public function verifySignatureIsCorrectFromCertificate($signature)
{
$certKey = openssl_get_publickey($this->certificate);
if ($certKey === False) {
throw new \Exception("Unable to extract public key from cert");
}
try {
$certInfo = openssl_x509_parse($this->certificate, true);
$certSubject = $certInfo["subject"];
if (is_null($certSubject)) {
throw new \Exception("Error with certificate - subject cannot be found");
}
} catch (\Exception $ex) {
throw new \Exception("Unable to verify certificate - error with the certificate subject", null, $ex);
}
if (strcmp($certSubject["CN"], $this->expectedCnName)) {
throw new \Exception("Unable to verify certificate issued by Amazon - error with certificate subject");
}
$result = -1;
try {
$result = openssl_verify($this->signatureFields, $signature, $certKey, OPENSSL_ALGO_SHA1);
} catch (\Exception $ex) {
throw new \Exception("Unable to verify signature - error with the verification algorithm", null, $ex);
}
return $result > 0;
}