `$requiredClaims` is given — that every required claim matches the value bound into the signature. Returns `false`, never throws, for any mismatch or malformed signature; a tampered `$payload` fails here.
Parameters
| Name | Type | Description |
|---|---|---|
| $payload | string | |
| $signature | Milpa\Live\ValueObjects\StateSignature | |
| $requiredClaims | array |