function base64url_decode($base64url)
{
return base64_decode(b64url2b64($base64url));
}
/**
* @param string $hashtype
* @param object $key
* @throws OpenIDConnectClientException
* @return bool
*/
private function verifyRSAJWTsignature($hashtype, $key, $payload, $signature)
{
if (!class_exists('Crypt_RSA')) {
throw new OpenIDConnectClientException('Crypt_RSA support unavailable.');
}
if (!(property_exists($key, 'n') and property_exists($key, 'e'))) {
throw new OpenIDConnectClientException('Malformed key object');
}
/* We already have base64url-encoded data, so re-encode it as
regular base64 and use the XML key format for simplicity.
*/
$public_key_xml = "<RSAKeyValue>\r\n" . " <Modulus>" . b64url2b64($key->n) . "</Modulus>\r\n" . " <Exponent>" . b64url2b64($key->e) . "</Exponent>\r\n" . "</RSAKeyValue>";
$rsa = new Crypt_RSA();
$rsa->setHash($hashtype);
$rsa->loadKey($public_key_xml, CRYPT_RSA_PUBLIC_FORMAT_XML);
$rsa->signatureMode = CRYPT_RSA_SIGNATURE_PKCS1;
return $rsa->verify($payload, $signature);
}
/**
*
* @param string $hashtype
* @param object $key
* @throws OpenIDConnectClientException
* @return bool
*/
private function verifyRSAJWTsignature($hashtype, $key, $payload, $signature)
{
if (!(property_exists($key, 'n') and property_exists($key, 'e'))) {
throw new OpenIDConnectClientException('Malformed key object');
}
/*
* We already have base64url-encoded data, so re-encode it as
* regular base64 and use the XML key format for simplicity.
*/
var_dump($hashtype, $key, $payload, base64_encode($signature));
$public_key_xml = "<RSAKeyValue>\r\n" . " <Modulus>" . b64url2b64($key->n) . "</Modulus>\r\n" . " <Exponent>" . b64url2b64($key->e) . "</Exponent>\r\n" . "</RSAKeyValue>";
$rsa = new RSA();
$rsa->setHash($hashtype);
$rsa->loadKey($public_key_xml, 'xml');
$rsa->signatureMode = RSA::SIGNATURE_PKCS1;
return $rsa->verify($payload, $signature);
}
