yunzerwebsite/pay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
871cf27262
pay/plugins/yeepay/inc/YopClient.php
李志强 09a14bf0a3 first commit
2025-11-28 10:08:12 +08:00

330 lines
11 KiB
PHP
Raw Blame History

<?php
namespace Yeepay;
use Exception;
class YopClient
{
const VERSION = '3.1.14';
private static $serverRoot = "https://openapi.yeepay.com/yop-center";
private static $yosServerRoot = "https://yos.yeepay.com/yop-center";
private static $yopPublicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6p0XWjscY+gsyqKRhw9MeLsEmhFdBRhT2emOck/F1Omw38ZWhJxh9kDfs5HzFJMrVozgU+SJFDONxs8UB0wMILKRmqfLcfClG9MyCNuJkkfm0HFQv1hRGdOvZPXj3Bckuwa7FrEXBRYUhK7vJ40afumspthmse6bs6mZxNn/mALZ2X07uznOrrc2rk41Y2HftduxZw6T4EmtWuN2x4CZ8gwSyPAW5ZzZJLQ6tZDojBK4GZTAGhnn3bg5bBsBlw2+FLkCQBuDsJVsFPiGh/b6K/+zGTvWyUcu+LUj2MejYQELDO3i2vQXVDk7lVi2/TcUYefvIcssnzsfCfjaorxsuwIDAQAB";
private $appKey;
private $secretKey;
private $downRequest;
public function __construct($appKey, $secretKey)
{
$this->appKey = $appKey;
$this->secretKey = $secretKey;
}
//发起GET请求
public function get($path, $params = null){
return $this->request('GET', $path, $params);
}
//发起POST请求
public function post($path, $params){
return $this->request('POST', $path, $params);
}
//发起上传请求
public function upload($path, $params){
return $this->request('POST', $path, $params, true);
}
//发起请求并解析返回结果
public function request($httpMethod, $path, $params = null, $file = false)
{
$requrl = ($file ? self::$yosServerRoot : self::$serverRoot) . $path;
if($httpMethod == 'GET' && $params){
$requrl .= '?' . http_build_query($params);
}
foreach($params as &$value){
if ($value instanceof \CURLFile || substr($value, 0, 1) == '@') continue;
$value = rawurlencode($value);
}
$headers = $this->getSignedHeaders($httpMethod, $path, $params);
if($httpMethod == 'POST'){
$response = $this->curl($requrl, $params, $headers);
}else{
$response = $this->curl($requrl, null, $headers);
}
if($this->downRequest) return $response;
$result = json_decode($response, true);
if(isset($result['result'])) {
return $result['result'];
}elseif(isset($result['subMessage'])){
throw new Exception('['.$result['subCode'].']'.$result['subMessage']);
}elseif(isset($result['message'])){
throw new Exception($result['message']);
}elseif(isset($result['error'])){
throw new Exception($result['error']['message']);
}else{
throw new Exception('返回数据解析失败');
}
}
//结果通知解密
public function notifyDecrypt($source)
{
//分解参数
$args = explode('$', $source);
if (count($args) != 4) {
throw new Exception('invalid response');
}
$encryptedRandomKeyToBase64 = $args[0];
$encryptedDataToBase64 = $args[1];
$symmetricEncryptAlg = $args[2];
$digestAlg = $args[3];
//用私钥对随机密钥进行解密
$randomKey = $this->rsaPrivateDecrypt($encryptedRandomKeyToBase64);
if (!$randomKey) {
throw new Exception('randomKey decrypt fail');
}
$encryptedData = openssl_decrypt(self::base64_urldecode($encryptedDataToBase64), "AES-128-ECB", $randomKey, OPENSSL_RAW_DATA);
if (!$encryptedData) {
throw new Exception('data decrypt fail');
}
//分解参数
$signToBase64 = substr(strrchr($encryptedData, '$'), 1);
$sourceData = substr($encryptedData, 0, strlen($encryptedData) - strlen($signToBase64) - 1);
if ($this->rsaPublicVerify($sourceData, $signToBase64, $digestAlg)) {
return json_decode($sourceData, true);
} else {
throw new Exception('verify sign fail');
}
}
//获取签名头部
private function getSignedHeaders($httpMethod, $path, $params)
{
$timestamp = gmdate('Y-m-d\TH:i:s\Z', time());;
$headers = array();
$headers['x-yop-appkey'] = $this->appKey;
$headers['x-yop-request-id'] = self::uuid();
$protocolVersion = "yop-auth-v2";
$expiredSeconds = "1800";
$authString = $protocolVersion . "/" . $this->appKey . "/" . $timestamp . "/" . $expiredSeconds;
$headersToSignSet = ['x-yop-request-id'];
// Formatting the query string with signing protocol.
$canonicalQueryString = $this->getCanonicalQueryString($params);
// Sorted the headers should be signed from the request.
$headersToSign = $this->getHeadersToSign($headers, $headersToSignSet);
// Formatting the headers from the request based on signing protocol.
$canonicalHeader = $this->getCanonicalHeaders($headersToSign);
$signedHeaders = "";
foreach ($headersToSign as $key => $value) {
$signedHeaders .= strlen($signedHeaders) == 0 ? "" : ";";
$signedHeaders .= $key;
}
$signedHeaders = strtolower($signedHeaders);
$canonicalRequest = $authString . "\n" . $httpMethod . "\n" . $path . "\n" . $canonicalQueryString . "\n" . $canonicalHeader;
// Signing the canonical request using key with sha-256 algorithm.
