Reputation: 21880
I'm trying to use Apple's App Store Server API to fetch transaction info about in-app purchases made in my iOS apps. Their server api uses JWTs to transmit/sign the data. I'm able to successfully fetch the data from Apple which contains an array of signed transaction JWTs:
So far, so good. But when I try to decode the signed transaction JWTs using Firebase's php-jwt library, I get fatal errors. I tried the example code from Firebase's php-jwt library first:
$signedTransactionJWT = $response['signedTransactions'][0];
$privateKeyText = file_get_contents('/private/key/from/appstoreconnect.p8');
$decodedTransactionPayload = JWT::decode($signedTransactionJWT, new Key($privateKeyText, 'ES256'));
but that gave me:
openssl_verify(): supplied key param cannot be coerced into a public key
A bunch of web searching about Apple's public keys later, I tried using the auth keys published on Apple's website:
$signedTransactionJWT = $response['signedTransactions'][0];
$appleKeysText = file_get_contents('/file/downloaded/from');
$jwks = json_decode($appleKeysText, true);
$keyset = JWK::parseKeySet($jwks);
$decodedTransactionPayload = JWT::decode($signedTransactionJWT, $keyset);
...but it horks with the following error:
Fatal error: Uncaught UnexpectedValueException: "kid" empty, unable to lookup correct key
I looked through the JWT::decode() method, and it's looking for a key id ("kid") in the header of the signed transaction JWT, but Apple doesn't provide a "kid" in the header of the signed transaction JWT. The structure of the header looks like this:
"alg": "ES256",
"x5c": [
This is my first time working with JWTs, so I'm doing my best to understand the various interacting pieces here. According to the WWDC videos about Apple's App Store Server API, the "x5c" part of the header is supposed to be used to be able to validate the transaction without any other external web calls. So, I feel like I shouldn't need to fetch those JWT keys from The idea, as I understood it, is that the signature is supposed to be self-contained.
How can I properly decode the JWTs from Apple so that I can verify the payload using Firebase's php-jwt library?
According to Gary's answer, I need to use the first item in the x5c array as the public key. He provided some very helpful links and examples. Hopefully this will lead me to the right answer, but I'm still having a problem:
list($headerb64, $bodyb64, $cryptob64) = explode('.', $jwt);
$headertext = JWT::urlsafeB64Decode($headerb64);
$header = JWT::jsonDecode($headertext);
$keytext = $header->x5c[0];
$wrappedkeytext = trim(chunk_split($keytext, 64));
$publickey = <<<EOD
-----END PUBLIC KEY-----
print "public key:\n$publickey\n";
$decoded = JWT::decode($jwt, new Key($publickey, $header->alg));
As instructed, I decoded the header, grabbed the first item, turned it into a public key formatted string, and then tried to use that to decode the $jwt
, but I got this error:
Warning: openssl_verify(): supplied key param cannot be coerced into a public key
Fatal error: Uncaught DomainException: OpenSSL error: error:0909006C:PEM routines:get_name:no start line
I printed out the public key string, so that I could make sure I was formatting it right. It looks right to me, but I'm very new to this, so I might missing some subtle problem. At first, I tried it with the content all on one line, but got the above error. Then I split it into lines of 64 characters long since I found some documentation saying that these text blocks should be limited to 64 characters in length. But I still got the same error message.
-----END PUBLIC KEY-----
Upvotes: 1
Views: 2009
Reputation: 29291
Apple are providing self-contained JWTs as explained in this section of RFC7515. To verify the JWT these are the steps:
Decode the JWT without verifying it, to read the first value in the x5c array, which is a base64 encoded DER certificate containing the token signing public key. I think with this library you can just call the single parameter version of decode, without a key object.
Next form a public key object, then call decode with two parameters, as in this Firebase example. You may need to add the surrounding BEGIN / END lines, and you will not need to use any private keys. Some libraries may have particular requirements around DER / PEM formats, or require the encoded cert to be expressed on a single line.
$publicKey = <<<EOD
Upvotes: 1
Reputation: 21880
I figured it out with the excellent help provided by Gary's answer. I was only able to figure it out because he not only provided an example of what he meant, but he linked to the actual standards and some detailed reading helped me figure out where things went wrong.
The first item in the x5c
array isn't the public key, but it's the certificate that holds the public key. So, when I tried to put that data into the -----BEGIN PUBLIC KEY-----
and -----END PUBLIC KEY-----
blocks, it wouldn't work.
The certs in the x5c array are DER certs, but openssl wants PEM certs when it does verification. As far as I can tell, converting a DER cert to a PEM cert just involves taking the DER data, base64 encoding it, limiting it to 64 characters wide per line, then wrapping it in -----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
. But the DER data in the x5c array is already base64 encoded, so we can skip that step.
list($headerb64, $bodyb64, $cryptob64) = explode('.', $jwt);
$headertext = JWT::urlsafeB64Decode($headerb64);
$header = JWT::jsonDecode($headertext);
$dercertificateb64 = $header->x5c[0];
$wrappedcertificatetext = trim(chunk_split($dercertificateb64, 64));
$certificate = <<<EOD
print "cert:\n$certificate\n";
Firebase's php-jwt library will take an OpenSSLAsymmetricKey
object as the key data, and openssl_pkey_get_public()
will return that type of object. You can pass the PEM certificate string into that function and it'll parse and extract the public key:
$publickey = openssl_pkey_get_public($certificate);
$decoded = JWT::decode($jwt, new Key($publickey, $header->alg));
Upvotes: 3