Advertisement
zedwood

PHP openssl SHA256 signature verification of CSR

Jun 18th, 2012
390
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.91 KB | None | 0 0
  1. <?php
  2. $csr ='-----BEGIN CERTIFICATE REQUEST-----
  3. MIICaDCCAVACAQAwIzELMAkGA1UEBhMCVVMxFDASBgNVBAMTC2V4YW1wbGUuY29t
  4. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp3oXxBdyjls2NgWPVxCl
  5. ufJLBZ6IYryLpa3DakG1MSXMhnyZa/R/dKEBk5W5PrfctLRZPP8ijNWHdUSTnBne
  6. CEKy/YjrcWuLIUoGZpxtKxC79eh8ojquUYZROtGWApPx3jpoBm02IEG0CdjtdF7/
  7. rromhKxNajBqtAHsOqD5XAhcbF4f8hEsEaE9RBd5MwqXoE64w4HkWNcQs1BDr55L
  8. uQXnXdp4sYXENqfVsoJ6GqtMbJihtWwamQQYK42ALxEjHUFTehU5K4Qjvy2wMlp9
  9. DdA/rNNmnJ+i30BLDZyY5GREt1gdVHUHR7kD5VcQ0xqshcbxGRzfpjMSJQvumvty
  10. kwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAEisLgiTlezDEquIMx9/N8Nam2qa
  11. s+o1yvAdQEfwMY/zNrQ9Xe50SP4bQ0t415fV1XePulHbNXXEidy2SYZOTELnAePL
  12. ctqblNHtt1m+9utEaFTlEAy/ep9IGIby8oTKoTtIvtFKQCISe8BCpaDOD0MXROLP
  13. 6CcdcdWS2N69gsIR8nOMw6teoWR4r6YQGbHtsvtMu2Yg/ho0r0OfTU5tovDQ3zOT
  14. 5afV3C9H41Yx/VDSLoMv0rL7qH3OSh+hFPxFksochTrnMuSoE/5Umu4lAibTteGW
  15. CPPINlnv9UYcYuZY6tSGqD/tknfX69OSoZGOLBxOwhKwyYs7F5kyA+Oepd0=
  16. -----END CERTIFICATE REQUEST-----
  17. ';
  18. $verified = ASN1Simple::verifySig($csr,$alg=OPENSSL_ALGO_SHA256);
  19. echo $verified ? 'verified' : 'notverified';
  20. echo "\n";
  21.  
  22.  
  23. class ASN1Simple
  24. {
  25.     public function verifySig($csr,$alg)
  26.     {
  27.         $str = $csr;
  28.         $str = preg_replace('/\-+BEGIN [A-Z_ ]+\-+/','',$str);
  29.         $str = preg_replace('/\-+END[A-Z_ ]+\-+/','',$str);
  30.         $str = preg_replace('/[^A-Za-z0-9=+\/]/m','',$str);//strip off non base64
  31.         $bytes = base64_decode($str);
  32.         $pos=0;
  33.  
  34.         //parent node
  35.         list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
  36.         $pos = $cstart;//move to children
  37.  
  38.         {//read signed body
  39.             list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
  40.             $data = substr($bytes, $startpos,$endpos-$startpos);
  41.             $pos = $endpos;//move to next sibling node
  42.         }
  43.         {//skip signature algorthing info
  44.             list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
  45.             $pos = $endpos;//move to next sibling node
  46.         }
  47.         {//read signature
  48.             list($startpos,$cstart,$endpos) = self::readNode($bytes,$pos);
  49.             $sig = substr($bytes, $cstart,$endpos-$cstart);
  50.             $sig = $sig[0]=="\x0" ? substr($sig,1) : $sig;
  51.         }
  52.         $pkey_resource = openssl_csr_get_public_key($csr);
  53.         return openssl_verify($data,$sig,$pkey_resource,$alg) ? true : false;
  54.     }
  55.    
  56.     public function readNode(&$bytes,&$pos)
  57.     {
  58.         $startpos = $pos;
  59.         $tag = self::readByte($bytes,$pos);
  60.         $clength = self::readLength($bytes,$pos);
  61.         $cstart = $pos;
  62.         $end = $cstart + $clength;
  63.         return array($startpos,$cstart,$end);
  64.     }
  65.  
  66.     public function readByte($bytes,&$pos)
  67.     {
  68.         $byte = isset($bytes[$pos]) ? $bytes[$pos] : null;
  69.         $pos++;
  70.         return ord($byte);
  71.     }
  72.  
  73.     public function readLength($bytes,&$pos)
  74.     {
  75.         $buf = self::readByte($bytes, $pos);
  76.         $len = $buf & 0x7F;
  77.         if ($len == $buf)
  78.             return $len;
  79.         if ($len > 3)
  80.             throw new Exception("Length over 24 bits not supported");
  81.         if ($len == 0)
  82.             return -1; // undefined
  83.         $buf = 0;
  84.         for ($i = 0; $i < $len; ++$i)
  85.             $buf = ($buf << 8) | self::readByte($bytes, $pos);
  86.         return $buf;
  87.     }
  88. }
  89. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement