支付宝某些业务只能使用公钥证书方式来验签
如:即使转账
红包等
笔者就要实现这样一个功能,【单笔转账到支付宝账户】,采用支付宝公钥证书签名来实现。
话不多说,流程先走起
第一步:下载支付宝秘钥生成器
由于我们使用的是php鱼油,点击pkcs1(非java适用)
按照上面图中的 三个步骤操作,操作完成后,点击【打开文件位置】,可以看到下面这些文件
会有
- 一个csr文件
- 一个公钥
- 一个私钥
我们将csr文件上传到支付宝 接口加签方式 里面,然后讲下图里面的三个整数下载下来
分别是:
- alipayCertPublicKey_RSA2.crt
- alipayRootCert.crt
- appCertPublicKey_202100000023232.crt
第二步,配置PHP配置
我们将 上面生成的三个文件复制到证书目录,如图:
配置代码如下:
'', // 支付宝应用的appid 'alipay_root_cert_sn' => BASE_PATH . '/cert/alipayRootCert.crt', // 支付宝根证书在自己服务器的绝对路径 'app_cert_sn' => BASE_PATH . '/cert/appCertPublicKey_2021000199651454.crt', // 应用公钥证书在自己服务器绝对路径 'rsa_private_key' => '' // 这个是RSA签名,特别要注意的是,是我们第一步中的对应自己域名的那个私钥哦];
编写AlipayTransServer
class AlipayTransfers{ protected $appId; //私钥值 protected $rsaPrivateKey; private $charset; public function __construct($appid, $saPrivateKey) { $this->appId = $appid; $this->charset = 'utf8'; $this->rsaPrivateKey = $saPrivateKey; } public function doPay($totalFee, $outTradeNo, $account, $realName, $remark = '') { //请求参数 $requestConfigs = array( 'out_biz_no' => $outTradeNo, 'payee_type' => 'ALIPAY_LOGONID', 'payee_account' => $account, 'payee_real_name' => $realName, //收款方真实姓名 'amount' => $totalFee, //转账金额,单位:元。 'remark' => $remark, //转账备注(选填) ); $commonConfigs = array( //公共参数 'app_id' => $this->appId, 'method' => 'alipay.fund.trans.toaccount.transfer', //接口名称 'format' => 'JSON', 'charset' => $this->charset, 'sign_type' => 'RSA2', 'timestamp' => date('Y-m-d H:i:s'), 'alipay_root_cert_sn' => $this->getRootCertSN(BASE_PATH . '/cert/alipayRootCert.crt'),//支付宝根证书SN(alipay_root_cert_sn) 'app_cert_sn' => $this->getCertSN(BASE_PATH . '/cert/appCertPublicKey_2021000199651454.crt'), //应用公钥证书SN(app_cert_sn) 'version' => '1.0', 'biz_content' => json_encode($requestConfigs), ); $commonConfigs["sign"] = $this->generateSign($commonConfigs, $commonConfigs['sign_type']); $result = $this->curlPost('https://openapi.alipay.com/gateway.do', $commonConfigs); $resultArr = json_decode($result, true); if (empty($resultArr)) { $result = iconv('GBK', 'UTF-8//IGNORE', $result); return json_decode($result, true); } return $resultArr; } public function generateSign($params, $signType = "RSA") { return $this->sign($this->getSignContent($params), $signType); } protected function sign($data, $signType = "RSA") { $priKey = $this->rsaPrivateKey; $res = "-----BEGIN RSA PRIVATE KEY-----\n" . wordwrap($priKey, 64, "\n", true) . "\n-----END RSA PRIVATE KEY-----"; ($res) or die('您使用的私钥格式错误,请检查RSA私钥配置'); if ("RSA2" == $signType) { openssl_sign($data, $sign, $res, version_compare(PHP_VERSION, '5.4.0', '<') ? SHA256 : OPENSSL_ALGO_SHA256); //OPENSSL_ALGO_SHA256是php5.4.8以上版本才支持 } else { openssl_sign($data, $sign, $res); } $sign = base64_encode($sign); return $sign; } protected function checkEmpty($value) { if (!isset($value)) return true; if ($value === null) return true; if (trim($value) === "") return true; return false; } public function getSignContent($params) { ksort($params); $stringToBeSigned = ""; $i = 0; foreach ($params as $k => $v) { if (false === $this->checkEmpty($v) && "@" != substr($v, 0, 1)) { // 转换成目标字符集 $v = $this->characet($v, $this->charset); if ($i == 0) { $stringToBeSigned .= "$k" . "=" . "$v"; } else { $stringToBeSigned .= "&" . "$k" . "=" . "$v"; } $i++; } } unset ($k, $v); return $stringToBeSigned; } function characet($data, $targetCharset) { if (!empty($data)) { $fileType = $this->charset; if (strcasecmp($fileType, $targetCharset) != 0) { $data = mb_convert_encoding($data, $targetCharset, $fileType); } } return $data; } public function curlPost($url = '', $postData = '', $options = array()) { if (is_array($postData)) { $url = $url . '?' . http_build_query($postData); cli_log($url); } $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); //设置cURL允许执行的最长秒数 if (!empty($options)) { curl_setopt_array($ch, $options); } //https请求 不验证证书和host curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); $data = curl_exec($ch); curl_close($ch); return $data; } public function getCertSN($certPath) { $cert = file_get_contents($certPath); $ssl = openssl_x509_parse($cert); $SN = md5($this->array2string(array_reverse($ssl['issuer'])) . $ssl['serialNumber']); return $SN; } public function getRootCertSN($certPath) { $cert = file_get_contents($certPath); $array = explode("-----END CERTIFICATE-----", $cert); $SN = null; for ($i = 0; $i < count($array) - 1; $i++) { $ssl[$i] = openssl_x509_parse($array[$i] . "-----END CERTIFICATE-----"); if (strpos($ssl[$i]['serialNumber'], '0x') === 0) { $ssl[$i]['serialNumber'] = $this->hex2dec($ssl[$i]['serialNumber']); } if ($ssl[$i]['signatureTypeLN'] == "sha1WithRSAEncryption" || $ssl[$i]['signatureTypeLN'] == "sha256WithRSAEncryption") { if ($SN == null) { $SN = md5($this->array2string(array_reverse($ssl[$i]['issuer'])) . $ssl[$i]['serialNumber']); } else { $SN = $SN . "_" . md5($this->array2string(array_reverse($ssl[$i]['issuer'])) . $ssl[$i]['serialNumber']); } } } return $SN; } protected function hex2dec($hex) { $dec = 0; $len = strlen($hex); for ($i = 1; $i <= $len; $i++) { $dec = bcadd($dec, bcmul(strval(hexdec($hex[$i - 1])), bcpow('16', strval($len - $i)))); } return $dec; } protected function array2string($array) { $string = []; if ($array && is_array($array)) { foreach ($array as $key => $value) { $string[] = $key . '=' . $value; } } return implode(',', $string); }}实现业务部分:
public function transfer($realName, $account, $amount, $remark = '提现') { $aliConfig = config('alipay'); $aliTransfers = new Transfers($aliConfig['app_id'], $aliConfig['rsa_private_key']); $outTradeNo = date('Ymd') . time() . rand_string(6, true); return $aliTransfers->doPay($amount, $outTradeNo, $account, $realName, $remark); }来源地址:https://blog.csdn.net/weixin_46742102/article/details/130092969
