@Override
public Object handleAuth(String clientSignature, CallMessage message) {
WampSession wampSession = message.getWampSession();
if (!wampSession.isAuthRequested()) {
throw new IllegalStateException("No authentication previously requested");
}
final String correctSignature;
try {
final String secret = this.authenticationSecretProvider.getSecret(wampSession.getAuthKey());
if (!StringUtils.hasText(secret)) {
throw new IllegalStateException("Secret does not exist");
}
correctSignature = generateHMacSHA256(secret, wampSession.getChallenge());
} catch (InvalidKeyException | NoSuchAlgorithmException e) {
throw new IllegalStateException("invalid key", e);
}
if (clientSignature.equals(correctSignature)) {
wampSession.setSignature(clientSignature);
return null;
}
wampSession.setAuthKey(null);
wampSession.setChallenge(null);
wampSession.setSignature(null);
throw new SecurityException("Signature for authentication request is invalid");
}
