一、各端app_key值如下:
'app_key1' => '3c8f7f66b1c8f4cef872f6371c9020237329da2',
'app_key2' => '84185ada783488bee32ebc8ac30d4ed6b7a2d45',
'app_key3' => '73d6c94786553ebd2b485dea0cb91bca76f2d1c',
'app_key4' => '77cf49c82f223660e3dda49611049c6b3591d27',
二、为了保证支付支付下单和回调接口的安全性,对请求增加签名验证,签名算法如下:
step1:按字典序排序数组参数并拼接,以key=value&key=value形式拼接
step2:将step1生成的字符串拼接上AppKey,拼接成key=appKeyValue(注,这里以key为键)
step3:将step2生成的字符串进行base64的转换
step4:将step3编码完成的字符串,拼接上时间戳(timestamp)
step5:将step4的字符串用MD5加密
step6:截取step5某一段字符串,截取开始位置为时间戳 最后一位数字,结束位置21
step7:将step6截取成功的字符串所有字符转为大写
三、下面的代码可以直接使用或参考
<?php
namespace Common\Tools;
class Attestation{
private $appKeyCollection = [
'app_key1'=>'3c8f7f66b1c8f4cef872f6371c9020237329da2',
'app_key2'=>'84185ada783488bee32ebc8ac30d4ed6b7a2d45',
'app_key3'=>'73d6c94786553ebd2b485dea0cb91bca76f2d1c',
'app_key4'=>'77cf49c82f223660e3dda49611049c6b3591d27',
private $nowAppKey;
public function __construct($appTarget){
$this->nowAppKey =$this->appKeyCollection[$appTarget] ;
}
public function MakeSign( $params,$acquireSign,$timestamp){
ksort($params);
$string = $this->ToUrlParams($params);
$string = $string . "&key=".$this->nowAppKey;
$string = base64_encode($string);
$string .=$timestamp;
$string = md5($string);
$start = (int) substr($timestamp, - 1);
$sign = substr($string, $start, 22 - $start);
$result = strtoupper($sign);
if($acquireSign == $result){
return true;
}else{
return false;
}
}
private function ToUrlParams( $params ){
$string = '';
if( !empty($params) ){
$array = array();
foreach( $params as $key => $value ){
if(!empty($value)){
$array[] = $key.'='.$value;
}
}
$string = implode("&",$array);
}
return $string;
}
}