添加请求签名

samurai00 · samurai00 · commit 289ab679040d · 2015-12-29T13:29:54.000+08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,7 @@
 * 修改：  
 添加 PUT 方法  
 添加 JSON 序列化方法
+添加请求签名
 
 # 2.1.0
 * 增加：  
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 Pingpp PHP SDK
 =================
 ## 简介
-lib 文件夹下是 PHP SDK 文件，<br>
+lib 文件夹下是 PHP SDK 文件，  
 example 文件夹里面是简单的接入示例，该示例仅供参考。
 
 ## 版本要求
@@ -36,6 +36,12 @@ require_once('/path/to/pingpp-php/init.php');
 \Pingpp\Pingpp::setApiKey('YOUR-KEY');
 ```
 
+### 设置请求签名密钥
+密钥需要你自己生成，公钥请填写到 [Ping++ Dashboard](https://dashboard.pingxx.com)
+```php
+\Pingpp\Pingpp::setPrivateKeyPath('/path/to/your_rsa_private_key.pem');
+```
+
 ### 支付
 ```php
 $ch = \Pingpp\Charge::create(
@@ -128,7 +134,6 @@ $signature = \Pingpp\WxpubOauth::getSignature($charge, $ticket, $url);
 pingpp.createPayment(charge, callback, signature, false);
 ```
 
-
 ### event 查询
 
 ```php
@@ -141,7 +146,6 @@ pingpp.createPayment(charge, callback, signature, false);
 ```
 **详细信息请参考 [API 文档](https://pingxx.com/document/api?php)。**
 
-
 ### 微信企业付款
 ```php
 \Pingpp\Transfer::create(
diff --git a/example/pay.php b/example/pay.php
@@ -22,6 +22,11 @@
 $amount = $input_data['amount'];
 $orderNo = substr(md5(time()), 0, 12);
 
+// 设置请求签名密钥，密钥对需要你自己用 openssl 工具生成，把公钥填写到 https://dashboard.pingxx.com
+\Pingpp\Pingpp::setPrivateKeyPath(__DIR__ . '/your_rsa_private_key.pem');
+// 也可以设置私钥内容
+// \Pingpp\Pingpp::setPrivateKey(file_get_contents(__DIR__ . '/your_rsa_private_key.pem'));
+
 /**
  * $extra 在使用某些渠道的时候，需要填入相应的参数，其它渠道则是 array()。
  * 以下 channel 仅为部分示例，未列出的 channel 请查看文档 https://pingxx.com/document/api#api-c-new
diff --git a/example/pingpp_rsa_public_key.pem b/example/pingpp_rsa_public_key.pem
diff --git a/example/webhooks.php b/example/webhooks.php
@@ -26,7 +26,7 @@ function verify_signature($raw_data, $signature, $pub_key_path) {
 // $signature = 'BX5sToHUzPSJvAfXqhtJicsuPjt3yvq804PguzLnMruCSvZ4C7xYS4trdg1blJPh26eeK/P2QfCCHpWKedsRS3bPKkjAvugnMKs+3Zs1k+PshAiZsET4sWPGNnf1E89Kh7/2XMa1mgbXtHt7zPNC4kamTqUL/QmEVI8LJNq7C9P3LR03kK2szJDhPzkWPgRyY2YpD2eq1aCJm0bkX9mBWTZdSYFhKt3vuM1Qjp5PWXk0tN5h9dNFqpisihK7XboB81poER2SmnZ8PIslzWu2iULM7VWxmEDA70JKBJFweqLCFBHRszA8Nt3AXF0z5qe61oH1oSUmtPwNhdQQ2G5X3g==';
 
 // 请从 https://dashboard.pingxx.com 获取「Ping++ 公钥」
-$pub_key_path = __DIR__ . "/rsa_public_key.pem";
+$pub_key_path = __DIR__ . "/pingpp_rsa_public_key.pem";
 
