PHP Ver. verify ECDSA

ssv_verify.php

<?php

/**
 * Validating Server-Side Verification (SSV) Callbacks
 * https://developers.google.com/admob/android/rewarded-video-ssv
 * 
 * @author showsky <[email protected]>
 */

function fetch_verifier_keys() {
    $admob_key_server = 'https://www.gstatic.com/admob/reward/verifier-keys.json';
    return file_get_contents($admob_key_server);
}

function signature($query_string) {
    parse_str($query_string, $result);
    $signature = trim($result['signature']);
    $signature = str_replace(['-', '_'], ['+', '/'], $signature);
    $signature .= '===';
    return $signature;
}

function verify($message, $signature, $public_key) {
    $return = [
        'code' => 0,
        'message' => 'error'
    ];
    
    $success = openssl_verify(
        $message, 
        base64_decode($signature), 
        $public_key, 
        OPENSSL_ALGO_SHA256
    );

    if ($success === -1) {
        $return['message'] = openssl_error_string();
    } elseif ($success === 1) {
        $return['code'] = 1;
        $return['message'] = 'success';
    } else {
        $return['message'] = openssl_error_string();
    }

    return $return;
}

// callback data
$result_data = array (
    'ad_network' => '5450213213286189855',
    'ad_unit' => '1234567890',
    'timestamp' => '1600314497379',
    'transaction_id' => '123456789',
    'signature' => 'MEUCICmf-BtqS8zBJnzHm9dZc3bwY77sIa8FoG8Lu6nJBzCPAiEArlvVhzcS97qSXMHwuAVFl8MTiByB0mwQgEPv3Tfm87w',
    'key_id' => '3335741209',
);
$query_string = http_build_query($result_data);

// fetch admob key server
$verifier_keys = json_decode(fetch_verifier_keys(), true);
$public_key = openssl_pkey_get_public(
    $verifier_keys['keys'][0]['pem']
);
$signature = signature($query_string);

// verify ECDSA
$message = substr($query_string, 0, strpos($query_string, 'signature') - 1);
$result = verify(
    $message,
    $signature,
    $public_key
);
var_dump($result);