[Summary view] [Print] [Text view]

   1  <?php
   2  /*
   3   * Copyright 2011 Google Inc.
   4   *
   5   * Licensed under the Apache License, Version 2.0 (the "License");
   6   * you may not use this file except in compliance with the License.
   7   * You may obtain a copy of the License at
   8   *
   9   *     http://www.apache.org/licenses/LICENSE-2.0
  10   *
  11   * Unless required by applicable law or agreed to in writing, software
  12   * distributed under the License is distributed on an "AS IS" BASIS,
  13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14   * See the License for the specific language governing permissions and
  15   * limitations under the License.
  16   */
  17   
  18  require_once 'Google/Auth/Exception.php';
  19  require_once 'Google/Verifier/Abstract.php';
  20  
  21  /**
  22   * Verifies signatures using PEM encoded certificates.
  23   *
  24   * @author Brian Eaton <[email protected]>
  25   */
  26  class Google_Verifier_Pem extends Google_Verifier_Abstract
  27  {
  28    private $publicKey;
  29  
  30    /**
  31     * Constructs a verifier from the supplied PEM-encoded certificate.
  32     *
  33     * $pem: a PEM encoded certificate (not a file).
  34     * @param $pem
  35     * @throws Google_Auth_Exception
  36     * @throws Google_Exception
  37     */
  38    public function __construct($pem)
  39    {
  40      if (!function_exists('openssl_x509_read')) {
  41        throw new Google_Exception('Google API PHP client needs the openssl PHP extension');
  42      }
  43      $this->publicKey = openssl_x509_read($pem);
  44      if (!$this->publicKey) {
  45        throw new Google_Auth_Exception("Unable to parse PEM: $pem");
  46      }
  47    }
  48  
  49    public function __destruct()
  50    {
  51      if ($this->publicKey) {
  52        openssl_x509_free($this->publicKey);
  53      }
  54    }
  55  
  56    /**
  57     * Verifies the signature on data.
  58     *
  59     * Returns true if the signature is valid, false otherwise.
  60     * @param $data
  61     * @param $signature
  62     * @throws Google_Auth_Exception
  63     * @return bool
  64     */
  65    public function verify($data, $signature)
  66    {
  67      $hash = defined("OPENSSL_ALGO_SHA256") ? OPENSSL_ALGO_SHA256 : "sha256";
  68      $status = openssl_verify($data, $signature, $this->publicKey, $hash);
  69      if ($status === -1) {
  70        throw new Google_Auth_Exception('Signature verification error: ' . openssl_error_string());
  71      }
  72      return $status === 1;
  73    }
  74  }