jeremykendall
diff --git a/‎APACHE_LICENSE_V2.md
+141 b/‎APACHE_LICENSE_V2.md
+141
diff --git a/‎NOTICE.md
+16 b/‎NOTICE.md
+16
diff --git a/‎README.md
+57-22 b/‎README.md
+57-22
diff --git a/‎src/QueryAuth/Client.php
+32-27 b/‎src/QueryAuth/Client.php
+32-27
@@ -0,0 +1,141 @@
+# Apache License
+Version 2.0, January 2004
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+## 1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1
+through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the
+License.
+
+"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled
+by, or are under common control with that entity. For the purposes of this definition, "control" means
+(i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract
+or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial
+ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications, including but not limited to software
+source code, documentation source, and configuration files.
+
+"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form,
+including but not limited to compiled object code, generated documentation, and conversions to other media
+types.
+
+"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License,
+as indicated by a copyright notice that is included in or attached to the work (an example is provided in the
+Appendix below).
+
+"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from)
+the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent,
+as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not
+include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work
+and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including the original version of the Work and any
+modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to
+Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to
+submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of
+electronic, verbal, or written communication sent to the Licensor or its representatives, including but not
+limited to communication on electronic mailing lists, source code control systems, and issue tracking systems
+that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but
+excluding communication that is conspicuously marked or otherwise designated in writing by the copyright
+owner as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been
+received by Licensor and subsequently incorporated within the Work.
+
+## 2. Grant of Copyright License.
+
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare
+Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such
+Derivative Works in Source or Object form.
+
+## 3. Grant of Patent License.
+
+Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent
+license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such
+license applies only to those patent claims licensable by such Contributor that are necessarily infringed by
+their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such
+Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim
+or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
+constitutes direct or contributory patent infringement, then any patent licenses granted to You under this
+License for that Work shall terminate as of the date such litigation is filed.
+
+## 4. Redistribution.
+
+You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without
+modifications, and in Source or Object form, provided that You meet the following conditions:
+
+   1. You must give any other recipients of the Work or Derivative Works a copy of this License; and
+
+   2. You must cause any modified files to carry prominent notices stating that You changed the files; and
+
+   3. You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent,
+      trademark, and attribution notices from the Source form of the Work, excluding those notices that do
+      not pertain to any part of the Derivative Works; and
+
+   4. If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that
+      You distribute must include a readable copy of the attribution notices contained within such NOTICE
+      file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one
+      of the following places: within a NOTICE text file distributed as part of the Derivative Works; within
+      the Source form or documentation, if provided along with the Derivative Works; or, within a display
+      generated by the Derivative Works, if and wherever such third-party notices normally appear. The
+      contents of the NOTICE file are for informational purposes only and do not modify the License. You may
+      add Your own attribution notices within Derivative Works that You distribute, alongside or as an
+      addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be
+      construed as modifying the License.
+
+You may add Your own copyright statement to Your modifications and may provide additional or different license
+terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative
+Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the
+conditions stated in this License.
+
+## 5. Submission of Contributions.
+
+Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by
+You to the Licensor shall be under the terms and conditions of this License, without any additional terms or
+conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate
+license agreement you may have executed with Licensor regarding such Contributions.
+
+## 6. Trademarks.
+
+This License does not grant permission to use the trade names, trademarks, service marks, or product names of
+the Licensor, except as required for reasonable and customary use in describing the origin of the Work and
+reproducing the content of the NOTICE file.
+
+## 7. Disclaimer of Warranty.
+
+Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor
+provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
+MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of
+permissions under this License.
+
+## 8. Limitation of Liability.
+
+In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless
+required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any
+Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential
+damages of any character arising as a result of this License or out of the use or inability to use the Work
+(including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or
+any and all other commercial damages or losses), even if such Contributor has been advised of the possibility
+of such damages.
+
+## 9. Accepting Warranty or Additional Liability.
+
+While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for,
+acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this
+License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole
+responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold
+each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason
+of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
@@ -0,0 +1,16 @@
+# AWS SDK for PHP
+
+<http://aws.amazon.com/php>
+
+Copyright 2010-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+
+Licensed under the Apache License, Version 2.0 (the "License").
+You may not use this file except in compliance with the License.
+A copy of the License is located at
+
+<http://aws.amazon.com/apache2.0>
+
+or in the "license" file accompanying this file. This file is distributed
+on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+express or implied. See the License for the specific language governing
+permissions and limitations under the License.
@@ -16,44 +16,61 @@ to handle both of those tasks.
 
 ## Usage
 
-There are three components to this library: Client signature creation, server
-signature validation, and API key generation.
+There are three components to this library: Request signing for API consumers,
+request signature validation for API creators, and API key and API secret
+generation.
 
-### Signature Creation
+### Request Signing
 
 ```php
+$collection = new QueryAuth\NormalizedParameterCollection();
+$signer = new QueryAuth\Signer($collection);
+$client = new QueryAuth\Client($signer);
+
 $key = 'API_KEY';
 $secret = 'API_SECRET';
-$timestamp = time();
+$method = 'GET';
+$host = 'api.example.com';
+$path = '/resources';
+$params = array('type' => 'vehicles');
 
-$client = new QueryAuth\Client();
-$signature = $client->generateSignature($key, $secret, $timestamp);
+$signedParameters = $client->getSignedRequestParams($key, $secret, $method, $host, $path, $params);
 ```
 
-If you plan to pass the signature along via the querystring, make sure to [url
-encode](http://php.net/urlencode) it first. A convenience function for
-generating a url encoded signature is provided.
+`Client::getSignedRequestParams()` returns an array of parameters to send via
+the querystring (for `GET` requests) or the request body. The parameters are
+those provided to the method (if any), plus `timestamp`, `key`, and `signature`.
 
