token = $values['token'];
$this->encodingAesKey = $values['encoding_aes_key'];
$this->appId = $values['app_id'];
$this->keys = base64_decode($values['encoding_aes_key'] . "=");
}
/**
* 将公众平台回复用户的消息加密打包.
*
* - 对要发送的消息进行AES-CBC加密
* - 生成安全签名
* - 将消息密文和安全签名打包成xml格式
*
*
* @param $replyMsg string 公众平台待回复用户的消息,xml格式的字符串
* @param $timeStamp string 时间戳,可以自己生成,也可以用URL参数的timestamp
* @param $nonce string 随机串,可以自己生成,也可以用URL参数的nonce
* @param &$encryptMsg string 加密后的可以直接回复用户的密文,包括msg_signature, timestamp, nonce, encrypt的xml格式的字符串,
* 当return返回0时有效
*
* @return int 成功0,失败返回对应的错误码
*/
public function encryptMsg($replyMsg, $timeStamp, $nonce, &$encryptMsg)
{
//加密
$array = $this->encrypt($replyMsg, $this->appId);
$ret = $array[0];
if ($ret != 0) {
return $ret;
}
if ($timeStamp == null) {
$timeStamp = time();
}
$encrypt = $array[1];
//生成安全签名
$array = $this->getSHA1($this->token, $timeStamp, $nonce, $encrypt);
$ret = $array[0];
if ($ret != 0) {
return $ret;
}
$signature = $array[1];
//生成发送的xml
$encryptMsg = $this->generate($encrypt, $signature, $timeStamp, $nonce);
return $this->OK;
}
/**
* 检验消息的真实性,并且获取解密后的明文.
*
* - 利用收到的密文生成安全签名,进行签名验证
* - 若验证通过,则提取xml中的加密消息
* - 对消息进行解密
*
*
* @param $msgSignature string 签名串,对应URL参数的msg_signature
* @param $timestamp string 时间戳 对应URL参数的timestamp
* @param $nonce string 随机串,对应URL参数的nonce
* @param $postData string 密文,对应POST请求的数据
* @param &$msg string 解密后的原文,当return返回0时有效
*
* @return int 成功0,失败返回对应的错误码
*/
public function decryptMsg($msgSignature='', $timestamp = null, $nonce='', $postData='', &$msg='')
{
if (strlen($this->encodingAesKey) != 43) {
return $this->IllegalAesKey;
}
//提取密文
$array = $this->extracts($postData);
$ret = $array[0];
if ($ret != 0) {
return $ret;
}
if ($timestamp == null) {
$timestamp = time();
}
$encrypt = $array[1];
//验证安全签名
$array = $this->getSHA1($this->token, $timestamp, $nonce, $encrypt);
$ret = $array[0];
if ($ret != 0) {
return $ret;
}
$signature = $array[1];
if ($signature != $msgSignature) {
return $this->ValidateSignatureError;
}
$result = $this->decrypt($encrypt,$this->appId);
if ($result[0] != 0) {
return $result[0];
}
$msg = $result[1];
return $this->OK;
}
/**
* 用SHA1算法生成安全签名
* @param string $token 票据
* @param string $timestamp 时间戳
* @param string $nonce 随机字符串
* @param string $encrypt 密文消息
*/
private function getSHA1($token, $timestamp, $nonce, $encrypt_msg)
{
//排序
try {
$array = array($token, $timestamp, $nonce, $encrypt_msg);
sort($array, SORT_STRING);
$str = sha1(implode($array));
return array($this->OK, $str);
} catch (Exception $e) {
//print $e . "\n";
return array($this->ComputeSignatureError, null);
}
}
/**
* 提取出xml数据包中的加密消息
* @param string $xmltext 待提取的xml字符串
* @return string 提取出的加密消息字符串
*/
private function extracts($xmltext)
{
try {
$xml = new \DOMDocument();
$xml->loadXML($xmltext);
$array_a = $xml->getElementsByTagName('Encrypt');
$Encrypt = $array_a->item(0)->nodeValue;
return array(0,$Encrypt);
} catch (Exception $e) {
//print $e . "\n";
return array($this->ParseXmlError, null, null);
}
}
/**
* 生成xml消息
