+ /**
+ * @brief verify the envelope and return the verified data
+ *
+ * @param string $envelope The magic envelope
+ *
+ * @return string verified data
+ */
+ private function verify_magic_envelope($envelope) {
+
+ $basedom = parse_xml_string($envelope, false);
+
+ if (!is_object($basedom)) {
+ logger("Envelope is no XML file");
+ return false;
+ }
+
+ $children = $basedom->children('http://salmon-protocol.org/ns/magic-env');
+
+ if (sizeof($children) == 0) {
+ logger("XML has no children");
+ return false;
+ }
+
+ $handle = "";
+
+ $data = base64url_decode($children->data);
+ $type = $children->data->attributes()->type[0];
+
+ $encoding = $children->encoding;
+
+ $alg = $children->alg;
+
+ $sig = base64url_decode($children->sig);
+ $key_id = $children->sig->attributes()->key_id[0];
+ if ($key_id != "")
+ $handle = base64url_decode($key_id);
+
+ $b64url_data = base64url_encode($data);
+ $msg = str_replace(array("\n", "\r", " ", "\t"), array("", "", "", ""), $b64url_data);
+
+ $signable_data = $msg.".".base64url_encode($type).".".base64url_encode($encoding).".".base64url_encode($alg);
+
+ $key = self::key($handle);
+
+ $verify = rsa_verify($signable_data, $sig, $key);
+ if (!$verify) {
+ logger('Message did not verify. Discarding.');
+ return false;
+ }
+
+ return $data;
+ }
+