function base64url_decode($base64url) { return base64_decode(b64url2b64($base64url)); }
/** * @param string $hashtype * @param object $key * @throws OpenIDConnectClientException * @return bool */ private function verifyRSAJWTsignature($hashtype, $key, $payload, $signature) { if (!class_exists('Crypt_RSA')) { throw new OpenIDConnectClientException('Crypt_RSA support unavailable.'); } if (!(property_exists($key, 'n') and property_exists($key, 'e'))) { throw new OpenIDConnectClientException('Malformed key object'); } /* We already have base64url-encoded data, so re-encode it as regular base64 and use the XML key format for simplicity. */ $public_key_xml = "<RSAKeyValue>\r\n" . " <Modulus>" . b64url2b64($key->n) . "</Modulus>\r\n" . " <Exponent>" . b64url2b64($key->e) . "</Exponent>\r\n" . "</RSAKeyValue>"; $rsa = new Crypt_RSA(); $rsa->setHash($hashtype); $rsa->loadKey($public_key_xml, CRYPT_RSA_PUBLIC_FORMAT_XML); $rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1; return $rsa->verify($payload, $signature); }
/** * * @param string $hashtype * @param object $key * @throws OpenIDConnectClientException * @return bool */ private function verifyRSAJWTsignature($hashtype, $key, $payload, $signature) { if (!(property_exists($key, 'n') and property_exists($key, 'e'))) { throw new OpenIDConnectClientException('Malformed key object'); } /* * We already have base64url-encoded data, so re-encode it as * regular base64 and use the XML key format for simplicity. */ var_dump($hashtype, $key, $payload, base64_encode($signature)); $public_key_xml = "<RSAKeyValue>\r\n" . " <Modulus>" . b64url2b64($key->n) . "</Modulus>\r\n" . " <Exponent>" . b64url2b64($key->e) . "</Exponent>\r\n" . "</RSAKeyValue>"; $rsa = new RSA(); $rsa->setHash($hashtype); $rsa->loadKey($public_key_xml, 'xml'); $rsa->signatureMode = RSA::SIGNATURE_PKCS1; return $rsa->verify($payload, $signature); }