/**
* Extracts the public key from certificate and prepares it for use by other functions.
* OOP alias for openssl_pkey_get_public / openssl_get_publickey.
*
* @return resource 'OpenSSL key'
*/
public function getPublicKey()
{
if ($this->publicKey === null) {
$this->publicKey = openssl_get_publickey($this->certificate);
}
return $this->publicKey;
}
/**
* RSA验签
* @param $data 待签名数据
* @param $public_key 支付宝的公钥文件路径
* @param $sign 要校对的的签名结果
* @return 验证结果
*/
public function rsaVerify($data, $public_key, $sign)
{
$res = openssl_get_publickey($public_key);
$result = (bool) openssl_verify($data, base64_decode($sign), $res);
openssl_free_key($res);
return $result;
}
function validate_pub_key($pub_key)
{
$key = @openssl_get_publickey($pub_key);
if($key === false)
throw new invalid_public_key_exception();
}
/**
* Validates a message from SNS to ensure that it was delivered by AWS
*
* @param Message $message The message to validate
*
* @throws CannotGetPublicKeyFromCertificateException If the certificate cannot be retrieved
* @throws CertificateFromUnrecognizedSourceException If the certificate's source cannot be verified
* @throws InvalidMessageSignatureException If the message's signature is invalid
*/
public function validate($message)
{
// Get the cert's URL and ensure it is from AWS
$certUrl = $message->get('SigningCertURL');
$host = parse_url($certUrl, PHP_URL_HOST);
if ('.amazonaws.com' != substr($host, -14)) {
throw new CertificateFromUnrecognizedSourceException($host . ' did not match .amazonaws.com');
}
// Get the cert itself and extract the public key
$response = wp_remote_get($certUrl);
if (is_wp_error($response)) {
throw new CannotGetPublicKeyFromCertificateException('Could not retrieve certificate from ' . $certUrl);
}
$certificate = wp_remote_retrieve_body($response);
$publicKey = openssl_get_publickey($certificate);
if (!$publicKey) {
throw new CannotGetPublicKeyFromCertificateException('Could not extract public key from ' . $certUrl);
}
// Verify the signature of the message
$stringToSign = $message->getStringToSign();
$incomingSignature = base64_decode($message->get('Signature'));
if (!openssl_verify($stringToSign, $incomingSignature, $publicKey, OPENSSL_ALGO_SHA1)) {
throw new InvalidMessageSignatureException('The message did not match the signature ' . "\n" . $stringToSign);
}
}
/**
* RSA验签
* @param $data 待签名数据
* @param $ali_public_key_path 支付宝的公钥文件路径
* @param $sign 要校对的的签名结果
* return 验证结果
*/
function ApiRsaVerify($data, $ali_public_key_path, $sign) {
$pubKey = file_get_contents($ali_public_key_path);
$res = openssl_get_publickey($pubKey);
$result = (bool)openssl_verify($data, base64_decode($sign), $res);
openssl_free_key($res);
return $result;
}
/**
* Function that processes the callback from the bank and returns CPayment objects with isSuccessful
* (and other applicable) parameters filled according to the answers from the bank.
