/google_api/Verifier/Pem.php

  1. <?php 
  2. /** 
  3. * Copyright 2011 Google Inc. 
  4. * 
  5. * Licensed under the Apache License, Version 2.0 (the "License"); 
  6. * you may not use this file except in compliance with the License. 
  7. * You may obtain a copy of the License at 
  8. * 
  9. * http://www.apache.org/licenses/LICENSE-2.0 
  10. * 
  11. * Unless required by applicable law or agreed to in writing, software 
  12. * distributed under the License is distributed on an "AS IS" BASIS,  
  13. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
  14. * See the License for the specific language governing permissions and 
  15. * limitations under the License. 
  16. */ 
  17.  
  18. if (!class_exists('Google_Client')) { 
  19. require_once dirname(__FILE__) . '/../autoload.php'; 
  20.  
  21. /** 
  22. * Verifies signatures using PEM encoded certificates. 
  23. * 
  24. * @author Brian Eaton <beaton@google.com> 
  25. */ 
  26. class Google_Verifier_Pem extends Google_Verifier_Abstract 
  27. private $publicKey; 
  28.  
  29. /** 
  30. * Constructs a verifier from the supplied PEM-encoded certificate. 
  31. * 
  32. * $pem: a PEM encoded certificate (not a file). 
  33. * @param $pem 
  34. * @throws Google_Auth_Exception 
  35. * @throws Google_Exception 
  36. */ 
  37. public function __construct($pem) 
  38. if (!function_exists('openssl_x509_read')) { 
  39. throw new Google_Exception('Google API PHP client needs the openssl PHP extension'); 
  40. $this->publicKey = openssl_x509_read($pem); 
  41. if (!$this->publicKey) { 
  42. throw new Google_Auth_Exception("Unable to parse PEM: $pem"); 
  43.  
  44. public function __destruct() 
  45. if ($this->publicKey) { 
  46. openssl_x509_free($this->publicKey); 
  47.  
  48. /** 
  49. * Verifies the signature on data. 
  50. * 
  51. * Returns true if the signature is valid, false otherwise. 
  52. * @param $data 
  53. * @param $signature 
  54. * @throws Google_Auth_Exception 
  55. * @return bool 
  56. */ 
  57. public function verify($data, $signature) 
  58. $hash = defined("OPENSSL_ALGO_SHA256") ? OPENSSL_ALGO_SHA256 : "sha256"; 
  59. $status = openssl_verify($data, $signature, $this->publicKey, $hash); 
  60. if ($status === -1) { 
  61. throw new Google_Auth_Exception('Signature verification error: ' . openssl_error_string()); 
  62. return $status === 1; 
.