Want more features on Pastebin? Sign Up, it's FREE!
Guest

PHP openssl SHA256 signature verification of CSR

By: zedwood on Jun 18th, 2012  |  syntax: PHP  |  size: 2.91 KB  |  views: 133  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. <?php
  2. $csr ='-----BEGIN CERTIFICATE REQUEST-----
  3. MIICaDCCAVACAQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAMTC2V4YW1wbGUuY29t
  4. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3oXxBdyjls2NgWPVxCl
  5. ufJLBZ6IYryLpa3DakG1MSXMhnyZa/R/dKEBk5W5PrfctLRZPP8ijNWHdUSTnBne
  6. CEKy/YjrcWuLIUoGZpxtKxC79eh8ojquUYZROtGWApPx3jpoBm02IEG0CdjtdF7/
  7. rromhKxNajBqtAHsOqD5XAhcbF4f8hEsEaE9RBd5MwqXoE64w4HkWNcQs1BDr55L
  8. uQXnXdp4sYXENqfVsoJ6GqtMbJihtWwamQQYK42ALxEjHUFTehU5K4Qjvy2wMlp9
  9. DdA/rNNmnJ+i30BLDZyY5GREt1gdVHUHR7kD5VcQ0xqshcbxGRzfpjMSJQvumvty
  10. kwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAEisLgiTlezDEquIMx9/N8Nam2qa
  11. s+o1yvAdQEfwMY/zNrQ9Xe50SP4bQ0t415fV1XePulHbNXXEidy2SYZOTELnAePL
  12. ctqblNHtt1m+9utEaFTlEAy/ep9IGIby8oTKoTtIvtFKQCISe8BCpaDOD0MXROLP
  13. 6CcdcdWS2N69gsIR8nOMw6teoWR4r6YQGbHtsvtMu2Yg/ho0r0OfTU5tovDQ3zOT
  14. 5afV3C9H41Yx/VDSLoMv0rL7qH3OSh+hFPxFksochTrnMuSoE/5Umu4lAibTteGW
  15. CPPINlnv9UYcYuZY6tSGqD/tknfX69OSoZGOLBxOwhKwyYs7F5kyA+Oepd0=
  16. -----END CERTIFICATE REQUEST-----
  17. ';
  18. $verified = ASN1Simple::verifySig($csr,$alg=OPENSSL_ALGO_SHA256);
  19. echo $verified ? 'verified' : 'notverified';
  20. echo "\n";
  21.  
  22.  
  23. class ASN1Simple
  24. {
  25.         public function verifySig($csr,$alg)
  26.         {
  27.                 $str = $csr;
  28.                 $str = preg_replace('/\-+BEGIN [A-Z_ ]+\-+/','',$str);
  29.                 $str = preg_replace('/\-+END[A-Z_ ]+\-+/','',$str);
  30.                 $str = preg_replace('/[^A-Za-z0-9=+\/]/m','',$str);//strip off non base64
  31.                 $bytes = base64_decode($str);
  32.                 $pos=0;
  33.  
  34.                 //parent node
  35.                 list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
  36.                 $pos = $cstart;//move to children
  37.  
  38.                 {//read signed body
  39.                         list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
  40.                         $data = substr($bytes, $startpos,$endpos-$startpos);
  41.                         $pos = $endpos;//move to next sibling node
  42.                 }
  43.                 {//skip signature algorthing info
  44.                         list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
  45.                         $pos = $endpos;//move to next sibling node
  46.                 }
  47.                 {//read signature
  48.                         list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
  49.                         $sig = substr($bytes, $cstart,$endpos-$cstart);
  50.                         $sig = $sig[0]=="\x0" ? substr($sig,1) : $sig;
  51.                 }
  52.                 $pkey_resource = openssl_csr_get_public_key($csr);
  53.                 return openssl_verify($data,$sig,$pkey_resource,$alg) ? true : false;
  54.         }
  55.        
  56.         public function readNode(&$bytes,&$pos)
  57.         {
  58.                 $startpos = $pos;
  59.                 $tag = self::readByte($bytes,$pos);
  60.                 $clength = self::readLength($bytes,$pos);
  61.                 $cstart = $pos;
  62.                 $end = $cstart + $clength;
  63.                 return array($startpos,$cstart,$end);
  64.         }
  65.  
  66.         public function readByte($bytes,&$pos)
  67.         {
  68.                 $byte = isset($bytes[$pos]) ? $bytes[$pos] : null;
  69.                 $pos++;
  70.                 return ord($byte);
  71.         }
  72.  
  73.         public function readLength($bytes,&$pos)
  74.         {
  75.                 $buf = self::readByte($bytes, $pos);
  76.                 $len = $buf & 0x7F;
  77.                 if ($len == $buf)
  78.                         return $len;
  79.                 if ($len > 3)
  80.                         throw new Exception("Length over 24 bits not supported");
  81.                 if ($len == 0)
  82.                         return -1; // undefined
  83.                 $buf = 0;
  84.                 for ($i = 0; $i < $len; ++$i)
  85.                         $buf = ($buf << 8) | self::readByte($bytes, $pos);
  86.                 return $buf;
  87.         }
  88. }
  89. ?>
clone this paste RAW Paste Data