/** * @return bool */ public function verifySignature() { if ($this->request->getPkiType() === 'none') { return true; } $algorithm = $this->request->getPkiType() === 'x509+sha256' ? OPENSSL_ALGO_SHA256 : OPENSSL_ALGO_SHA1; $signature = $this->request->getSignature(); $clone = clone $this->request; $clone->setSignature(''); $data = $clone->serialize(); // Parse the public key $certificates = new X509CertificatesBuf(); $certificates->parse($clone->getPkiData()); $certificate = $this->der2pem($certificates->getCertificate(0)); $pubkeyid = openssl_pkey_get_public($certificate); return 1 === openssl_verify($data, $signature, $pubkeyid, $algorithm); }