public function verify_license($product_code, $name, $email, $license)
{
## NOTE ###############################################
# If you change the parameters the function acepts do not
# forget to change the lower string concatenation
# to include all fields in the license generation
$stringData = $product_code . "," . $name . "," . $email;
#################################################
// replace O with 8 and I with 9
$replacement = str_replace("8", "O", str_replace("9", "I", $license));
//remove Dashes.
$undashed = trim(str_replace("-", "", $replacement));
// Pad the output length to a multiple of 8 with '=' characters
$desiredLength = strlen($undashed);
if ($desiredLength % 8 != 0) {
$desiredLength += 8 - $desiredLength % 8;
$undashed = str_pad($undashed, $desiredLength, "=");
}
// decode Key
$decodedHash = base32_decode($undashed);
$ok = openssl_verify($stringData, $decodedHash, $this->public_key, OPENSSL_ALGO_DSS1);
if ($ok == 1) {
return TRUE;
} elseif ($ok == 0) {
return FALSE;
} else {
return FALSE;
}
}
/**
* 验证签名
* @param string $data 验签数据
* @param string $sign
*/
public function verifySign($data, $sign)
{
$sign = $this->hex2bin($sign);
$res = openssl_verify($data, $sign, $this->pubKey);
//验证结果,1:验证成功,0:验证失败
return 1 === $res ? true : false;
}
/**
* Verifies that the response was signed with the given signature
* and, optionally, for the right package
*
* @param AndroidMarket_Licensing_ResponseData|string $responseData
* @param string $signature
* @return bool
*/
public function verify($responseData, $signature)
{
if ($responseData instanceof AndroidMarket_Licensing_ResponseData) {
$response = $responseData;
} else {
$response = new AndroidMarket_Licensing_ResponseData($responseData);
}
//check package name is valid
if (!empty($this->_packageName) && $this->_packageName !== $response->getPackageName()) {
return false;
}
if (!$response->isLicensed()) {
return false;
}
$result = openssl_verify($responseData, base64_decode($signature), $this->_publicKey, self::SIGNATURE_ALGORITHM);
//openssl_verify returns 1 for a valid signature
if (0 === $result) {
return false;
} else {
if (1 !== $result) {
require_once 'AndroidMarket/Licensing/RuntimeException.php';
throw new AndroidMarket_Licensing_RuntimeException('Unknown error verifying the signature in openssl_verify');
}
}
return true;
}
/**
* Método que verifica el código de autorización de folios
* @return =true si está ok el XML cargado
* @author Esteban De La Fuente Rubio, DeLaF (esteban[at]sasco.cl)
* @version 2015-10-30
*/
public function check()
{
// validar firma del SII sobre los folios
$firma = $this->getFirma();
$idk = $this->getIDK();
if (!$firma or !$idk) {
return false;
}
$pub_key = \sasco\LibreDTE\Sii::cert($idk);
if (!$pub_key or openssl_verify($this->xml->getFlattened('/AUTORIZACION/CAF/DA'), base64_decode($firma), $pub_key) !== 1) {
\sasco\LibreDTE\Log::write(\sasco\LibreDTE\Estado::FOLIOS_ERROR_FIRMA, \sasco\LibreDTE\Estado::get(\sasco\LibreDTE\Estado::FOLIOS_ERROR_FIRMA));
return false;
}
// validar clave privada y pública proporcionada por el SII
$private_key = $this->getPrivateKey();
if (!$private_key) {
return false;
}
$plain = md5(date('U'));
if (!openssl_private_encrypt($plain, $crypt, $private_key)) {
\sasco\LibreDTE\Log::write(\sasco\LibreDTE\Estado::FOLIOS_ERROR_ENCRIPTAR, \sasco\LibreDTE\Estado::get(\sasco\LibreDTE\Estado::FOLIOS_ERROR_ENCRIPTAR));
return false;
}
$public_key = $this->getPublicKey();
if (!$public_key) {
return false;
}
if (!openssl_public_decrypt($crypt, $plain_firmado, $public_key)) {
\sasco\LibreDTE\Log::write(\sasco\LibreDTE\Estado::FOLIOS_ERROR_DESENCRIPTAR, \sasco\LibreDTE\Estado::get(\sasco\LibreDTE\Estado::FOLIOS_ERROR_DESENCRIPTAR));
return false;
}
return $plain === $plain_firmado;
}
function verify($pubKey, $toCheck, $signature) {
$openSslPubKey = openssl_get_publickey($this->seclibToOpenSsl($pubKey));
$verified = openssl_verify($toCheck, $signature, $openSslPubKey);
openssl_free_key($openSslPubKey);
return $verified;
} # verify
/**
* RSA验签
* @param $data 待签名数据
* @param $public_key 支付宝的公钥文件路径
* @param $sign 要校对的的签名结果
* @return 验证结果
*/
public function rsaVerify($data, $public_key, $sign)
{
$res = openssl_get_publickey($public_key);
$result = (bool) openssl_verify($data, base64_decode($sign), $res);
openssl_free_key($res);
return $result;
}
/**
* Verifies that the data and the signature belong to this public key.
