Skip to content

Instantly share code, notes, and snippets.

@ritou

ritou/signatureverification.php

Created October 19, 2012 10:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save ritou/3917397 to your computer and use it in GitHub Desktop.
Save ritou/3917397 to your computer and use it in GitHub Desktop.
Download ZIP
ID Token Verification using JWK URL and x509 URL
Raw
signatureverification.php
# preparation
## OpenID Connect library(use only http client)
$ pear install openpear/Akita_OpenIDConnect-alpha
## RSA Crypt and X.509 handling library
$ pear channel-discover phpseclib.sourceforge.net
$ pear install phpseclib/Crypt_RSA
$ pear install phpseclib/File_X509
# PHP Source
$ cat signatureverification.php
<?php
include('Akita/OpenIDConnect.php');
include('Crypt/RSA.php');
include('File/X509.php');
# ID Token Information
$text = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dSI6Imh0dHBzOi8vY29ubmVjdC1vcC5oZXJva3UuY29tL2NlcnQucGVtIiwiamt1IjoiaHR0cHM6Ly9jb25uZWN0LW9wLmhlcm9rdS5jb20vandrLmpzb24ifQ.eyJpc3MiOiJodHRwczovL2Nvbm5lY3Qtb3AuaGVyb2t1LmNvbSIsInVzZXJfaWQiOiJmY2NhOGM2MjcwOGUyYTgzIiwiYXVkIjoiYzRiY2RhYzliZmI5ODc3ZjY1NWNkYTA5MDEzZGExZjgiLCJleHAiOjEzNTA2NjIyNzAsImlhdCI6MTM1MDY0MDY3MCwibm9uY2UiOiIzNGZjY2NjODA3OWJmYTQ3MTM3OWRlMzA0NmNiMmRmYzEzNTA2NDA2MTgifQ";
$sig = Akita_OpenIDConnect_Util_Base64::urlDecode("Hz6vKId_lzUDfoAAvtJBMmlNWC-41s8cWeq6COXo-onML6c-oioXewOYqvhEbyNwxXCMz8KmjTMkhiR2gqQ7nmE4SQlNG15Qfsx0G64pbp5hZ6KACBmP_jJigJZIiqBuQNGslI4D6NLaQVDa-FBrhYwYPB4Dzlu4Bt87Ofq8FSdyjLhcio5qoHRUzcQw15NqTZbp4ZFsdDUmXornMWSdagbeNqdHrj39VNziU9ZnnicltVsQPdcS0eDHkUq7Jl8MCLp7-zM1UYgzs2d2BStCCDg4N_MsOWQd1Bm1NgaQ-wi_Y_5JPYFWL6XEFi_rmK-E9_nV_jWc8aoHgbcqnVHEOw");
$httpclient = new Akita_OpenIDConnect_Util_HttpClient();
$httpclient->setSslVerify(false, false);
// JWK
$jwk_url = "https://connect-op.heroku.com/jwk.json";
echo "JWK URL : ".$jwk_url."\n";
$jwk_data = json_decode($httpclient->get($jwk_url));
echo "JWK Data : ".var_export($jwk_data,true)."\n";
$modulus = new Math_BigInteger(Akita_OpenIDConnect_Util_Base64::urlDecode($jwk_data->keys[0]->mod), 256);
$exponent = new Math_BigInteger(Akita_OpenIDConnect_Util_Base64::urlDecode($jwk_data->keys[0]->exp), 256);
$rsa = new Crypt_RSA();
$rsa->modulus = $modulus;
$rsa->exponent = $exponent;
$rsa->publicExponent = $exponent;
$rsa->k = strlen($rsa->modulus->toBytes());
$rsa->setPublicKey();
$pubkey = $rsa->getPublicKey();
echo "Pubkey from JWK : ".$pubkey."\n";
$rsa->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$result = $rsa->verify($text, $sig);
echo "Verification Result : ".var_export($result, true)."\n";
// x509
$x509_url = "https://connect-op.heroku.com/cert.pem";
echo "X509 URL : ".$x509_url."\n";
$x509_data = $httpclient->get($x509_url);
echo "X509 DATA : ".$x509_data."\n";
$x509 = new File_X509();
$x509->loadX509($x509_data);
$rsa2 = $x509->getPublicKey();
$pubkey2 = $rsa2->getPublicKey();
echo "Pubkey from x509 : ".$pubkey2."\n";
$rsa2->setSignatureMode(CRYPT_RSA_SIGNATURE_PKCS1);
$result2 = $rsa2->verify($text, $sig);
echo "Verification Result : ".var_export($result, true)."\n";
