/**
* @param PaymentRequestBuf $request
* @return PaymentRequestBuf
* @throws \Exception
*/
public function apply(PaymentRequestBuf $request)
{
$request->setPkiType($this->type);
$request->setSignature('');
if ($this->type !== 'none') {
$request->setPkiData($this->certificates->serialize());
$data = $request->serialize();
$signature = '';
$result = openssl_sign($data, $signature, $this->privateKey, $this->algoConst);
if ($signature === false || $result === false) {
throw new \Exception('Error during signing: Unable to create signature');
}
$request->setSignature($signature);
}
return $request;
}
/**
* @return bool
*/
public function verifySignature()
{
if ($this->request->getPkiType() === 'none') {
return true;
}
$algorithm = $this->request->getPkiType() === 'x509+sha256' ? OPENSSL_ALGO_SHA256 : OPENSSL_ALGO_SHA1;
$signature = $this->request->getSignature();
$clone = clone $this->request;
$clone->setSignature('');
$data = $clone->serialize();
// Parse the public key
$certificates = new X509CertificatesBuf();
$certificates->parse($clone->getPkiData());
$certificate = $this->der2pem($certificates->getCertificate(0));
$pubkeyid = openssl_pkey_get_public($certificate);
return 1 === openssl_verify($data, $signature, $pubkeyid, $algorithm);
}
/**
* Applies the configured signature algorithm, adding values to
* the protobuf: 'pkiType', 'signature', 'pkiData'
*
* @param PaymentRequestBuf $request
* @return PaymentRequestBuf
* @throws \Exception
*/
public function apply(PaymentRequestBuf $request)
{
$request->setPkiType($this->type);
$request->setSignature('');
if ($this->type !== 'none') {
// PkiData must be captured in signature, and signature must be empty!
$request->setPkiData($this->certificates->serialize());
$signature = $this->signData($request->serialize());
$request->setSignature($signature);
}
return $request;
}