* Returns true on success, false on failure.
* @param mixed $data The data to be verified
* @param mixed $signature The signature of the data
* @param string $algoritm Which algorithm to use for signing
* @return boolean
* @throws InvalidMessageDigestAlgorithmException
*/
public function verify($data, $signature, $algorithm = 'RSA-SHA256')
{
if (!in_array($algorithm, openssl_get_md_methods(true))) {
throw new InvalidMessageDigestAlgorithmException("The digest algorithm '{$algorithm}' is not supported by this openssl implementation.");
}
return openssl_verify($data, $signature, $this->keyResource, $algorithm) == 1;
}
/**
* Validates a message from SNS to ensure that it was delivered by AWS
*
* @param Message $message The message to validate
*
* @throws CannotGetPublicKeyFromCertificateException If the certificate cannot be retrieved
* @throws CertificateFromUnrecognizedSourceException If the certificate's source cannot be verified
* @throws InvalidMessageSignatureException If the message's signature is invalid
*/
public function validate($message)
{
// Get the cert's URL and ensure it is from AWS
$certUrl = $message->get('SigningCertURL');
$host = parse_url($certUrl, PHP_URL_HOST);
if ('.amazonaws.com' != substr($host, -14)) {
throw new CertificateFromUnrecognizedSourceException($host . ' did not match .amazonaws.com');
}
// Get the cert itself and extract the public key
$response = wp_remote_get($certUrl);
if (is_wp_error($response)) {
throw new CannotGetPublicKeyFromCertificateException('Could not retrieve certificate from ' . $certUrl);
}
$certificate = wp_remote_retrieve_body($response);
$publicKey = openssl_get_publickey($certificate);
if (!$publicKey) {
throw new CannotGetPublicKeyFromCertificateException('Could not extract public key from ' . $certUrl);
}
// Verify the signature of the message
$stringToSign = $message->getStringToSign();
$incomingSignature = base64_decode($message->get('Signature'));
if (!openssl_verify($stringToSign, $incomingSignature, $publicKey, OPENSSL_ALGO_SHA1)) {
throw new InvalidMessageSignatureException('The message did not match the signature ' . "\n" . $stringToSign);
}
}
/**
* RSA验签
* @param $data 待签名数据
* @param $ali_public_key_path 支付宝的公钥文件路径
* @param $sign 要校对的的签名结果
* return 验证结果
*/
function ApiRsaVerify($data, $ali_public_key_path, $sign) {
$pubKey = file_get_contents($ali_public_key_path);
$res = openssl_get_publickey($pubKey);
$result = (bool)openssl_verify($data, base64_decode($sign), $res);
openssl_free_key($res);
return $result;
}
/**
* Verifiy the given data.
*
* @param string $playerId
* @param string $bundleId
* @param int $timestamp
* @param string $salt Binary string.
