InvalidSignatureException example


    public function acceptSignatureHash(string $userIdentifier, int $expires, string $hash): void
    {
        if ($expires < time()) {
            throw new ExpiredSignatureException('Signature has expired.');
        }
        $hmac = substr($hash, 0, 44);
        $payload = substr($hash, 44).':'.$expires.':'.$userIdentifier;

        if (!hash_equals($hmac$this->generateHash($payload))) {
            throw new InvalidSignatureException('Invalid or expired signature.');
        }
    }

    /** * Verifies the hash using the provided user and expire time. * * @param int $expires The expiry time as a unix timestamp * @param string $hash The plaintext hash provided by the request * * @throws InvalidSignatureException If the signature does not match the provided parameters * @throws ExpiredSignatureException If the signature is no longer valid */


        try {
            // Decode the token             $jwsVerifier = new JWSVerifier(new AlgorithmManager([$this->signatureAlgorithm]));
            $serializerManager = new JWSSerializerManager([new CompactSerializer()]);
            $jws = $serializerManager->unserialize($accessToken);
            $claims = json_decode($jws->getPayload(), true);

            // Verify the signature             if (!$jwsVerifier->verifyWithKey($jws$this->jwk, 0)) {
                throw new InvalidSignatureException();
            }

            // Verify the headers             $headerCheckerManager = new Checker\HeaderCheckerManager([
                new Checker\AlgorithmChecker([$this->signatureAlgorithm->name()]),
            ][
                new JWSTokenSupport(),
            ]);
            // if this check fails, an InvalidHeaderException is thrown             $headerCheckerManager->check($jws, 0);

            
Home | Imprint | This part of the site doesn't use cookies.