*
* @return CPayment
*/
public function HandleCallback()
{
$rsField = array();
foreach ((array) $_REQUEST as $ixField => $fieldValue) {
$rsField[$ixField] = $fieldValue;
}
$sSignatureBase = sprintf("%03s", $rsField['ver']) . sprintf("%-10s", $rsField['id']) . sprintf("%012s", $rsField['ecuno']) . sprintf("%06s", $rsField['receipt_no']) . sprintf("%012s", $rsField['eamount']) . sprintf("%3s", $rsField['cur']) . $rsField['respcode'] . $rsField['datetime'] . sprintf("%-40s", $rsField['msgdata']) . sprintf("%-40s", $rsField['actiontext']);
function hex2str($hex)
{
for ($i = 0; $i < strlen($hex); $i += 2) {
$str .= chr(hexdec(substr($hex, $i, 2)));
}
return $str;
}
$mac = hex2str($rsField['mac']);
$sSignature = sha1($sSignatureBase);
$flKey = openssl_get_publickey(file_get_contents($this->flBankCertificate));
if (!openssl_verify($sSignatureBase, $mac, $flKey)) {
trigger_error("Invalid signature", E_USER_ERROR);
}
if ($rsField['receipt_no'] == 00) {
return new CPayment($rsField['ecuno'], $rsField['msgdata'], null, null, False);
} else {
return new CPayment($rsField['ecuno'], $rsField['msgdata'], $rsField['eamount'] / 100, $rsField['cur'], True);
}
}
public static function verify($data, $senderid)
{
gio::log("Verifying message ...", VERBOSE);
$pubkeyid = self::getkey($senderid, false, true);
if (!$pubkeyid) {
$pubkeyid = openssl_get_publickey(self::getcert($senderid, true));
}
if (!$pubkeyid) {
return false;
}
$data = explode("::SIGNATURE::", $data);
$signature = base64_decode($data[1]);
$data = $data[0];
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok < 1) {
if ($ok < 0) {
gio::log("Error while verifying data from {$senderid} ...", E_USER_WARNING);
} else {
gio::log("Invalid signature detected while verifying data from {$senderid} ...", E_USER_WARNING);
}
return false;
}
gio::log("... Done verifying message", VERBOSE);
return $data;
}
public function testSecureAuthSubSigning()
{
if (!extension_loaded('openssl')) {
$this->markTestSkipped('The openssl extension is not available');
} else {
$c = new GData\HttpClient();
$c->setAuthSubPrivateKeyFile("Zend/GData/_files/RsaKey.pem", null, true);
$c->setAuthSubToken('abcdefg');
$requestData = $c->filterHttpRequest('POST', 'http://www.example.com/feed', array(), 'foo bar', 'text/plain');
$authHeaderCheckPassed = false;
$headers = $requestData['headers'];
foreach ($headers as $headerName => $headerValue) {
if (strtolower($headerName) == 'authorization') {
preg_match('/data="([^"]*)"/', $headerValue, $matches);
$dataToSign = $matches[1];
preg_match('/sig="([^"]*)"/', $headerValue, $matches);
$sig = $matches[1];
if (function_exists('openssl_verify')) {
$fp = fopen('Zend/GData/_files/RsaCert.pem', 'r', true);
$cert = '';
while (!feof($fp)) {
$cert .= fread($fp, 8192);
}
fclose($fp);
$pubkeyid = openssl_get_publickey($cert);
$verified = openssl_verify($dataToSign, base64_decode($sig), $pubkeyid);
$this->assertEquals(1, $verified, 'The generated signature was unable ' . 'to be verified.');
$authHeaderCheckPassed = true;
}
}
}
$this->assertEquals(true, $authHeaderCheckPassed, 'Auth header not found for sig verification.');
}
}
function verify($pubKey, $toCheck, $signature) {
$openSslPubKey = openssl_get_publickey($this->seclibToOpenSsl($pubKey));
$verified = openssl_verify($toCheck, $signature, $openSslPubKey);
openssl_free_key($openSslPubKey);
return $verified;
} # verify
function checkGooglePlay($signture_json, $signture)
{
global $public_key;
$public_key_handle = openssl_get_publickey($public_key);
$result = openssl_verify($signture_json, base64_decode($signture), $public_key_handle, OPENSSL_ALGO_SHA1);
return $result;
}
function pubkey_bits($pubkey)
{