 $result = verify_signature($raw_data, $signature, $pub_key_path);
 if ($result === 1) {
diff --git a/example/your_rsa_private_key.pem b/example/your_rsa_private_key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAx2MktxcKBEqdYRi2IgYcupPQIN5cxgiBL5udCCBJBNBbXPaq
+uOE1qspfhB1KUzHXATnCONiSzubLcBTnwi2tz0ErRCeJZSERRCpbKx4eu6b1neUT
+Wkga7xpZxWONEvkmZo5Nlhf4fXRPUYnO/bdGCNGpQ/HSJfWLtzmhCqO1aJwVhcDm
+DMYz4bTkZavhFBdVyXf/8n7UKylk03eymlKJ1swQpeFcxaKfzsk1mJU7mc93mCWj
+aR+VWkNbw4AQHDyHgbzH+zYARzCluiy5hXdixGEP+iO4ZBk48rEs1hKTvGz1k+jh
+LCdkdpBRjq0pK/htjA3Ce8pF2AJs+fgN6ZUumQIDAQABAoIBAFa4MEfRpXGoYjrQ
+3KZ/sg8UKvmgvQkEuetS60GViSym0pXkUuyGRyk5S8HSW3lDvBe0X10KFRAYIXNm
+JEa4R1hVJ9REveVWNIRJR83BE+zZ+QnrkDc8FTrZYyIO4lTWOHVyfxxA4Lrv02/L
+WFPRWoyLY+tBSf1ohpPyZLCT81rDglT1Z4svX020y8tXvnQqQiOjl4q7Zu4b26HU
+TQ463ntMEhM5u7y9MFcxGRaOpF/gARlMGqDu6T8h/oYMiOSLoXOuTR7B80yaX/Mj
+RZfUBoZMb5thX9qBLQ7dYnTkwaxwerYPrYvQrW9vtsswZ5NeIbEmCZyorUe8DOmQ
+hT1+HmECgYEA/iQERHhZKHXnP0gvhl/uEOGOvLjD5H1D6zClzOHMmOcIF5OuEQb0
+VcSMV+8emN7SCp/b/LVgKa27Mla9eXm+EXABRFcI7qGYsYXfbCD7EYX3TaJSp/30
+jyLBy+MsHCTEiLeylSh7kHqgTR8tKND8UIzXo9aM7JqwFqleeXGyh7MCgYEAyNiU
+EUzyBAv9sui3ZgVYRiVvTilk2HVTY6u61/mMOLsTrX3eYQaqb4GRJJShJO9mmsxX
+RHBEZQJvUqqF9PapOsyv8HKuF5+UP6svHnJo7sn9gCvV/h1HTHqzFcYSvUaXnrym
+D/0Tthf8CDeuGp5UFWMoFZF14HTr1oQROGAASoMCgYA0bZmzxmAeSLR8CZhEUGX8
+dYvMwxEmgfERA+gwbCSZJpA0zPKL8LNXPkT1nw7g2pbaOkBX0dMUxhJoQBy2grcD
+QegBATOGhy/I76U32VXyN4DdMy96GJnrLXBtb2AaLjudOMhOnRtgouuO/W+DjBmB
+RIz377sC1KafBjHHO/1ooQKBgDQqfJrZv2ppquVTKH9pF/pwMq68daL7JkOXERqT
+iGYbwQqozJ+q2Y3Iu2gi6o/rVl0SggAWoM0TitKP0+dCQcYx7+imAK3GFv1KexyP
+Xs3WzO8Dc7ti42fr3qPjJG7g7PSfzwoME5iSNjX0MFZdlT1Q2dJwS4uXEsJO3yIj
+XS/9AoGBALRApgtUA7Odw4tjCLGvxXuLFnyRkg6hFqoXAP2j8H9bJDOlSSVwQTFd
+ahbcIDtQJS57vXUGK2uspbFKLm1WCFzPVyuxDIW6oue/kO+YxxU3NA58zk8oaORq
+eA3YvHc7ZmRjVnVkxnXjKofrL6jF5A+lXSXnXchrv2ZYI+1pOsIV
+-----END RSA PRIVATE KEY-----
diff --git a/example/your_rsa_public_key.pem b/example/your_rsa_public_key.pem
@@ -0,0 +1,9 @@
+-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2MktxcKBEqdYRi2IgYc
+upPQIN5cxgiBL5udCCBJBNBbXPaquOE1qspfhB1KUzHXATnCONiSzubLcBTnwi2t
+z0ErRCeJZSERRCpbKx4eu6b1neUTWkga7xpZxWONEvkmZo5Nlhf4fXRPUYnO/bdG
+CNGpQ/HSJfWLtzmhCqO1aJwVhcDmDMYz4bTkZavhFBdVyXf/8n7UKylk03eymlKJ
+1swQpeFcxaKfzsk1mJU7mc93mCWjaR+VWkNbw4AQHDyHgbzH+zYARzCluiy5hXdi
+xGEP+iO4ZBk48rEs1hKTvGz1k+jhLCdkdpBRjq0pK/htjA3Ce8pF2AJs+fgN6ZUu
+mQIDAQAB
+-----END PUBLIC KEY-----
diff --git a/lib/ApiRequestor.php b/lib/ApiRequestor.php
@@ -226,18 +226,27 @@ private function _curlRequest($method, $absUrl, $headers, $params)
         $curl = curl_init();
         $method = strtolower($method);
         $opts = array();
+        $requestSignature = NULL;
         if ($method == 'get') {
             $opts[CURLOPT_HTTPGET] = 1;
             if (count($params) > 0) {
                 $encoded = self::encode($params);
                 $absUrl = "$absUrl?$encoded";
             }
-        } elseif ($method == 'post') {
-            $opts[CURLOPT_POST] = 1;
-            $opts[CURLOPT_POSTFIELDS] = json_encode($params);
-        } elseif ($method == 'put') {
-            $opts[CURLOPT_CUSTOMREQUEST] = 'PUT';
-            $opts[CURLOPT_POSTFIELDS] = json_encode($params);
+        } elseif ($method == 'post' || $method == 'put') {
+            if ($method == 'post') {
+                $opts[CURLOPT_POST] = 1;
+            } else {
+                $opts[CURLOPT_CUSTOMREQUEST] = 'PUT';
+            }
+            $rawRequestBody = json_encode($params);
+            $opts[CURLOPT_POSTFIELDS] = $rawRequestBody;
+            if ($this->privateKey()) {
+                $signResult = openssl_sign($rawRequestBody, $requestSignature, $this->privateKey(), 'sha256');
+                if (!$signResult) {
+                    throw new Error\Api("Generate signature failed");
+                }
+            }
         } elseif ($method == 'delete') {
             $opts[CURLOPT_CUSTOMREQUEST] = 'DELETE';
             if (count($params) > 0) {
@@ -248,6 +257,10 @@ private function _curlRequest($method, $absUrl, $headers, $params)
             throw new Error\Api("Unrecognized method $method");
         }
 