* @return bool
*/
public function verify($playerId, $bundleId, $timestamp, $salt)
{
if (filter_var($this->certificate, FILTER_VALIDATE_URL) !== false) {
$this->certificate = file_get_contents($this->certificate);
if ($this->certificate === false) {
$this->error = static::CERT_DOWNLOAD_ERR;
return false;
}
}
if (($pubKeyId = $this->pubKey()) === false) {
$this->error = static::CERT_PUB_KEY_ERR;
return false;
}
$data = $playerId . $bundleId . $this->toBigEndian($timestamp) . $salt;
$result = openssl_verify($data, $this->signature, $pubKeyId, OPENSSL_ALGO_SHA256);
if ($result === 1) {
return true;
}
if ($result === 0) {
$this->error = static::SIGNATURE_INCORRECT;
} else {
$this->error = static::SIGNATURE_ERR;
}
return false;
}
/**
* Function that processes the callback from the bank and returns CPayment objects with isSuccessful
* (and other applicable) parameters filled according to the answers from the bank.
*
* @return CPayment
*/
public function HandleCallback()
{
$rsField = array();
foreach ((array) $_REQUEST as $ixField => $fieldValue) {
$rsField[$ixField] = $fieldValue;
}
$sSignatureBase = sprintf("%03s", $rsField['ver']) . sprintf("%-10s", $rsField['id']) . sprintf("%012s", $rsField['ecuno']) . sprintf("%06s", $rsField['receipt_no']) . sprintf("%012s", $rsField['eamount']) . sprintf("%3s", $rsField['cur']) . $rsField['respcode'] . $rsField['datetime'] . sprintf("%-40s", $rsField['msgdata']) . sprintf("%-40s", $rsField['actiontext']);
function hex2str($hex)
{
for ($i = 0; $i < strlen($hex); $i += 2) {
$str .= chr(hexdec(substr($hex, $i, 2)));
}
return $str;
}
$mac = hex2str($rsField['mac']);
$sSignature = sha1($sSignatureBase);
$flKey = openssl_get_publickey(file_get_contents($this->flBankCertificate));
if (!openssl_verify($sSignatureBase, $mac, $flKey)) {
trigger_error("Invalid signature", E_USER_ERROR);
}
if ($rsField['receipt_no'] == 00) {
return new CPayment($rsField['ecuno'], $rsField['msgdata'], null, null, False);
} else {
return new CPayment($rsField['ecuno'], $rsField['msgdata'], $rsField['eamount'] / 100, $rsField['cur'], True);
}
}
function ValidateGooglePlaySignature($receipt, $signature)
{
$publicGoogleKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+zLT00kiP/8iHZrvBwbAOIibC6qhGW9Mt6FHFHh+uJN5+wIYWKfsWS8cU9383iJ6Q0zL2Gk7UQtZvp9ug3yCzWkTADWzepO8rm0+gBuv7OcrIq5TF5qIS4qXrmTg1VkloJb0C4OP9IPqRpa9VKa1nWIa1VbLY2U4U7vgQIcLBIGL+5d2/qhjj4UeK3seWvY8XxHh9CElxMAmaOWU6aNUSon0G7r68gwx15hMOoVy4ICeKrGyn8XibTiruYwXHwBJ6JQNYzWRtJPEF1DL1TLev/DneVVoFgrc6ZnZMZGwlnYLKn0AolCTfq2c1GRUj/FI/wd3Rcm6lHeN3pbkmb1GwIDAQAB";
$receipt = trim($receipt);
$signature = trim($signature);
//Create an RSA key compatible with openssl_verify from our Google Play sig
$key = "-----BEGIN PUBLIC KEY-----\n" . chunk_split($publicGoogleKey, 64, "\n") . '-----END PUBLIC KEY-----';
$key = openssl_pkey_get_public($key);
//print $signature;print_r(openssl_pkey_get_details($key)); exit();
if ($key == false) {
return $ret = 100;
}
//Signature should be in binary format, but it comes as BASE64.
$signature = base64_decode($signature);
//Verify the signature
$result = openssl_verify($receipt, $signature, $key, OPENSSL_ALGO_SHA1);
//print $result . ' / ' . $receipt . ' / ' . $signature . ' / ' . $key;exit();
if ($result == 1) {
$ret = 1;
} elseif ($result == 0) {
$ret = 0;
} else {
$ret = 2;
}
return $ret;
}
public function __construct($headers = null, $body = null)
{
$config = Payplug::getConfig();
if (is_null($config)) {
throw new ParametersNotSetException();
}
if (is_null($body)) {
$body = file_get_contents("php://input");
}
if (is_null($headers)) {
$headers = getallheaders();
}
$headers = array_change_key_case($headers, CASE_UPPER);
$signature = base64_decode($headers['PAYPLUG-SIGNATURE']);
$publicKey = openssl_pkey_get_public($config->payplugPublicKey);
$isValid = openssl_verify($body, $signature, $publicKey, OPENSSL_ALGO_SHA1);
if (!$isValid) {
throw new InvalidSignatureException();
}
$data = json_decode($body, true);
$this->amount = $data['amount'];
$this->customData = $data['custom_data'];
$this->customer = $data['customer'];
$this->email = $data['email'];
$this->firstName = $data['first_name'];
$this->idTransaction = $data['id_transaction'];
$this->lastName = $data['last_name'];
$this->order = $data['order'];
$this->origin = $data['origin'];
$this->state = $data['state'];
}
public function verify($data, $signature)
{
$signature = $this->_base64encode ? base64_decode($signature) : $signature;
$public_key = file_get_contents($this->_public_key);
$verify_result = openssl_verify($data, $signature, $public_key);
return $verify_result === 1;
}
/**
* @inheritdoc
*/
public function verify($key, $signature, $input)
{
if (!$this->supportsKey($key)) {
throw new InvalidArgumentException('Invalid key supplied.');
}
return (bool) openssl_verify($input, $signature, $key, $this->getHashingAlgorithm());
}
public function isSuccesful()
{
foreach ((array) $_REQUEST as $ixField => $fieldValue) {
$this->responseFields[$ixField] = $fieldValue;
}
$sSignatureBase = sprintf("%03s", $this->responseFields['ver']) . sprintf("%-10s", $this->responseFields['id']) . sprintf("%012s", $this->responseFields['ecuno']) . sprintf("%06s", $this->responseFields['receipt_no']) . sprintf("%012s", $this->responseFields['eamount']) . sprintf("%3s", $this->responseFields['cur']) . $this->responseFields['respcode'] . $this->responseFields['datetime'] . $this->mb_sprintf("%-40s", $this->responseFields['msgdata']) . $this->mb_sprintf("%-40s", $this->responseFields['actiontext']);
function hex2str($hex)
{
$str = '';
for ($i = 0; $i < strlen($hex); $i += 2) {
$str .= chr(hexdec(substr($hex, $i, 2)));
}
return $str;
}
$mac = hex2str($this->responseFields['mac']);
$flKey = openssl_get_publickey(\Configuration::where('code', '=', 'estcard/pubkey')->first()->value);
if (!openssl_verify($sSignatureBase, $mac, $flKey)) {
// invalidSignature
return false;
}
if ($this->responseFields['receipt_no'] == 00) {
# Payment was cancelled
return false;
}
if ($this->responseFields['respcode'] == 00) {
# Payment success
return true;
}
}
/**
* Store a newly created resource in storage.
*
* @param Request $request
* @return Response
*/
public function store(Request $request)
{
//
//Log::info('$request=<' . $request . '>');
if ($request->isMethod('post')) {
$bodyContent = $request->getContent();
//Log::info('$bodyContent=<' . $bodyContent . '>');
$bodyJson = json_decode($bodyContent);
$keyPath = $this->keyRoot_ . $bodyJson->token . '/pubKey.pem';
$fp = fopen($keyPath, 'r');
$pubKeyMem = fread($fp, 8192);
fclose($fp);
$pubkeyid = openssl_pkey_get_public($pubKeyMem);
$token = $bodyJson->token;
$sign = $bodyJson->sign;
$ok = openssl_verify($token, hex2bin($sign), $pubkeyid, "sha256");
openssl_free_key($pubkeyid);
if ($ok == 1) {
$profilePath = $this->keyRoot_ . $bodyJson->token . '/profile';
//Log::info('$bodyJson->payload=<' . json_encode($bodyJson->payload) . '>');
file_put_contents($profilePath, json_encode($bodyJson->payload));
return response()->json(['status' => 'success']);
} else {
return response()->json(['status' => 'failure']);
}
}
}
/**
* Checks the signature of the given message.
