Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 4.0.x will end 8 May 2023 (12 months).
  • Bug fixes for security issues in 4.0.x will end 13 November 2023 (18 months).
  • PHP version: minimum PHP 7.3.0 Note: the minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is also supported.

Differences Between: [Versions 310 and 400] [Versions 39 and 400] [Versions 400 and 402] [Versions 400 and 403]

   1  <?php
   2  /*
   3   * Copyright 2011 Google Inc.
   4   *
   5   * Licensed under the Apache License, Version 2.0 (the "License");
   6   * you may not use this file except in compliance with the License.
   7   * You may obtain a copy of the License at
   8   *
   9   *     http://www.apache.org/licenses/LICENSE-2.0
  10   *
  11   * Unless required by applicable law or agreed to in writing, software
  12   * distributed under the License is distributed on an "AS IS" BASIS,
  13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14   * See the License for the specific language governing permissions and
  15   * limitations under the License.
  16   */
  17   
  18  if (!class_exists('Google_Client')) {
  19    require_once dirname(__FILE__) . '/../autoload.php';
  20  }
  21  
  22  /**
  23   * Verifies signatures using PEM encoded certificates.
  24   *
  25   * @author Brian Eaton <beaton@google.com>
  26   */
  27  class Google_Verifier_Pem extends Google_Verifier_Abstract
  28  {
  29    private $publicKey;
  30  
  31    /**
  32     * Constructs a verifier from the supplied PEM-encoded certificate.
  33     *
  34     * $pem: a PEM encoded certificate (not a file).
  35     * @param $pem
  36     * @throws Google_Auth_Exception
  37     * @throws Google_Exception
  38     */
  39    public function __construct($pem)
  40    {
  41      if (!function_exists('openssl_x509_read')) {
  42        throw new Google_Exception('Google API PHP client needs the openssl PHP extension');
  43      }
  44      $this->publicKey = openssl_x509_read($pem);
  45      if (!$this->publicKey) {
  46        throw new Google_Auth_Exception("Unable to parse PEM: $pem");
  47      }
  48    }
  49  
  50    public function __destruct()
  51    {
  52      if ($this->publicKey) {
  53        // TODO: Remove this block once PHP 8.0 becomes required.
  54        if (PHP_MAJOR_VERSION < 8) {
  55            openssl_x509_free($this->publicKey);
  56        }
  57      }
  58    }
  59  
  60    /**
  61     * Verifies the signature on data.
  62     *
  63     * Returns true if the signature is valid, false otherwise.
  64     * @param $data
  65     * @param $signature
  66     * @throws Google_Auth_Exception
  67     * @return bool
  68     */
  69    public function verify($data, $signature)
  70    {
  71      $hash = defined("OPENSSL_ALGO_SHA256") ? OPENSSL_ALGO_SHA256 : "sha256";
  72      $status = openssl_verify($data, $signature, $this->publicKey, $hash);
  73      if ($status === -1) {
  74        throw new Google_Auth_Exception('Signature verification error: ' . openssl_error_string());
  75      }
  76      return $status === 1;
  77    }
  78  }