Created
October 19, 2012 10:27
-
-
Save ritou/3917397 to your computer and use it in GitHub Desktop.
ID Token Verification using JWK URL and x509 URL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# preparation | |
## OpenID Connect library(use only http client) | |
$ pear install openpear/Akita_OpenIDConnect-alpha | |
## RSA Crypt and X.509 handling library | |
$ pear channel-discover phpseclib.sourceforge.net | |
$ pear install phpseclib/Crypt_RSA | |
$ pear install phpseclib/File_X509 | |
# PHP Source | |
$ cat signatureverification.php | |
<?php | |
include('Akita/OpenIDConnect.php'); | |
include('Crypt/RSA.php'); | |
include('File/X509.php'); | |
# ID Token Information | |
$text = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dSI6Imh0dHBzOi8vY29ubmVjdC1vcC5oZXJva3UuY29tL2NlcnQucGVtIiwiamt1IjoiaHR0cHM6Ly9jb25uZWN0LW9wLmhlcm9rdS5jb20vandrLmpzb24ifQ.eyJpc3MiOiJodHRwczovL2Nvbm5lY3Qtb3AuaGVyb2t1LmNvbSIsInVzZXJfaWQiOiJmY2NhOGM2MjcwOGUyYTgzIiwiYXVkIjoiYzRiY2RhYzliZmI5ODc3ZjY1NWNkYTA5MDEzZGExZjgiLCJleHAiOjEzNTA2NjIyNzAsImlhdCI6MTM1MDY0MDY3MCwibm9uY2UiOiIzNGZjY2NjODA3OWJmYTQ3MTM3OWRlMzA0NmNiMmRmYzEzNTA2NDA2MTgifQ"; | |
$sig = Akita_OpenIDConnect_Util_Base64::urlDecode("Hz6vKId_lzUDfoAAvtJBMmlNWC-41s8cWeq6COXo-onML6c-oioXewOYqvhEbyNwxXCMz8KmjTMkhiR2gqQ7nmE4SQlNG15Qfsx0G64pbp5hZ6KACBmP_jJigJZIiqBuQNGslI4D6NLaQVDa-FBrhYwYPB4Dzlu4Bt87Ofq8FSdyjLhcio5qoHRUzcQw15NqTZbp4ZFsdDUmXornMWSdagbeNqdHrj39VNziU9ZnnicltVsQPdcS0eDHkUq7Jl8MCLp7-zM1UYgzs2d2BStCCDg4N_MsOWQd1Bm1NgaQ-wi_Y_5JPYFWL6XEFi_rmK-E9_nV_jWc8aoHgbcqnVHEOw"); | |
$httpclient = new Akita_OpenIDConnect_Util_HttpClient(); | |
$httpclient->setSslVerify(false, false); | |
// JWK | |
$jwk_url = "https://connect-op.heroku.com/jwk.json"; | |
echo "JWK URL : ".$jwk_url."\n"; | |
$jwk_data = json_decode($httpclient->get($jwk_url)); | |
echo "JWK Data : ".var_export($jwk_data,true)."\n"; | |
$modulus = new Math_BigInteger(Akita_OpenIDConnect_Util_Base64::urlDecode($jwk_data->keys[0]->mod), 256); | |
$exponent = new Math_BigInteger(Akita_OpenIDConnect_Util_Base64::urlDecode($jwk_data->keys[0]->exp), 256); | |
$rsa = new Crypt_RSA(); | |
$rsa->modulus = $modulus; | |
$rsa->exponent = $exponent; | |
$rsa->publicExponent = $exponent; | |
$rsa->k = strlen($rsa->modulus->toBytes()); | |
$rsa->setPublicKey(); | |
$pubkey = $rsa->getPublicKey(); | |
echo "Pubkey from JWK : ".$pubkey."\n"; | |
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); | |
$result = $rsa->verify($text, $sig); | |
echo "Verification Result : ".var_export($result, true)."\n"; | |
// x509 | |
$x509_url = "https://connect-op.heroku.com/cert.pem"; | |
echo "X509 URL : ".$x509_url."\n"; | |
$x509_data = $httpclient->get($x509_url); | |
echo "X509 DATA : ".$x509_data."\n"; | |
$x509 = new File_X509(); | |
$x509->loadX509($x509_data); | |
$rsa2 = $x509->getPublicKey(); | |
$pubkey2 = $rsa2->getPublicKey(); | |
echo "Pubkey from x509 : ".$pubkey2."\n"; | |
$rsa2->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1); | |
$result2 = $rsa2->verify($text, $sig); | |
echo "Verification Result : ".var_export($result, true)."\n"; | |
