public function encode(TOGoS_RSAUtil_Signature $sig)
{
if ($sig->getAlgorithmName() !== 'SHA1withRSA') {
throw new Exception("Can only encode SHA1withRSA signatures; given a " . $sig->getAlgorithmName());
}
$keySha1 = $this->uriToSha1($sig->getPublicKeyUri());
$contentSha1 = $this->payloadSha1($sig);
return new Nife_StringBlob(self::TBB_MAGIC . self::TBB_SCHEMA_ID . $keySha1 . $contentSha1 . $sig->getSignatureBytes());
}
/**
* @return boolean true iff the signature is (A) valid, and (B)
* signed by one of our valid keys
*/
public function isAuthorized(TOGoS_RSAUtil_Signature $sig)
{
$keyUrn = $sig->getPublicKeyUri();
try {
$keyUrn = $this->normalizeUrn($keyUrn);
} catch (TOGoS_RSAUtil_UnparseableURNException $e) {
return false;
}
if (!isset($this->validKeyUrns[$keyUrn])) {
return false;
}
return TOGoS_RSAUtil::verif($sig, $this->blobSource);
}
/**
* @return true if the signature is valid, false otherwise
*/
public static function verif(TOGoS_RSAUtil_Signature $sig, $blobSource)
{
$pubKeyData = $blobSource->getBlob($sig->getPublicKeyUri());
$pubKeyPem = TOGoS_RSAUtil_Util::looksLikePem($pubKeyData) ? $pubKeyData : TOGoS_RSAUtil_Util::derToPem($pubKeyData);
$pubKey = openssl_pkey_get_public($pubKeyPem);
if ($pubKey === false) {
throw new Exception("Failed to parse public key data");
}
$data = TOGoS_RSAUtil_Util::getSignaturePayload($sig, $blobSource);
$verified = openssl_verify($data, $sig->getSignatureBytes(), $pubKey, TOGoS_RSAUtil_Util::rsaAlgoIdFromName($sig->getAlgorithmName()));
openssl_free_key($pubKey);
return (bool) $verified;
}
/**
* @return Nife_Blob
*/
public static function getSignaturePayload(TOGoS_RSAUtil_Signature $sig, $blobSource)
{
$payload = $sig->getPayload();
if ($payload !== null) {
return $payload;
}
$payloadUri = $sig->getPayloadUri();
if ($payloadUri !== null) {
$payload = $blobSource->getBlob($payloadUri);
if ($payload === null) {
throw new Exception("Signature payload not found; URI = {$payloadUri}");
}
return $payload;
}
throw new Exception("Signature has no payload nor payload URI!");
}