$pubkey = openssl_get_publickey($pubkey);
$keydata = openssl_pkey_get_details($pubkey);
openssl_free_key($pubkey);
return $keydata['bits'];
}
public static function check_license($license)
{
$signature = $license['Signature'];
unset($license['Signature']);
uksort($license, "strcasecmp");
$total = '';
foreach ($license as $value) {
$total .= $value;
}
$key_raw = <<<EOD
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl7Dgf4x0fi0lXfws7Cq/lk0d
TIEXnCu8PBMep0mtRia9WEJ8N53d+8gbuAcMzb4sW6MVOzTEKYrmtq/DTbiaXKiJ
o6osz5KgBjbcGrCzKKvk8uQuTZWusqp69LQfTYSwxwJIp45kl0g8yalewGUtpYuu
yWXBBsw7Z909BpTLBQIDAAAD
-----END PUBLIC KEY-----
EOD;
$key = openssl_get_publickey($key_raw);
openssl_public_decrypt(base64_decode($signature), $checkDigest, $key);
$digest = sha1($total, true);
if ($digest === $checkDigest) {
return true;
}
return false;
}
public function isSuccesful()
{
foreach ((array) $_REQUEST as $ixField => $fieldValue) {
$this->responseFields[$ixField] = $fieldValue;
}
$sSignatureBase = sprintf("%03s", $this->responseFields['ver']) . sprintf("%-10s", $this->responseFields['id']) . sprintf("%012s", $this->responseFields['ecuno']) . sprintf("%06s", $this->responseFields['receipt_no']) . sprintf("%012s", $this->responseFields['eamount']) . sprintf("%3s", $this->responseFields['cur']) . $this->responseFields['respcode'] . $this->responseFields['datetime'] . $this->mb_sprintf("%-40s", $this->responseFields['msgdata']) . $this->mb_sprintf("%-40s", $this->responseFields['actiontext']);
function hex2str($hex)
{
$str = '';
for ($i = 0; $i < strlen($hex); $i += 2) {
$str .= chr(hexdec(substr($hex, $i, 2)));
}
return $str;
}
$mac = hex2str($this->responseFields['mac']);
$flKey = openssl_get_publickey(\Configuration::where('code', '=', 'estcard/pubkey')->first()->value);
if (!openssl_verify($sSignatureBase, $mac, $flKey)) {
// invalidSignature
return false;
}
if ($this->responseFields['receipt_no'] == 00) {
# Payment was cancelled
return false;
}
if ($this->responseFields['respcode'] == 00) {
# Payment success
return true;
}
}
/**
* 设置公钥
*/
public function setPubKey($key)
{
$pubKey = '-----BEGIN CERTIFICATE-----' . PHP_EOL;
$pubKey .= chunk_split(base64_encode($key), 64, PHP_EOL);
$pubKey .= '-----END CERTIFICATE-----' . PHP_EOL;
$this->pubKey = openssl_get_publickey($pubKey);
}
function dec_pub($dat)
{
list($cry,$str) = array_map('base64_decode',explode(':',$dat));
$res = openssl_get_publickey($this->pub);
openssl_public_decrypt($cry,$key,$res);
$ret = $this->dec_sym($key,$str);
return trim($ret);
}
/**
* makes the verification of the incoming data with a public key
* @param string $signature
* @param string $data
* @param string $publicKeyPath
* @return boolean
*/
public static function verify($signature, $data, $publicKeyPath)
{
$publicKey = self::read($publicKeyPath);
$pKeyId = openssl_get_publickey($publicKey);
$result = openssl_verify($data, $signature, $pKeyId, "SHA256");
openssl_free_key($pKeyId);
return (bool) $result;
}
/**
* @param string $text
* @param string $signatureBase64
* @return bool
*/
function verify($text, $signatureBase64)
{
$publicKeyId = openssl_get_publickey($this->publicKey);
$signature = base64_decode($signatureBase64);
$res = openssl_verify($text, $signature, $publicKeyId);
openssl_free_key($publicKeyId);
return $res === 1;
}
/**
* 对明文进行加密
*
* @param string $text 明文
*
* @return string 密文,并且进行base64转换
*/
static function encrypt($source)
{
global $cfg;
$prikey = $cfg['rsa']['pubkey'];
openssl_get_publickey($pubkey);
$res = openssl_public_encrypt($source, $crypttext, $pubkey, OPENSSL_PKCS1_PADDING);
return $res ? base64_encode($crypttext) : false;
}
/**
* Verify the returned response.
