加签后可以在Java端通过验证
// 全部参数按字母排序
private function dataSortAndKeyVal(array $data) {
ksort($data);
$strTmp = [];
foreach ($data as $key => $val) {
$strTmp[] = $key . '=' . $val;
}
return join('&', $strTmp);
}
// 加签
private function signData(array $data) {
$strKeyVal = $this->dataSortAndKeyVal($data);
$sha1 = sha1($strKeyVal);
openssl_pkcs12_read(file_get_contents(‘pfx文件路径’), $certs, 'pfx密码');
if (!$certs) return '';
$signature = '';
openssl_sign($sha1, $signature, $certs['pkey']);
$sign = base64_encode($signature);// 使用base64方式编码
$data['sign'] = $sign;
return $data;
}
// 验签
public function verifySign($returnData) {
// 把签名提取出来
$sign = $returnData['sign'];
unset($returnData['sign']);
$strKeyVal = $this->dataSortAndKeyVal($returnData);
$pubKeyId = openssl_get_publickey(file_get_contents(‘cer文件路径’));
// 前面加签是用base64方式编码的,所以这里要用base64方式来解码
return openssl_verify(sha1($strKeyVal), base64_decode($sign), $pubKeyId);
}