<?php

namespace app\home\controller;

/**
 * PHP版万里汇API签名生成工具
 * 对应JavaScript逻辑：RSA-SHA256签名 + Base64编码
 */

use app\BaseController;
use think\facade\Request;

class Testpay extends BaseController
{
    private $config = [
        'domain' => 'https://open-sea.worldfirst.com', // 万里汇支付域名
        'is_sandbox' => 1, // 是否沙箱环境，true为沙箱环境，false为正式环境
        'ClientID'     => '5YEU5A2ZUGHC03903', //商户id
        'CustomerId'     => '2120120341978772', //商户id
        'CertificationType' => 'RSA2', //商户密钥
        'publicKey'    => 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQrc4mu33M3lo+EehBo+/GHmBTC4OdyqdkbB9YAUWH1xfHa3o6frFTS0JhgZa3RX7W5g4AGMhNynaytsErFaUVuij95rQhU5rVIPAE6mxlmjZMQszzOjJZdLuEe8uQIlzxbdgJZ6s1qElrJzfCoBl3UP/3h4e29Wyfp0c9rKg8/PT5TIM5MkL0X5Bs/gU3sclziAO/HVkgSqeOVah4HRYOjTxJeLv4UlkJr7iSXshv0THDIdFbwi9b83yclOTdqZpReo41Bec8SAEQz8ITb81iFHVRuCxKL7ZtRIjlMIZHbZdZdQijZfVsMrD0Y/7eK8tuCpfvBRCsxLOaUH5Tkx6wIDAQAB', //公钥
        'privateKey'     => 'MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCxCtzia7fczeWj4R6EGj78YeYFMLg53Kp2RsH1gBRYfXF8drejp+sVNLQmGBlrdFftbmDgAYyE3KdrK2wSsVpRW6KP3mtCFTmtUg8ATqbGWaNkxCzPM6Mll0u4R7y5AiXPFt2AlnqzWoSWsnN8KgGXdQ//eHh7b1bJ+nRz2sqDz89PlMgzkyQvRfkGz+BTexyXOIA78dWSBKp45VqHgdFg6NPEl4u/hSWQmvuJJeyG/RMcMh0VvCL1vzfJyU5N2pmlF6jjUF5zxIARDPwhNvzWIUdVG4LEovtm1EiOUwhkdtl1l1CKNl9WwysPRj/t4ry24Kl+8FEKzEs5pQflOTHrAgMBAAECggEBAI4mp7ZRQT7UP3d3EPaG0F37CSLPvIwRBvmS1LeXED8A8fc6pzaLZDERsTgJD5f8wYDNqJEUDUy8ktx08ACOUHOUvREBSGO2ASqOAaeAf14xqQUGkugHkQ5kzZJ4Xyq5c7w0osNVj82kd2M8g4eFfuOqRZ8djrelbS0doRVI7mQoQyxb2ms4priD4Zgv+YqnGIQz9++f9aguCpmTRLp8VC/N4CqszLhJ3N4f+X4sAfttPbkT1lKXXB4Gx1oBnpDwXpxfvocC2E4xwBprr7pVqlvMkpdmZnDBHgAk4nLISk3hv3kLC9FVVfhEgpJJlMUW0Qb3IbPx64UgV9k9pCCsSXECgYEA/ap6WAstyS3zZDAacazhqCbVDc6/IPQW6Y78ahObpV9ViCVoDPiYVimStNIZKQvCOIwo9N5PHeCNHNOp30DoY1MOV26vu9hFLGqukoIAsMhM9c9E1ZtN0IkSzTK5eP0vKHLTeB4vuq2f6eR7g4bHNRLfHplE6smFNZ4/ZW9w1hkCgYEAsqvlCA5/0j13IuVORY2iVmQ2xC86fjTRRmpZ0KRPauUjp25WIYZUc/Dh2sAwT62digL7lPTXJ9dXyGEkiMxVrck9wN6fsdgmFkcAbOQeI5v0hc/NBmsfuhNH5Lmho/ZFbrAE2ha8viK5zBZr6ZIha7d8EFQZ+6TFoeBHISDD4KMCgYBXdqGKnAgkduCWKfPkQCzqcsFBaokCTsdbrr6fwLUJF08Bi4xN9KVqCBmamVqtiW1lXAZ/L+vtrFBboSvQW6wFG001nmefiFmJkBszTvn3+oh2tQnR8SOqhKjj8dp7uii5dKYvo5DneBhMaEiiOCWVyjT+cvCNWADDVRYc3oj0eQKBgDxzFekU5sAd1Znz1PiJQ9xQyYq0o+ihPBDD2KFThh8XaWmzVea/yQD1BaT6Ex5SEhPokG/EKqsrG2MLIs45u98xT/haGdOU2sX8vbMZtuy7Tg6b0LUUN0bAUTmcaIjNwI4DdZDH0pHNs+jNyTLcIvyLtqjbm3LdO5RaCha2PC9bAoGAHDRox1+xXWJ1p1qMu73kmTjwTNIgtfZkV5un5KybpLLkpF28K61yGNTGHXN8mnNxWYiITb6LzO7OB2A97YmlVB2DYBkDfSLIL2kWCsDnHA5iiWewmrm2t3079YgiRWtN224/z+CVspaiOKgypLZzyxrPfqajXjwwOEEVkb7HO4o=', //商户私钥privateKey
    ];
    public function index()
    {
        // 从表单获取的参数（模拟$_POST）
        //获取请求时间（<Request-Time>） 为 2022-04-28T12:31:30+08:00，时间遵循ISO 8601标准
        $requestTime = date('Y-m-d\TH:i:sP');
        $clientId = $this->config['is_sandbox'] == 1 ? 'SANDBOX_' . $this->config['ClientID'] : $this->config['ClientID'];
        $post_data = ["paymentId" => "202205311234234"];
        // 包裹私钥
        $privateKey = "-----BEGIN RSA PRIVATE KEY-----\n" . wordwrap($this->config['privateKey'], 64, "\n", true) . "\n-----END RSA PRIVATE KEY-----";
        $publicKey = "-----BEGIN PUBLIC KEY-----\n" . wordwrap($this->config['publicKey'], 64, "\n", true) . "\n-----END PUBLIC KEY-----";
        $httpMethod = 'POST'; // 请求方法（GET/POST等）
        $api_url = '/amsin/api/v1/business/inquiryPayOrder'; // 请求API路径
        $bodyData = json_encode($post_data); // 请求体JSON字符串
        $params = [
            'clientId'    => $clientId,
            //'customerId'    => $this->config['CustomerId'],
            'requestTime' => $requestTime,
            'httpMethod'  => $httpMethod,
            'api'         => $api_url,
            'bodyData'    => $bodyData,
            'privkey'     => $privateKey,
        ];
        $signatureBody = $this->getSignatureBody($post_data, $httpMethod, $api_url, $requestTime);
        // 生成签名
        $signature = $this->generateSignature($signatureBody, $privateKey);

        // 验证签名示例（需要公钥）
        $isValid = $this->verifySignature(
            $signatureBody,
            $signature,
            $publicKey
        );
        $params['signature'] = $signature;
        $params['isValid'] = $isValid;
        return dhkSuccess($params);
        echo $signature;
    }
    public function getFirst()
    {
        $post_data = [
            "inquiryRateConditionList" => [
                [
                    "sellCurrency" => "USD",
                    "buyCurrency" => "EUR"
                ],
                [
                    "sellCurrency" => "USD",
                    "buyCurrency" => "GBP"
                ]
            ]
        ];
        $requestTime = date('Y-m-d\TH:i:sP');
        $httpMethod = 'POST'; // 请求方法（GET/POST等）

        $api_url = '/amsin/api/v1/business/inquiryPayOrder'; //支付完成后，集成商可以使用此接口来查询支付结果。
        $signatureBody = $this->getSignatureBody($post_data, $httpMethod, $api_url, $requestTime);
        // 包裹私钥
        $privateKey = "-----BEGIN RSA PRIVATE KEY-----\n" . wordwrap($this->config['privateKey'], 64, "\n", true) . "\n-----END RSA PRIVATE KEY-----";

        // 生成签名
        $signature = $this->generateSignature($signatureBody, $privateKey);
        $post_url = $this->config['domain'] . $api_url;
        $header = [];
        $clientId = $this->config['is_sandbox'] == 1 ? 'SANDBOX_' . $this->config['ClientID'] : $this->config['ClientID'];
        $header['client-id'] = $clientId;
        $header['request-time'] = $requestTime;
        $header['Content-Type'] = 'application/json';
        $header['signature'] = 'algorithm=RSA256,keyVersion=1,signature=' . $signature;
        $dhkhttp = new \app\common\toole\Dhkhttp();
        echo_dhklog($api_url, '请求地址：', 'pay_notify');
        $res = $dhkhttp->dhkpost($post_url, $post_data, $header);
        return dhkSuccess($res);
    }
    //查询支付状态http://zhc.test.com/home/testpay/query?pay_code=202504171234234
    public function query()
    {
        $params = Request::param();
        $payToRequestId = $params['pay_code'] ?? ''; //商户生成的支付单号
        $payToId = $params['payToId'] ?? ''; //万里汇生成的支付单号
        if (!$payToRequestId and !$payToId) {
            return dhkMsg('支付单号不能为空');
        }
        $post_data = [];
        if ($payToRequestId) {
            $payToRequestIds = [$payToRequestId];
            $post_data['payToRequestIds'] = $payToRequestIds;
        }
        if ($payToId) {
            $payToIds = [$payToId];
            $post_data['payToIds'] = $payToIds;
        }
        $requestTime = date('Y-m-d\TH:i:sP');
        $httpMethod = 'POST'; // 请求方法（GET/POST等）

        $api_url = '/amsin/api/v1/business/inquiryPayOrder'; //支付完成后，集成商可以使用此接口来查询支付结果。
        $signatureBody = $this->getSignatureBody($post_data, $httpMethod, $api_url, $requestTime);
        // 包裹私钥
        $privateKey = "-----BEGIN RSA PRIVATE KEY-----\n" . wordwrap($this->config['privateKey'], 64, "\n", true) . "\n-----END RSA PRIVATE KEY-----";

        // 生成签名
        $signature = $this->generateSignature($signatureBody, $privateKey);
        $post_url = $this->config['domain'] . $api_url;
        $header = [];
        $clientId = $this->config['is_sandbox'] == 1 ? 'SANDBOX_' . $this->config['ClientID'] : $this->config['ClientID'];
        $header['client-id'] = $clientId;
        $header['request-time'] = $requestTime;
        $header['Content-Type'] = 'application/json';
        $header['signature'] = 'algorithm=RSA256,keyVersion=1,signature=' . $signature;
        $dhkhttp = new \app\common\toole\Dhkhttp();
        $res = $dhkhttp->dhkpost($post_url, $post_data, $header);
        return dhkSuccess($res);
    }
    public function notify()
    {
        $params = Request::param();
        echo_dhklog($params, '支付通知data:', 'pay_notify');
        $headers = Request::header();
        echo_dhklog($headers, '支付通知header:', 'pay_notify');
        $requestTime = $headers['request-time'] ?? ''; //请求时间
        $signature = $headers['signature'] ?? ''; //签名
        //algorithm=RSA256,keyVersion=1,signature=IHZfFMPNQITqmz%2FDZTlm6DEfm6yfR3NtK0LkONscZxZLqOuCa5b%2FDyLGqwZaSrGIQeFFNnGS5EgqRtFFdOmBSuSSiwK%2BjvhnIE6qHP7xr%2BjBpjFFztTOyyniGJdN5HlT8UE2wONjPIsIMh8koXa6Kb8uh1ScnCGbTzY8ogfihupFXJt%2B1%2BHPYno9483cVyA2l9UOYb6ai6SWgAxnJJUWi%2BkBQLXp%2FzvRG6SmDETbZ8MpMM2gUTbRGB4p4eSqVcX6KgwVyLSgrzAGekPv6dkZOH5zulHCv%2FmMXdO3%2FWmQn%2FX2rS1unS9yilDJbzDW86XwUf46UD2qgxkFGi6UPWaTfw%3D%3D
        //从$signature中提取signature=后面的内容
        $signature = str_replace('algorithm=RSA256,keyVersion=1,signature=', '', $signature);
        echo_dhklog($signature, 'HEADER签名', 'pay_notify');


