PHPackages manyou/x509-chain-verifier - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. manyou/x509-chain-verifier ActiveLibrary[Security](/categories/security) manyou/x509-chain-verifier ========================== X.509 Chain Verifier 06.0kPHP Since Mar 22Pushed 2y ago1 watchersCompare [ Source](https://github.com/manyou-io/x509-chain-verifier)[ Packagist](https://packagist.org/packages/manyou/x509-chain-verifier)[ RSS](/packages/manyou-x509-chain-verifier/feed)WikiDiscussions main Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) X.509 Chain Verifier ==================== [](#x509-chain-verifier) Verify `x5c` JWT header. Mainly for usage of Apple App Store Server API. Installation ------------ [](#installation) Ensure your `composer.json` allows `dev` packages. ``` { "minimum-stability": "dev", "prefer-stable": true } ``` ``` composer require manyou/x509-chain-verifier ``` Usage with `lcobucci/jwt` ------------------------- [](#usage-with-lcobuccijwt) ``` use Manyou\X509ChainVerifier\SignedWithChain; use Manyou\X509ChainVerifier\X509ChainVerifier; use Lcobucci\JWT\Signer\Ecdsa; use Lcobucci\JWT\Token\Parser; use Lcobucci\JWT\Encoding\JoseEncoder; use Lcobucci\JWT\Validation\Validator; use Lcobucci\JWT\UnencryptedToken; $parser = new Parser(new JoseEncoder()); $validator = new Validator(); // $appleNotification['signedPayload'] // https://developer.apple.com/documentation/appstoreservernotifications/responsebodyv2 $jwt = '...'; /** @var UnencryptedToken $token */ $token = $parser->parse($jwt); $signedWithChain = new SignedWithChain( Ecdsa\Sha256::create(), new X509ChainVerifier(X509ChainVerifier::APPLE_WDR), ); $validator->assert($token, $signedWithChain); var_dump($token->claims()->all()); ``` Get SHA-256 fingerprints for trusted certificates ------------------------------------------------- [](#get-sha-256-fingerprints-for-trusted-certificates) For convenience, fingerprints of [Apple Intermediate Certificates - Worldwide Developer Relations - G6-G1](https://www.apple.com/certificateauthority/) are available in constant `X509ChainVerifier::APPLE_WDR`. These fingerprints are produced by: ``` php vendor/manyou/x509-chain-verifier/get_fingerprints.php \ https://www.apple.com/certificateauthority/AppleWWDRCAG6.cer \ https://www.apple.com/certificateauthority/AppleWWDRCAG5.cer \ https://www.apple.com/certificateauthority/AppleWWDRCAG4.cer \ https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer \ https://www.apple.com/certificateauthority/AppleWWDRCAG2.cer \ https://developer.apple.com/certificationauthority/AppleWWDRCA.cer ``` ### Output [](#output) ``` [ "bdd4ed6e74691f0c2bfd01be0296197af1379e0418e2d300efa9c3bef642ca30", "53fd008278e5a595fe1e908ae9c5e5675f26243264a5a6438c023e3ce2870760", "ea4757885538dd8cb59ff4556f676087d83c85e70902c122e42c0808b5bce14c", "dcf21878c77f4198e4b4614f03d696d89c66c66008d4244e1b99161aac91601f", "9ed4b3b88c6a339cf1387895bda9ca6ea31a6b5ce9edf7511845923b0c8ac94c", "ce057691d730f89ca25e916f7335f4c8a15713dcd273a658c024023f8eb809c2" ] ``` ### Health Score 18 — LowBetter than 8% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community4 Small or concentrated contributor base Maturity19 Early-stage or recently created project How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/dd55d562fc537ed818ff960d49e850a51889572af53b383489abca8f40d047d0?d=identicon)[bohanwood](/maintainers/bohanwood) ### Embed Badge ![Health badge](/badges/manyou-x509-chain-verifier/health.svg) ``` [![Health](https://phpackages.com/badges/manyou-x509-chain-verifier/health.svg)](https://phpackages.com/packages/manyou-x509-chain-verifier) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)