LogInfo ( '=====签名报文开始======' ); if(isset($params['transTempUrl'])){ unset($params['transTempUrl']); } $params_str = coverParamsToString ( $params ); $log->LogInfo ( "签名key=val&...串 >" . $params_str ); $params_sha1x16 = sha1 ( $params_str, FALSE ); $log->LogInfo ( "摘要sha1x16 >" . $params_sha1x16 ); $cert_path = SDK_SIGN_CERT_PATH; $private_key = getPrivateKey ( $cert_path ); $sign_falg = openssl_sign ( $params_sha1x16, $signature, $private_key, OPENSSL_ALGO_SHA1 ); if ($sign_falg) { $signature_base64 = base64_encode ( $signature ); $log->LogInfo ( "签名串为 >" . $signature_base64 ); $params ['signature'] = $signature_base64; } else { $log->LogInfo ( ">>>>>签名失败<<<<<<<" ); } $log->LogInfo ( '=====签名报文结束======' ); } function verify($params) { global $log; $public_key = getPulbicKeyByCertId ( $params ['certId'] ); $signature_str = $params ['signature']; unset ( $params ['signature'] ); $params_str = coverParamsToString ( $params ); $log->LogInfo ( '报文去[signature] key=val&串>' . $params_str ); $signature = base64_decode ( $signature_str ); $params_sha1x16 = sha1 ( $params_str, FALSE ); $log->LogInfo ( '摘要shax16>' . $params_sha1x16 ); $isSuccess = openssl_verify ( $params_sha1x16, $signature,$public_key, OPENSSL_ALGO_SHA1 ); $log->LogInfo ( $isSuccess ? '验签成功' : '验签失败' ); return $isSuccess; } function getPulbicKeyByCertId($certId) { global $log; $log->LogInfo ( '报文返回的证书ID>' . $certId ); $cert_dir = SDK_VERIFY_CERT_DIR; $log->LogInfo ( '验证签名证书目录 :>' . $cert_dir ); $handle = opendir ( $cert_dir ); if ($handle) { while ( $file = readdir ( $handle ) ) { clearstatcache (); $filePath = $cert_dir . '/' . $file; if (is_file ( $filePath )) { if (pathinfo ( $file, PATHINFO_EXTENSION ) == 'cer') { if (getCertIdByCerPath ( $filePath ) == $certId) { closedir ( $handle ); $log->LogInfo ( '加载验签证书成功' ); return getPublicKey ( $filePath ); } } } } $log->LogInfo ( '没有找到证书ID为[' . $certId . ']的证书' ); } else { $log->LogInfo ( '证书目录 ' . $cert_dir . '不正确' ); } closedir ( $handle ); return null; } function getCertId($cert_path) { $pkcs12certdata = file_get_contents ( $cert_path ); openssl_pkcs12_read ( $pkcs12certdata, $certs, SDK_SIGN_CERT_PWD ); $x509data = $certs ['cert']; openssl_x509_read ( $x509data ); $certdata = openssl_x509_parse ( $x509data ); $cert_id = $certdata ['serialNumber']; return $cert_id; } function getCertIdByCerPath($cert_path) { $x509data = file_get_contents ( $cert_path ); openssl_x509_read ( $x509data ); $certdata = openssl_x509_parse ( $x509data ); $cert_id = $certdata ['serialNumber']; return $cert_id; } function getSignCertId() { return getCertId ( SDK_SIGN_CERT_PATH ); } function getEncryptCertId() { return getCertIdByCerPath ( SDK_ENCRYPT_CERT_PATH ); } function getPublicKey($cert_path) { return file_get_contents ( $cert_path ); } function getPrivateKey($cert_path) { $pkcs12 = file_get_contents ( $cert_path ); openssl_pkcs12_read ( $pkcs12, $certs, SDK_SIGN_CERT_PWD ); return $certs ['pkey']; } function encryptPan($pan) { $cert_path = MPI_ENCRYPT_CERT_PATH; $public_key = getPublicKey ( $cert_path ); openssl_public_encrypt ( $pan, $cryptPan, $public_key ); return base64_encode ( $cryptPan ); } function encryptPin($pan, $pwd) { $cert_path = SDK_ENCRYPT_CERT_PATH; $public_key = getPublicKey ( $cert_path ); return EncryptedPin ( $pwd, $pan, $public_key ); } function encryptCvn2($cvn2) { $cert_path = SDK_ENCRYPT_CERT_PATH; $public_key = getPublicKey ( $cert_path ); openssl_public_encrypt ( $cvn2, $crypted, $public_key ); return base64_encode ( $crypted ); } function encryptDate($certDate) { $cert_path = SDK_ENCRYPT_CERT_PATH; $public_key = getPublicKey ( $cert_path ); openssl_public_encrypt ( $certDate, $crypted, $public_key ); return base64_encode ( $crypted ); } function encryptDateType($certDataType) { $cert_path = SDK_ENCRYPT_CERT_PATH; $public_key = getPublicKey ( $cert_path ); openssl_public_encrypt ( $certDataType, $crypted, $public_key ); return base64_encode ( $crypted ); } ?>