PHP 代碼示例( Linux 版)?
解壓后,參考 phplinux/v3.4.0.1/文檔/PHP版服務器端工具包(Linux版)軟件使用手冊.pdf
Demo 運行
1.安裝對應版本的 PHP
2.安裝運行時環境(glibc 庫等)
3.修改 PHP 的配置文件 php.ini
修改 php.ini,使 php 允許加載擴展,并將當前擴展添加到其擴展列表中
enable_dl = On
extension=libSADKExtension.so.3.4.0.1
4.在 DemoRSA 目錄下替換證書和 cer 文件
pfx 為私鑰文件請妥善保管不要泄露給他人
cer 文件為頒發者公鑰,用來驗證匯付公鑰
5.配置 cfcalog.conf cfca 日志文件
6.通過命令行終端運行 Demo 文件
php huifuCFCALinuxDemo.php
Msg PKCS7-attached Sign
為使用 pfx 證書加簽
PKCS7-attached-Verify
為驗證匯付的簽名
cfca_verifyCertificate
為驗證證書鏈合法性
cfca_getCertificateInfo
為獲取證書信息(非必要)
php
class HuifuCFCA
{
private $apiUrl = 'https://eacloud.testpnr.com/api/publicRequests'; //企賬通商戶交易接口,此處使用的是聯調環境地址
private $strSignAlg = 'RSA'; //RSA證書類型
private $strPfxPassword = '888888'; //導出時設置的密碼
private $strHashAlg = 'SHA-256'; //加簽算法
private $strPfxFilePath = './RSA/AS0381.pfx'; //匯付下發的證書,此處換成商戶自己的證書 .pfx 格式 加簽使用
private $strTrustedCACertFilePath = './RSA/CFCA_ACS_TEST_OCA31.cer|./RSA/CFCA_ACS_TEST_CA.cer'; //匯付下發的.cer證書 ,需要一對證書 解簽使用
private $strLogCofigFilePath = './cfcalog.conf'; //CFCA log 目錄
public function __construct()
{
$this->getCFCAInitialize(); //CFCA工具初始化
}
/**
* CFCA工具初始化
*/
private function getCFCAInitialize()
{
$nResult = cfca_initialize($this->strLogCofigFilePath);
if (0 != $nResult) {
//記錄log
echo new Exception("\n cfca_Initialize error:".$nResult."\n");
}
}
/**
* 調用接口 此處是企賬通的接口請求
*
* @return string
*/
public function apiRequest(){
//請求參數,依據商戶自己的參數為準
$requestParam['version'] = '10';
$requestParam['cmd_id'] = 'Q01'; //交易訂單查詢
$requestParam['mer_cust_id'] = '6666000000002619';
$requestParam['user_cust_id'] = '6666000000054387';
$requestParam['order_date'] = '20180918';
$requestParam['order_id'] = '201809189000001';
$requestParam['trans_type'] = '01';
$requestParam['mer_priv'] = '';
//加簽
$strSignSourceData = json_encode($requestParam);
$cfcaSign = $this->CFCASignature($strSignSourceData);
//接口請求參數
$param = [
'requestData' => [
'cmd_id' => $requestParam['cmd_id'],
'mer_cust_id' => $requestParam['mer_cust_id'],
'version' => $requestParam['version'],
'check_value' => $cfcaSign,
],
'headers' => ['Content-type' => 'application/x-www-form-urlencoded;charset=UTF-8']
];
$requestData = $this->requestData($param);
$checkValue = json_decode($requestData['body'],1)['check_value'];
//驗證接口返回的簽名數據
$sourceData = $this->getCFCASignSourceData($checkValue);
$SignCertContent = !empty($sourceData['strMsgP7AttachedSignCertContent']) ? $sourceData['strMsgP7AttachedSignCertContent'] : '';
//驗證返回數據的CFCA證書有效性
$verifyCertificat = $this->verifyCertificat($SignCertContent);
$signSourceData = '';
if(!empty($sourceData['strMsgP7AttachedSource']) && $verifyCertificat){ //校驗證書有效性
$signSourceData = $sourceData['strMsgP7AttachedSource'];
}
return $signSourceData;
}
/**
* CFCA 加簽方法
*
* @param $strSignSourceData base64 encode 加簽原串
* @return string base64 encode 加簽串
*/
private function CFCASignature($strSignSourceData){
$strMsgPKCS7AttachedSignature = '';//加簽生成串 ,輸出變量,無需傳值
try{
//調用加簽方法
$nResult = cfca_signData_PKCS7Attached($this->strSignAlg, $strSignSourceData,
$this->strPfxFilePath, $this->strPfxPassword, $this->strHashAlg,$strMsgPKCS7AttachedSignature);
//加簽方法異常判斷及記錄
if (0 != $nResult) {
//記錄log
echo new Exception("\n cfca_signData_PKCS7Attached error:".$nResult."\n");
}
}catch (Exception $e){
throw new Exception("\n cfca_verifyCertificate error:".$e."\n");
}
return base64_encode($strMsgPKCS7AttachedSignature);
}
/**
* CFCA 驗證簽名數據
*
* @param $signature
* @return array
*/
private function getCFCASignSourceData($signature){
$strMsgP7AttachedSignCertContent = ''; //PKCS#7 中的簽名證書 輸出變量,無需傳值
$strMsgP7AttachedSource = ''; //簽名原文字符串 輸出變量,無需傳值
try{
//調用驗證簽名數據方法
$nResult = cfca_verifyDataSignature_PKCS7Attached($this->strSignAlg, base64_decode($signature),
$strMsgP7AttachedSignCertContent,$strMsgP7AttachedSource);
//驗證簽名方法異常判斷及記錄
if (0 != $nResult) {
//記錄log
echo new Exception("cfca_verifyDataSignature error:".$nResult);
}
}catch (Exception $e){
//記錄log
throw new Exception("cfca_verifyDataSignature_PKCS7Attached error:".$e);
}
return array(
'strMsgP7AttachedSource' => $strMsgP7AttachedSource,
'strMsgP7AttachedSignCertContent' => $strMsgP7AttachedSignCertContent,
);
}
/**
* CFCA 證書有效性驗證
*
* @param $strMsgP7AttachedSignCertContent PKCS#7 中的簽名證書 base64
* @return int
*/
private function verifyCertificat($strMsgP7AttachedSignCertContent = ''){
$nCertVerifyFlag = '4'; //驗證證書鏈完整性
$strTrustedCACertFilePath = $this->strTrustedCACertFilePath;
$isVerify = false;
try{
//調用驗證方法
$nResult = cfca_verifyCertificate($strMsgP7AttachedSignCertContent, $nCertVerifyFlag, $strTrustedCACertFilePath,"");
if (0 == $nResult) { // 0 為驗證通過 ,其他驗證失敗
$isVerify = true;
}else{
//記錄log
echo new Exception("cfca_verifyCertificate error:".$nResult);
}
}catch (Exception $e){
//記錄log
throw new Exception("cfca_verifyCertificate error:".$e);
}
return $isVerify;
}
/**
* 請求接口返回數據
* @param $param
* @return array
*/
private function requestData($param)
{
try{
// 請求接口所以參數初始化
$data = [
'url' => $this->apiUrl, // 接口 url
'requestData' => $param['requestData'], // 請求接口參數
'headers' =>$param['headers']
];
$res = $this->httpPostRequest($data['url'],$data['headers'],$data['requestData']);
} catch (\Exception $e) {
//記錄log
throw new Exception("api requestData error :".$e);
}
return [
'status' => $res['info']['http_code'],
'body' => $res['body']
];
}
/**
* curl post 請求方法
*
* @param string $url
* @param array $header
* @param array $requestData
* @return array
*/
private function httpPostRequest($url = '',$header = array(),$requestData = array()){
$curl = curl_init();
curl_setopt ( $curl, CURLOPT_HTTPHEADER,$header);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS,http_build_query($requestData));
$res = curl_exec($curl);
$info = curl_getinfo($curl);
$error = curl_error($curl);
curl_close($curl);
return [
'body' => $res,
'info' => $info,
'error' => $error,
];
}
/**
*CFCA工具結束
*/
public function __destruct()
{
cfca_uninitialize();
}
}
//調用
$demoObj = new HuifuCFCA();
$data = $demoObj->apiRequest();
print_r('
');print_r($data);
?>
:Java 知道您的類型)
)
)
)
