接口数据加上签名,可以防止别人篡改数据,过滤非法请求。
/*
* @param $data array 需要加密的数组
*/
function getSign($data,$private_key){
//排序
$data = argSort($data);
//拼接得的需要加密的字符串
$mystr = createLinkstring($data);
//用私钥加密
$sign = rsaSign($mystr,$private_key);
return $sign;
}
/*
* @param $data array 需要加密的数组
* return bool 是否验证通过
*/
function checkSign($data,$public_key){
$sign = $data['sign'];
unset($data['sign']);
//排序
$data = argSort($data);
//拼接
$mystr = createLinkstring($data);
//用公钥验证
return rsaCheck($mystr, $public_key, $sign);
}
用到的函数封装
/**
* 把数组所有元素,按照值字符拼接成字符串
* @param $para 需要拼接的数组
* return 拼接完成以后的字符串
*/
function createLinkstring($para) {
$arg = "";
while (list ($key, $val) = each ($para)) {
if (is_array($val)) {
$val = implode("",$val);
}
$arg.=$val;
}
//如果存在转义字符,那么去掉转义
if(get_magic_quotes_gpc()){$arg = stripslashes($arg);}
return $arg;
}
/**
* 对数组排序
* @param $para 排序前的数组
* return 排序后的数组
*/
function argSort($para) {
ksort($para);
reset($para);
return $para;
}
/**
* RSA签名
* @param $data 待签名数据
* @param $private_key 商户私钥
* return 签名结果
*/
function rsaSign($data, $private_key) {
$search = [
"-----BEGIN RSA PRIVATE KEY-----",
"-----END RSA PRIVATE KEY-----",
"\n",
"\r",
"\r\n"
];
$private_key=str_replace($search,"",$private_key);
$private_key=$search[0] . PHP_EOL . wordwrap($private_key, 64, "\n", true) . PHP_EOL . $search[1];
$res=openssl_get_privatekey($private_key);
if($res)
{
openssl_sign($data, $sign,$res);
openssl_free_key($res);
}else {
exit("私钥格式有误");
}
$sign = base64_encode($sign);
return $sign;
}
/**
* RSA验签
* @param $data 待签名数据
* @param $public_key 公钥字符串
* @param $sign 要校对的的签名结果
* return 验证结果
*/
function rsaCheck($data, $public_key, $sign) {
$search = [
"-----BEGIN PUBLIC KEY-----",
"-----END PUBLIC KEY-----",
"\n",
"\r",
"\r\n"
];
$public_key=str_replace($search,"",$public_key);
$public_key=$search[0] . PHP_EOL . wordwrap($public_key, 64, "\n", true) . PHP_EOL . $search[1];
$res=openssl_get_publickey($public_key);
if($res)
{
$result = (bool)openssl_verify($data, base64_decode($sign), $res);
openssl_free_key($res);
}else{
exit("公钥格式有误!");
}
return $result;
}
通过curl 传递json请求接口
//$data_string json_encode($arr)得到的json字符串
function post_json_data($url, $data_string) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data_string);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json; charset=utf-8',
'Content-Length: ' . strlen($data_string))
);
if (substr($url, 0, 5) == 'https') {
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
}
ob_start();
curl_exec($ch);
$return_content = ob_get_contents();
ob_end_clean();
$return_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
if ($result = json_decode($return_content,true)) {
$return_content = $result;
}
return array('code'=>$return_code, 'result'=>$return_content);
}