public function test1(){
$wx_config = [
// 前面的appid什么的也得保留哦
'app_id' => '', // appid
'mch_id' => '', // 商户号
'key' => '', // apiV3 秘钥
'cert_path' => public_path().'/wxpay/apiclient_cert04.pem', // 绝对路径!!!!
'key_path' => public_path().'/wxpay/apiclient_key04.pem', // 绝对路径!!!!
];
//获取证书
$url2 = '/v3/certificates';
$token2 = self::token1($url2,'GET','',$wx_config);
$url3 = 'https://api.mch.weixin.qq.com/v3/certificates';
$serial1 = self::https_request($url3,'',$token2);
$arr = json_decode($serial1,true);
$serial = $arr['data'][0]['serial_no'];
// 这里是获取 平台证书的地方 解密之后 需要自行保存
$associated_data = $arr['data'][0]['encrypt_certificate']['associated_data'];
$ciphertext = $arr['data'][0]['encrypt_certificate']['ciphertext'];
$nonce = $arr['data'][0]['encrypt_certificate']['nonce'];
$aesUtil=new AesUtil($wx_config['key']);
$jiemi=$aesUtil->decryptToString($associated_data,$nonce,$ciphertext);
print_r($jiemi);
$print_r($serial);
}
public static function https_request($url,$data,$token)
{
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, (string)$url);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, FALSE);
if (!empty($data)){
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
}
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
//添加请求头
$headers = [
'Authorization:'.$token,
'Accept: application/json',
'Content-Type: application/json; charset=utf-8',
'User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
];
if(!empty($headers)){
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
}
$output = curl_exec($curl);
curl_close($curl);
return $output;
}
/**
* @notes 获取签名
*/
public static function token1($url,$http_method,$data,$config)
{
$timestamp = time();//请求时间戳
$url_parts = parse_url($url);//获取请求的绝对URL
$nonce = $timestamp.rand('10000','99999');//请求随机串
$body = empty($data) ? '' : json_encode((object)$data);//请求报文主体
$stream_opts = [
"ssl" => [
"verify_peer"=>false,
"verify_peer_name"=>false,
]
];
$apiclient_cert_arr = openssl_x509_parse(file_get_contents($config['cert_path'],false, stream_context_create($stream_opts)));
$serial_no = '684245A4B04BB2B9D1538999BEF59A0340DA251E';//证书序列号
$mch_private_key = file_get_contents($config['key_path'],false, stream_context_create($stream_opts));//密钥
$merchant_id = $config['mch_id'];//商户id
$canonical_url = ($url_parts['path'] . (!empty($url_parts['query']) ? "?${url_parts['query']}" : ""));
$message = $http_method."\n".
$canonical_url."\n".
$timestamp."\n".
$nonce."\n".
$body."\n";
openssl_sign($message, $raw_sign, $mch_private_key, 'sha256WithRSAEncryption');
$sign = base64_encode($raw_sign);//签名
$schema = 'WECHATPAY2-SHA256-RSA2048';
$token = sprintf('mchid="%s",nonce_str="%s",timestamp="%d",serial_no="%s",signature="%s"',
$merchant_id, $nonce, $timestamp, $serial_no, $sign);//微信返回token
return $schema.' '.$token;
}因通过 composer require wechatpay/wechatpay 和下面命令无法生成平台证书(命令只能在linux下生成,无法在windows使用)
php ./bin/CertificateDownloader.php -k ${apiV3key} -m ${mchId} -f ${mchPrivateKeyFilePath} -s ${mchSerialNo} -o ${outputFilePath}
apiV3key : 微信支付商户平台设置
mchId:微信支付商户号
mchPrivateKeyFilePath:微信工具生成的证书私钥
mchSerialNo:证书序列号,在微信支付商户平台可以查看,注意不是平台证书序列号
outputFilePath:输入路径,生成的平台证书到这
所以写了通过接口获取平台证书内容 和zheng
方法:访问test1接口,打印$jiemi为平台证书内容 ,$serial为平台证书序列号,需要用到一个AesUtil解密类,内容如下:
<?php
namespace App\Http\Controllers\Tools;
class AesUtil {
/**
* AES key
*
* @var string
*/
private $aesKey;
const KEY_LENGTH_BYTE = 32;
const AUTH_TAG_LENGTH_BYTE = 16;
/**
* Constructor
*/
public function __construct($aesKey) {
if (strlen($aesKey) != self::KEY_LENGTH_BYTE) {
throw new InvalidArgumentException('无效的ApiV3Key,长度应为32个字节');
}
$this -> aesKey = $aesKey;
}
/**
* Decrypt AEAD_AES_256_GCM ciphertext
*
* @param string $associatedData AES GCM additional authentication data
* @param string $nonceStr AES GCM nonce
* @param string $ciphertext AES GCM cipher text
*
* @return string|bool Decrypted string on success or FALSE on failure
*/
public function decryptToString($associatedData, $nonceStr, $ciphertext) {
$ciphertext = \base64_decode($ciphertext);
if (strlen($ciphertext) <= self::AUTH_TAG_LENGTH_BYTE) {
return false;
}
// ext-sodium (default installed on >= PHP 7.2)
if (function_exists('\sodium_crypto_aead_aes256gcm_is_available') && \sodium_crypto_aead_aes256gcm_is_available()) {
return \sodium_crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $this-> aesKey);
}
// ext-libsodium (need install libsodium-php 1.x via pecl)
if (function_exists('\Sodium\crypto_aead_aes256gcm_is_available') && \Sodium\crypto_aead_aes256gcm_is_available()) {
return \Sodium\crypto_aead_aes256gcm_decrypt($ciphertext, $associatedData, $nonceStr, $this -> aesKey);
}
// openssl (PHP >= 7.1 support AEAD)
if (PHP_VERSION_ID >= 70100 && in_array('aes-256-gcm', \openssl_get_cipher_methods())) {
$ctext = substr($ciphertext, 0, -self::AUTH_TAG_LENGTH_BYTE);
$authTag = substr($ciphertext, -self::AUTH_TAG_LENGTH_BYTE);
return \openssl_decrypt($ctext, 'aes-256-gcm', $this -> aesKey, \OPENSSL_RAW_DATA, $nonceStr,
$authTag, $associatedData);
}
throw new \RuntimeException('AEAD_AES_256_GCM需要PHP 7.1以上或者安装libsodium-php');
}
}
505
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
