public function encode(TOGoS_RSAUtil_Signature $sig) { if ($sig->getAlgorithmName() !== 'SHA1withRSA') { throw new Exception("Can only encode SHA1withRSA signatures; given a " . $sig->getAlgorithmName()); } $keySha1 = $this->uriToSha1($sig->getPublicKeyUri()); $contentSha1 = $this->payloadSha1($sig); return new Nife_StringBlob(self::TBB_MAGIC . self::TBB_SCHEMA_ID . $keySha1 . $contentSha1 . $sig->getSignatureBytes()); }
/** * @return boolean true iff the signature is (A) valid, and (B) * signed by one of our valid keys */ public function isAuthorized(TOGoS_RSAUtil_Signature $sig) { $keyUrn = $sig->getPublicKeyUri(); try { $keyUrn = $this->normalizeUrn($keyUrn); } catch (TOGoS_RSAUtil_UnparseableURNException $e) { return false; } if (!isset($this->validKeyUrns[$keyUrn])) { return false; } return TOGoS_RSAUtil::verif($sig, $this->blobSource); }
/** * @return true if the signature is valid, false otherwise */ public static function verif(TOGoS_RSAUtil_Signature $sig, $blobSource) { $pubKeyData = $blobSource->getBlob($sig->getPublicKeyUri()); $pubKeyPem = TOGoS_RSAUtil_Util::looksLikePem($pubKeyData) ? $pubKeyData : TOGoS_RSAUtil_Util::derToPem($pubKeyData); $pubKey = openssl_pkey_get_public($pubKeyPem); if ($pubKey === false) { throw new Exception("Failed to parse public key data"); } $data = TOGoS_RSAUtil_Util::getSignaturePayload($sig, $blobSource); $verified = openssl_verify($data, $sig->getSignatureBytes(), $pubKey, TOGoS_RSAUtil_Util::rsaAlgoIdFromName($sig->getAlgorithmName())); openssl_free_key($pubKey); return (bool) $verified; }
/** * @return Nife_Blob */ public static function getSignaturePayload(TOGoS_RSAUtil_Signature $sig, $blobSource) { $payload = $sig->getPayload(); if ($payload !== null) { return $payload; } $payloadUri = $sig->getPayloadUri(); if ($payloadUri !== null) { $payload = $blobSource->getBlob($payloadUri); if ($payload === null) { throw new Exception("Signature payload not found; URI = {$payloadUri}"); } return $payload; } throw new Exception("Signature has no payload nor payload URI!"); }