$signToBase64 = $this->rsaPrivateSign($canonicalRequest);
$headers['Authorization'] = "YOP-RSA2048-SHA256 " . $protocolVersion . "/" . $this->appKey . "/" . $timestamp . "/" . $expiredSeconds . "/" . $signedHeaders . "/" . $signToBase64;
return $headers;
}
//获取规范查询字符串
private function getCanonicalQueryString($params)
{
if(empty($params)) return '';
ksort($params);
$str = '';
foreach ($params as $k => $v) {
if ($v instanceof \CURLFile || substr($v, 0, 1) == '@') continue;
$str .= $k . '=' . $v . '&';
}
$str = substr($str, 0, -1);
return $str;
}
//获取待签名标头
private function getHeadersToSign($headers, $headersToSign)
{
$ret = array();
foreach($headersToSign as &$header) {
$header = strtolower($header);
}
foreach ($headers as $key => $value) {
if (!empty($value)) {
if (in_array(strtolower($key), $headersToSign) && $key != "Authorization") {
$ret[$key] = $value;
}
}
}
ksort($ret);
return $ret;
}
//获取规范标头
private static function getCanonicalHeaders($headers)
{
if (empty($headers)) return '';
$str = '';
foreach ($headers as $key => $value) {
$key = strtolower($key);
$value = trim($value);
$str .= strtolower($key) . ':' . trim($value) . "\n";
}
$str = substr($str, 0, -1);
return $str;
}
//商户私钥签名
private function rsaPrivateSign($data, $digestAlg = 'SHA256')
{
$key = "-----BEGIN RSA PRIVATE KEY-----\n" .
wordwrap($this->secretKey, 64, "\n", true) .
"\n-----END RSA PRIVATE KEY-----";
$privatekey = openssl_pkey_get_private($key);
if(!$privatekey){
throw new Exception('签名失败,商户私钥错误');
}
openssl_sign($data, $sign, $privatekey, $digestAlg);
$signToBase64 = self::base64_urlencode($sign);
$signToBase64 .= '$SHA256';
return $signToBase64;
}
//平台公钥验签
private function rsaPublicVerify($data, $sign, $digestAlg = 'SHA256')
{
$key = "-----BEGIN PUBLIC KEY-----\n" .
wordwrap(self::$yopPublicKey, 64, "\n", true) .
"\n-----END PUBLIC KEY-----";
$publickey = openssl_pkey_get_public($key);
if (!$publickey) {
throw new \Exception("invalid public key");
}
$result = openssl_verify($data, self::base64_urldecode($sign), $publickey, $digestAlg);
return $result === 1;
}
//商户私钥解密
private function rsaPrivateDecrypt($data)
{
$key = "-----BEGIN RSA PRIVATE KEY-----\n" .
wordwrap($this->secretKey, 64, "\n", true) .
"\n-----END RSA PRIVATE KEY-----";
$privatekey = openssl_pkey_get_private($key);
if(!$privatekey){
throw new Exception('invalid private key');
}
openssl_private_decrypt(self::base64_urldecode($data), $decrypted, $privatekey);
return $decrypted;
}
private function curl($url, $postFields, $headers)
{
$uaString = "php/" . self::VERSION . "/" . PHP_OS . "/" . (array_key_exists('SERVER_SOFTWARE', $_SERVER) ? $_SERVER ['SERVER_SOFTWARE'] : "") . "/Zend Framework/" . zend_version() . "/" . PHP_VERSION . "/" . (array_key_exists('HTTP_ACCEPT_LANGUAGE', $_SERVER) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : "") . "/";
$headerArray = array();
foreach ($headers as $key => $value) {
$headerArray[] = $key . ": " . $value;
}
$headerArray[] = 'x-yop-sdk-langs: php';
$headerArray[] = 'x-yop-sdk-version: '.self::VERSION;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_FAILONERROR, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headerArray);
curl_setopt($ch, CURLOPT_USERAGENT, $uaString);
if (is_array($postFields) && 0 < count($postFields)) {
$postMultipart = false;
foreach ($postFields as &$value) {
if ($value instanceof \CURLFile) {
$postMultipart = true;
} elseif(substr($value, 0, 1) == '@' && class_exists('CURLFile')) {
$postMultipart = true;
$file = substr($value, 1);
if(file_exists($file)){
$value = new \CURLFile($file);
}
}
}
curl_setopt($ch, CURLOPT_POST, true);
if($postMultipart){
curl_setopt($ch, CURLOPT_POSTFIELDS, $postFields);
}else{
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postFields));
}
}
$response = curl_exec($ch);
if (curl_errno($ch) > 0) {
$errmsg = curl_error($ch);
curl_close($ch);
throw new \Exception($errmsg, 0);
}
$responseHeaders = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
if (!empty($responseHeaders) && substr_compare($responseHeaders, "application/octet-stream", 0, 16) == 0) {
$this->downRequest = true;
}
curl_close($ch);
return $response;
}
private static function base64_urlencode($data, $use_padding = false)
{
$encoded = strtr(base64_encode($data), '+/', '-_');
return true === $use_padding ? $encoded : rtrim($encoded, '=');
}
private static function base64_urldecode($data)
{
return base64_decode(strtr($data, '-_', '+/'));
}
private static function uuid($namespace = '')
{
static $guid = '';
$uid = uniqid("", true);
$data = $_SERVER['REQUEST_TIME'];
$hash = hash('ripemd128', $uid . $data);
$guid = $namespace .
substr($uid, 0, 14) .
substr($uid, 15, 24) .
substr($hash, 0, 10) .
'';
return $guid;
}
}
Reference in New Issue View Git Blame Copy Permalink