# Run
$ php signatureverification.php
JWK URL : https://connect-op.heroku.com/jwk.json
JWK Data : stdClass::__set_state(array(
'keys' =>
array (
0 =>
stdClass::__set_state(array(
'alg' => 'RSA',
'xpo' => 'AQAB',
'exp' => 'AQAB',
'mod' => 'pKybs0WaHU_y4cHxWbm8Wzj66HtcyFn7Fh3n-99qTXu5yNa30MRYIYfSDwe9JVc1JUoGw41yq2StdGBJ40HxichjE-Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDpIK-12JJDY55pvf-PCiSQ9OjxZLiVGKlClDus44_uv2370b9IN2JiEOF-a7JBqaTEYLPpXaoKWDSnJNonr79tL0T7iuJmO1l705oO3Y0TQ-INLY6jnKG_RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8IxQL9RfzT87OvF0RBSO1U73h09YP-corWDsnKIi6TbzRpN5YDw',
'use' => 'sig',
)),
),
))
Pubkey from JWK : -----BEGIN PUBLIC KEY-----
MIIBCgKCAQEApKybs0WaHU/y4cHxWbm8Wzj66HtcyFn7Fh3n+99qTXu5yNa30MRYIYfSDwe9JVc1
JUoGw41yq2StdGBJ40HxichjE+Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDp
IK+12JJDY55pvf+PCiSQ9OjxZLiVGKlClDus44/uv2370b9IN2JiEOF+a7JBqaTEYLPpXaoKWDSn
JNonr79tL0T7iuJmO1l705oO3Y0TQ+INLY6jnKG/RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8
IxQL9RfzT87OvF0RBSO1U73h09YP+corWDsnKIi6TbzRpN5YDwIDAQAB
-----END PUBLIC KEY-----
Verification Result : true
X509 URL : https://connect-op.heroku.com/cert.pem
X509 DATA : -----BEGIN CERTIFICATE-----
MIIDeDCCAmACCQDFeFSXWEnHxDANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJK
UDEOMAwGA1UECAwFVG9reW8xEDAOBgNVBAcMB1NoaWJ1eWExITAfBgNVBAoMGElu
dGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAwwDTm92MRwwGgYJKoZIhvcN
AQkBFg1ub3ZAbWF0YWtlLmpwMB4XDTExMDkxMzEzMjIzNFoXDTEyMDkxMjEzMjIz
NFowfjELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRAwDgYDVQQHDAdTaGli
dXlhMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxDDAKBgNVBAMM
A05vdjEcMBoGCSqGSIb3DQEJARYNbm92QG1hdGFrZS5qcDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAKSsm7NFmh1P8uHB8Vm5vFs4+uh7XMhZ+xYd5/vf
ak17ucjWt9DEWCGH0g8HvSVXNSVKBsONcqtkrXRgSeNB8YnIYxPmKKX7twefEJYC
b06FG1g+IJkwxoDBsUMbb9RJ9snnWsp0O97A6SCvtdiSQ2Oeab3/jwokkPTo8WS4
lRipQpQ7rOOP7r9t+9G/SDdiYhDhfmuyQamkxGCz6V2qClg0pyTaJ6+/bS9E+4ri
ZjtZe9OaDt2NE0PiDS2Oo5yhv0abL8rxjZ8D/aTL3D9aYSrFmddKH7roSRkafCMU
C/UX80/OzrxdEQUjtVO94dPWD/nKK1g7JyiIuk280aTeWA8CAwEAATANBgkqhkiG
9w0BAQsFAAOCAQEAdiNDw9z6U8lIF0NWVObeGqoxn/MSp/W5S56ts3agw0meqc1J
gUPkncXbpjZ/wX0Y3pupmGBIO0XAHPhjyCu3HhplhaVxSNqKEg9wB3huYaMZ2Kbi
+Wy77hLO2hOYk8vI/ok5oW0lhhpA0o4GzbyV4SA3nZgT0u8YXC7cqAHqI9KsBU5z
62mjlptCR/b10xTlC13AtbdDM6s1hWP9XpDrm6Kxgfu7nKQ1Q31ag1Ukm9Gw8qcl
ILxZxqbqGy/q1C+6ObTmGtiVbJTs+W8u5BPg9S49O6qIhVN5wWCT4lRrlpXpYA3a
TTVBULB1g7Iod2g+kF0qAXnwqGvZ5LOgwFfmcw==
-----END CERTIFICATE-----
Pubkey from x509 : -----BEGIN PUBLIC KEY-----
MIIBCgKCAQEApKybs0WaHU/y4cHxWbm8Wzj66HtcyFn7Fh3n+99qTXu5yNa30MRYIYfSDwe9JVc1
JUoGw41yq2StdGBJ40HxichjE+Yopfu3B58QlgJvToUbWD4gmTDGgMGxQxtv1En2yedaynQ73sDp
IK+12JJDY55pvf+PCiSQ9OjxZLiVGKlClDus44/uv2370b9IN2JiEOF+a7JBqaTEYLPpXaoKWDSn
JNonr79tL0T7iuJmO1l705oO3Y0TQ+INLY6jnKG/RpsvyvGNnwP9pMvcP1phKsWZ10ofuuhJGRp8
IxQL9RfzT87OvF0RBSO1U73h09YP+corWDsnKIi6TbzRpN5YDwIDAQAB
-----END PUBLIC KEY-----
Verification Result : true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment