Начало Каталог Помощ
Вход
ykw
/
hemall.terabimsoft.com.cn
1
0
Разклонения 0
Файлове Задачи 0 Заявки за сливане 0 Уики
ИН на ревизия: a57c66d3c4
Клонове Маркери
hemall.terabims...
/
app
/
common
/
modules
/
yop
/
sdk
/
Util
/
YopSignUtils.php

YopSignUtils.php 5.7 KB
История Директен файл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213 
  1. <?php
    2. 

  2. 

  3. namespace app\common\modules\yop\sdk\Util;
    4. 

  4. 

  5. use app\common\modules\yop\sdk\Util\Base64Url;
    6. 

  6. use app\common\modules\yop\sdk\Util\AESEncrypter;
    7. 

  7. 

  8. /**
    9. 

  9.  * Created by PhpStorm.
    10. 

  10.  * User: wilson
    11. 

  11.  * Date: 16/7/7
    12. 

  12.  * Time: 17:33
    13. 

  13.  */
    14. 

  14. abstract class YopSignUtils{
    15. 

  15. 

  16.     /**
    17. 

  17.      * 签名生成算法
    18. 

  18.      * @param array $params API调用的请求参数集合的关联数组,不包含sign参数
    19. 

  19.      * @param array $ignoreParamNames 忽略的参数数组
    20. 

  20.      * @param String $secret 密钥
    21. 

  21.      * @param String $algName 加密算法
    22. 

  22.      *
    23. 

  23.     md2
    24. 

  24.     md4
    25. 

  25.     md5
    26. 

  26.     sha1
    27. 

  27.     sha256
    28. 

  28.     sha384
    29. 

  29.     sha512
    30. 

  30.     ripemd128
    31. 

  31.     ripemd160
    32. 

  32.     ripemd256
    33. 

  33.     ripemd320
    34. 

  34.     whirlpool
    35. 

  35.      *
    36. 

  36.      * @return string 返回参数签名值
    37. 

  37.      */
    38. 

  38.     static function sign($params, $ignoreParamNames='', $secret, $algName='sha1'){
    39. 

  39.         $str = '';  //待签名字符串
    40. 

  40.         //先将参数以其参数名的字典序升序进行排序
    41. 

  41.         $requestparams = $params;
    42. 

  42. 

  43.         ksort($requestparams);
    44. 

  44.         //遍历排序后的参数数组中的每一个key/value对
    45. 

  45.         foreach ($requestparams as $k => $v) {
    46. 

  46.             //查看Key 是否为忽略参数
    47. 

  47.             if(!in_array($k,$ignoreParamNames)){
    48. 

  48.                 //为key/value对生成一个keyvalue格式的字符串,并拼接到待签名字符串后面
    49. 

  49. 

  50.                 //value不为空,则进行加密
    51. 

  51.                 if(!empty($v)){
    52. 

  52.                     $str .= "$k$v";
    53. 

  53.                 }
    54. 

  54. 

  55.             }
    56. 

  56. 

  57.         }
    58. 

  58.         //将签名密钥拼接到签名字符串两头
    59. 

  59.         $str = $secret.$str.$secret;
    60. 

  60.         //通过指定算法生成sing
    61. 

  61. 

  62.         return hash($algName,$str);
    63. 

  63.     }
    64. 

  64. 

  65. 

  66.     /**
    67. 

  67.      * 签名验证算法
    68. 

  68.      * @param array $result API调用的请求参数集合的关联数组,不包含sign参数
    69. 

  69.      * @param String $secret 密钥
    70. 

  70.      * @param String $algName 加密算法
    71. 

  71.      * @param String $sign 签名值
    72. 

  72.      * @return string 返回签名是否正确 0 - 如果两个字符串相等
    73. 

  73.      */
    74. 

  74.    static function isValidResult($result, $secret, $algName,$sign){
    75. 

  75.        $newString = $secret.$result.$secret;
    76. 

  76. 

  77.        if(strcasecmp($sign,hash($algName,$newString))==0){
    78. 

  78.            return true;
    79. 

  79.        }else{
    80. 

  80.            return false;
    81. 

  81.        }
    82. 

  82. 

  83.    }
    84. 

  84.    
    85. 

  85.    static function verifySign($source,$sign, $public_Key)
    86. 

  86.    {
    87. 

  87.        $content=strstr($source, '&sign', TRUE);
    88. 

  88.        $public_key = "-----BEGIN PUBLIC KEY-----\n" .
    89. 

  89.            wordwrap($public_Key, 64, "\n", true) .
    90. 

  90.            "\n-----END PUBLIC KEY-----";
    91. 

  91. 

  92.        $publicKey = openssl_pkey_get_public($public_key);
    93. 

  93.        $res = openssl_verify($content,Base64Url::decode($sign), $public_key,'SHA256'); //验证
    94. 

  94.  
    95. 

  95.        openssl_free_key($publicKey);
    96. 

  96.        //输出验证结果,1:验证成功,0:验证失败
    97. 

  97.        if ($res == 1) {
    98. 

  98.            return true;
    99. 

  99.        } else {
    100. 

  100.            Die("verifySign fail!");
    101. 

  101.        }
    102. 

  102.    }
    103. 

  103. 

  104.    static function decrypt($source,$private_Key, $public_Key)
    105. 

  105.    {
    106. 

  106. 

  107.        $private_key = "-----BEGIN RSA PRIVATE KEY-----\n" .
    108. 

  108.            wordwrap($private_Key, 64, "\n", true) .
    109. 

  109.            "\n-----END RSA PRIVATE KEY-----";
    110. 

  110. 

  111.        extension_loaded('openssl') or die('php需要openssl扩展支持');
    112. 

  112. 

  113. 

  114.        /* 提取私钥 */
    115. 

  115.        $privateKey = openssl_get_privatekey($private_key);
    116. 

  116. 

  117.        ($privateKey) or die('密钥不可用');
    118. 

  118. 

  119. 

  120.        //分解参数
    121. 

  121.        $args = explode('$', $source);
    122. 

  122. 

  123. 

  124.        if (count($args) != 4) {
    125. 

  125.            die('source invalid : ');
    126. 

  126.        }
    127. 

  127. 

  128.        $encryptedRandomKeyToBase64 = $args[0];
    129. 

  129.        $encryptedDataToBase64 = $args[1];
    130. 

  130.        $symmetricEncryptAlg = $args[2];
    131. 

  131.        $digestAlg = $args[3];
    132. 

  132. 

  133.        //用私钥对随机密钥进行解密
    134. 

  134.        openssl_private_decrypt(Base64Url::decode($encryptedRandomKeyToBase64), $randomKey, $privateKey);
    135. 

  135. 

  136. 

  137.        openssl_free_key($privateKey);
    138. 

  138. 

  139. 

  140. 

  141. 

  142.        $encryptedData = openssl_decrypt(Base64Url::decode($encryptedDataToBase64), "AES-128-ECB", $randomKey, OPENSSL_RAW_DATA);
    143. 

  143. 

  144. 

  145.        //分解参数
    146. 

  146.        $signToBase64=substr(strrchr($encryptedData,'$'),1);
    147. 

  147.        $sourceData = substr($encryptedData,0,strlen($encryptedData)-strlen($signToBase64)-1);
    148. 

  148. 

  149.        $public_key = "-----BEGIN PUBLIC KEY-----\n" .
    150. 

  150.            wordwrap($public_Key, 64, "\n", true) .
    151. 

  151.            "\n-----END PUBLIC KEY-----";
    152. 

  152. 

  153. 

  154. 

  155.        $publicKey = openssl_pkey_get_public($public_key);
    156. 

  156. 

  157.        $res = openssl_verify($sourceData,Base64Url::decode($signToBase64), $publicKey,$digestAlg); //验证
    158. 

  158. 

  159.        openssl_free_key($publicKey);
    160. 

  160. 

  161.        //输出验证结果,1:验证成功,0:验证失败
    162. 

  162.        if ($res == 1) {
    163. 

  163.            return $sourceData;
    164. 

  164.        } else {
    165. 

  165.            Die("verifySign fail!");
    166. 

  166.        }
    167. 

  167.    }
    168. 

  168. 

  169.     static function signRsa($source,$private_Key)
    170. 

  170.     {
    171. 

  171.         $private_key = "-----BEGIN RSA PRIVATE KEY-----\n" .
    172. 

  172.             wordwrap($private_Key, 64, "\n", true) .
    173. 

  173.             "\n-----END RSA PRIVATE KEY-----";
    174. 

  174. 

  175.         extension_loaded('openssl') or die('php需要openssl扩展支持');
    176. 

  176. 

  177. 

  178.         /* 提取私钥 */
    179. 

  179.         $privateKey = openssl_get_privatekey($private_key);
    180. 

  180. 

  181.         ($privateKey) or die('密钥不可用');
    182. 

  182. 

  183.         openssl_sign($source, $encode_data, $privateKey, "SHA256");
    184. 

  184. 

  185.         openssl_free_key($privateKey);
    186. 

  186. 

  187.         $signToBase64 = Base64Url::encode($encode_data);
    188. 

  188. 

  189. 

  190.         $signToBase64 .= '$SHA256';
    191. 

  191. 

  192. 

  193.         return $signToBase64;
    194. 

  194. 

  195.     }
    196. 

  196. 

  197.    /* static function getPrivateKey($filepath,$password)
    198. 

  198.     {
    199. 

  199.         $pkcs12 = file_get_contents($filepath);
    200. 

  200.         openssl_pkcs12_read($pkcs12, $certs, $password);
    201. 

  201.         $prikeyid = $certs['pkey']; //私钥
    202. 

  202. 

  203.         $prikeyid = str_replace('-----BEGIN RSA PRIVATE KEY-----','',$prikeyid);
    204. 

  204.         $prikeyid = str_replace('-----END RSA PRIVATE KEY-----','',$prikeyid);
    205. 

  205. 

  206.         $prikeyid = preg_replace("/(\r\n|\n|\r|\t)/i", '', $prikeyid);
    207. 

  207. 

  208.         return $prikeyid;
    209. 

  209. 

  210.     }*/
    211. 

  211. 

  212. }
    213. 

  213.