3v4l.org

run code in 300+ PHP versions simultaneously
<?php /* public function validateWebhook($signature, $payload) { $this->load->library('3PLib', '', '3PLib'); $sets = $this->3PLib->getWebKeySet($apiKey); if (empty($sets->keys) || !isset($sets->keys[0]->n, $sets->keys[0]->e, $sets->keys[0]->kty, $sets->keys[0]->kid, $sets->keys[0]->alg)) { throw new Exception('Missing/Invalid Request Credentials -- Request Denied'); } $wks = $sets->keys[0]; $components = [ 'kty' => $wks->kty, // RSA 'e' => $wks->e, // AQAB 'n' => $wks->n, // ANV-aocctqt5xDRnqomCgsO9dm4hM0Qd75TqG7z2G5Z89JQ7SRy2ok-fIJRiSU5-JfjP... 'kid' => $wks->kid, // 2021-10-14 'alg' => $wks->alg, // RS256 ]; */ /* //exit(var_dump($components)); $components = [ 'kty' => 'RSA', 'e' => 'AQAB', 'n' => 'ANV-aocctqt5xDRnqomCgsO9dm4hM0Qd75TqG7z2G5Z89JQ7SRy2ok-fIJRiSU5-JfjPc3uph3gSOXyqlNoEh4YGL2R4AP7jhxy9xv0gDVtj1tExB_mmk8EUbmj8hTIrfAgEJrDeB4qMk7MkkKxhHkhLNEJEPZfgYHcHcuKjp2l_vtpiuR9Ouz0febB9K4gLozrp9KHW2K-m0z02-tSurxmmij5nnJ-CEgp0wXcCS4w4G0jve4hcLlL9FU8HKxrb0d4rMQgM3VAal6yG5pwMdtrsch7xA-occwWFC_tHgpDJGNvOJNFtuk7Cit_aom-6U6ssGF13sUtdrog2ePWjVxc=', 'kid' => '2020-03-18', 'alg' => 'RSA256', ]; $rsa = JOSE_JWK::decode($components); // => phpseclib\Crypt\RSA instance $publicKey = $rsa->createKey()['publickey']; /* $publicKey : -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDbScb43YAZ+alz2xbLmYoudXfL JaiYnZGnE7h8M2FA++W22+ZQQV+KJcNpolIG0PtAp9W9DRxnndOXqqsYpyX1aA1L LVJ5NEdcTewyfiyCohZBXc3DgcwsWEnL5TjUpobplEzN1AduPB97/zCA2qFaRDMP 7rAmMRhMlp0evVGkzwIDAQAB -----END PUBLIC KEY----- */ /* //$rsa->setSignatureMode(2); //$rsa->setHash('sha256'); $rsa->loadKey($publicKey); //exit(var_dump($rsa)); // this is a fully populated object //$rsa = new Crypt_RSA(); //$rsa->setSignatureMode(2); //exit(var_dump($rsa->sign($signature))); //exit(var_dump($rsa->sign($signature))); // exit($rsa->verify($payload, (new JOSE_JWT($payload))->sign($signature)->toString())); // invalid signature /*exit( var_dump( [ 'signature' => $signature, 'decoded sig' => base64_decode($signature), 'encoded sig' => base64_encode($signature), 'rsa->sign()' => $rsa->sign($signature), 'JOSE_JWT(payload)->sign()' => (new JOSE_JWT($payload))->sign($signature)->toString(), ] ) );*/ /* exit(var_dump($rsa->verify($payload, $rsa->sign($signature)))); // this actually satisfies (strlen($s) == $this->k) check (both = 128); there are no user errors, but returns false //$rsa->loadKey($publicKey); //exit(var_dump($rsa)); // this is a fully populated object //exit(var_dump($rsa->sign($signature))); // output: ��|�w��b_�u�/ґ���p��s�jt�����_U��}8�/��EY�'�r73d� �V˿ø֪���G���ҫ���lU8���ci�[.�n��gT��C��.&`v��G?dR�"��p'z5��Y�� //exit((new JOSE_JWT($payload))->sign($signature)->toString()); // has 2 dots: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY2FsYXIiOiJ7XCJldmVudElkXCI6XCJmMjk0YzVhZi02MTdhLTQ0ZjktYjg4Ni02ZWFiNTNhZGZlMjNcIixcIm9mZmljZUlkXCI6XCI5XCIsXCJldmVudFR5cGVcIjpcIlBST1BFUlRZX0NPTVBMSUFOQ0VfUkVRVUVTVEVEXCIsXCJldmVudFwiOntcInJlY2lwaWVudFBhcnRuZXJDb2RlXCI6XCJTTU9LRV9BTEFSTVNfMTMwMFwiLFwibGFzdFVwZGF0ZWREYXRlVGltZVwiOlwiMjAyMS0xMC0xMlQwNTowMjowMC4yNDFaXCIsXCJwcm9wZXJ0eUNvbXBsaWFuY2VQcm9jZXNzXCI6e1wicHJvcGVydHlDb21wbGlhbmNlUHJvY2Vzc0lkXCI6XCI0MjljMDE1OC0wMjNhLTQ4OTUtOGEzNC00ZjM5ZjliOThkZTJcIixcInByb3BlcnR5Q29tcGxpYW5jZUlkXCI6XCIwNzUxZjE0NS01OGYzLTRhNWYtOWFjZi05Yzg1NmUyMmJhMWNcIixcInByb3BlcnR5SWRcIjpcIjMxOVwiLFwic3RhdHVzXCI6XCJBQ1RJVkVcIixcInJlbmV3QnlEYXRlXCI6XCIyMDIxLTEwLTMxXCIsXCJjcmVhdGVkRGF0ZVRpbWVcIjpcIjIwMjEtMTAtMTJUMDU6MDI6MDAuMjQxWlwiLFwibGFzdFVwZGF0ZWREYXRlVGltZVwiOlwiMjAyMS0xMC0xMlQwNTowMjowMC4yNDFaXCIsXCJyZWxhdGVkRmlsZXNcIjpbXX0sXCJyZWxhdGVkUmVzb3VyY2VzXCI6e1wicHJvcGVydHlDb21wbGlhbmNlXCI6e1wicHJvcGVydHlDb21wbGlhbmNlSWRcIjpcIjA3NTFmMTQ1LTU4ZjMtNGE1Zi05YWNmLTljODU2ZTIyYmExY1wiLFwicHJvcGVydHlJZFwiOlwiMzE5XCIsXCJ0eXBlXCI6XCJTTU9LRV9BTEFSTVNcIixcImV4cGlyeURhdGVcIjpcIjIwMjEtMTAtMzFcIixcImxhc3RJbnNwZWN0aW9uRGF0ZVwiOlwiMjAyMS0xMC0wMVwiLFwibm90ZXNcIjpcInRlc3Qgd2l0aCB1bml0IG51bWJlclwiLFwiaGFzMjAyMkxlZ2lzbGF0aW9uQ29tcGxpYW5jZVwiOnRydWUsXCJhc3NpZ25lZFRvXCI6e1widHlwZVwiOlwiSU5URUdSQVRJT05fUEFSVE5FUlwiLFwicGFydG5lckNvZGVcIjpcIlNNT0tFX0FMQVJNU18xMzAwXCJ9LFwibGFzdFVwZGF0ZWREYXRlVGltZVwiOlwiMjAyMS0xMC0xMlQwNTowMjowMC4xNTNaXCJ9LFwibWFuYWdlbWVudEFncmVlbWVudFwiOntcIm1hbmFnZW1lbnRBZ3JlZW1lbnRJZFwiOlwiMjM5XCIsXCJvd25lcnNoaXBOYW1lXCI6XCJTYW1wbGUgVGVzdCBUcnVzdFwiLFwibGFuZGxvcmRzXCI6W3tcInByaW1hcnlcIjp0cnVlLFwiY29udGFjdElkXCI6XCI4MDNcIn1dfSxcInRlbmFudEFncmVlbWVudHNcIjpbe