private function validateToken($token)
{
if (!$token) {
return false;
}
$token = explode(' ', $token)[1];
// https://blogs.msdn.microsoft.com/tsmatsuz/2016/07/12/developing-skype-bot/
// 0:Invalid, 1:Valid
$token_valid = 0;
// 1 separate token by dot (.)
$token_arr = explode('.', $token);
$headers_enc = $token_arr[0];
$claims_enc = $token_arr[1];
$sig_enc = $token_arr[2];
// 2 base 64 url decoding
$headers_arr = json_decode($this->base64_url_decode($headers_enc), TRUE);
$claims_arr = json_decode($this->base64_url_decode($claims_enc), TRUE);
$sig = $this->base64_url_decode($sig_enc);
// 3 get key list
$keylist = file_get_contents('https://api.aps.skype.com/v1/keys');
$keylist_arr = json_decode($keylist, TRUE);
foreach ($keylist_arr['keys'] as $key => $value) {
// 4 select one key (which matches)
if ($value['kid'] == $headers_arr['kid']) {
// 5 get public key from key info
$cert_txt = '-----BEGIN CERTIFICATE-----' . "\n" . chunk_split($value['x5c'][0], 64) . '-----END CERTIFICATE-----';
$cert_obj = openssl_x509_read($cert_txt);
$pkey_obj = openssl_pkey_get_public($cert_obj);
$pkey_arr = openssl_pkey_get_details($pkey_obj);
$pkey_txt = $pkey_arr['key'];
// 6 verify signature
$token_valid = openssl_verify($headers_enc . '.' . $claims_enc, $sig, $pkey_txt, OPENSSL_ALGO_SHA256);
}
}
// 7 show result
return $token_valid == 1;
}