*
* It is assumed that the signature is the last parameter of the urlencoded string, whatever its name.
*
* Messages need to be decoded in a very picky way, due to the inconsistent URL-encoding of Paybox.
* This is why this method accepts the raw query string (GET) or message body (POST),
* and not an already decoded array of key-value pairs.
*
* @param string $message The raw message to check.
* @param bool $isPost True if the message comes from a POST request (return URL), false if it comes from a GET request (callback URL).
* @param string $publicKeyFile The path to the public key file. Optional, defaults to Paybox's public key.
*
* @return bool True if the signature of the message is valid, false if it is invalid.
*
* @throws OpenSSLException If the certificate file is invalid, or an OpenSSL error occurs.
*/
public function checkSignature($message, $isPost, $publicKeyFile = OpenSSL::PAYBOX_PUBLIC_KEY)
{
// Dequeue errors than would have been ignored by other libraries.
// These errors are persistent across HTTP calls, and could add confusion to our error messages.
$this->handleErrors();
$publicKey = openssl_pkey_get_public('file://' . $publicKeyFile);
$this->handleErrors($publicKey === false);
$data = $this->parseMessage($message, $isPost);
if (!$data) {
return false;
}
$signature = end($data);
$signatureKey = key($data);
unset($data[$signatureKey]);
$signedMessage = [];
foreach ($data as $key => $value) {
$signedMessage[] = $key . '=' . $value;
}
$signedMessage = implode('&', $signedMessage);
if ($isPost) {
// The data is double-URL-encoded in this case.
$signature = rawurldecode($signature);
}
$signature = base64_decode($signature);
$result = openssl_verify($signedMessage, $signature, $publicKey);
$this->handleErrors($result == -1);
return (bool) $result;
}
public static function verify($data, $senderid)
{
gio::log("Verifying message ...", VERBOSE);
$pubkeyid = self::getkey($senderid, false, true);
if (!$pubkeyid) {
$pubkeyid = openssl_get_publickey(self::getcert($senderid, true));
}
if (!$pubkeyid) {
return false;
}
$data = explode("::SIGNATURE::", $data);
$signature = base64_decode($data[1]);
$data = $data[0];
$ok = openssl_verify($data, $signature, $pubkeyid);
if ($ok < 1) {
if ($ok < 0) {
gio::log("Error while verifying data from {$senderid} ...", E_USER_WARNING);
} else {
gio::log("Invalid signature detected while verifying data from {$senderid} ...", E_USER_WARNING);
}
return false;
}
gio::log("... Done verifying message", VERBOSE);
return $data;
}
/**
* 验签
*
* @param string $data
* @param string $sign
* @param string $pem
* @return bool 验签状态
*/
private function verify($data, $sign)
{
$p = openssl_pkey_get_public(file_get_contents($this->chinaums_config['publickKey']));
$verify = openssl_verify($data, hex2bin($sign), $p);
openssl_free_key($p);
return $verify > 0;
}
public function testSecureAuthSubSigning()
{
if (!extension_loaded('openssl')) {
$this->markTestSkipped('The openssl extension is not available');
} else {
$c = new Zend_Gdata_HttpClient();
$c->setAuthSubPrivateKeyFile("Zend/Gdata/_files/RsaKey.pem", null, true);
$c->setAuthSubToken('abcdefg');
$requestData = $c->filterHttpRequest('POST', 'http://www.example.com/feed', array(), 'foo bar', 'text/plain');
$authHeaderCheckPassed = false;
$headers = $requestData['headers'];
foreach ($headers as $headerName => $headerValue) {
if (strtolower($headerName) == 'authorization') {
preg_match('/data="([^"]*)"/', $headerValue, $matches);
$dataToSign = $matches[1];
preg_match('/sig="([^"]*)"/', $headerValue, $matches);
$sig = $matches[1];
if (function_exists('openssl_verify')) {
$fp = fopen('Zend/Gdata/_files/RsaCert.pem', 'r', true);
$cert = '';
while (!feof($fp)) {
$cert .= fread($fp, 8192);
}
fclose($fp);
$pubkeyid = openssl_get_publickey($cert);
$verified = openssl_verify($dataToSign, base64_decode($sig), $pubkeyid);
$this->assertEquals(1, $verified, 'The generated signature was unable ' . 'to be verified.');
$authHeaderCheckPassed = true;
}
}
}
$this->assertEquals(true, $authHeaderCheckPassed, 'Auth header not found for sig verification.');
}
}
/**
* Verify the given data with the signature. If the data and/or the
* signature have been modified, or the signature has not been created
* using the private key matching this one, verification will
* fail.