1widGVuYW50QWdyZWVtZW50SWRcIjpcIjE1OVwiLFwiY29udGFjdHNcIjpbe1wicHJpbWFyeVwiOnRydWUsXCJjb250YWN0SWRcIjpcIjgwNFwifSx7XCJwcmltYXJ5XCI6ZmFsc2UsXCJjb250YWN0SWRcIjpcIjgwNVwifV0sXCJsZWFzZVwiOntcImVuZERhdGVcIjpcIjIwMjItMDUtMDRcIixcInN0YXJ0RGF0ZVwiOlwiMjAyMS0wNS0xM1wiLFwiaW5hdWd1cmFsRGF0ZVwiOlwiMjAyMS0wNS0xM1wiLFwidHlwZVwiOlwiRklYRURcIixcInRlcm1cIjpcInRlcm0gdGlsbCBhdCBsZWFzdCBNYXkgNCwgMjAyMlwifSxcImxlYXNlTmFtZVwiOlwiU2FtcGxlIFRlc3QgTGVhc2VcIixcImN1cnJlbnRcIjp0cnVlfV0sXCJwcm9wZXJ0eVwiOntcInByb3BlcnR5SWRcIjpcIjMxOVwiLFwiZGlzcGxheU5hbWVcIjpcIjE2XFwvNDkgSmF6eiBGb3JtLCBCcmlzYmFuZSBDaXR5IFFMRCA0MDAwXCIsXCJhZGRyZXNzXCI6e1widW5pdE51bWJlclwiOlwiMTZcIixcInN0cmVldE51bWJlclwiOlwiNDlcIixcInN0cmVldE5hbWVcIjpcIkphenpcIixcInN0cmVldFR5cGVcIjpcIkZvcm1cIixcInN1YnVyYlwiOlwiQnJpc2JhbmUgQ2l0eVwiLFwicG9zdENvZGVcIjpcIjQwMDBcIixcInN0YXRlQ29kZVwiOlwiUUxEXCIsXCJjb3VudHJ5Q29kZVwiOlwiQVVcIn0sXCJrZXlOdW1iZXJcIjpcIkxKSEstSDFcIixcImFjY2Vzc0RldGFpbHNcIjpcIkFjY2VzcyB0aHJvdWdoIGxlZnQgZ2F0ZVwiLFwicHJvcGVydHlUeXBlXCI6XCJBUEFSVE1FTlRcIixcInByb3BlcnR5VXNlXCI6XCJSRVNJREVOVElBTFwifSxcInBvcnRmb2xpb1wiOntcInBvcnRmb2xpb0lkXCI6XCI0ZDg4Yjk5OC0zMTUyLTQxNTQtYTdiMi05Zjc3MTk3OGI5Y2NcIixcIm5hbWVcIjpcIkJpZyBQb3J0Zm9saW9cIixcInByb3BlcnR5TWFuYWdlcklkXCI6XCIxN1wifSxcImNvbnRhY3RzXCI6W3tcImNvbnRhY3RJZFwiOlwiODAzXCIsXCJ0eXBlXCI6XCJJTkRJVklEVUFMXCIsXCJkaXNwbGF5TmFtZVwiOlwiTXVycGh5IFdlbGNoXCIsXCJwZXJzb25EZXRhaWxcIjp7XCJAdHlwZVwiOlwiRGVmYXVsdENvbnRhY3RQZXJzb25EZXRhaWxcIixcInRpdGxlXCI6XCJNUlwiLFwiZmlyc3ROYW1lXCI6XCJNdXJwaHlcIixcImxhc3ROYW1lXCI6XCJXZWxjaFwiLFwicHJlZmVycmVkTmFtZVwiOlwiam9obm55XCIsXCJzYWx1dGF0aW9uXCI6XCJoaVwifSxcInBob25lc1wiOlt7XCJ0eXBlXCI6XCJNT0JJTEVcIixcInBob25lTnVtYmVyXCI6XCIwNDYzOTAzOTcyXCIsXCJwcmltYXJ5XCI6dHJ1ZX1dLFwiZW1haWxzXCI6W3tcInR5cGVcIjpcIlBFUlNPTkFMXCIsXCJlbWFpbEFkZHJlc3NcIjpcImFsbHkubydjb25uZXJAeWFob28uY29tXCIsXCJwcmltYXJ5XCI6dHJ1ZX1dfSx7XCJjb250YWN0SWRcIjpcIjgwNFwiLFwidHlwZVwiOlwiSU5ESVZJRFVBTFwiLFwiZGlzcGxheU5hbWVcIjpcIkFkcmlhbm5hIE1jQ2x1cmVcIixcInBlcnNvbkRldGFpbFwiOntcIkB0eXBlXCI6XCJEZWZhdWx0Q29udGFjdFBlcnNvbkRldGFpbFwiLFwidGl0bGVcIjpcIk1SXCIsXCJmaXJzdE5hbWVcIjpcIkFkcmlhbm5hXCIsXCJsYXN0TmFtZVwiOlwiTWNDbHVyZVwiLFwicHJlZmVycmVkTmFtZVwiOlwiam9obm55XCIsXCJzYWx1dGF0aW9uXCI6XCJoaVwifSxcInBob25lc1wiOlt7XCJ0eXBlXCI6XCJNT0JJTEVcIixcInBob25lTnVtYmVyXCI6XCIwNDMzMjEyMzY5XCIsXCJlMTY0UGhvbmVOdW1iZXJcIjpcIis2MTQzMzIxMjM2OVwiLFwicHJpbWFyeVwiOnRydWV9XSxcImVtYWlsc1wiOlt7XCJ0eXBlXCI6XCJQRVJTT05BTFwiLFwiZW1haWxBZGRyZXNzXCI6XCJtaWtlLm11bGxlckBvdXRsb29rLmNvbVwiLFwicHJpbWFyeVwiOnRydWV9XX0se1wiY29udGFjdElkXCI6XCI4MDVcIixcInR5cGVcIjpcIklORElWSURVQUxcIixcImRpc3BsYXlOYW1lXCI6XCJGYWUgTGVncm9zXCIsXCJwZXJzb25EZXRhaWxcIjp7XCJAdHlwZVwiOlwiRGVmYXVsdENvbnRhY3RQZXJzb25EZXRhaWxcIixcInRpdGxlXCI6XCJNUlwiLFwiZmlyc3ROYW1lXCI6XCJGYWVcIixcImxhc3ROYW1lXCI6XCJMZWdyb3NcIixcInByZWZlcnJlZE5hbWVcIjpcImpvaG5ueVwiLFwic2FsdXRhdGlvblwiOlwiaGlcIn0sXCJwaG9uZXNcIjpbe1widHlwZVwiOlwiTU9CSUxFXCIsXCJwaG9uZU51bWJlclwiOlwiMDQ2MTg1NTAwMVwiLFwicHJpbWFyeVwiOnRydWV9XSxcImVtYWlsc1wiOlt7XCJ0eXBlXCI6XCJQRVJTT05BTFwiLFwiZW1haWxBZGRyZXNzXCI6XCJkYW1pZW4uZ29sZG5lckBvdXRsb29rLmNvbVwiLFwicHJpbWFyeVwiOnRydWV9XX1dLFwidXNlcnNcIjpbe1widXNlcklkXCI6XCIxN1wiLFwiZmlyc3ROYW1lXCI6XCJLYXJsaWVcIixcImxhc3ROYW1lXCI6XCJSb2xmc29uXCIsXCJlbWFpbFwiOlwidGVzdF8xMzAwQGNvbnNvbGUuY29tLmF1XCJ9XX19LFwiY3JlYXRlZERhdGVUaW1lXCI6XCIyMDIxLTEwLTEyVDA1OjAyOjAwLjI4WlwifSJ9.eARwx7GfB3P5MzSbrrecY0IbjSuLNfyTrytuFoJLnuw //$jwt = JOSE_JWT::decode((new JOSE_JWT($payload))->sign($signature)->toString()); // necessary to populate $jwt->raw property // exit(var_dump($jwt)); /* $twoDotSignature = (new JOSE_JWT($payload))->sign($signature)->toString(); // $twoDotSignature = (new JOSE_JWT(unpack('C*', $payload)))->sign($signature)->toString(); $jwt = JOSE_JWT::decode($twoDotSignature); exit(var_dump($jwt->verify($publicKey, $wks->alg))); //exit(var_dump($rsa->verify(JOSE_JWT::decode(JOSE_URLSafeBase64::decode($signature), $payload)))); // JWT should have exact 3 or 5 segments */ //$rsa->setSignatureMode(RSA::SIGNATURE_PKCS1); //$rsa->setHash('sha512'); //exit(var_dump()); /*$pubkeyid = openssl_get_publickey($publicKey); $verify = openssl_verify($payload, $signature, $pubkeyid, "sha1WithRSAEncryption"); openssl_free_key($pubkeyid); $errors = []; while ($msg = openssl_error_string() !