# Run | |
$ php signatureverification.php | |
JWK URL : https://connect-op.heroku.com/jwk.json | |
JWK Data : stdClass::__set_state(array( | |
'keys' => | |
array ( | |
0 => | |
stdClass::__set_state(array( | |
'alg' => 'RSA', | |
'xpo' => 'AQAB', | |
'exp' => 'AQAB', | |
'mod' => 'pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE-Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JBqaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9RfzT87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw', | |
'use' => 'sig', | |
)), | |
), | |
)) | |
Pubkey from JWK : -----BEGIN PUBLIC KEY----- | |
MIIBCgKCAQEApKybs0WaHU/y4cHxWbm8Wzj66HtcyFn7Fh3n+99qTXu5yNa30MRYIYfSDwe9JVc1 | |
JUoGw41yq2StdGBJ40HxichjE+Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDp | |
IK+12JJDY55pvf+PCiSQ9OjxZLiVGKlClDus44/uv2370b9IN2JiEOF+a7JBqaTEYLPpXaoKWDSn | |
JNonr79tL0T7iuJmO1l705oO3Y0TQ+INLY6jnKG/RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8 | |
IxQL9RfzT87OvF0RBSO1U73h09YP+corWDsnKIi6TbzRpN5YDwIDAQAB | |
-----END PUBLIC KEY----- | |
Verification Result : true | |
X509 URL : https://connect-op.heroku.com/cert.pem | |
X509 DATA : -----BEGIN CERTIFICATE----- | |
MIIDeDCCAmACCQDFeFSXWEnHxDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJK | |
UDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1NoaWJ1eWExITAfBgNVBAoMGElu | |
dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDTm92MRwwGgYJKoZIhvcN | |
AQkBFg1ub3ZAbWF0YWtlLmpwMB4XDTExMDkxMzEzMjIzNFoXDTEyMDkxMjEzMjIz | |
NFowfjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdTaGli | |
dXlhMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMM | |
A05vdjEcMBoGCSqGSIb3DQEJARYNbm92QG1hdGFrZS5qcDCCASIwDQYJKoZIhvcN | |
AQEBBQADggEPADCCAQoCggEBAKSsm7NFmh1P8uHB8Vm5vFs4+uh7XMhZ+xYd5/vf | |
ak17ucjWt9DEWCGH0g8HvSVXNSVKBsONcqtkrXRgSeNB8YnIYxPmKKX7twefEJYC | |
b06FG1g+IJkwxoDBsUMbb9RJ9snnWsp0O97A6SCvtdiSQ2Oeab3/jwokkPTo8WS4 | |
lRipQpQ7rOOP7r9t+9G/SDdiYhDhfmuyQamkxGCz6V2qClg0pyTaJ6+/bS9E+4ri | |
ZjtZe9OaDt2NE0PiDS2Oo5yhv0abL8rxjZ8D/aTL3D9aYSrFmddKH7roSRkafCMU | |
C/UX80/OzrxdEQUjtVO94dPWD/nKK1g7JyiIuk280aTeWA8CAwEAATANBgkqhkiG | |
9w0BAQsFAAOCAQEAdiNDw9z6U8lIF0NWVObeGqoxn/MSp/W5S56ts3agw0meqc1J | |
gUPkncXbpjZ/wX0Y3pupmGBIO0XAHPhjyCu3HhplhaVxSNqKEg9wB3huYaMZ2Kbi | |
+Wy77hLO2hOYk8vI/ok5oW0lhhpA0o4GzbyV4SA3nZgT0u8YXC7cqAHqI9KsBU5z | |
62mjlptCR/b10xTlC13AtbdDM6s1hWP9XpDrm6Kxgfu7nKQ1Q31ag1Ukm9Gw8qcl | |
ILxZxqbqGy/q1C+6ObTmGtiVbJTs+W8u5BPg9S49O6qIhVN5wWCT4lRrlpXpYA3a | |
TTVBULB1g7Iod2g+kF0qAXnwqGvZ5LOgwFfmcw== | |
-----END CERTIFICATE----- | |
Pubkey from x509 : -----BEGIN PUBLIC KEY----- | |
MIIBCgKCAQEApKybs0WaHU/y4cHxWbm8Wzj66HtcyFn7Fh3n+99qTXu5yNa30MRYIYfSDwe9JVc1 | |
JUoGw41yq2StdGBJ40HxichjE+Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDp | |
IK+12JJDY55pvf+PCiSQ9OjxZLiVGKlClDus44/uv2370b9IN2JiEOF+a7JBqaTEYLPpXaoKWDSn | |
JNonr79tL0T7iuJmO1l705oO3Y0TQ+INLY6jnKG/RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8 | |
IxQL9RfzT87OvF0RBSO1U73h09YP+corWDsnKIi6TbzRpN5YDwIDAQAB | |
-----END PUBLIC KEY----- | |
Verification Result : true |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment