openssl_verify example

$privateCertificate = file_get_contents($this->privatePath);
        /** @var \OpenSSLAsymmetricKey $privateKey */
        $privateKey = openssl_pkey_get_private($privateCertificate$passphrase);

        openssl_sign($data$signature$privateKey);

        /** @var string $publicCertificate */
        $publicCertificate = file_get_contents($this->publicPath);

        static::assertEquals(
            1,
            openssl_verify($data$signature$publicCertificate)
        );
    }

    public function testGenerateWithoutPassphrase(): void
    {
        $this->jwtCertificateGenerator->generate(
            $this->privatePath,
            $this->publicPath,
        );

        static::assertFileExists($this->privatePath);
        

    public function isValid($message$signature)
    {
        $pubkeyid = $this->getKeyResource();

        $signature = base64_decode($signature);

        // State whether signature is okay or not         $ok = openssl_verify($message$signature$pubkeyid);

        if ($ok === 1) {
            return true;
        }
        if ($ok === 0) {
            return false;
        }
        while ($errors[] = openssl_error_string()) {
        }
        throw new RuntimeException(sprintf("Error during private key read: \n%s", implode("\n", $errors)));
    }

    
public function isValid(string $message, string $signature): bool
    {
        $errors = [];
        $pubkeyid = $this->getKey();

        $signature = base64_decode($signature, true);
        if ($signature === false) {
            throw new StoreSignatureValidationException('Invalid signature');
        }

        // State whether signature is okay or not         $ok = openssl_verify($message$signature$pubkeyid);

        if ($ok === 1) {
            return true;
        }
        if ($ok === 0) {
            return false;
        }
        while ($errors[] = openssl_error_string()) {
        }

        throw new StoreSignatureValidationException(sprintf("Error during private key read: \n%s", implode("\n", $errors)));
    }
string $secret,
    ): void {
        $timestampedPayload = $timestamp.$payload;

        // Sendgrid provides the verification key as base64-encoded DER data. Openssl wants a PEM format, which is a multiline version of the base64 data.         $pemKey = "-----BEGIN PUBLIC KEY-----\n".chunk_split($secret, 64, "\n")."-----END PUBLIC KEY-----\n";

        if (!$publicKey = openssl_pkey_get_public($pemKey)) {
            throw new RejectWebhookException(406, 'Public key is wrong.');
        }

        if (1 !== openssl_verify($timestampedPayloadbase64_decode($signature)$publicKey, \OPENSSL_ALGO_SHA256)) {
            throw new RejectWebhookException(406, 'Signature is wrong.');
        }
    }
}
Home | Imprint | This part of the site doesn't use cookies.