<?php
|
/**
|
* API入参静态检查类
|
* 可以对API的参数类型、长度、最大值等进行校验
|
*
|
**/
|
class NuomiRsaSign
|
{
|
|
/**
|
* @desc 私钥生成签名字符串
|
* @param array $assocArr
|
* @param $rsaPriKeyStr
|
* @return bool|string
|
* @throws Exception
|
*/
|
public static function genSignWithRsa(array $assocArr, $rsaPriKeyStr)
|
{
|
$sign = '';
|
if (empty($rsaPriKeyStr) || empty($assocArr)) {
|
return $sign;
|
}
|
|
if (!function_exists('openssl_pkey_get_private') || !function_exists('openssl_sign')) {
|
throw new Exception("openssl扩展不存在");
|
}
|
|
$priKey = openssl_pkey_get_private($rsaPriKeyStr);
|
|
if (isset($assocArr['sign'])) {
|
unset($assocArr['sign']);
|
}
|
|
ksort($assocArr); //按字母升序排序
|
|
$parts = array();
|
foreach ($assocArr as $k => $v) {
|
$parts[] = $k . '=' . $v;
|
}
|
$str = implode('&', $parts);
|
openssl_sign($str, $sign, $priKey);
|
openssl_free_key($priKey);
|
|
return base64_encode($sign);
|
}
|
|
/**
|
* @desc 公钥校验签名
|
* @param array $assocArr
|
* @param $rsaPubKeyStr
|
* @return bool
|
* @throws Exception
|
*/
|
public static function checkSignWithRsa(array $assocArr, $rsaPubKeyStr)
|
{
|
if (!isset($assocArr['sign']) || empty($assocArr) || empty($rsaPubKeyStr)) {
|
return false;
|
}
|
|
if (!function_exists('openssl_pkey_get_public') || !function_exists('openssl_verify')) {
|
throw new Exception("openssl扩展不存在");
|
}
|
|
$sign = $assocArr['sign'];
|
unset($assocArr['sign']);
|
|
if (empty($assocArr)) {
|
return false;
|
}
|
ksort($assocArr); //按字母升序排序
|
$parts = array();
|
foreach ($assocArr as $k => $v) {
|
$parts[] = $k . '=' . $v;
|
}
|
$str = implode('&', $parts);
|
|
$sign = base64_decode($sign);
|
$pubKey = openssl_pkey_get_public($rsaPubKeyStr);
|
$result = (bool)openssl_verify($str, $sign, $pubKey);
|
openssl_free_key($pubKey);
|
|
return $result;
|
}
|
|
}
|