*
* @param string data
* @param string signature
* @return bool TRUE if data + signature are valid
* @throws security.crypto.CryptoException if the operation fails
*/
public function verify($data, $signature)
{
if (-1 === ($res = openssl_verify($data, $signature, $this->_hdl))) {
throw new CryptoException('Error verifying signature', OpenSslUtil::getErrors());
}
return 1 === $res;
}
function checkGooglePlay($signture_json, $signture)
{
global $public_key;
$public_key_handle = openssl_get_publickey($public_key);
$result = openssl_verify($signture_json, base64_decode($signture), $public_key_handle, OPENSSL_ALGO_SHA1);
return $result;
}
function rsa_verify($sourcestr, $signstr, $publickey)
{
$pubkeyid = openssl_get_publickey($publickey);
$verify = openssl_verify($sourcestr, $signstr, $pubkeyid);
openssl_free_key($pubkeyid);
return $verify;
}
function _verify($mac, $signature)
{
$cert = file_get_contents(KEY_LOCATION . '/swedbank.pem');
$key = openssl_get_publickey($cert);
$ok = openssl_verify($mac, $signature, $key);
openssl_free_key($key);
return $ok;
}
public function verifySignature($data, $signature, $format = null)
{
if ($format == self::BASE64) {
$signature = base64_decode($signature);
}
$result = openssl_verify($data, $signature, $this->getPublicKey()->getOpensslKeyResource(), $this->getHashAlgorithm());
return $result;
}
/**
* makes the verification of the incoming data with a public key
* @param string $signature
* @param string $data
* @param string $publicKeyPath
* @return boolean
*/
public static function verify($signature, $data, $publicKeyPath)
{
$publicKey = self::read($publicKeyPath);
$pKeyId = openssl_get_publickey($publicKey);
$result = openssl_verify($data, $signature, $pKeyId, "SHA256");
openssl_free_key($pKeyId);
return (bool) $result;
}
function verify($text, $signature)
{
$pubkeyid = openssl_get_publickey($this->verejny);
$signature = base64_decode($signature);
$vysledek = openssl_verify($text, $signature, $pubkeyid);
openssl_free_key($pubkeyid);
return $vysledek == 1 ? true : false;
}
/**
* Verifies the signature on data.
*
* Returns true if the signature is valid, false otherwise.
* @param $data
* @param $signature
* @throws Google_AuthException
* @return bool
*/
function verify($data, $signature)
{
$status = openssl_verify($data, $signature, $this->publicKey, "sha256");
if ($status === -1) {
throw new Google_AuthException('Signature verification error: ' . openssl_error_string());
}
return $status === 1;
}
public function verify($data, $signature, $algorithm = OPENSSL_ALGO_SHA1)
{
$key = $this->_getKeyResource();
if (openssl_verify($data, $signature, $key, $algorithm) === 1) {
return true;
}
return false;
}
