<?php

/**
 *
 * @copyright  2014-2015 signmii.com
 * @version    2
 * @link       http://www.signmii.com
 */

define('USAGE', 'php -f %s signmiifile [certfile]');

$certfile='signmiikey.crt';

function abort($msg, $code=1) {
	echo $msg, PHP_EOL;
	exit($code);
}

function usage() {
	global $argv;

	abort(sprintf(USAGE, basename($argv[0])), 1);
}

function urldecodebase64($s) {
	$s64 = str_replace(array('-', '_' ), array('+', '/'), $s);

	$mod4 = strlen($s64) % 4;
	if ($mod4) {
		$s64 .= substr('====', $mod4);
	}

	return base64_decode($s64);
}

if (!($argc == 2 or $argc == 3)) {
	usage();
}

$infile=$argv[1];

if ($argc == 3) {
	$certfile=$argv[2];
}

$lines=file($infile, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);

if (!$lines) {
	abort('signmii?');
}

$s64='';
foreach ($lines as $s) {
	if ($s[0] != '#') {
		$s64=$s;
		break;
	}
}

if (strlen($s64) != 342) {
	abort('signmii?');
}

$crypto=urldecodebase64($s64);

if (strlen($crypto) != 256) {
	abort('signmii?');
}

$pem=@file_get_contents($certfile);
if (!$pem) {
	abort('certfile' . '?');
}
$key=openssl_pkey_get_public($pem);
if (!$key) {
	abort('certfile' . '?');
}

$r=openssl_public_decrypt($crypto, $sdata, $key);
if (!$r) {
	abort('signmii' . '?');
}

$digest=substr($sdata, 0, 20);

$data=substr($sdata, 20, 32);

if ($digest != sha1($data, true)) {
	abort('signmii' . '?');
}

$sha1bin=substr($data, 0, 20);
$r=unpack('H*', $sha1bin);
$sha1=$r[1];

$gmtbin=substr($data, 20, 4);
$r=unpack('N', $gmtbin);
$gmt=gmdate('Y-m-d\TH:i:s\Z', $r[1]);

$serialbin=substr($data, 20+4, 8);
$r=unpack('H*', $serialbin);
$serial=$r[1];

echo $sha1, ' ', $gmt, ' ', $serial, PHP_EOL;