<?php
include '../phpseclib/vendor/autoload.php';
$rsa_signer = new \phpseclib\Crypt\RSA();
$private = file_get_contents('private.pem');
$rsa_signer->setPassword('VdcpDTWTc5Aehxgv2uL9haaFddDBhrc8uCMG3ykg');
$rsa_signer->load($private);
$rsa_signer->setHash('sha512');
$rsa_signer->setMGFHash('sha512');
$message = 'Litwo Ojczyzno moja, ty jesteś jak zdrowie';
$signature = $rsa_signer->sign($message, phpseclib\Crypt\RSA::PADDING_PSS);
$signature_base64 = base64_encode($signature);
echo 'Message: ' . $message . "\r\n";
echo 'Signature (RAW): ' . $signature . "\r\n";
echo 'Signature (base64): ' . $signature_base64 . "\r\n";
echo '------------------------------------DECODING------------------------------------------' . "\r\n";
$rsa_verifier = new \phpseclib\Crypt\RSA();
$rsa_verifier->setHash('sha512');
$rsa_verifier->setMGFHash('sha512');
$public = file_get_contents('public.pem');
$rsa_verifier->load($public);
$verification = $rsa_verifier->verify($message, $signature);
echo 'Verified: ' . ($verification ? 'TRUE' : 'FALSE');
/**
* @param string $hashtype
* @param object $key
* @throws OpenIDConnectClientException
* @return bool
*/
private function verifyRSAJWTsignature($hashtype, $key, $payload, $signature)
{
if (!class_exists('\\phpseclib\\Crypt\\RSA')) {
throw new OpenIDConnectClientException('Crypt_RSA support unavailable.');
}
if (!(property_exists($key, 'n') and property_exists($key, 'e'))) {
throw new OpenIDConnectClientException('Malformed key object');
}
/* We already have base64url-encoded data, so re-encode it as
regular base64 and use the XML key format for simplicity.
*/
$public_key_xml = "<RSAKeyValue>\r\n" . " <Modulus>" . b64url2b64($key->n) . "</Modulus>\r\n" . " <Exponent>" . b64url2b64($key->e) . "</Exponent>\r\n" . "</RSAKeyValue>";
$rsa = new \phpseclib\Crypt\RSA();
$rsa->setHash($hashtype);
$rsa->loadKey($public_key_xml, \phpseclib\Crypt\RSA::PUBLIC_FORMAT_XML);
$rsa->signatureMode = \phpseclib\Crypt\RSA::SIGNATURE_PKCS1;
return $rsa->verify($payload, $signature);
}
