Skip to content

Instantly share code, notes, and snippets.

@ritou

ritou/sample_validation.txt

Created September 13, 2011 17:41
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ritou/1214472 to your computer and use it in GitHub Desktop.
Save ritou/1214472 to your computer and use it in GitHub Desktop.
Download ZIP
ID Token signature validation
Raw
sample_validation.txt
$ cat test.php
<?php
function base64_urlencode($str){
$enc = base64_encode($str);
$enc = rtrim($enc,"=");
$enc = strtr($enc,"+/","-_");
return $enc;
}
function base64_urldecode($str){
$dec = strtr($str,"-_","+/");
switch (strlen($dec)%4) {
case 0:
break;
case 2:
$dec .= "==";
break;
case 3:
$dec .= "=";
break;
default:
Throw new Exception("Illegal base64url string!");
}
return base64_decode($dec);
}
// verify RSA-SHA256 function
function digest_verify_data($data, $signature, $key, $alg='sha256') {
$sha1_header = pack('H*', '3021300906052b0e03021a05000414');
$sha256_header = pack('H*', '3031300d060960864801650304020105000420');
$md5_header = pack('H*', '3020300c06082a864886f70d020505000410');
$plainText = NULL;
$status = openssl_public_decrypt($signature, $plainText, $key);
if(!$status) {
printf("Unable to decrypt sign data\n");
return false;
}
$hash = hash($alg, $data, true);
$sign_data .= ${$alg . '_header'};
if(!$sign_data)
return false;
$sign_data .= $hash;
if($sign_data == $plainText) {
return true;
}
else {
return false;
}
}
// nov's x509 cert
$x509 = <<<CRT
-----BEGIN CERTIFICATE-----
MIIDeDCCAmACCQDFeFSXWEnHxDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJK
UDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1NoaWJ1eWExITAfBgNVBAoMGElu
dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDTm92MRwwGgYJKoZIhvcN
AQkBFg1ub3ZAbWF0YWtlLmpwMB4XDTExMDkxMzEzMjIzNFoXDTEyMDkxMjEzMjIz
NFowfjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdTaGli
dXlhMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMM
A05vdjEcMBoGCSqGSIb3DQEJARYNbm92QG1hdGFrZS5qcDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKSsm7NFmh1P8uHB8Vm5vFs4+uh7XMhZ+xYd5/vf
ak17ucjWt9DEWCGH0g8HvSVXNSVKBsONcqtkrXRgSeNB8YnIYxPmKKX7twefEJYC
b06FG1g+IJkwxoDBsUMbb9RJ9snnWsp0O97A6SCvtdiSQ2Oeab3/jwokkPTo8WS4
lRipQpQ7rOOP7r9t+9G/SDdiYhDhfmuyQamkxGCz6V2qClg0pyTaJ6+/bS9E+4ri
ZjtZe9OaDt2NE0PiDS2Oo5yhv0abL8rxjZ8D/aTL3D9aYSrFmddKH7roSRkafCMU
C/UX80/OzrxdEQUjtVO94dPWD/nKK1g7JyiIuk280aTeWA8CAwEAATANBgkqhkiG
9w0BAQsFAAOCAQEAdiNDw9z6U8lIF0NWVObeGqoxn/MSp/W5S56ts3agw0meqc1J
gUPkncXbpjZ/wX0Y3pupmGBIO0XAHPhjyCu3HhplhaVxSNqKEg9wB3huYaMZ2Kbi
+Wy77hLO2hOYk8vI/ok5oW0lhhpA0o4GzbyV4SA3nZgT0u8YXC7cqAHqI9KsBU5z
62mjlptCR/b10xTlC13AtbdDM6s1hWP9XpDrm6Kxgfu7nKQ1Q31ag1Ukm9Gw8qcl
ILxZxqbqGy/q1C+6ObTmGtiVbJTs+W8u5BPg9S49O6qIhVN5wWCT4lRrlpXpYA3a
TTVBULB1g7Iod2g+kF0qAXnwqGvZ5LOgwFfmcw==
-----END CERTIFICATE-----
CRT;
$pub_key = openssl_pkey_get_public($x509);
// this is id_token segments
$header = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9";
$payload = "eyJpc3MiOiJodHRwczovL2Nvbm5lY3Qtb3AuaGVyb2t1LmNvbSIsInVzZXJfaWQiOiJmZmM2ZTNkMDNjMTQzNjhjNTAxOTRjMWM1MDE1MDcxYSIsImF1ZCI6IjMzM2UzMDYyMTllZTIxNDk0OWEyZDU1NjVmZGE5YTA3IiwiZXhwIjoxMzE1OTUyOTU3fQ";
$signature = "iC5QPS2Niu1nRAwFfDl2bm-SUpxFBEFI0vBUU9ZEOT06Wfb1XN8L_9Uq2qlb2wPbpxl7Peh-YPIvUNN4TLaut8SPZHEXcDwCnXOvOqQeuUgZgMe5j7IUehJ02_uPsGpS0eyXsc58nA9TqGr-BlBeksCPaDZjpwyE6-zdzbpBQ32_KmIaMqaEPxILIFGa48hqyIxMKNbN6gbf-VPuDfwwLuly34l_QXTuh0AqMjn3oADi8XBt-_P2F68IoCwz0aPmcp30HGrA-CgUXqAR8SitwRBsdmyHF6x857KKLxZGTepAOTKGapMh7bz9vfek2sQZAsOSZH-03MBUijbCJ-ynDQ";
$sig = base64_urldecode($signature);
$status = digest_verify_data($header.".".$payload,$sig,$pub_key,'sha256');
// validate signature
print "Status : ".$status;
?>
$ php test.php
Status : 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment