PHP openssl SHA256 signature verification of CSR

1. <?php
2. $csr ='-----BEGIN CERTIFICATE REQUEST-----
3. MIICaDCCAVACAQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAMTC2V4YW1wbGUuY29t
4. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3oXxBdyjls2NgWPVxCl
5. ufJLBZ6IYryLpa3DakG1MSXMhnyZa/R/dKEBk5W5PrfctLRZPP8ijNWHdUSTnBne
6. CEKy/YjrcWuLIUoGZpxtKxC79eh8ojquUYZROtGWApPx3jpoBm02IEG0CdjtdF7/
7. rromhKxNajBqtAHsOqD5XAhcbF4f8hEsEaE9RBd5MwqXoE64w4HkWNcQs1BDr55L
8. uQXnXdp4sYXENqfVsoJ6GqtMbJihtWwamQQYK42ALxEjHUFTehU5K4Qjvy2wMlp9
9. DdA/rNNmnJ+i30BLDZyY5GREt1gdVHUHR7kD5VcQ0xqshcbxGRzfpjMSJQvumvty
10. kwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAEisLgiTlezDEquIMx9/N8Nam2qa
11. s+o1yvAdQEfwMY/zNrQ9Xe50SP4bQ0t415fV1XePulHbNXXEidy2SYZOTELnAePL
12. ctqblNHtt1m+9utEaFTlEAy/ep9IGIby8oTKoTtIvtFKQCISe8BCpaDOD0MXROLP
13. 6CcdcdWS2N69gsIR8nOMw6teoWR4r6YQGbHtsvtMu2Yg/ho0r0OfTU5tovDQ3zOT
14. 5afV3C9H41Yx/VDSLoMv0rL7qH3OSh+hFPxFksochTrnMuSoE/5Umu4lAibTteGW
15. CPPINlnv9UYcYuZY6tSGqD/tknfX69OSoZGOLBxOwhKwyYs7F5kyA+Oepd0=
16. -----END CERTIFICATE REQUEST-----
17. ';
18. $verified = ASN1Simple::verifySig($csr,$alg=OPENSSL_ALGO_SHA256);
19. echo $verified ? 'verified' : 'notverified';
20. echo "\n";
21.  
22.  
23. class ASN1Simple
24. {
25.     public function verifySig($csr,$alg)
26.     {
27.         $str = $csr;
28.         $str = preg_replace('/\-+BEGIN [A-Z_ ]+\-+/','',$str);
29.         $str = preg_replace('/\-+END[A-Z_ ]+\-+/','',$str);
30.         $str = preg_replace('/[^A-Za-z0-9=+\/]/m','',$str);//strip off non base64
31.         $bytes = base64_decode($str);
32.         $pos=0;
33.  
34.         //parent node
35.         list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
36.         $pos = $cstart;//move to children
37.  
38.         {//read signed body
39.             list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
40.             $data = substr($bytes, $startpos,$endpos-$startpos);
41.             $pos = $endpos;//move to next sibling node
42.         }
43.         {//skip signature algorthing info
44.             list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
45.             $pos = $endpos;//move to next sibling node
46.         }
47.         {//read signature
48.             list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
49.             $sig = substr($bytes, $cstart,$endpos-$cstart);
50.             $sig = $sig[0]=="\x0" ? substr($sig,1) : $sig;
51.         }
52.         $pkey_resource = openssl_csr_get_public_key($csr);
53.         return openssl_verify($data,$sig,$pkey_resource,$alg) ? true : false;
54.     }
55.    
56.     public function readNode(&$bytes,&$pos)
57.     {
58.         $startpos = $pos;
59.         $tag = self::readByte($bytes,$pos);
60.         $clength = self::readLength($bytes,$pos);
61.         $cstart = $pos;
62.         $end = $cstart + $clength;
63.         return array($startpos,$cstart,$end);
64.     }
65.  
66.     public function readByte($bytes,&$pos)
67.     {
68.         $byte = isset($bytes[$pos]) ? $bytes[$pos] : null;
69.         $pos++;
70.         return ord($byte);
71.     }
72.  
73.     public function readLength($bytes,&$pos)
74.     {
75.         $buf = self::readByte($bytes, $pos);
76.         $len = $buf & 0x7F;
77.         if ($len == $buf)
78.             return $len;
79.         if ($len > 3)
80.             throw new Exception("Length over 24 bits not supported");
81.         if ($len == 0)
82.             return -1; // undefined
83.         $buf = 0;
84.         for ($i = 0; $i < $len; ++$i)
85.             $buf = ($buf << 8) | self::readByte($bytes, $pos);
86.         return $buf;
87.     }
88. }
89. ?>