问题已解决.

事实证明，JSON数组的X5C部分是证书而不是公钥，因此JSON解码 https://login. windows.net/common/discovery/keys 并获取X5C元素，并使用openssl导出公钥作品:

Turns out that the X5C part of the JSON array is the certificate not public key so JSON decoding https://login.windows.net/common/discovery/keys and grabbing the X5C element and using openssl to derive the public key works:

$cert_object = openssl_x509_read($cert);

$pkey_object = openssl_pkey_get_public(cert_object);

$pkey_array = openssl_pkey_get_details($pkey_object);

$publicKey = $pkey_array ['key'];

在此示例中，$ cert是X5C值.但是，仅凭其未编码为X509本身还不够.所以我要做的是在Windows中创建一个名为certificate.cer的新文件，在记事本中打开并将X5C值放在其中.然后，通过双击Windows中的.cer，导航到详细信息选项卡，然后单击复制到文件"，这将打开证书导出向导.

In this example $cert is the X5C value. However this on its own is not enough as its not encoded to X509. So what I did is create a new file in windows called certificate.cer, open in notepad and put the X5C value in there. Then by double clicking on ther .cer in windows, navigating to the details tab and clicking "copy to file" this opens the certificate export wizard.

导出为X509并上传到服务器.

Export as X509 and upload to the server.

$cert = file_get_contents('Certificates/Public/public.cer');

行！可能有一种更简单的方法，但这可行.

Works! There is probably a simpler way but this works.