NUL' : ' 2> /dev/null'; exec($cmd, $out, $ec); unlink($msg_file); unlink($sig_file); unlink($key_file); if (($ec !== 0) && (count($out) === 0)) break; // If OpenSSL is not found, we just accept the JWT if (($ec !== 0) || (strpos(implode("\n",$out),"Verified OK") === false)) return false; break; default: return false; } } } $payload_ary = json_decode(urlsafeB64Decode($payload_base64), true); $leeway = 60; // 1 Minute if (isset($payload_ary['nbf']) && (time()+$leeway<$payload_ary['nbf'])) return false; if (isset($payload_ary['exp']) && (time()-$leeway>$payload_ary['exp'])) return false; return $payload_ary; } function urlsafeB64Decode($input) { // Taken from https://github.com/firebase/php-jwt , licensed by BSD-3-clause $remainder = strlen($input) % 4; if ($remainder) { $padlen = 4 - $remainder; $input .= str_repeat('=', $padlen); } return base64_decode(strtr($input, '-_', '+/')); } function signatureToDER($sig) { // Taken from https://github.com/firebase/php-jwt , licensed by BSD-3-clause, modified // Separate the signature into r-value and s-value list($r, $s) = str_split($sig, (int) (strlen($sig) / 2)); // Trim leading zeros $r = ltrim($r, "\x00"); $s = ltrim($s, "\x00"); // Convert r-value and s-value from unsigned big-endian integers to signed two's complement if (ord($r[0]) > 0x7f) $r = "\x00" . $r; if (ord($s[0]) > 0x7f) $s = "\x00" . $s; $der_r = chr(0x00/*primitive*/ | 0x02/*INTEGER*/).chr(strlen($r)).$r; $der_s = chr(0x00/*primitive*/ | 0x02/*INTEGER*/).chr(strlen($s)).$s; $der = chr(0x20/*constructed*/ | 0x10/*SEQUENCE*/).chr(strlen($der_r.$der_s)).$der_r.$der_s; return $der; }