* @param string $encrypt 加密后的消息密文
* @param string $signature 安全签名
* @param string $timestamp 时间戳
* @param string $nonce 随机字符串
*/
private function generate($encrypt, $signature, $timestamp, $nonce)
{
$format = "
%s
";
return sprintf($format, $encrypt, $signature, $timestamp, $nonce);
}
/**
* 对需要加密的明文进行填充补位
* @param $text 需要进行填充补位操作的明文
* @return 补齐明文字符串
*/
private function encode($text)
{
$block_size = $this->block_size;
$text_length = strlen($text);
//计算需要填充的位数
$amount_to_pad = $this->block_size - ($text_length % $this->block_size);
if ($amount_to_pad == 0) {
$amount_to_pad = $this->block_size;
}
//获得补位所用的字符
$pad_chr = chr($amount_to_pad);
$tmp = "";
for ($index = 0; $index < $amount_to_pad; $index++) {
$tmp .= $pad_chr;
}
return $text . $tmp;
}
/**
* 对解密后的明文进行补位删除
* @param decrypted 解密后的明文
* @return 删除填充补位后的明文
*/
private function decode($text)
{
$pad = ord(substr($text, -1));
if ($pad < 1 || $pad > 32) {
$pad = 0;
}
return substr($text, 0, (strlen($text) - $pad));
}
/**
* 对明文进行加密
* @param string $text 需要加密的明文
* @return string 加密后的密文
*/
private function encrypt($text, $appid)
{
try {
//获得16位随机字符串,填充到明文之前
$random = $this->getRandomStr();
$text = $random . pack("N", strlen($text)) . $text . $appid;
// 网络字节序
$size = mcrypt_get_block_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$module = mcrypt_module_open(MCRYPT_RIJNDAEL_128, '', MCRYPT_MODE_CBC, '');
$iv = substr($this->keys, 0, 16);
//使用自定义的填充方式对明文进行补位填充
$text = $this->encode($text);
mcrypt_generic_init($module, $this->keys, $iv);
//加密
$encrypted = mcrypt_generic($module, $text);
mcrypt_generic_deinit($module);
mcrypt_module_close($module);
//print(base64_encode($encrypted));
//使用BASE64对加密后的字符串进行编码
return array($this->OK, base64_encode($encrypted));
} catch (Exception $e) {
//print $e;
return array($this->EncryptAESError, null);
}
}
/**
* 对密文进行解密
* @param string $encrypted 需要解密的密文
* @return string 解密得到的明文
*/
private function decrypt($encrypted, $appid)
{
try {
//使用BASE64对需要解密的字符串进行解码
$ciphertext_dec = base64_decode($encrypted);
$iv = substr($this->keys, 0, 16);
//解密
$decrypted = openssl_decrypt($ciphertext_dec, "aes-256-cbc", $this->keys, OPENSSL_RAW_DATA|OPENSSL_ZERO_PADDING, $iv);
} catch (Exception $e) {
return array($this->DecryptAESError, null);
}
try {
//去除补位字符
$result = $this->decode($decrypted);
//去除16位随机字符串,网络字节序和AppId
if (strlen($result) < 16)
return "";
$content = substr($result, 16, strlen($result));
$len_list = unpack("N", substr($content, 0, 4));
$xml_len = $len_list[1];
$xml_content = substr($content, 4, $xml_len);
$from_appid = substr($content, $xml_len + 4);
} catch (Exception $e) {
//print $e;
return array($this->IllegalBuffer, null);
}
if ($from_appid != $appid)
return array($this->ValidateAppidError, null);
return array(0, $xml_content);
}
/**
* 随机生成16位字符串
* @return string 生成的字符串
*/
private function getRandomStr()
{
$str = "";
$str_pol = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
$max = strlen($str_pol) - 1;
for ($i = 0; $i < 16; $i++) {
$str .= $str_pol[mt_rand(0, $max)];
}
return $str;
}
}