Skip to content
docsv0.1.0

HmacStateSigner

HMAC-SHA256 {@see StateSignerInterface}: signs the canonical JSON of `{algorithm, issuedAt, expiresAt, nonce, claims}` concatenated with the caller-supplied `$payload`, over `$secret`. Verification recomputes the same HMAC and compares with {@see hash_equals()}, additionally rejecting a signature that has expired, is not yet valid, or whose `claims` don't match every `$requiredClaims` entry. This is the primitive {@see SignedXhtmlStateTransferCodec} wraps to make the client-echoed `<milpa-state>` envelope tamper-evident.

HmacStateSigner::__construct()

public function __construct(string $secret, int $ttlSeconds = 300, int $clockSkewSeconds = 30):

Parameters

Parameters of __construct()
NameTypeDescription
$secretstring
$ttlSecondsint
$clockSkewSecondsint

HmacStateSigner::sign()

public function sign(string $payload, array $claims = []): Milpa\Live\ValueObjects\StateSignature

Signs `$payload` with a freshly generated nonce and an expiry `$ttlSeconds` from now, binding `$claims` into the signature so a verifier can pin them via `$requiredClaims`.

Parameters

Parameters of sign()
NameTypeDescription
$payloadstring
$claimsarray

HmacStateSigner::verify()

public function verify(string $payload, Milpa\Live\ValueObjects\StateSignature $signature, array $requiredClaims = []): bool

Verifies `$signature` was produced by {@see sign()} for the exact same `$payload`, has not expired (within clock-skew tolerance), and — when `$requiredClaims` is given — that every required claim matches the value bound into the signature. Returns `false`, never throws, for any mismatch or malformed signature; a tampered `$payload` fails here.

Parameters

Parameters of verify()
NameTypeDescription
$payloadstring
$signatureMilpa\Live\ValueObjects\StateSignature
$requiredClaimsarray