        $clientId = $headers['client-id'] ?? '';
        $httpMethod = 'POST';
        $api_url = '/home/testpay/notify';
        // 包裹私钥
        $privateKey = "-----BEGIN RSA PRIVATE KEY-----\n" . wordwrap($this->config['privateKey'], 64, "\n", true) . "\n-----END RSA PRIVATE KEY-----";

        $res = ["result" => ["resultStatus" => "S", "resultCode" => "SUCCESS", "resultMessage" => "success"]];
        $signatureBody = $this->getSignatureBody($params, $httpMethod, $api_url, $requestTime);
        // 生成签名
        $signature_new = $this->generateSignature($signatureBody, $privateKey);
        if ($signature_new != $signature) {
            echo_dhklog($signature_new, '签名不匹配', 'pay_notify');
        } else {
            echo_dhklog('验证通过', '签名匹配', 'pay_notify');
        }
        //返回响应头
        header('Content-Type: application/json');
        header('client-id: ' . $clientId);
        header('request-time: ' . $requestTime);
        header('signature: algorithm=RSA256,keyVersion=1,signature=' . $signature_new);
        return json($res);
    }

    //1. 构造待签名字符串（与JavaScript逻辑完全一致）
    public function getSignatureBody($post_data = [], $httpMethod = 'POST', $api_url = '', $requestTime = '')
    {
        $bodyData = json_encode($post_data);
        $clientId = $this->config['is_sandbox'] == 1 ? 'SANDBOX_' . $this->config['ClientID'] : $this->config['ClientID'];
        $signatureBody = sprintf(
            "%s %s\n%s.%s.%s",
            strtoupper($httpMethod),
            $api_url,
            $clientId,
            $requestTime,
            $bodyData
        );
        return $signatureBody;
    }
    /**
     * 生成签名
     * @param string $clientId     商户ID
     * @param string $requestTime  请求时间戳
     * @param string $httpMethod   HTTP方法（GET/POST等）
     * @param string $api          请求API路径
     * @param string $bodyData     请求体JSON字符串
     * @param string $privateKey   私钥（PEM格式）
     * @return string              返回URL编码后的签名
     */
    public static function generateSignature($signatureBody, $privateKey): string
    {
        // 2. 使用私钥进行SHA256签名
        $signature = '';
        if (!openssl_sign($signatureBody, $signature, $privateKey, OPENSSL_ALGO_SHA256)) {
            // 输出错误信息
            echo_dhklog(openssl_error_string(), 'OpenSSL错误', 'pay_notify');
            return '';
        }
        // 3. Base64编码签名
        $ss = base64_encode($signature);
        echo_dhklog($ss, '签名', 'pay_notify');
        // 4. URL编码签名，非必要
        $ss = urlencode($ss);
        return $ss;
    }

    /**
     * 验证签名（可选）
     */
    public static function verifySignature(
        string $plainText,
        string $signature,
        string $publicKey
    ): bool {
        $signature = base64_decode(urldecode($signature));
        return (bool)openssl_verify(
            $plainText,
            $signature,
            $publicKey,
            OPENSSL_ALGO_SHA256
        );
    }
}