1、第一次需要先用工具下载证书
用微信官网推荐的工具下载:https://github.com/wechatpay-apiv3/wechatpay-php/tree/main/bin
2、配置easyWeChat 6.x,请求证书
use EasyWeChat\Pay\Application;
$config = [
'mch_id' => '',
// 商户证书
'private_key' => __DIR__ . '/certs/apiclient_key.pem',
'certificate' => __DIR__ . '/certs/apiclient_cert.pem',
// v3 API 秘钥
'secret_key' => '32二位密钥',
'platform_certs' => [
'/path/to/wechatpay/cert.pem',
],
'http' => [
'throw' => true,
'timeout' => 5.0,
],
];
$app = new Application($config);
$api = $app->getClient();
$response = $api->get('/v3/certificates');
$response = $response->toArray();
//获得加密证书信息
$cert = end($response['data']);
3、解密证书并替换证书
用微信支付官方文档给的解密代码解密:
https://pay.weixin.qq.com/wiki/doc/apiv3/wechatpay/wechatpay4_2.shtml
<?php
class AesUtil
{
/**
* AES key
*
* @var string
*/
private $aesKey;
const KEY_LENGTH_BYTE = 32;
const AUTH_TAG_LENGTH_BYTE = 16;
/**
* Constructor
*/
public
function __construct($aesKey) {
if (strlen($aesKey) != self::KEY_LENGTH_BYTE) {
throw new InvalidArgumentException('无效的ApiV3Key,长度应为32个字节');
}
$this->aesKey = $aesKey;
}
/**
* Decrypt AEAD_AES_256_GCM ciphertext
*
* @param string $associatedData AES GCM additional authentication data
* @param string $nonceStr AES GCM nonce
* @param string $ciphertext AES GCM cipher text
*
* @return string|bool Decrypted string on success or FALSE on failure
*/
public
function decryptToString($associatedData, $nonceStr, $ciphertext) {
$ciphertext = \base64_decode($ciphertext);
if (strlen($ciphertext) <= self::AUTH_TAG_LENGTH_BYTE) {
return false;
}
// ext-sodium (default installed on >= PHP 7.2)
if (function_exists('\sodium_crypto_aead_aes256gcm_is_available') && \sodium_crypto_aead_aes256gcm_is_available()) {
return \sodium_crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $this->aesKey);
}
// ext-libsodium (need install libsodium-php 1.x via pecl)
if (function_exists('\Sodium\crypto_aead_aes256gcm_is_available') && \Sodium\crypto_aead_aes256gcm_is_available()) {
return \Sodium\crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $this->aesKey);
}
// openssl (PHP >= 7.1 support AEAD)
if (PHP_VERSION_ID >= 70100 && in_array('aes-256-gcm', \openssl_get_cipher_methods())) {
$ctext = substr($ciphertext, 0, -self::AUTH_TAG_LENGTH_BYTE);
$authTag = substr($ciphertext, -self::AUTH_TAG_LENGTH_BYTE);
return \openssl_decrypt($ctext, 'aes-256-gcm', $this->aesKey, \OPENSSL_RAW_DATA, $nonceStr,
$authTag, $associatedData);
}
throw new \RuntimeException('AEAD_AES_256_GCM需要PHP 7.1以上或者安装libsodium-php');
}
}
解密代码并更新
$tool = new \AesUtil($config['secret_key']);
$res = $tool->decryptToString($cert['encrypt_certificate']['associated_data'], $cert['encrypt_certificate']['nonce'], $cert['encrypt_certificate']['ciphertext']);
file_put_contents('/path/to/wechatpay/cert.pem', $res);