+        if ($requestSignature) {
+            $headers[] = 'Pingplusplus-Signature: ' . base64_encode($requestSignature);
+        }
+
         $absUrl = Util\Util::utf8($absUrl);
         $opts[CURLOPT_URL] = $absUrl;
         $opts[CURLOPT_RETURNTRANSFER] = true;
@@ -329,4 +342,18 @@ private function caBundle()
     {
         return dirname(__FILE__) . '/../data/ca-certificates.crt';
     }
+
+    private function privateKey()
+    {
+        if (!Pingpp::$privateKey) {
+            if (!Pingpp::$privateKeyPath) {
+                return NULL;
+            }
+            if (!file_exists(Pingpp::$privateKeyPath)) {
+                throw new Error\Api('Private key file not found at: ' . Pingpp::$privateKeyPath);
+            }
+            Pingpp::$privateKey = file_get_contents(Pingpp::$privateKeyPath);
+        }
+        return Pingpp::$privateKey;
+    }
 }
diff --git a/lib/Pingpp.php b/lib/Pingpp.php
@@ -23,6 +23,16 @@ class Pingpp
 
     const VERSION = '2.1.1';
 
+    /**
+     * @var string The private key path to be used for signing requests.
+     */
+    public static $privateKeyPath;
+
+    /**
+     * @var string The PEM formatted private key to be used for signing requests.
+     */
+    public static $privateKey;
+
     /**
      * @return string The API key used for requests.
      */
@@ -73,4 +83,37 @@ public static function setVerifySslCerts($verify)
     {
         self::$verifySslCerts = $verify;
     }
+
+    /**
+     * @return string
+     */
+    public static function getPrivateKeyPath()
+    {
+        return self::$privateKeyPath;
+    }
+
+    /**
+     * @param string $path
+     */
+    public static function setPrivateKeyPath($path)
+    {
+        self::$privateKeyPath = $path;
+    }
+
+
+    /**
+     * @return string
+     */
+    public static function getPrivateKey()
+    {
+        return self::$privateKey;
+    }
+
+    /**
+     * @param string $key
+     */
+    public static function setPrivateKey($key)
+    {
+        self::$privateKey = $key;
+    }
 }
diff --git a/lib/PingppObject.php b/lib/PingppObject.php
@@ -214,10 +214,14 @@ public function jsonSerialize()
 
     public function __toJSON()
     {
-        if (defined('JSON_PRETTY_PRINT'))
+        if (defined('JSON_PRETTY_PRINT')) {
+            if (defined('JSON_UNESCAPED_UNICODE')) {
+                return json_encode($this->__toStdObject(), JSON_PRETTY_PRINT|JSON_UNESCAPED_UNICODE);
+            }
             return json_encode($this->__toStdObject(), JSON_PRETTY_PRINT);
-        else
+        } else {
             return json_encode($this->__toStdObject());
+        }
     }
 
     public function __toString()