*
* @param $message
* @param $signature
* @return mixed
*/
public function verifySignature($message, $signature)
{
$cert = $this->getCertificate();
$pubkeyid = openssl_get_publickey($cert);
$verify = openssl_verify(substr($message, 0, strlen($message) - 128), $signature, $pubkeyid);
openssl_free_key($pubkeyid);
return $verify;
}
function verify($text, $signature)
{
$pubkeyid = openssl_get_publickey($this->verejny);
$signature = base64_decode($signature);
$vysledek = openssl_verify($text, $signature, $pubkeyid);
openssl_free_key($pubkeyid);
return $vysledek == 1 ? true : false;
}
function _verify($mac, $signature)
{
$cert = file_get_contents(KEY_LOCATION . '/swedbank.pem');
$key = openssl_get_publickey($cert);
$ok = openssl_verify($mac, $signature, $key);
openssl_free_key($key);
return $ok;
}
/**
* 公钥加密
*
* @param string 明文
* @return string 密文(base64编码)
*/
function publickey_encodeing($sourcestr)
{
$key_content = file_get_contents("../server.crt");
$pubkeyid = openssl_get_publickey($key_content);
if (openssl_public_encrypt($sourcestr, $crypttext, $pubkeyid)) {
return base64_encode("" . $crypttext);
}
}
/**
* 验签 方法 二 (未知公匙,获得需经转换)
* [rsa_verify2 description]
* @param [type] $cert_file [description]
* @param [type] $data [description]
* @param [type] $signature [description]
* @return [type] [description]
*/
function rsa_verify2($cert_file, $data, $signature)
{
$cert = der2pem(file_get_contents($cert_file));
$certs = openssl_x509_read($cert);
$key = openssl_get_publickey($certs);
$result = (bool) openssl_verify($data, base64_decode($signature), $key, OPENSSL_ALGO_SHA1);
openssl_free_key($key);
return $result;
}
public function verify($data, $sign)
{
$key = file_get_contents($this->public_key_path);
$res = openssl_get_publickey($key);
$result = (bool) openssl_verify($data, base64_decode($sign), $res);
openssl_free_key($res);
Logger::addInfo('alipay_wap_encryption_rsa', 'verify', array('openssl_key' => $res, 'result' => $result));
return $result;
}
public static function verifySign($params, $pubKeyPath, $sign)
{
$kparams = self::makeSignParams($params);
$pubKey = file_get_contents($pubKeyPath);
$res = openssl_get_publickey($pubKey);
$result = openssl_verify($kparams, base64_decode($sign), $res);
openssl_free_key($res);
return $result == 1;
}
public static function publicDecrypt($pubKey, $data)
{
if (!strstr($pubKey, 'BEGIN PUBLIC KEY')) {
$pubKey = self::lengthenPublicKey($pubKey);
}
$key_resource = openssl_get_publickey($pubKey);
openssl_public_decrypt(base64_decode($data), $cleartext, $key_resource);
return $cleartext;
}
/**
* AsymmetricStrategy constructor.
*
* @param string $public Valid public certificate, can be:
* - an X.509 certificate resource
* - a PEM formatted public key
* - a string having the format `file://path/to/file.pem`. The named file
* must contain a PEM encoded certificate/public key (it may contain both).
* @param string $public Optional. A valid private certificate, can be:
* - a string having the format file://path/to/file.pem. The named file
* must contain a PEM encoded certificate.
* - a PEM encoded certificate
* @param string $passphrase Optional pass phrase.
* @throws \Cake\Core\Exception\Exception
*/
public function __construct($public, $private = null, $passphrase = null)
{
if (!($this->__publicKey = openssl_get_publickey($public))) {
throw new Exception('Invalid public certificate: ' . $public);
}
if ($private !== null && !($this->__privateKey = openssl_get_privatekey($private, $passphrase))) {
throw new Exception('Invalid private certificate: ' . $private);
}
}
function public_encrypt($plaintext)
{
$fp = fopen("./mykey.pub", "r");
$pub_key = fread($fp, 8192);
fclose($fp);
openssl_get_publickey($pub_key);
openssl_public_encrypt($plaintext, $crypttext, $pub_key);
return base64_encode($crypttext);
}
/**
* @param string $file
*/
public function __construct($file)
{
$fp = fopen($file, 'r');
$key = fread($fp, filesize($file));
fclose($fp);
if (!($this->publicKey = openssl_get_publickey($key))) {
throw new InvalidArgumentException("'{$file}' is not valid PEM public key (or passphrase is incorrect).");
}
}
public function check(Oauth2_Token $token, $signature)
{
// Pull the public key ID from the certificate
$public_key = openssl_get_publickey($token->public_cert);
// Check the computed signature against the one passed in the query
$ok = openssl_verify(parent::$identifier, base64_decode($signature), $public_key);
// Release the key resource
openssl_free_key($public_key);
return $ok === 1;
}
