/** * Verifies if a digital signature is valid. * @return boolean whether a digital signature is valid, false otherwise. */ public function verify() { switch ($this->header->getAlgorithm()) { case 'HS256': case 'HS384': case 'HS512': $alg = Jwa::getAlgorithmInstance($this->header, $this->privateKey); $input = "{$this->encodedHeader}.{$this->encodedPayload}"; $sign = $alg->sign($input); return self::base64UrlDecode($this->encodedSignature) === $sign; break; case 'RS256': case 'RS384': case 'RS512': $alg = Jwa::getAlgorithmInstance($this->header); $input = "{$this->encodedHeader}.{$this->encodedPayload}"; $sign = self::base64UrlDecode($this->encodedSignature); return $alg->verify($input, $sign, $this->certificate); break; } return null; }