-```php
-$urlEncodedSignature = $client->generateUrlEncodedSignature($key, $secret, $timestamp);
-```
+**NOTE**: The signature is automatically url encoded if the method is `GET`.
 
 ### Signature Validation
 
-Grab the API key, timestamp, and signature from the API request, then retrieve
-the API secret from whatever persistence layer you're using.  Now validate the
-signature.
-
 ```php
-$key = 'API_KEY_FROM_REQUEST';
-$timestamp = 'TIMESTAMP_FROM_REQUEST';
-$signature = 'SIGNATURE_FROM_REQUEST';
-$secret = 'API_SECRET_FROM_PERSISTENCE_LAYER';
+$collection = new QueryAuth\NormalizedParameterCollection();
+$signer = new QueryAuth\Signer($collection);
+$server = new QueryAuth\Server($signer);
 
-$server = new QueryAuth\Server();
-$isValid = $server->validateSignature($key, $secret, $timestamp, $signature);
+$secret = 'API_SECRET_FROM_PERSISTENCE_LAYER';
+$method = 'GET';
+$host = 'api.example.com';
+$path = '/resources';
+// querystring params or request body as an array,
+// which includes timestamp, key, and signature params from the client's
+// getSignedRequestParams method
+$params = 'PARAMS_FROM_REQUEST'; 
+
+$isValid = $server->validateSignature($secret, $method, $host, $path, $params);
 ```
 
+`Server::validateSignature()` will return either true or false.  It might also
+throw one of three exceptions:
+* `MaximumDriftExceededException`: If timestamp is too far in the future
+* `MinimumDriftExceededException`: It timestamp is too far in the past
+* `SignatureMissingException`: If signature is missing from request params
+
+Drift defaults to 15 seconds, meaning there is a 30 second window during which the
+request is valid. The default value can be modified using `Server::setDrift()`.
+
 ### Key Generation
 
 You can generate API keys and secrets in the following manner.
@@ -70,6 +87,9 @@ $key = $keyGenerator->generateKey();
 $secret = $keyGenerator->generateSecret();
 ```
 
+Both key and secret are generated using Anthony Ferrara's [RandomLib](https://github.com/ircmaxell/RandomLib)
+random string generator.
+
 ## Installation
 
 Package installation is handled by Composer.
@@ -94,3 +114,18 @@ Package installation is handled by Composer.
 * Contributions should generally follow the strategy outlined in ["Contributing
   to a project"](https://help.github.com/articles/fork-a-repo#contributing-to-a-project)
 * Please submit pull requests against the `develop` branch
+
+## Credits
+
+* The Client, Signer, and NormalizedParameterCollection code are my own implementation of
+the [Signature Version 2
+implementation](https://github.com/aws/aws-sdk-php/blob/master/src/Aws/Common/Signature/SignatureV2.php)
+from the [AWS SDK for PHP
+2](https://github.com/aws/aws-sdk-php/blob/master/src/Aws/Common/Signature/SignatureV2.php).
+
+As such, a version of the Apache License Version 2.0 is included with this
+distribution, and the applicable portion of the AWS SDK for PHP 2 NOTICE file
+is included.
+
+* API key and API secret generation is handled by Anthony Ferrara's
+[RandomLib](https://github.com/ircmaxell/RandomLib) random string generator.
@@ -2,8 +2,25 @@
 
 namespace QueryAuth;
 
+use QueryAuth\Signer;
+
 class Client
 {
+    /**
+     * @var Signer
+     */
+    private $signer;
+
+    /**
+     * Public constructor
+     *
+     * @param Signer $signer Instance of singature creation class
+     */
+    public function __construct(Signer $signer)
+    {
+        $this->signer = $signer;
+    }
+
     /**
      * Sign request params
      *
@@ -13,49 +30,37 @@ class Client
      * @param  string $host   Host portion of API resource URL (including subdomain, excluding scheme)
      * @param  string $path   Path portion of API resource URL (excluding query and fragment)
      * @param  array  $params OPTIONAL Request params (query or POST fields), only needed if required by endpoint
-     * @return array  Signed request params
+     * @return array  Request params provided PLUS key, timestamp, and signature
      */
     public function getSignedRequestParams($key, $secret, $method, $host, $path, array $params = array())
     {
         $params['key'] = $key;
         $params['timestamp'] = (int) gmdate('U');
-
         // Ensure path is absolute
         $path = '/' . ltrim($path, '/');
-
-        $data = $method . "\n"
-            . $host . "\n"
-            . $path . "\n"
-            . $this->getNormalizedParameterString($params);
-
-        $signature = \base64_encode(\hash_hmac('sha256', $data, $secret, true));
-
-        if ($method == 'GET') {
-            $signature = urlencode($signature);
-        }
-
+        $signature = $this->signer->createSignature($method, $host, $path, $secret, $params);
         $params['signature'] = $signature;
 
         return $params;
     }
 
     /**
-     * Get request params as string, sorted alphabetically using strcmp
+     * Get Signer
      *
-     * @param  array  $params Array of request paramaters
-     * @return string Normalized, rawurlencoded parameters as string
+     * @return Signer Instance of the signature creation class
      */
-    public function getNormalizedParameterString(array $params)
+    public function getSigner()
     {
-        unset($params['signature']);
-        uksort($params, 'strcmp');
-
-        $normalized = '';
-
-        foreach ($params as $key => $value) {
-            $normalized .= rawurlencode($key) . '=' . rawurlencode($value) . '&';
-        }
+        return $this->signer;
+    }
 
-        return substr($normalized, 0, -1);
+    /**
+     * Set Signer
+     *
+     * @param Signer $signer Instance of the signature creation class
+     */
+    public function setSigner(Signer $signer)
+    {
+        $this->signer = $signer;
     }
 }