diff options
| -rw-r--r-- | ticket.py | 3 | ||||
| -rw-r--r-- | verify.php | 25 |
2 files changed, 27 insertions, 1 deletions
@@ -18,8 +18,9 @@ def tgt_verify(site, user, ts, sig, maxage = None): return status if __name__ == '__main__': + import urllib sig = tgt_create('site', 'test') - print sig + print urllib.urlencode(sig) assert not tgt_verify(maxage = -9999, **sig) assert tgt_verify(maxage = 9999, **sig) diff --git a/verify.php b/verify.php new file mode 100644 index 0000000..797dae3 --- /dev/null +++ b/verify.php @@ -0,0 +1,25 @@ +<?php + +$fp = fopen("subdap-oberon.pem", "r"); +$pubd = fread($fp, 262144); +fclose($fp); + +$pub = openssl_get_publickey($pubd); + +$args = array(); +foreach (explode('&', $argv[1]) as $parm) { + $s = split('=', $parm); + $args[$s[0]] = $s[1]; +} + +$sig = $args['sig']; +$sig = str_replace('-', '+', $sig); +$sig = str_replace('_', '/', $sig); +$sig = base64_decode($sig, true); + +$data = sprintf("%s:%d:%s", $args['site'], $args['ts'], $args['user']); +if (openssl_verify($data, $sig, $pub, "SHA256")) { + printf("OK: site=%s ts=%s user=%s\n", $args['site'], $args['ts'], $args['user']); +} else { + print "verify failed\n"; +} |