You are here

private static function JWT::verify in Auth0 Single Sign On 8.2

Verify a signature with the message, key and method. Not all methods are symmetric, so we must have a separate verify and sign method.

Parameters

string $msg The original message (header and body):

string $signature The original signature:

string|resource $key For HS*, a string key works. for RS*, must be a resource of an openssl public key:

string $alg The algorithm:

Return value

bool

Throws

DomainException Invalid Algorithm or OpenSSL failure

1 call to JWT::verify()
JWT::decode in vendor/firebase/php-jwt/src/JWT.php
Decodes a JWT string into a PHP object.

File

vendor/firebase/php-jwt/src/JWT.php, line 234

Class

JWT
JSON Web Token implementation, based on this spec: https://tools.ietf.org/html/rfc7519

Namespace

Firebase\JWT

Code

private static function verify($msg, $signature, $key, $alg) {
  if (empty(static::$supported_algs[$alg])) {
    throw new DomainException('Algorithm not supported');
  }
  list($function, $algorithm) = static::$supported_algs[$alg];
  switch ($function) {
    case 'openssl':
      $success = \openssl_verify($msg, $signature, $key, $algorithm);
      if ($success === 1) {
        return true;
      }
      elseif ($success === 0) {
        return false;
      }

      // returns 1 on success, 0 on failure, -1 on error.
      throw new DomainException('OpenSSL error: ' . \openssl_error_string());
    case 'hash_hmac':
    default:
      $hash = \hash_hmac($algorithm, $msg, $key, true);
      if (\function_exists('hash_equals')) {
        return \hash_equals($signature, $hash);
      }
      $len = \min(static::safeStrlen($signature), static::safeStrlen($hash));
      $status = 0;
      for ($i = 0; $i < $len; $i++) {
        $status |= \ord($signature[$i]) ^ \ord($hash[$i]);
      }
      $status |= static::safeStrlen($signature) ^ static::safeStrlen($hash);
      return $status === 0;
  }
}