1<?php 2/* 3 * Copyright 2011 Google Inc. 4 * 5 * Licensed under the Apache License, Version 2.0 (the "License"); 6 * you may not use this file except in compliance with the License. 7 * You may obtain a copy of the License at 8 * 9 * http://www.apache.org/licenses/LICENSE-2.0 10 * 11 * Unless required by applicable law or agreed to in writing, software 12 * distributed under the License is distributed on an "AS IS" BASIS, 13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 * See the License for the specific language governing permissions and 15 * limitations under the License. 16 */ 17 18/** 19 * Verifies signatures using PEM encoded certificates. 20 * 21 * @author Brian Eaton <beaton@google.com> 22 */ 23class Google_PemVerifier extends Google_Verifier { 24 private $publicKey; 25 26 /** 27 * Constructs a verifier from the supplied PEM-encoded certificate. 28 * 29 * $pem: a PEM encoded certificate (not a file). 30 * @param $pem 31 * @throws Google_AuthException 32 * @throws Google_Exception 33 */ 34 function __construct($pem) { 35 if (!function_exists('openssl_x509_read')) { 36 throw new Google_Exception('Google API PHP client needs the openssl PHP extension'); 37 } 38 $this->publicKey = openssl_x509_read($pem); 39 if (!$this->publicKey) { 40 throw new Google_AuthException("Unable to parse PEM: $pem"); 41 } 42 } 43 44 function __destruct() { 45 if ($this->publicKey) { 46 openssl_x509_free($this->publicKey); 47 } 48 } 49 50 /** 51 * Verifies the signature on data. 52 * 53 * Returns true if the signature is valid, false otherwise. 54 * @param $data 55 * @param $signature 56 * @throws Google_AuthException 57 * @return bool 58 */ 59 function verify($data, $signature) { 60 $status = openssl_verify($data, $signature, $this->publicKey, "sha256"); 61 if ($status === -1) { 62 throw new Google_AuthException('Signature verification error: ' . openssl_error_string()); 63 } 64 return $status === 1; 65 } 66} 67