== false) { $errors[] = $msg; } if (!empty($errors)) { var_export($errors); // 1 } exit(var_export($verify, true)); exit( var_dump( openssl_verify( $payload, base64_decode($signature), $publicKey, OPENSSL_ALGO_SHA1 // 'OPENSSL_ALGO_SHA256' // 'SHA1' // CRYPT_RSA_ENCRYPTION_PKCS1 // OPENSSL_ALGO_SHA256 // RSA_SHA256 // OPENSSL_ALGO_SHA1 //'RSA-SHA256' ) ) );*/ /*$decodedHeader = JOSE_URLSafeBase64::decode(json_encode(['alg' => 'RS256', 'typ' => 'JWT'])); $decodedPayload = JOSE_URLSafeBase64::decode($payload); exit(var_dump( [ 'header' => $decodedHeader, 'payload' => $decodedPayload, 'signature' => hash_hmac('RSA256', $decodedHeader . '.' . $decodedPayload) ] ));*/ /* //exit(var_dump(base64_encode(hash_hmac('sha1', $base_string, $key, true)))); $jwt = JOSE_JWT::decode((new JOSE_JWT($payload))->sign($signature)->toString()); exit(var_dump($jwt->verify($publicKey, $wks->alg))); // user error because strlen($s) != $this->k at RSA->_rsassa_pkcs1_v1_5_verify() /*$jwt = new JOSE_JWT( //[ //'header' => ['typ' => 'JWT', 'alg' => 'RS256'], //'claims' => unpack('C*', $payload) // convert body to byte array //'signature' => base64_decode($signature), // base64 decoded signature //] ); $jwt = $jwt->sign($signature); //exit(var_dump($jwt->toString())); exit(var_dump($jwt->verify($publicKey, $wks->alg))); // $jwt->raw is not populated! */ /* //exit(var_dump($jwt->sign($signature)->toString())); // output: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.e30.NIALsF_RlzYoUyfdc1eHso0X4cMg60IFCnjnk2qxSMU //exit(var_dump($jwt)); //JOSE_JWT::decode($signature); //exit(var_dump($jwt->verify($publicKey, $wks->alg))); //exit(var_dump(JOSE_URLSafeBase64::decode($signature))); //$jsonWebSignature = JOSE_JWT::decode($signature); // can't use $signature like this; it has no dots in it. 2 or 4 dots are required! //exit(var_dump($jsonWebSignature->verify($publicKey, $wks->alg))); } */
Output for 7.3.0 - 7.3.33, 7.4.0 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.33, 8.2.0 - 8.2.29, 8.3.0 - 8.3.4, 8.3.6 - 8.3.25, 8.4.1 - 8.4.12
Output for 8.3.5
Warning: PHP Startup: Unable to load dynamic library 'sodium.so' (tried: /usr/lib/php/8.3.5/modules/sodium.so (libsodium.so.23: cannot open shared object file: No such file or directory), /usr/lib/php/8.3.5/modules/sodium.so.so (/usr/lib/php/8.3.5/modules/sodium.so.so: cannot open shared object file: No such file or directory)) in Unknown on line 0
preferences:
191.88 ms | 407 KiB | 5 Q