微信支付获取平台证书

一只咸鱼啊

已于 2024-11-01 17:16:17 修改

阅读量518

点赞数 3

文章标签：微信 php

于 2024-06-19 15:31:19 首次发布

本文链接：https://blog.csdn.net/m0_47719288/article/details/139804558

版权

浏览器直接访问访问test1 方法输出的内容 ctrl + U 查看源代码或者右键查看源代码复制保存到文件就可以了！！！

	const AUTH_TAG_LENGTH_BYTE = 16;
	public function test1(){
   
        $wx_config  = [
            // 前面的appid什么的也得保留哦
            'app_id'             => '',   // appid
            'mch_id'             => '', // 商户号
            'key'                => '', // apiV3 秘钥
            'cert_path'          => ROOT_PATH.'cert3/apiclient_cert.pem', // 绝对路径！！！！
            'key_path'           => ROOT_PATH.'cert3/apiclient_key.pem',      // 绝对路径！！！！

        ];
        //获取证书
        $url2 = '/v3/certificates';
        $token2 = self::token1($url2,'GET','',$wx_config);
        $url3 = 'https://api.mch.weixin.qq.com/v3/certificates';
        $serial1 = self::https_request($url3,'',$token2);
        
        $arr = json_decode($serial1,true);
        $serial = $arr['data'][0]['serial_no'];

        // 这里是获取 平台证书的地方 解密之后 需要自行保存
        $associated_data = $arr['data'][0]['encrypt_certificate']['associated_data'];
        $ciphertext = $arr['data'][0]['encrypt_certificate']['ciphertext'];
        $nonce = $arr['data'][0]['encrypt_certificate']['nonce'];
        $jiemi = self::decryptToString($associated_data,$nonce,$ciphertext);
        // 浏览器访问这个方法  查看源代码  保存即可
        p($jiemi);

      
    }
	

    public static function https_request($url,$data,$token)
    {
        $curl = curl_init();
        curl_setopt($curl, CURLOPT_URL, (string)$url);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
        if (!empty($data)){
            curl_setopt($curl, CURLOPT_POST, 1);
            curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
        }
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
        //添加请求头
        $headers = [
            'Authorization:'.$token,
            'Accept: application/json',
            'Content-Type: application/json; charset=utf-8',
            'User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
        ];
        if(!empty($headers)){
            curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
        }
        $output = curl_exec($curl);
        curl_close($curl);
        return $output;
    }


    /**
     * @notes 获取签名
     */
    public static function token1($url,$http_method,$data,$config)
    {
        $timestamp   = time();//请求时间戳
        $url_parts   = parse_url($url);//获取请求的绝对URL
        $nonce       = $timestamp.rand('10000','99999');//请求随机串
        $body        = empty($data) ? '' : json_encode((object)$data);//请求报文主体
        $stream_opts = [
            "ssl" => [
                "verify_peer"=>false,
                "verify_peer_name"=>false,
            ]
        ];

        $apiclient_cert_arr = openssl_x509_parse(file_get_contents($config['cert_path'],false, stream_context_create($stream_opts)));
        $serial_no          = $apiclient_cert_arr['serialNumberHex'];//证书序列号
        $mch_private_key    = file_get_contents($config['key_path'],false, stream_context_create($stream_opts));//密钥
        $merchant_id = $config['mch_id'];//商户id
        $canonical_url = ($url_parts['path'] . (!empty($url_parts['query']) ? "?${url_parts['query']}" : ""));
        $message = $http_method."\n".
            $canonical_url."\n".
            $timestamp."\n".
            $nonce."\n".
            $body."\n";
        openssl_sign($message, $raw_sign, $mch_private_key, 'sha256WithRSAEncryption');
        $sign = base64_encode($raw_sign);//签名
        $schema = 'WECHATPAY2-SHA256-RSA2048';
        $token = sprintf('mchid="%s",nonce_str="%s",timestamp="%d",serial_no="%s",signature="%s"',
            $merchant_id, $nonce, $timestamp, $serial_no, $sign);//微信返回token
        return $schema.' '.$token;
    }
	public static function decryptToString($associatedData, $nonceStr, $ciphertext) {
	
	        //这里是apiv3 的秘钥
	        $aesKey = '';
	
	        $ciphertext = \base64_decode($ciphertext);
	        if (strlen($ciphertext) <= self::AUTH_TAG_LENGTH_BYTE) {
	            return false;
	        }
	        // ext-sodium (default installed on >= PHP 7.2)
	        if (function_exists('\sodium_crypto_aead_aes256gcm_is_available') && \sodium_crypto_aead_aes256gcm_is_available()) {
	            return \sodium_crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $aesKey);
	        }
	        // ext-libsodium (need install libsodium-php 1.x via pecl)
	        if (function_exists('\Sodium\crypto_aead_aes256gcm_is_available') && \Sodium\crypto_aead_aes256gcm_is_available()) {
	            return \Sodium\crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $aesKey);
	        }
	        // openssl (PHP >= 7.1 support AEAD)
	        if (PHP_VERSION_ID >= 70100 && in_array('aes-256-gcm', \openssl_get_cipher_methods())) {
	            $ctext = substr($ciphertext, 0, -self::AUTH_TAG_LENGTH_BYTE);
	            $authTag = substr($ciphertext, -self::AUTH_TAG_LENGTH_BYTE);
	            return \openssl_decrypt($ctext, 'aes-256-gcm', $aesKey, \OPENSSL_RAW_DATA, $nonceStr,$authTag, $associatedData);
	        }
	        throw new \RuntimeException('AEAD_AES_256_GCM需要PHP 7.1以上或者安装libsodium-php');
	    }